maa
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by maa
-
-
After running this, the popup message on startup no longer appears. Here is the log:
All processes killed
========== OTL ==========
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk moved successfully.
C:\Users\Mario\AppData\Local\temp\_uninst_91616670.bat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mario\Desktop\cmd.bat deleted successfully.
C:\Users\Mario\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mario
->Temp folder emptied: 1758243217 bytes
->Temporary Internet Files folder emptied: 256642090 bytes
->Java cache emptied: 51051462 bytes
->FireFox cache emptied: 104176020 bytes
->Google Chrome cache emptied: 23274921 bytes
->Flash cache emptied: 4321070 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1457527563 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8588315 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3,494.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 01082013_210101
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Yes, I still receive this popup when windows starts: "Windows cannot find '215900.exe'. Make sure you typed the name correctly, and then try again"
Thanks.
-
Extras.txt:
OTL Extras logfile created on: 1/2/2013 6:49:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mario\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 33.68% Memory free
6.20 Gb Paging File | 4.41 Gb Available in Paging File | 71.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 3.03 Gb Free Space | 2.18% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.75 Gb Free Space | 67.50% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 35.95 Gb Free Space | 7.72% Space Free | Partition Type: NTFS
Computer Name: NOFACE | User Name: Mario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D8C2737-3837-4F4A-953B-E212C91E40DF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A5CE730-4572-4DC1-A5F6-A93F9227FD0A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{2CB19442-94FB-40B1-9D3C-E36BCEDE267B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\rpcsandrasrv.exe |
"{5640303A-CA50-4D41-BEE3-417DE40D9C23}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A22518E-F1AA-4958-894F-C7FAF4836282}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5DB78D6E-6592-4C82-A554-E3E7EC35BAF1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{63E1AC1B-57D3-4395-AE1C-C6591C635FE0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\win32\rpcdatasrv.exe |
"{6660BA29-248E-499E-B8D0-88984AEDA131}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8AB256E8-6F83-48CD-9936-21D54C7D659B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A0573678-D080-4F7C-B90B-D71A8974FE41}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C68C873F-9067-44C3-AF2F-EEBA8F55733A}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{C834EFBF-4A23-49D8-A0BF-7666CD056A10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECC09929-3F8C-4E17-9EF9-3BE2E6B12417}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{EE52F220-D8A1-4FBF-B319-8CA5FC79F708}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EEC304D6-AF8F-4C81-A742-562FE1E4CA0A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F54E84E1-C9DD-48A5-8967-B7B9F8EB7886}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EB3169-F627-43AA-99DD-4BFF745E92D0}" = protocol=6 | dir=in | app=f:\program files\itunes\itunes.exe |
"{0A42B183-7650-400B-ACAB-4A48A95849B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{184F61FE-4C6E-4D1C-A154-71B6354F8C27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18C2B24C-DD78-49AC-A3E4-D808B3AEA1DB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{19C70447-9B3C-43D5-9574-3F0EE26DB609}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1C0F94DF-6A1D-435A-8259-71A459B52598}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2237E4A8-53B4-4CDD-8F8D-DC0EFE968C44}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{24EC1A1B-61EF-4BC3-A2F2-CF23FB9667EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B6EFDD5-5BFD-4C8E-BB7B-A84483C873EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2EE8A05F-637B-4FEB-9510-6E8859356064}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{349B43D0-D9F1-4958-9D83-119FBDF31122}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35F9C0E1-A070-46B6-B5CF-8345F79C9857}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{44F8ADE0-35A7-4624-B5C9-6AB937DA8507}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5241BE76-D6C2-433A-B8C2-7AFBBEB3E277}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{52E04BCD-EC4F-4F65-B51F-B930FF62CE75}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{533E2A8D-BABE-4A03-9A79-7D5F6F682775}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{551DCBCF-CFB3-4722-A251-AB76070B27B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5796C31A-5447-4806-B4C1-DBC0B685A02D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F5EA076-7E43-419C-BAFE-08DC210AD780}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F78A92A-33E0-4E29-9B2D-BC46EA0CA170}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63066B05-76CA-43D4-B010-640624D19DB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6BB0ABE5-19A0-4F32-BCB0-D7E2A538CB99}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{7014662B-0856-48ED-92A3-24A2DC1D674E}" = protocol=6 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe |
"{716DB8F8-6BB0-4954-B8ED-C65D747E1B0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74A98A37-E7BF-41ED-8AFC-E94EBFD7763E}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{761CB22C-BE72-4EB3-ACC2-B6DF032C85B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{769F72B2-57E7-401C-88E9-3E6D55EF8A55}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{76A32861-F7B8-484E-B107-CA16A19DF073}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77AA929B-8E81-47ED-B2F5-E46903BF5A9E}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7C041B2E-01D1-4B2E-ACF5-0CF1BBB00C09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85EC71EB-99CA-43F3-8960-11D63FA5F94C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BB629AC-EFE0-47C8-BAD7-D22E13F2673C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E3A54D8-7393-4D47-9AC7-21B29B52A7BC}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{8EFB1E56-5DAD-418E-A34C-B0DFD0B6C28D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9076E82D-B962-45AC-9255-095DBA9D66B8}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{918DBF11-3008-4A27-A2D6-1C6388552CAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9329DF39-092E-4BF4-A09C-099E1ADFBE29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94D9B2E2-7961-4E65-B703-4A045BADD5DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98C9CE01-6219-46B6-8170-244BECB526EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CEA3E03-073D-471A-9557-46D662C68E42}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A326D819-1D83-4386-AA9C-FC86E736BC01}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{A8DABBF7-8DB0-4F67-9B90-80B376A2B06E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AEEE594D-D551-4E86-8979-62F9091C84D8}" = protocol=1 | dir=in | name=sisoftware database agent service (icmp-in) |
"{B2FAEA6A-FD17-4671-9F16-DB31A5C935E6}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{B42F15C8-36DD-41B1-83C1-29E9F4900A83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B84103E0-B9D2-42B2-8D9F-DF7A848ED0AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF531A01-F287-4902-89C4-A332439B4F45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFFF63E0-ABB9-4B3A-99FD-580D85399AA1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1226EDA-1516-49B6-BF6C-F760D44E6F22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C3E6AEFB-695C-46AF-B95B-0080E033DCBA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CD62D56B-CC27-42B3-B436-0D4B32B858C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D187D326-A604-4D3F-B405-887C9FAE7013}" = protocol=6 | dir=out | app=system |
"{DC35B95F-53C0-41EA-8EA9-07BA6B52030E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{DCCA2BA7-0C32-4458-9B78-97DE9A8C5B59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF353FCB-DE21-4851-8E63-347102507391}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3D5F0A2-E69D-4288-9EDD-E2CE81A69B99}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{E504FDE3-89BB-468D-8ACE-CA29E0A437FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E54E3AAB-1AD2-472D-BE09-931BC5746792}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{E5F5DB0B-A413-43D9-B381-A18E0454D031}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{E9B83EBA-F297-439D-BF0E-1789E2B279B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EBFFBB72-FA3F-45F2-92B4-D5A0D2D4284E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F01CEE94-0BB0-4040-929E-A346D6B27765}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{F1C53632-37B2-4CCA-9396-9A21A10B445E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{FB41452E-5EA0-499A-B86D-44C47CFFC316}" = protocol=17 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe |
"{FC590F60-A952-4A71-86FC-E27481CECD72}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"TCP Query User{186FAE04-743F-47E5-A6A1-63707891B742}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3067B47A-341E-4877-8464-D9296EE20818}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{385FD31A-83C7-4E3D-AFC2-0CED761A4283}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{3B2E236E-80A1-4C81-9CCE-9C1C902CB572}C:\blp\wintrv\wintrv.exe" = protocol=6 | dir=in | app=c:\blp\wintrv\wintrv.exe |
"TCP Query User{3CFF1882-FE3A-42D6-BF3C-7F0CA83025C9}C:\blp\wintrv\wintrv.exe" = protocol=6 | dir=in | app=c:\blp\wintrv\wintrv.exe |
"TCP Query User{4D138DA9-3296-4243-A75F-AC8BDA7E11A9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{61943F57-2454-487A-B428-258DB6395D1E}F:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=f:\program files\itunes\itunes.exe |
"TCP Query User{66529CC3-6D70-44C3-BF2D-2CB19C0FBE60}C:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{66E35D12-7DFB-45ED-9F1B-B51F31A5E036}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{6A959463-B5EE-44DF-A4F7-03D0FD6981EE}C:\program files\stc\qa_07_05\wwwroot\cbt.exe" = protocol=6 | dir=in | app=c:\program files\stc\qa_07_05\wwwroot\cbt.exe |
"TCP Query User{A48FAC7C-D986-45D5-8605-49713FF4B600}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B79367CC-BB30-4BF2-961C-E77F62061993}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E53EE2CC-FB3B-41CE-BB15-41FF02BFF493}C:\blp\api\bbcomm.exe" = protocol=6 | dir=in | app=c:\blp\api\bbcomm.exe |
"UDP Query User{07D67426-EEA1-4078-9A1A-C235078908C6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{08D8E764-6F4D-438C-A5C3-0C3D80CD1B4D}C:\blp\api\bbcomm.exe" = protocol=17 | dir=in | app=c:\blp\api\bbcomm.exe |
"UDP Query User{0ACEFEAF-89E6-4639-8C92-400E600F9D7A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{75D156A4-BD5A-475C-98C0-A2FA2E6A50E7}C:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8F9373FE-9F09-49D3-BE39-B296075002FE}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{91C971D4-F07B-43A5-8F78-4727B9C1F13F}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{B1181B10-79EE-4F59-9336-D482F30E602F}C:\program files\stc\qa_07_05\wwwroot\cbt.exe" = protocol=17 | dir=in | app=c:\program files\stc\qa_07_05\wwwroot\cbt.exe |
"UDP Query User{B20AE0CD-771A-4E76-8C0D-70B3F5A1E194}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D49376ED-3AC0-4469-81AA-F62E426B974C}C:\blp\wintrv\wintrv.exe" = protocol=17 | dir=in | app=c:\blp\wintrv\wintrv.exe |
"UDP Query User{E6B80DBA-98E5-4048-848E-F74263B7C8DD}C:\blp\wintrv\wintrv.exe" = protocol=17 | dir=in | app=c:\blp\wintrv\wintrv.exe |
"UDP Query User{F38FC82C-37C3-4055-9B68-0378C2001942}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F8382B6A-A389-4075-B432-07881876B0BA}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DF34F71-6182-474F-B6FE-0B2AF069E6FD}" = VBA (2627.01)
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{159C13FA-82AF-4DD9-8BC9-5EA368613A20}" = WebEx Recorder and Player
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32A5AE69-72DD-4E99-BE79-27E1ED6F4F43}" = Bentley SELECT Server V8 XM Edition
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}" = RedistSysFiles
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DFB3904-FBDB-4C2B-AC98-20EFDD37C83D}" = GameTime+
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC8A37CB-39AD-46C2-9AB5-F6FBE037CC57}" = Bentley MicroStation V8 XM Edition 08.09.04.51
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XII.SP1
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E31E2A9F-D76D-49DD-9851-930DD1B0A081}" = Poker Grapher
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.1
"{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Any Video Converter_is1" = Any Video Converter 3.1.0
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"AutoHotkey" = AutoHotkey 1.0.48.05
"Bloomberg SFD Data Dictionary" = Bloomberg SFD Data Dictionary
"CCleaner" = CCleaner
"CinemaForge" = CinemaForge
"Cisco Connect" = Cisco Connect
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Fences" = Fences
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"Google Desktop" = Google Desktop
"GTK 2.0" = GTK+ Runtime 2.12.1 rev b (remove only)
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.27 Full
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MoneyToolbox" = MSN Money Investment Toolbox
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pdf995" = Pdf995
"Pidgin" = Pidgin
"Poker Tracker Version 2.16.03d_is1" = Poker Tracker Version 2.16.03d
"PokerAce Hud" = PokerAce Hud (remove only)
"Pokerazor" = Pokerazor 1.28
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PowerISO" = PowerISO
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"VLC media player" = VLC media player 1.0.0
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/11/2011 4:56:42 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 2/11/2011 4:56:51 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 2/11/2011 7:59:46 PM | Computer Name = NoFace | Source = Application Error | ID = 1000
Description = Faulting application postgres.exe, version 8.3.4.8262, time stamp
0x48d39b63, faulting module kernel32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000142, fault offset 0x00009f7d, process id 0x15d0, application
start time 0x01cbca47c17107f7.
Error - 2/11/2011 8:41:44 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 2/11/2011 8:41:48 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 2/12/2011 12:57:18 AM | Computer Name = NoFace | Source = Application Error | ID = 1000
Description = Faulting application postgres.exe, version 8.3.4.8262, time stamp
0x48d39b63, faulting module kernel32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000142, fault offset 0x00009f7d, process id 0x124c, application
start time 0x01cbca71525016ea.
Error - 2/12/2011 5:31:30 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 2/12/2011 5:31:31 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 2/13/2011 1:54:11 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 2/13/2011 1:54:13 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
[ System Events ]
Error - 12/28/2012 2:13:45 AM | Computer Name = NoFace | Source = LSM | ID = 1048
Description =
Error - 12/28/2012 10:20:24 AM | Computer Name = NoFace | Source = LSM | ID = 1048
Description =
Error - 12/28/2012 11:34:50 AM | Computer Name = NoFace | Source = Service Control Manager | ID = 7011
Description =
Error - 12/30/2012 9:03:07 PM | Computer Name = NoFace | Source = LSM | ID = 1048
Description =
Error - 12/31/2012 2:37:14 PM | Computer Name = NoFace | Source = LSM | ID = 1048
Description =
Error - 12/31/2012 5:55:11 PM | Computer Name = NoFace | Source = LSM | ID = 1048
Description =
Error - 12/31/2012 6:01:08 PM | Computer Name = NoFace | Source = Service Control Manager | ID = 7022
Description =
Error - 1/2/2013 7:18:10 PM | Computer Name = NoFace | Source = LSM | ID = 1048
Description =
Error - 1/2/2013 7:23:01 PM | Computer Name = NoFace | Source = Service Control Manager | ID = 7022
Description =
Error - 1/2/2013 8:00:58 PM | Computer Name = NoFace | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
< End of report >
-
OTL.txt:
OTL logfile created on: 1/2/2013 6:49:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mario\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 33.68% Memory free
6.20 Gb Paging File | 4.41 Gb Available in Paging File | 71.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 3.03 Gb Free Space | 2.18% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.75 Gb Free Space | 67.50% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 35.95 Gb Free Space | 7.72% Space Free | Partition Type: NTFS
Computer Name: NOFACE | User Name: Mario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/01/02 18:45:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe
PRC - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 14:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/02 14:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/03 12:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/02/03 12:34:56 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010/12/16 10:57:20 | 000,956,416 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2009/08/17 09:52:08 | 002,043,904 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/08/17 09:50:32 | 008,919,040 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/03/26 14:00:04 | 000,102,400 | ---- | M] (Bentley Systems, Incorporated) -- C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/28 05:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 05:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 05:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/22 16:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/12 01:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/29 11:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/14 13:26:59 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll
MOD - [2012/12/14 13:25:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll
MOD - [2012/12/14 13:25:46 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll
MOD - [2012/12/14 13:25:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
MOD - [2012/12/14 13:25:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012/12/14 13:25:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012/12/14 13:23:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012/12/14 13:23:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/12/14 13:23:15 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/12/14 13:23:06 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll
MOD - [2012/12/14 13:22:27 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/12/14 13:22:17 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/12/16 10:36:18 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2010/12/16 10:36:16 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2010/12/16 10:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libpcre.dll
MOD - [2009/08/17 09:26:24 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 15:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2006/10/26 15:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2012/12/12 23:31:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/27 13:06:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/03 12:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/04/15 08:38:29 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/11/06 11:00:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/12 17:32:20 | 001,253,568 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/12/12 17:31:58 | 000,213,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/07/11 16:25:20 | 000,025,640 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/03/26 14:00:04 | 000,102,400 | ---- | M] (Bentley Systems, Incorporated) [Auto | Running] -- C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe -- (Bentley SELECT Server Gateway)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/11/28 05:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 05:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 05:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/07 12:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/31 09:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mario\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/09/17 03:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121212.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/17 03:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121212.006\NAVENG.SYS -- (NAVENG)
DRV - [2012/07/31 19:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/31 19:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/06/09 19:27:59 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/22 15:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/22 15:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/22 15:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/26 11:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006/10/26 11:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/10/06 13:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/17 14:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.dell.com/support/in [binary data over 200 bytes]
IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60341
IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DLUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=OmyzwPx2JnLS6GhGmPVW8C6J31E?q={searchTerms}
IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.epcompanion.org"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.enabled: false
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\Windows\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mario\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Mario\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/01 23:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/04 20:47:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 13:06:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 13:06:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Mario\AppData\Roaming\Move Networks [2012/12/04 20:59:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 13:06:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 13:06:18 | 000,000,000 | ---D | M]
[2008/09/11 14:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Extensions
[2010/08/13 18:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\extensions
[2010/02/10 11:24:27 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/07/22 07:32:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/22 17:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\5xwdjfww.New Profile1\extensions
[2012/07/15 19:13:38 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\5xwdjfww.New Profile1\extensions\isreaditlater@ideashower.com.xpi
[2008/05/03 23:13:59 | 000,001,504 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\imdb.xml
[2010/08/07 16:04:21 | 000,001,562 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\tableratings.xml
[2008/05/04 16:11:14 | 000,000,705 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\webster.xml
[2008/05/04 09:24:48 | 000,001,032 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\wikipedia-eng.xml
[2012/10/27 13:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2012/12/04 20:59:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\MARIO\APPDATA\ROAMING\MOVE NETWORKS
[2012/10/27 13:06:26 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 17:19:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/13 15:50:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.epcompanion.org/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.epcompanion.org/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mario\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Mario\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\Windows\system32\npmirage.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Speed Dial = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.2_0\
CHR - Extension: Springpad = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0\
CHR - Extension: Quick Note = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2012/12/16 14:30:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
O3 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RMAlert] C:\Program Files\PC Tools Registry Mechanic\Alert.exe (PC Tools)
O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1003..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1004..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk = C:\Users\Mario\AppData\Local\temp\_uninst_91616670.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..Trusted Domains: msn.com ([moneycentral] https in Trusted sites)
O15 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx (AcPreview Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95BD10A2-992E-4E20-AAAE-45F7BB90EB14}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Mario\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mario\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/05 15:57:05 | 000,000,073 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/02 18:44:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe
[2012/12/31 14:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/31 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\JavaRa
[2012/12/25 23:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/12/17 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/12/16 14:34:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/16 14:34:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/16 14:34:00 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\temp
[2012/12/16 14:08:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/16 14:08:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/16 14:08:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/16 14:07:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/16 14:07:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/16 13:54:32 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\Mario\Desktop\ComboFix.exe
[2012/12/15 12:23:22 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mario\Desktop\tdsskiller.exe
[2012/12/14 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\DDS logs - 1st run
[2012/12/14 14:07:31 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\mbar-1.01.0.1011
[2012/12/13 02:04:19 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/12/13 02:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/12/12 23:33:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mario\Desktop\dds.com
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/02 18:45:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe
[2013/01/02 18:30:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/02 18:27:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293651391-2175594108-1919989058-1000UA.job
[2013/01/02 18:19:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/02 18:17:56 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 18:17:56 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 18:17:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/02 00:08:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/01 20:49:56 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293651391-2175594108-1919989058-1000Core.job
[2012/12/31 13:47:22 | 000,135,237 | ---- | M] () -- C:\Users\Mario\Desktop\JavaRa-2.0.zip
[2012/12/28 01:58:35 | 000,086,528 | ---- | M] () -- C:\Users\Mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/28 01:08:43 | 000,001,356 | ---- | M] () -- C:\Users\Mario\AppData\Local\d3d9caps.dat
[2012/12/25 23:06:36 | 000,000,847 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk
[2012/12/25 21:58:22 | 149,564,568 | ---- | M] () -- C:\Users\Mario\Desktop\setup_11.0.0.1245.x01_2012_12_26_05_15.exe
[2012/12/21 18:13:41 | 001,845,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/19 01:12:45 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/12/17 20:28:23 | 000,002,048 | ---- | M] () -- C:\Users\Mario\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/16 14:30:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/16 13:55:04 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\Mario\Desktop\ComboFix.exe
[2012/12/15 12:23:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mario\Desktop\tdsskiller.exe
[2012/12/14 14:52:53 | 000,615,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/14 14:52:53 | 000,108,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/14 14:14:56 | 000,029,882 | ---- | M] () -- C:\Users\Mario\Desktop\mbar message.jpg
[2012/12/14 13:16:26 | 013,485,902 | ---- | M] () -- C:\Users\Mario\Desktop\mbar-1.01.0.1011.zip
[2012/12/12 23:49:53 | 000,415,948 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/12/12 23:49:52 | 000,415,948 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/12/12 23:35:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mario\Desktop\dds.com
[2012/12/12 22:52:36 | 000,022,494 | ---- | M] () -- C:\Users\Mario\Desktop\startup error.jpg
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/31 13:47:18 | 000,135,237 | ---- | C] () -- C:\Users\Mario\Desktop\JavaRa-2.0.zip
[2012/12/25 23:06:36 | 000,000,847 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk
[2012/12/25 21:56:16 | 149,564,568 | ---- | C] () -- C:\Users\Mario\Desktop\setup_11.0.0.1245.x01_2012_12_26_05_15.exe
[2012/12/17 23:37:48 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/12/16 14:08:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/16 14:08:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/16 14:08:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/16 14:08:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/16 14:08:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/14 14:14:56 | 000,029,882 | ---- | C] () -- C:\Users\Mario\Desktop\mbar message.jpg
[2012/12/14 13:15:53 | 013,485,902 | ---- | C] () -- C:\Users\Mario\Desktop\mbar-1.01.0.1011.zip
[2012/12/13 01:58:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/13 01:58:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/12 22:52:35 | 000,022,494 | ---- | C] () -- C:\Users\Mario\Desktop\startup error.jpg
[2012/10/27 22:37:36 | 005,664,546 | ---- | C] () -- C:\Users\Mario\firefox bookmarks1.html
[2012/04/05 23:20:43 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011/03/16 19:09:20 | 000,012,020 | -HS- | C] () -- C:\Users\Mario\AppData\Local\3130882944
[2010/04/13 16:04:40 | 000,005,083 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/02/16 11:04:52 | 000,386,560 | ---- | C] () -- C:\Users\Mario\RCH_Stock_Market_Functions.xla
[2009/12/11 22:17:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/09 14:48:30 | 000,415,948 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/09 14:48:30 | 000,415,948 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/22 21:25:14 | 000,001,356 | ---- | C] () -- C:\Users\Mario\AppData\Local\d3d9caps.dat
[2009/07/10 12:15:34 | 000,004,924 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009/03/24 10:30:57 | 000,004,096 | -H-- | C] () -- C:\Users\Mario\AppData\Local\keyfile3.drm
[2007/11/05 15:16:13 | 000,000,093 | ---- | C] () -- C:\Users\Mario\AppData\Local\fusioncache.dat
[2007/09/25 19:13:05 | 000,003,737 | ---- | C] () -- C:\Users\Mario\Desktop(2)
[2007/04/22 21:59:07 | 000,000,000 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\wklnhst.dat
[2007/04/22 20:57:20 | 000,086,528 | ---- | C] () -- C:\Users\Mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009/05/05 16:50:08 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\.purple
[2012/11/14 08:09:01 | 000,000,000 | -HSD | M] -- C:\Users\Mario\AppData\Roaming\8A1713
[2010/11/08 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\AnvSoft
[2010/04/18 21:33:06 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Autodesk
[2007/11/05 16:30:59 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Bentley
[2009/05/15 16:33:11 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\DMCache
[2008/09/02 13:20:27 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\DNA
[2012/10/22 18:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Dropbox
[2012/11/14 20:07:23 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Fuoda
[2009/11/22 13:18:52 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Leadertech
[2012/11/13 19:27:35 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Luagod
[2012/11/13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Papa
[2008/01/08 04:27:20 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\pdf995
[2009/02/11 13:45:34 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Pokerazor
[2011/12/28 22:31:41 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Stardock
[2009/04/30 13:40:21 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\TeamViewer
[2007/04/22 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Template
[2012/12/14 14:07:24 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\uTorrent
[2009/11/19 19:25:34 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Western Digital
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8CEFE51A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C05A8628
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
-
Maniac,
I've run JavaRe to uninstall and then reinstall Java. I rebooted and still encounter the same popup message. Any thoughts on how to proceed?
Thanks!
-
Upon a restart of my computer, a black box window popped up with the application name of "_uninst_91616670", and an error prompt for this application appeared with the following text:
"Windows cannot find '215900.exe'. Make sure you typed the name correctly, and then try again"
What does this mean?
Thanks!
-
Here is the Kapersky log:
Status: Deleted (events: 191)
12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.h C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN High
12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.k C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ High
12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.k C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/Glorussstmz.class High
12/25/2012 11:35:43 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500002.VBN High
12/25/2012 11:35:43 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500002.VBN//CryptZ High
12/25/2012 11:35:43 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500002.VBN//CryptZ/bpac/a.class High
12/25/2012 11:35:39 PM Deleted Trojan program Exploit.Java.Agent.v C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN High
12/25/2012 11:35:39 PM Deleted Trojan program Trojan-Downloader.Java.Agent.es C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN//CryptZ High
12/25/2012 11:35:39 PM Deleted Trojan program Trojan-Downloader.Java.Agent.es C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN//CryptZ/AppletPanel.class High
12/25/2012 11:35:39 PM Deleted Trojan program Exploit.Java.Agent.v C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN//CryptZ/Main.class High
12/25/2012 11:35:49 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500005.VBN High
12/25/2012 11:35:49 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500005.VBN//CryptZ High
12/25/2012 11:35:49 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500005.VBN//CryptZ/bpac/a.class High
12/25/2012 11:35:43 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500002.VBN//CryptZ/bpac/KAVS.class High
12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.h C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN High
12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.k C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ High
12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.k C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/Glorussstmz.class High
12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.j C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/CusBen.class High
12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.m C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/padle.class High
12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.l C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/hubert.class High
12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.i C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/ClassPol.class High
12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.h C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/BlogRoner.class High
12/25/2012 11:35:49 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500005.VBN//CryptZ/bpac/KAVS.class High
12/25/2012 11:35:57 PM Deleted Trojan program Exploit.Java.Agent.f C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500008.VBN High
12/25/2012 11:35:57 PM Deleted Trojan program Exploit.Java.Agent.f C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500008.VBN//CryptZ High
12/25/2012 11:35:57 PM Deleted Trojan program Exploit.Java.Agent.f C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500008.VBN//CryptZ/quote/Mailvue.class High
12/25/2012 11:35:58 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000A.VBN High
12/25/2012 11:35:58 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000A.VBN//CryptZ High
12/25/2012 11:35:58 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000A.VBN//CryptZ/Email.class High
12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.j C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/CusBen.class High
12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.m C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/padle.class High
12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.l C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/hubert.class High
12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.i C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/ClassPol.class High
12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.h C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/BlogRoner.class High
12/25/2012 11:35:59 PM Deleted Trojan program Exploit.Java.Agent.dy C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000C.VBN High
12/25/2012 11:35:59 PM Deleted Trojan program Exploit.Java.Agent.dx C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000C.VBN//CryptZ High
12/25/2012 11:35:59 PM Deleted Trojan program Exploit.Java.Agent.dx C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000C.VBN//CryptZ/JavaUpdateApplication.class High
12/25/2012 11:35:58 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000A.VBN//CryptZ/ExecService.class High
12/25/2012 11:36:02 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fy C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000D.VBN High
12/25/2012 11:36:02 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fx C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000D.VBN//CryptZ High
12/25/2012 11:36:02 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fx C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000D.VBN//CryptZ/gogol/Emailer.class High
12/25/2012 11:36:07 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000F.VBN High
12/25/2012 11:36:07 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000F.VBN//CryptZ High
12/25/2012 11:36:07 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000F.VBN//CryptZ/Email.class High
12/25/2012 11:35:59 PM Deleted Trojan program Exploit.Java.Agent.dy C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000C.VBN//CryptZ/JavaUpdateManager.class High
12/25/2012 11:36:07 PM Deleted Trojan program Trojan.Java.Agent.ac C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500013.VBN High
12/25/2012 11:36:07 PM Deleted Trojan program Trojan.Java.Agent.ab C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500013.VBN//CryptZ High
12/25/2012 11:36:07 PM Deleted Trojan program Trojan.Java.Agent.ab C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500013.VBN//CryptZ/Is.class High
12/25/2012 11:36:02 PM Deleted Trojan program Exploit.Java.Agent.f C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000D.VBN//CryptZ/gogol/Familie.class High
12/25/2012 11:36:02 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fy C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000D.VBN//CryptZ/gogol/PhonBook.class High
12/25/2012 11:36:07 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000F.VBN//CryptZ/ExecService.class High
12/25/2012 11:36:07 PM Deleted Trojan program Trojan.Java.Agent.aa C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500013.VBN//CryptZ/MyName.class High
12/25/2012 11:36:07 PM Deleted Trojan program Trojan.Java.Agent.ac C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500013.VBN//CryptZ/Phone.class High
12/25/2012 11:36:12 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500017.VBN High
12/25/2012 11:36:12 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500017.VBN//CryptZ High
12/25/2012 11:36:12 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500017.VBN//CryptZ/Email.class High
12/25/2012 11:36:14 PM Deleted Trojan program Exploit.Java.CVE-2010-0842.d C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN High
12/25/2012 11:36:14 PM Deleted Trojan program Exploit.Java.CVE-2010-0842.d C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN//CryptZ High
12/25/2012 11:36:14 PM Deleted Trojan program Exploit.Java.CVE-2010-0842.d C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN//CryptZ/SiteAudioHelper.class High
12/25/2012 11:36:18 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300002.VBN High
12/25/2012 11:36:18 PM Deleted Trojan program Trojan.Java.Agent.ak C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300002.VBN//CryptZ High
12/25/2012 11:36:18 PM Deleted Trojan program Trojan.Java.Agent.ak C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300002.VBN//CryptZ/encode/Unicode.class High
12/25/2012 11:36:12 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500017.VBN//CryptZ/ExecService.class High
12/25/2012 11:36:20 PM Deleted Trojan program Trojan-Downloader.Java.Agent.jj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300004.VBN High
12/25/2012 11:36:20 PM Deleted Trojan program Trojan-Downloader.Java.Agent.jj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300004.VBN//CryptZ High
12/25/2012 11:36:20 PM Deleted Trojan program Trojan-Downloader.Java.Agent.jj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300004.VBN//CryptZ/Main$1.class High
12/25/2012 11:36:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.ja C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300006.VBN High
12/25/2012 11:36:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.ja C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300006.VBN//CryptZ High
12/25/2012 11:36:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.ja C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300006.VBN//CryptZ/RequiredJavaComponent.class High
12/25/2012 11:36:18 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300002.VBN//CryptZ/setup/lang.class High
12/25/2012 11:36:20 PM Deleted Trojan program Trojan-Downloader.Java.Agent.jj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300004.VBN//CryptZ/Main.class High
12/25/2012 11:36:26 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80000.VBN High
12/25/2012 11:36:26 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80000.VBN//CryptZ High
12/25/2012 11:36:26 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80000.VBN//CryptZ//UPX High
12/25/2012 11:36:29 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN High
12/25/2012 11:36:29 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN//CryptZ High
12/25/2012 11:36:29 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN//CryptZ//UPX High
12/25/2012 11:36:33 PM Deleted Trojan program Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN High
12/25/2012 11:36:33 PM Deleted Trojan program Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN//CryptZ High
12/25/2012 11:36:33 PM Deleted Trojan program Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN//CryptZ/glass/boing.class High
12/25/2012 11:36:34 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00001.VBN High
12/25/2012 11:36:34 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00001.VBN//CryptZ High
12/25/2012 11:36:34 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00001.VBN//CryptZ/setup/lang.class High
12/25/2012 11:36:58 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN High
12/25/2012 11:36:58 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN//CryptZ High
12/25/2012 11:36:58 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN//CryptZ/setup/lang.class High
12/25/2012 11:39:14 PM Deleted Trojan program Trojan.Java.Agent.am C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN High
12/25/2012 11:39:14 PM Deleted Trojan program Trojan.Java.Agent.am C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN//CryptZ High
12/25/2012 11:39:14 PM Deleted Trojan program Trojan.Java.Agent.am C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN//CryptZ/bpac/b.class High
12/25/2012 11:39:27 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN High
12/25/2012 11:39:27 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN//CryptZ High
12/25/2012 11:39:27 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN//CryptZ//UPX High
12/25/2012 11:39:37 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BBC0000.VBN High
12/25/2012 11:39:37 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BBC0000.VBN//CryptZ High
12/25/2012 11:39:37 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BBC0000.VBN//CryptZ//UPX High
12/25/2012 11:39:44 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000.VBN High
12/25/2012 11:39:44 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000.VBN//CryptZ High
12/25/2012 11:39:44 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000.VBN//CryptZ//UPX High
12/25/2012 11:39:53 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000.VBN High
12/25/2012 11:39:53 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000.VBN//CryptZ High
12/25/2012 11:39:53 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000.VBN//CryptZ//UPX High
12/25/2012 11:40:06 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000000.VBN High
12/25/2012 11:40:06 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000000.VBN//CryptZ High
12/25/2012 11:40:06 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000000.VBN//CryptZ//UPX High
12/25/2012 11:56:23 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0000.VBN High
12/25/2012 11:56:23 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0000.VBN//CryptZ High
12/25/2012 11:56:23 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0000.VBN//CryptZ//UPX High
12/25/2012 11:58:58 PM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140002.VBN Medium
12/25/2012 11:58:58 PM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140002.VBN//CryptZ Medium
12/25/2012 11:59:10 PM Deleted Trojan program Trojan.Win32.Buzus.agcj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B100000.VBN High
12/25/2012 11:59:10 PM Deleted Trojan program Trojan.Win32.Buzus.agcj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B100000.VBN//CryptZ High
12/25/2012 11:59:10 PM Deleted Trojan program Trojan.Win32.Buzus.agcj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B100000.VBN//CryptZ//Bangbros.com password geneator by Sev7n.exe High
12/25/2012 11:58:59 PM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140003.VBN Medium
12/25/2012 11:58:59 PM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140003.VBN//CryptZ Medium
12/26/2012 12:01:00 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EA00000.VBN High
12/26/2012 12:01:00 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EA00000.VBN//CryptZ High
12/26/2012 12:01:00 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EA00000.VBN//CryptZ//UPX High
12/26/2012 12:01:03 AM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140004.VBN Medium
12/26/2012 12:01:03 AM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140004.VBN//CryptZ Medium
12/26/2012 12:01:06 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000.VBN High
12/26/2012 12:01:06 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000.VBN//CryptZ High
12/26/2012 12:01:06 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000.VBN//CryptZ//UPX High
12/26/2012 12:01:08 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00002.VBN High
12/26/2012 12:01:08 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00002.VBN//CryptZ High
12/26/2012 12:01:08 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00002.VBN//CryptZ/bpac/KAVS.class High
12/26/2012 12:01:10 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00003.VBN High
12/26/2012 12:01:10 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00003.VBN//CryptZ High
12/26/2012 12:01:10 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00003.VBN//CryptZ/bpac/KAVS.class High
12/26/2012 12:01:13 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00004.VBN High
12/26/2012 12:01:13 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00004.VBN//CryptZ High
12/26/2012 12:01:13 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00004.VBN//CryptZ/prev/monoid.class High
12/26/2012 12:01:15 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00005.VBN High
12/26/2012 12:01:15 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cf C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00005.VBN//CryptZ High
12/26/2012 12:01:15 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cf C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00005.VBN//CryptZ/bpac/a.class High
12/26/2012 12:01:17 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\117C0000.VBN High
12/26/2012 12:01:17 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\117C0000.VBN//CryptZ High
12/26/2012 12:01:17 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\117C0000.VBN//CryptZ//UPX High
12/26/2012 12:01:20 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11880000.VBN High
12/26/2012 12:01:20 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11880000.VBN//CryptZ High
12/26/2012 12:01:20 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11880000.VBN//CryptZ//UPX High
12/26/2012 12:01:15 AM Deleted Trojan program Trojan.Java.Agent.am C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00005.VBN//CryptZ/bpac/b.class High
12/26/2012 12:01:15 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00005.VBN//CryptZ/bpac/KAVS.class High
12/26/2012 12:01:22 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B80000.VBN High
12/26/2012 12:01:22 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B80000.VBN//CryptZ High
12/26/2012 12:01:22 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B80000.VBN//CryptZ//UPX High
12/26/2012 12:01:24 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN High
12/26/2012 12:01:24 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN//CryptZ High
12/26/2012 12:01:24 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN//CryptZ/javax/AServers.class High
12/26/2012 12:01:36 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0001.VBN High
12/26/2012 12:01:36 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0001.VBN//CryptZ High
12/26/2012 12:01:36 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0001.VBN//CryptZ/javax/AServers.class High
12/26/2012 12:01:39 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0002.VBN High
12/26/2012 12:01:39 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0002.VBN//CryptZ High
12/26/2012 12:01:39 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0002.VBN//CryptZ/javax/AServers.class High
12/26/2012 12:01:24 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN//CryptZ/javax/Server1.class High
12/26/2012 12:01:24 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN//CryptZ/javax/Server2.class High
12/26/2012 12:01:36 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0001.VBN//CryptZ/javax/Server1.class High
12/26/2012 12:01:36 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0001.VBN//CryptZ/javax/Server2.class High
12/26/2012 12:01:43 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13800000.VBN High
12/26/2012 12:01:43 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13800000.VBN//CryptZ High
12/26/2012 12:01:43 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13800000.VBN//CryptZ//UPX High
12/26/2012 12:01:39 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0002.VBN//CryptZ/javax/Server1.class High
12/26/2012 12:01:39 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0002.VBN//CryptZ/javax/Server2.class High
12/26/2012 12:01:55 AM Deleted Trojan program Exploit.Java.CVE-2010-0840.fs C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B4000D.VBN High
12/26/2012 12:01:55 AM Deleted Trojan program Exploit.Java.CVE-2010-0840.eq C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B4000D.VBN//CryptZ High
12/26/2012 12:01:55 AM Deleted Trojan program Exploit.Java.CVE-2010-0840.eq C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B4000D.VBN//CryptZ/json/Parser.class High
12/26/2012 12:01:57 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40000\4BF4846E.VBN High
12/26/2012 12:01:57 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40000\4BF4846E.VBN//CryptZ High
12/26/2012 12:01:57 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40000\4BF4846E.VBN//CryptZ//UPX High
12/26/2012 12:01:55 AM Deleted Trojan program Exploit.Java.CVE-2010-0840.fs C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B4000D.VBN//CryptZ/json/XML.class High
12/26/2012 12:02:31 AM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140001\4DFE4545.VBN Medium
12/26/2012 12:02:31 AM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140001\4DFE4545.VBN//CryptZ Medium
12/26/2012 12:03:26 AM Deleted virus Worm.Win32.AutoRun.gmf C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C580000\4CFA7E15.VBN High
12/26/2012 12:03:26 AM Deleted virus Worm.Win32.AutoRun.gmf C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C580000\4CFA7E15.VBN//CryptZ High
12/26/2012 12:03:23 AM Deleted Trojan program Trojan.Win32.FraudPack.awms C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D3C0001\4D3F3322.VBN High
12/26/2012 12:03:23 AM Deleted Trojan program Trojan.Win32.FraudPack.awms C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D3C0001\4D3F3322.VBN//CryptZ High
12/26/2012 12:03:25 AM Deleted virus P2P-Worm.Win32.Palevo.fuc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB00000\4DB53FE8.VBN High
12/26/2012 12:03:25 AM Deleted virus P2P-Worm.Win32.Palevo.fuc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB00000\4DB53FE8.VBN//CryptZ High
12/26/2012 12:03:30 AM Deleted virus P2P-Worm.Win32.Palevo.fuc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB00001\4DB54000.VBN High
12/26/2012 12:03:30 AM Deleted virus P2P-Worm.Win32.Palevo.fuc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB00001\4DB54000.VBN//CryptZ High
12/26/2012 12:03:35 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80000\5DCDEFB1.VBN High
12/26/2012 12:03:35 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80000\5DCDEFB1.VBN//CryptZ High
12/26/2012 12:03:35 AM Deleted Trojan program Exploit.Java.CVE-2012-0507.mr C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80000\5DCDEFB1.VBN//CryptZ/sIda/sIdb.class High
12/26/2012 12:03:40 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300000\5E7D0904.VBN High
12/26/2012 12:03:40 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300000\5E7D0904.VBN//CryptZ High
12/26/2012 12:03:40 AM Deleted Trojan program Exploit.Java.CVE-2012-0507.mr C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300000\5E7D0904.VBN//CryptZ/sIda/sIdb.class High
12/26/2012 12:03:44 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dd C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14880000\5FB80C9C.VBN High
12/26/2012 12:03:44 AM Deleted Trojan program Trojan.Java.Agent.ak C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14880000\5FB80C9C.VBN//CryptZ High
12/26/2012 12:03:44 AM Deleted Trojan program Trojan.Java.Agent.ak C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14880000\5FB80C9C.VBN//CryptZ/chrome/Unicode.class High
12/26/2012 12:03:44 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dd C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14880000\5FB80C9C.VBN//CryptZ/direct/bear.class High
12/26/2012 12:14:24 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2b8f6efc-10bd4d82 High
Thanks
-
I reran Malwarebytes, and this time no items were found. So it looks like the malware I originally posted about is gone. Is there any other diagnostic tool I should run to confirm this?
Thanks for all your help!
-maa
-
I have run JavaRa and installed a fresh version of Java. Thanks for your help so far. What is the next step?
-
I reran ESET Online Scanner because the log file did not populate with data other than the two lines posted in my last reply. This time, again the log shows the same thing, but prior to exiting the ESET Online Scanner, I exported the items found to a text file, which I am posting below. This time it found more items; perhaps this is because I selected for the program to scan archives this time as well. Please let me know what you find in these logs and what the next step is.
Thank you!
C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5510090f-6f0d5a83 multiple threats deleted - quarantined
C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\12a29e1f-6659172f multiple threats deleted - quarantined
C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5185f621-7e5391c9 probably a variant of Java/Exploit.CVE-2012-1723.DH trojan deleted - quarantined
C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\12b52ba2-27f5dd03 a variant of Java/Exploit.CVE-2011-3544.B trojan deleted - quarantined
C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\43362130-78e1c13e a variant of Java/Exploit.CVE-2011-3544.B trojan deleted - quarantined
C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3ecea2f2-574b8882 multiple threats deleted - quarantined
C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\45815038-505ee3a6 multiple threats deleted - quarantined
-
Here is the log file after I ran the ESET Online Scanner. It doesn't look right to me. The process did find 2 items that it quarantined, but the log is only two lines long total:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
-
Maniac, here is the ComboFix log:
ComboFix 12-12-14.01 - Mario 12/16/2012 14:12:03.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1451 [GMT -5:00]
Running from: c:\users\Mario\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3130882944
c:\programdata\xml1120.tmp
c:\programdata\xml12A7.tmp
c:\programdata\xmlE04.tmp
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-13 07:06 . 2012-12-13 07:06 -------- d-----w- c:\users\UpdatusUser
2012-12-13 07:05 . 2012-10-02 19:29 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-13 07:04 . 2012-10-11 02:14 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-13 07:03 . 2012-12-13 07:03 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-12-13 06:57 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 06:57 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 06:57 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 06:57 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 06:57 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 06:57 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 06:57 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 06:57 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 06:57 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 06:57 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 06:57 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 05:29 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpengine.dll
2012-12-13 05:28 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 05:28 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-12-13 05:28 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 05:28 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 05:28 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 05:28 . 2012-11-08 03:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 05:28 . 2012-11-08 01:36 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 05:28 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 04:31 . 2012-04-06 04:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 04:31 . 2011-05-28 16:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 02:15 . 2012-10-11 02:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:15 . 2012-10-11 02:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:14 . 2012-10-11 02:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-11 02:14 . 2012-10-11 02:14 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-11 02:14 . 2012-10-11 02:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:14 . 2012-10-11 02:14 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-11 02:14 . 2012-10-11 02:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:14 . 2012-10-11 02:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:14 . 2012-10-11 02:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-11 02:14 . 2012-10-11 02:14 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-11 02:14 . 2012-10-11 02:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:14 . 2012-10-11 02:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-02 19:29 . 2009-09-27 21:47 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2009-09-27 21:47 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2009-09-27 21:47 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2009-09-27 21:47 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2009-09-27 21:46 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-29 23:54 . 2008-07-02 19:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 18:06 . 2012-10-27 18:06 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-08 13:42 . 2012-10-27 18:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-02-03 103896]
"RMAlert"="c:\program files\PC Tools Registry Mechanic\Alert.exe" [2012-02-03 1018328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-5-1 293950]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2010-12-26 6144]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-11 03:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- f:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-09-29 23:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:31]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 04:03]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 04:03]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-293651391-2175594108-1919989058-1000Core.job
- c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-24 13:49]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-293651391-2175594108-1919989058-1000UA.job
- c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-24 13:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: msn.com\moneycentral
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\5xwdjfww.New Profile1\
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-UltimateHistory - c:\users\Mario\AppData\Roaming\8A1713\8A1713.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
SafeBoot-26095635.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-16 14:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-12-16 14:33:58
ComboFix-quarantined-files.txt 2012-12-16 19:33
.
Pre-Run: 505,360,384 bytes free
Post-Run: 3,435,683,840 bytes free
.
- - End Of File - - 31966A1CA52539FB3FE3BC932B10BDF6
-
12:39:44.0559 5844 [ EC9759527C5CF7737CEE852F02E7B44F ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
12:39:44.0559 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll - ok
12:39:44.0574 5844 [ D044057F830E44F2761EB6EAD555D6F3 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
12:39:44.0574 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll - ok
12:39:44.0574 5844 [ 175A9C7F4695C289A719EBE73DACE28D ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
12:39:44.0574 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll - ok
12:39:44.0590 5844 [ 6CF6E9A539CBB5D855FFA7C5B057B4A2 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
12:39:44.0590 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll - ok
12:39:44.0590 5844 [ C39654B3BFFABC6B60D1BE622C2DF891 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
12:39:44.0590 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll - ok
12:39:44.0606 5844 [ B2FFF046E2FCBF005235840A056A3560 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
12:39:44.0606 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll - ok
12:39:44.0606 5844 [ 22439D1A72ED0293CD4ED6C4D8B0D7FD ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
12:39:44.0606 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll - ok
12:39:44.0621 5844 [ 0ACC49E7FE0EBF8D0886B6E435F51E45 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
12:39:44.0621 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll - ok
12:39:44.0621 5844 [ 9B00BCEAC0FC22E1ED9EADF14EF070F9 ] C:\Program Files\Common Files\Symantec Shared\ccScan.dll
12:39:44.0621 5844 C:\Program Files\Common Files\Symantec Shared\ccScan.dll - ok
12:39:44.0637 5844 [ 25D7A040A493AB91052F9170D4DB80D4 ] C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
12:39:44.0637 5844 C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL - ok
12:39:44.0637 5844 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
12:39:44.0637 5844 C:\Windows\System32\ie4uinit.exe - ok
12:39:44.0652 5844 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
12:39:44.0652 5844 C:\Windows\System32\iedkcs32.dll - ok
12:39:44.0652 5844 [ 4B19A9A4191353007E9819A832B81186 ] C:\Windows\System32\timedate.cpl
12:39:44.0652 5844 C:\Windows\System32\timedate.cpl - ok
12:39:44.0668 5844 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\System32\actxprxy.dll
12:39:44.0668 5844 C:\Windows\System32\actxprxy.dll - ok
12:39:44.0668 5844 [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\Windows\System32\msshsq.dll
12:39:44.0668 5844 C:\Windows\System32\msshsq.dll - ok
12:39:44.0668 5844 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\99924713.sys
12:39:44.0668 5844 C:\Windows\System32\drivers\99924713.sys - ok
12:39:44.0684 5844 [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\Windows\System32\NaturalLanguage6.dll
12:39:44.0699 5844 C:\Windows\System32\NaturalLanguage6.dll - ok
12:39:44.0699 5844 [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\Windows\System32\NlsData0009.dll
12:39:44.0699 5844 C:\Windows\System32\NlsData0009.dll - ok
12:39:44.0715 5844 [ 8629B71343F61E1140243581C63BC0C7 ] C:\Windows\System32\NlsLexicons0009.dll
12:39:44.0715 5844 C:\Windows\System32\NlsLexicons0009.dll - ok
12:39:44.0715 5844 [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\Windows\System32\linkinfo.dll
12:39:44.0715 5844 C:\Windows\System32\linkinfo.dll - ok
12:39:44.0730 5844 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\System32\riched20.dll
12:39:44.0730 5844 C:\Windows\System32\riched20.dll - ok
12:39:44.0730 5844 [ 04044BF8E6989BE45FA718C24407CA28 ] C:\Windows\System32\networkexplorer.dll
12:39:44.0730 5844 C:\Windows\System32\networkexplorer.dll - ok
12:39:44.0746 5844 [ 8B407DA061D8E81974F8D071BE02D78A ] F:\Program Files\iTunes\iTunes.exe
12:39:44.0746 5844 F:\Program Files\iTunes\iTunes.exe - ok
12:39:44.0746 5844 [ D8C2B95BC2353E1F18850D6B8F5DBA13 ] C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
12:39:44.0746 5844 C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll - ok
12:39:44.0762 5844 [ 533AECD1B5356870AE2D905B4D3B42B7 ] C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
12:39:44.0762 5844 C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll - ok
12:39:44.0762 5844 [ 0D392EDE3B97E0B3131B2F63EF1DB94E ] C:\Program Files\Windows Defender\MSASCui.exe
12:39:44.0762 5844 C:\Program Files\Windows Defender\MSASCui.exe - ok
12:39:44.0777 5844 [ D2CA35A3F711E613D9399845CE9302FA ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
12:39:44.0777 5844 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe - ok
12:39:44.0777 5844 [ 59A7A606B158D4B9A2F966FA179ED0C4 ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\CCERASER.DLL
12:39:44.0777 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\CCERASER.DLL - ok
12:39:44.0824 5844 [ 85B8B4032A895A746D46A288A9B30DED ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\EECTRL.SYS
12:39:44.0824 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\EECTRL.SYS - ok
12:39:44.0840 5844 [ FF3BF05021BFECC92DB81B8257EEB026 ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
12:39:44.0840 5844 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe - ok
12:39:44.0840 5844 [ 7DF281B808B9EEE4761B2BABEA0D9995 ] C:\Program Files\Symantec AntiVirus\DefUtDCD.dll
12:39:44.0840 5844 C:\Program Files\Symantec AntiVirus\DefUtDCD.dll - ok
12:39:44.0855 5844 [ 9EC8510AB428F079BFCC96A7B2F8709C ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\ECMSVR32.DLL
12:39:44.0855 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\ECMSVR32.DLL - ok
12:39:44.0855 5844 [ 61216539E55DDF2F78E421E7EF140650 ] C:\Windows\System32\ExplorerFrame.dll
12:39:44.0855 5844 C:\Windows\System32\ExplorerFrame.dll - ok
12:39:44.0871 5844 [ BF67A8F7CC0E83D226FED8B4E27F8C33 ] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
12:39:44.0871 5844 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe - ok
12:39:44.0871 5844 [ 69F88751C739AE79908B5BFCE8D9915B ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX32A.DLL
12:39:44.0871 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX32A.DLL - ok
12:39:44.0886 5844 [ C84A5C60883395B875F01140F48BB887 ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG32.DLL
12:39:44.0886 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG32.DLL - ok
12:39:44.0886 5844 [ 9ABF687071C649609BF7E177062A9008 ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
12:39:44.0886 5844 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe - ok
12:39:44.0902 5844 [ 7AFDC3C713253451CD1F3C809903018B ] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
12:39:44.0902 5844 C:\Program Files\Common Files\Symantec Shared\ccApp.exe - ok
12:39:44.0902 5844 [ 62F305095A75FB319D1D91DA9D4083E6 ] C:\Program Files\Symantec AntiVirus\VPTray.exe
12:39:44.0902 5844 C:\Program Files\Symantec AntiVirus\VPTray.exe - ok
12:39:44.0902 5844 [ 267B3A856E9F4DB1CABD4E6DB71E07D2 ] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
12:39:44.0902 5844 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe - ok
12:39:44.0918 5844 [ 00D1FB0073B4A8BD2989EA8FF4CC792B ] C:\Program Files\Dell Support Center\bin\sprtcmd.exe
12:39:44.0918 5844 C:\Program Files\Dell Support Center\bin\sprtcmd.exe - ok
12:39:44.0918 5844 [ 027E5E14C9CFF810377701BDEAD8210F ] C:\Windows\System32\control.exe
12:39:44.0918 5844 C:\Windows\System32\control.exe - ok
12:39:44.0933 5844 [ 5016B8FC59AD616F03813FBE63295081 ] C:\Windows\System32\thumbcache.dll
12:39:44.0933 5844 C:\Windows\System32\thumbcache.dll - ok
12:39:44.0933 5844 [ B5950DF243837D8217F4E597919B224A ] C:\Windows\System32\stobject.dll
12:39:44.0933 5844 C:\Windows\System32\stobject.dll - ok
12:39:44.0949 5844 [ EC69B16644C613F41A57169F8D068F1D ] C:\Windows\System32\batmeter.dll
12:39:44.0949 5844 C:\Windows\System32\batmeter.dll - ok
12:39:44.0949 5844 [ 30F02D9C55053367E26A11482F51E255 ] C:\Windows\System32\SndVolSSO.dll
12:39:44.0949 5844 C:\Windows\System32\SndVolSSO.dll - ok
12:39:44.0949 5844 [ E98E402067978DB38282158F9E8609CA ] C:\Windows\System32\netshell.dll
12:39:44.0949 5844 C:\Windows\System32\netshell.dll - ok
12:39:44.0964 5844 [ 75AD59B9B12EB194486BE8D97B062994 ] C:\Windows\System32\pnidui.dll
12:39:44.0964 5844 C:\Windows\System32\pnidui.dll - ok
12:39:44.0964 5844 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\System32\wlanutil.dll
12:39:44.0964 5844 C:\Windows\System32\wlanutil.dll - ok
12:39:44.0980 5844 [ 2DD6AF8E97F59C9D39329BBC2A81F13F ] C:\Windows\System32\rasdlg.dll
12:39:44.0980 5844 C:\Windows\System32\rasdlg.dll - ok
12:39:44.0980 5844 [ 398A8EC90F058C61F6DDC0E5440A8F27 ] C:\Program Files\Stardock\Fences\FencesMenu.dll
12:39:44.0980 5844 C:\Program Files\Stardock\Fences\FencesMenu.dll - ok
12:39:44.0996 5844 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\System32\wlanapi.dll
12:39:44.0996 5844 C:\Windows\System32\wlanapi.dll - ok
12:39:44.0996 5844 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\System32\onex.dll
12:39:44.0996 5844 C:\Windows\System32\onex.dll - ok
12:39:44.0996 5844 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\System32\eappprxy.dll
12:39:44.0996 5844 C:\Windows\System32\eappprxy.dll - ok
12:39:45.0011 5844 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\System32\eappcfg.dll
12:39:45.0011 5844 C:\Windows\System32\eappcfg.dll - ok
12:39:45.0011 5844 [ 0BE08F4B69EF75C6EEE4330C4F389614 ] C:\Program Files\Stardock\Fences\DesktopDock.dll
12:39:45.0011 5844 C:\Program Files\Stardock\Fences\DesktopDock.dll - ok
12:39:45.0011 5844 [ 4A839160ED1963F9A1526DDA2D1233B2 ] C:\Windows\System32\AltTab.dll
12:39:45.0011 5844 C:\Windows\System32\AltTab.dll - ok
12:39:45.0027 5844 [ 6B5C53E0932C510606D700B7A896EF73 ] C:\Windows\System32\WPDShServiceObj.dll
12:39:45.0027 5844 C:\Windows\System32\WPDShServiceObj.dll - ok
12:39:45.0042 5844 [ 883D02AB5D350BC45E0F60E8CFA97FDC ] C:\Windows\System32\PortableDeviceTypes.dll
12:39:45.0042 5844 C:\Windows\System32\PortableDeviceTypes.dll - ok
12:39:45.0058 5844 [ 9E6DC845DED46CCBE085DD24503750C0 ] C:\Program Files\Stardock\Fences\Fences.exe
12:39:45.0058 5844 C:\Program Files\Stardock\Fences\Fences.exe - ok
12:39:45.0058 5844 [ 7855EA6ACBAD155EFFE6F0BA94790F50 ] C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
12:39:45.0058 5844 C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll - ok
12:39:45.0074 5844 [ 733DA847D5C3E32C40BA831BEAA8DC93 ] C:\Windows\sttray.exe
12:39:45.0074 5844 C:\Windows\sttray.exe - ok
12:39:45.0074 5844 [ 21221CD7C7C844F6F0E0B7BC69CBA36B ] C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE
12:39:45.0074 5844 C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE - ok
12:39:45.0089 5844 [ 76FF9F849B0B56A73082DA8294821460 ] C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll
12:39:45.0089 5844 C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll - ok
12:39:45.0089 5844 [ C1873D880786B6B03AF781E23835D925 ] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe
12:39:45.0089 5844 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe - ok
12:39:45.0105 5844 [ 0E34B7BB1FCF22BCC1E394D16F9E992B ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
12:39:45.0105 5844 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - ok
12:39:45.0105 5844 [ 26DE50A7F668F541B8130A0E26EFF3D8 ] C:\Program Files\Microsoft Works\MSWorks.exe
12:39:45.0105 5844 C:\Program Files\Microsoft Works\MSWorks.exe - ok
12:39:45.0120 5844 [ C37571F7C79C3972D641804F1DF7C0F5 ] C:\Program Files\Microsoft Works\wksdb.exe
12:39:45.0120 5844 C:\Program Files\Microsoft Works\wksdb.exe - ok
12:39:45.0120 5844 [ 42CDFB2273EEC623B903C311B19FB484 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
12:39:45.0120 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe - ok
12:39:45.0136 5844 [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe
12:39:45.0136 5844 C:\Program Files\Windows Calendar\WinCal.exe - ok
12:39:45.0136 5844 [ F7DD2D785280DB73DC9060F80361BEFB ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
12:39:45.0136 5844 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
12:39:45.0152 5844 [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe
12:39:45.0152 5844 C:\Program Files\Windows Mail\wab.exe - ok
12:39:45.0152 5844 [ 73430E79D6DF4DE9055E2A7742B881D3 ] C:\Program Files\QuickTime\QTTask.exe
12:39:45.0152 5844 C:\Program Files\QuickTime\QTTask.exe - ok
12:39:45.0152 5844 [ 1DA3649A396560D207489150F4FA25DF ] C:\Program Files\Common Files\Symantec Shared\ccProd.dll
12:39:45.0152 5844 C:\Program Files\Common Files\Symantec Shared\ccProd.dll - ok
12:39:45.0167 5844 [ D743372A621ED03A274539A88EEB3450 ] F:\Program Files\iTunes\iTunesHelper.exe
12:39:45.0167 5844 F:\Program Files\iTunes\iTunesHelper.exe - ok
12:39:45.0167 5844 [ 52BC119E49F88F2A5D1466230B1275C7 ] C:\Program Files\Windows Collaboration\WinCollab.exe
12:39:45.0167 5844 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
12:39:45.0183 5844 [ 392845E8D49B5F0E81AAC4D795000A8C ] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
12:39:45.0183 5844 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - ok
12:39:45.0183 5844 [ C4AB08459CD7B59B410ACFC04D90E87B ] C:\Program Files\Movie Maker\MOVIEMK.exe
12:39:45.0183 5844 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
12:39:45.0183 5844 [ 4EB0C6C3EF4D8885CF2B5D0062F31E44 ] C:\Program Files\DivX\DivX Update\DivXUpdate.exe
12:39:45.0183 5844 C:\Program Files\DivX\DivX Update\DivXUpdate.exe - ok
12:39:45.0198 5844 [ C03AC1FBCD625F93D2C245D97E06F270 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
12:39:45.0198 5844 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
12:39:45.0198 5844 [ C10997CADE9231395002707B8FB23AF4 ] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
12:39:45.0198 5844 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe - ok
12:39:45.0214 5844 [ E3A9BCC3BAF5909361963AF8D49E1EC9 ] C:\Program Files\PC Tools Registry Mechanic\Alert.exe
12:39:45.0214 5844 C:\Program Files\PC Tools Registry Mechanic\Alert.exe - ok
12:39:45.0214 5844 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
12:39:45.0214 5844 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
12:39:45.0230 5844 [ 069385484EA57B663D688894C88975C5 ] C:\Windows\System32\wuapp.exe
12:39:45.0230 5844 C:\Windows\System32\wuapp.exe - ok
12:39:45.0230 5844 [ 9E35FF7F943AE0FB89192BFE058B7FD4 ] C:\Program Files\Windows Sidebar\sidebar.exe
12:39:45.0230 5844 C:\Program Files\Windows Sidebar\sidebar.exe - ok
12:39:45.0245 5844 [ 8F58544719E1C435BC36A8B207096581 ] C:\Windows\System32\verclsid.exe
12:39:45.0245 5844 C:\Windows\System32\verclsid.exe - ok
12:39:45.0245 5844 [ 7001ED498AFE9921DB7231878DE1CE12 ] F:\Program Files\iTunes\iTunesHelper.dll
12:39:45.0245 5844 F:\Program Files\iTunes\iTunesHelper.dll - ok
12:39:45.0261 5844 [ 9C94183A22256C35B025A900AF4B5372 ] F:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
12:39:45.0261 5844 F:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
12:39:45.0261 5844 [ 3AF147EDC68CB34CB91B606DB6304F11 ] F:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
12:39:45.0261 5844 F:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
12:39:45.0276 5844 [ EF764E33878B3A4A9E5A2FB5D0D031D0 ] C:\Windows\System32\dciman32.dll
12:39:45.0276 5844 C:\Windows\System32\dciman32.dll - ok
12:39:45.0276 5844 [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\Windows\System32\ntshrui.dll
12:39:45.0276 5844 C:\Windows\System32\ntshrui.dll - ok
12:39:45.0292 5844 [ D7675F963BE522060140ECD15607BCB8 ] C:\Windows\System32\DLAAPI_W.DLL
12:39:45.0292 5844 C:\Windows\System32\DLAAPI_W.DLL - ok
12:39:45.0292 5844 [ D299BE72FB0554016F69C3CF04274D7C ] C:\Program Files\Roxio\Drag-to-Disc\ShellRes.DLL
12:39:45.0292 5844 C:\Program Files\Roxio\Drag-to-Disc\ShellRes.DLL - ok
12:39:45.0292 5844 [ B1CD1BCD8DB4351FDB026EC750F1F806 ] C:\Program Files\WinZip\WINZIP32.EXE
12:39:45.0292 5844 C:\Program Files\WinZip\WINZIP32.EXE - ok
12:39:45.0308 5844 [ CC4413981C4F1234E6E884DFF8B99C03 ] C:\Program Files\DellSupport\DSAgnt.exe
12:39:45.0308 5844 C:\Program Files\DellSupport\DSAgnt.exe - ok
12:39:45.0323 5844 [ 7F317D4826FDA6682B63942D248AF96E ] C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
12:39:45.0323 5844 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll - ok
12:39:45.0339 5844 [ A6FA5D45ACF2E855F890FAC505EFEDB2 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
12:39:45.0339 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
12:39:45.0339 5844 [ 5A8EE90789295C5A6A867580FB4D955E ] C:\Program Files\WinZip\WZ32.DLL
12:39:45.0339 5844 C:\Program Files\WinZip\WZ32.DLL - ok
12:39:45.0354 5844 [ F02A533F517EB38333CB12A9E8963773 ] C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe
12:39:45.0354 5844 C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe - ok
12:39:45.0354 5844 [ 35937EAD711207544E219C2A19A78A7D ] C:\Program Files\Windows Media Player\wmpnscfg.exe
12:39:45.0354 5844 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
12:39:45.0354 5844 [ EB4CDF2ECA64FBACAFBAD2B04B1B2862 ] C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
12:39:45.0354 5844 C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll - ok
12:39:45.0370 5844 [ FA2A3AFADC4FB47DBC234A4E57F92CDB ] C:\Windows\System32\ddraw.dll
12:39:45.0370 5844 C:\Windows\System32\ddraw.dll - ok
12:39:45.0370 5844 [ 21C0D7CF8FF91A6ED206CD327FA1CE4B ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeNotification.dll
12:39:45.0370 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeNotification.dll - ok
12:39:45.0386 5844 [ ED3F7B4548A13561278BF6018D1364A0 ] C:\Windows\System32\stlang.dll
12:39:45.0386 5844 C:\Windows\System32\stlang.dll - ok
12:39:45.0386 5844 [ 894AC58BD04D4CFEFB92E458EBEB99F7 ] C:\Program Files\Stardock\Fences\VistaBridgeLibrary.dll
12:39:45.0386 5844 C:\Program Files\Stardock\Fences\VistaBridgeLibrary.dll - ok
12:39:45.0401 5844 [ 3EDD138C17FAB3703DE80A8F9B70C00E ] C:\Windows\assembly\NativeImages_v2.0.50727_32\Fences\7986e4f0d8fd3a3fe572131f9027566a\Fences.ni.exe
12:39:45.0401 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\Fences\7986e4f0d8fd3a3fe572131f9027566a\Fences.ni.exe - ok
12:39:45.0401 5844 [ 9BF6EFFF98EB48F96AE02F3E1EF4AAD3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
12:39:45.0401 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll - ok
12:39:45.0417 5844 [ 358025079D90D14C518FD6AF71DF59AF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\69b17f1655da13d2cf4b8ca6e54e47d3\VistaBridgeLibrary.ni.dll
12:39:45.0417 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\69b17f1655da13d2cf4b8ca6e54e47d3\VistaBridgeLibrary.ni.dll - ok
12:39:45.0417 5844 [ C2CA4CB1650AE3DEF41C948FF9D37B86 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
12:39:45.0417 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll - ok
12:39:45.0417 5844 [ 530ED4B00397C2E65DDFDDFAC60744D2 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
12:39:45.0417 5844 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
12:39:45.0432 5844 [ 22BFD03DF51065A9ED8D17F8FB72296B ] C:\Windows\System32\ctfmon.exe
12:39:45.0432 5844 C:\Windows\System32\ctfmon.exe - ok
12:39:45.0432 5844 [ 6912D02CC912B980C8C12F9CDADB8763 ] C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
12:39:45.0432 5844 C:\Program Files\Evernote\Evernote\EvernoteClipper.exe - ok
12:39:45.0448 5844 [ E92143D1B2E32FAF6CC56FD97B908F6A ] C:\Windows\System32\wpdshext.dll
12:39:45.0448 5844 C:\Windows\System32\wpdshext.dll - ok
12:39:45.0448 5844 [ 8AC44F0E443974442B574E1DE77C8877 ] C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
12:39:45.0448 5844 C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe - ok
12:39:45.0448 5844 [ 8FB193CA7E2E6617913A45E783712F6D ] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll
12:39:45.0448 5844 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll - ok
12:39:45.0464 5844 [ F7950E8FBB9B26E1A347F00E11EA42B5 ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
12:39:45.0464 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
12:39:45.0464 5844 [ 33642C17C232AA272C68E446A2619899 ] C:\Program Files\iPod\bin\iPodService.exe
12:39:45.0464 5844 C:\Program Files\iPod\bin\iPodService.exe - ok
12:39:45.0479 5844 [ C4B5D43704B407C9B0D19AB19BB5303D ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
12:39:45.0479 5844 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
12:39:45.0495 5844 [ 2C542B82121066EA97B864F0F02A035C ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
12:39:45.0495 5844 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
12:39:45.0495 5844 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files\CyberLink\PowerDVD DX\MFC71.dll
12:39:45.0495 5844 C:\Program Files\CyberLink\PowerDVD DX\MFC71.dll - ok
12:39:45.0526 5844 [ A944A73CEC5921B871542FE5CC5E03E4 ] C:\Windows\System32\olepro32.dll
12:39:45.0526 5844 C:\Windows\System32\olepro32.dll - ok
12:39:45.0526 5844 [ 9490ABBFEF7A38AADE248D73A83ECD2A ] C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
12:39:45.0526 5844 C:\Program Files\Cisco Systems\VPN Client\vpngui.exe - ok
12:39:45.0526 5844 [ 3CC2A27927FE746D5946599821C5F8B7 ] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
12:39:45.0526 5844 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe - ok
12:39:45.0542 5844 [ 38A06338E10BC8C636FC20E8ADFE6BCA ] C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll
12:39:45.0542 5844 C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll - ok
12:39:45.0542 5844 [ FE56C0DA05F4C3B8BEAB297C486FF737 ] C:\Program Files\Cisco Systems\VPN Client\qt-mt335.dll
12:39:45.0542 5844 C:\Program Files\Cisco Systems\VPN Client\qt-mt335.dll - ok
12:39:45.0557 5844 [ 7145783529EC02A6B78F851EF97A12FE ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
12:39:45.0557 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe - ok
12:39:45.0557 5844 [ 9138E5C7FB95A70030324EDB430BF4B3 ] C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
12:39:45.0557 5844 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe - ok
12:39:45.0573 5844 [ 416ACCE24888703A2ECCB5DE31B51CF7 ] C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
12:39:45.0573 5844 C:\Program Files\Common Files\Symantec Shared\ccAlert.dll - ok
12:39:45.0573 5844 [ 4D7603D34FAD7C1226B7C2302556584A ] C:\Program Files\Symantec AntiVirus\Cliproxy.dll
12:39:45.0573 5844 C:\Program Files\Symantec AntiVirus\Cliproxy.dll - ok
12:39:45.0588 5844 [ 059A79C3ECB5133247F671A6CAB84FBA ] C:\Program Files\Evernote\Evernote\encrashrep.dll
12:39:45.0588 5844 C:\Program Files\Evernote\Evernote\encrashrep.dll - ok
12:39:45.0588 5844 [ 714445FBC09B4D8A791FFCF8EA0E7320 ] C:\Program Files\Evernote\Evernote\libxml2.dll
12:39:45.0588 5844 C:\Program Files\Evernote\Evernote\libxml2.dll - ok
12:39:45.0604 5844 [ 7F3602ED34BE9131D7088EB37B62AA08 ] C:\Program Files\Evernote\Evernote\libpcre.dll
12:39:45.0604 5844 C:\Program Files\Evernote\Evernote\libpcre.dll - ok
12:39:45.0604 5844 [ ADC90EBBE2823C23A0406ACD3D6E9312 ] C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
12:39:45.0604 5844 C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL - ok
12:39:45.0620 5844 [ BE3F2025B87338524FF4331B9D31D02D ] C:\Program Files\Evernote\Evernote\libtidy.dll
12:39:45.0620 5844 C:\Program Files\Evernote\Evernote\libtidy.dll - ok
12:39:45.0620 5844 [ 76543EEBCC6DC4D0063BE2C75CE86733 ] C:\Windows\System32\icacls.exe
12:39:45.0620 5844 C:\Windows\System32\icacls.exe - ok
12:39:45.0620 5844 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\CyberLink\PowerDVD DX\msvcr71.dll
12:39:45.0620 5844 C:\Program Files\CyberLink\PowerDVD DX\msvcr71.dll - ok
12:39:45.0635 5844 [ 034D3C1185B789B4B8F13C259BAC2C6E ] C:\Windows\System32\tracerpt.exe
12:39:45.0635 5844 C:\Windows\System32\tracerpt.exe - ok
12:39:45.0635 5844 [ E8A91A9F78F69E17B52C0F732CF87941 ] C:\Program Files\Symantec AntiVirus\DoScan.exe
12:39:45.0635 5844 C:\Program Files\Symantec AntiVirus\DoScan.exe - ok
12:39:45.0651 5844 [ 1B593FBB763150BD225DF266C69A9329 ] C:\Windows\System32\mfc42u.dll
12:39:45.0651 5844 C:\Windows\System32\mfc42u.dll - ok
12:39:45.0651 5844 [ 209079A828549205F9B5A7EC713E7E87 ] C:\Program Files\Common Files\Apple\Mobile Device Support\XMPP.dll
12:39:45.0651 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\XMPP.dll - ok
12:39:45.0666 5844 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\CyberLink\PowerDVD DX\msvcp71.dll
12:39:45.0666 5844 C:\Program Files\CyberLink\PowerDVD DX\msvcp71.dll - ok
12:39:45.0666 5844 [ D87F1FD34AF36E24C4C37C8CFCA9FE80 ] C:\Program Files\DellSupport\gtagnt.dll
12:39:45.0666 5844 C:\Program Files\DellSupport\gtagnt.dll - ok
12:39:45.0682 5844 [ B7D321DB3D2F223FF5010D491AB6BD4B ] C:\Program Files\DellSupport\cfgdata.dll
12:39:45.0682 5844 C:\Program Files\DellSupport\cfgdata.dll - ok
12:39:45.0682 5844 [ 57602070F70951FA322F54B6574928E9 ] C:\Windows\System32\net.exe
12:39:45.0682 5844 C:\Windows\System32\net.exe - ok
12:39:45.0682 5844 [ 295363D4317820AED0D527E15B90A8ED ] C:\Windows\System32\pdh.dll
12:39:45.0682 5844 C:\Windows\System32\pdh.dll - ok
12:39:45.0698 5844 [ DF1F51D2938A403BFE671B13A12FA434 ] C:\Windows\System32\vdmdbg.dll
12:39:45.0713 5844 C:\Windows\System32\vdmdbg.dll - ok
12:39:45.0729 5844 [ 10DE220BDFE330073762F89974DB8403 ] C:\Windows\System32\wbem\wmiprov.dll
12:39:45.0729 5844 C:\Windows\System32\wbem\wmiprov.dll - ok
12:39:45.0729 5844 [ 4235107CAA0BCE7E872C4355329FC06E ] C:\Program Files\DellSupport\actmgr.dll
12:39:45.0729 5844 C:\Program Files\DellSupport\actmgr.dll - ok
12:39:45.0729 5844 [ 6B2574E3DC0FD35AB79676A36ED27F74 ] C:\Program Files\Symantec AntiVirus\SavUI.exe
12:39:45.0729 5844 C:\Program Files\Symantec AntiVirus\SavUI.exe - ok
12:39:45.0744 5844 [ 89D91075333013FF359213028787D4EE ] C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll
12:39:45.0744 5844 C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll - ok
12:39:45.0744 5844 [ 0486B27A7A31EDFA9F92A7F6BBC964E5 ] C:\Windows\System32\stapi32.dll
12:39:45.0744 5844 C:\Windows\System32\stapi32.dll - ok
12:39:45.0760 5844 [ E46A4765F8E6D631C9C9CB0B083602F5 ] C:\Program Files\Windows Media Player\wmpnssci.dll
12:39:45.0760 5844 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
12:39:45.0760 5844 [ 205A365BD0D26637189AF931DC37B79A ] C:\PROGRA~1\COMMON~1\SYMANT~1\ccEmlPxy.dll
12:39:45.0760 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\ccEmlPxy.dll - ok
12:39:45.0760 5844 [ 648AB74D9C104FB500B6C4EEDC6A8772 ] C:\Windows\System32\wmpmde.dll
12:39:45.0760 5844 C:\Windows\System32\wmpmde.dll - ok
12:39:45.0776 5844 [ BA812B7A161385730E44450FBA07316F ] C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll
12:39:45.0776 5844 C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll - ok
12:39:45.0791 5844 [ 67D16247C56C26A4F0D79D1A7F272B8F ] C:\Windows\System32\mf.dll
12:39:45.0791 5844 C:\Windows\System32\mf.dll - ok
12:39:45.0791 5844 [ 2495C4204C63678F8FD5D488CA7DAD26 ] C:\Windows\System32\evr.dll
12:39:45.0791 5844 C:\Windows\System32\evr.dll - ok
12:39:45.0791 5844 [ 3A2EEE8444A8E5C1A454C57B2198F5FC ] C:\Windows\System32\ntlanman.dll
12:39:45.0791 5844 C:\Windows\System32\ntlanman.dll - ok
12:39:45.0807 5844 [ 582EFE56FC0858E58A6CEBA2A64B02C7 ] C:\Windows\System32\drprov.dll
12:39:45.0807 5844 C:\Windows\System32\drprov.dll - ok
12:39:45.0807 5844 [ 4DF10CE50010D70152944B51E03588B0 ] C:\Windows\System32\wmdrmsdk.dll
12:39:45.0807 5844 C:\Windows\System32\wmdrmsdk.dll - ok
12:39:45.0822 5844 [ CFBD2E1FE18B50748A76703A2DC6D4E3 ] C:\Windows\System32\davclnt.dll
12:39:45.0822 5844 C:\Windows\System32\davclnt.dll - ok
12:39:45.0822 5844 [ EFD278F8129EE12F1D4AE0250494B791 ] C:\Windows\System32\dxva2.dll
12:39:45.0822 5844 C:\Windows\System32\dxva2.dll - ok
12:39:45.0822 5844 [ 015E99A7634B93E8BB0380C70F3D2CC3 ] C:\Windows\System32\wmp.dll
12:39:45.0822 5844 C:\Windows\System32\wmp.dll - ok
12:39:45.0838 5844 [ 38000D312118CD654A569FFF93A91442 ] C:\Program Files\Symantec AntiVirus\SAVCProd.dll
12:39:45.0838 5844 C:\Program Files\Symantec AntiVirus\SAVCProd.dll - ok
12:39:45.0838 5844 [ 744F08CF9ACFFB1C715191D04DEEE907 ] C:\Windows\System32\srchadmin.dll
12:39:45.0838 5844 C:\Windows\System32\srchadmin.dll - ok
12:39:45.0854 5844 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
12:39:45.0854 5844 C:\Windows\System32\webcheck.dll - ok
12:39:45.0854 5844 [ 3EB6D30D82F0E300FCFBAD0498F654FD ] C:\Windows\System32\mlang.dll
12:39:45.0854 5844 C:\Windows\System32\mlang.dll - ok
12:39:45.0869 5844 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55 ] C:\Windows\System32\SyncCenter.dll
12:39:45.0869 5844 C:\Windows\System32\SyncCenter.dll - ok
12:39:45.0869 5844 [ 0B5AC46982E77CAF3EC1D55C9AC6AB56 ] C:\Windows\System32\wscntfy.dll
12:39:45.0869 5844 C:\Windows\System32\wscntfy.dll - ok
12:39:45.0869 5844 [ 7ADD03E75BEB9E6DD102C3081D29840A ] C:\Windows\System32\drivers\cdfs.sys
12:39:45.0869 5844 C:\Windows\System32\drivers\cdfs.sys - ok
12:39:45.0885 5844 [ 9B0726A03B790E5B82BED44D24009BEF ] C:\Windows\System32\imapi2.dll
12:39:45.0885 5844 C:\Windows\System32\imapi2.dll - ok
12:39:45.0885 5844 [ 1409EB2C3CB92D612E124D52ED766359 ] C:\Program Files\Dell Support Center\bin\sprtmessage.dll
12:39:45.0885 5844 C:\Program Files\Dell Support Center\bin\sprtmessage.dll - ok
12:39:45.0900 5844 [ C0ABD66F31C0B84CD944802E6D3D02C2 ] C:\Windows\System32\bthprops.cpl
12:39:45.0900 5844 C:\Windows\System32\bthprops.cpl - ok
12:39:45.0900 5844 [ EACACA0F2FF4CC54A909E3C5721FCDE8 ] C:\Windows\System32\msvfw32.dll
12:39:45.0900 5844 C:\Windows\System32\msvfw32.dll - ok
12:39:45.0900 5844 [ 9441A231C0AA0712F7CF3B10D9CFCF76 ] C:\Windows\System32\wmploc.DLL
12:39:45.0900 5844 C:\Windows\System32\wmploc.DLL - ok
12:39:45.0916 5844 [ 617F9A5813E69F6E9ED94B811EC75396 ] C:\Windows\System32\wmpps.dll
12:39:45.0916 5844 C:\Windows\System32\wmpps.dll - ok
12:39:45.0916 5844 [ A7C5909466BE1F685596AE0AE9939A2C ] C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll
12:39:45.0916 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll - ok
12:39:45.0916 5844 [ 3CC5076730CF551242EB8182998A4E85 ] C:\Program Files\Common Files\Symantec Shared\SymRedir.dll
12:39:45.0916 5844 C:\Program Files\Common Files\Symantec Shared\SymRedir.dll - ok
12:39:45.0932 5844 [ 10685A9A922E971B2B4D811A374A01E1 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncPref.resources\en.lproj\AppleSyncPrefLocalized.dll
12:39:45.0932 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncPref.resources\en.lproj\AppleSyncPrefLocalized.dll - ok
12:39:45.0932 5844 [ 7F4011A719BF30E3DBD84D3A0A45C91C ] C:\Windows\System32\drivers\symredrv.sys
12:39:45.0932 5844 C:\Windows\System32\drivers\symredrv.sys - ok
12:39:45.0947 5844 [ 00FF924142D90A147BCEE8975E39D9C0 ] C:\Program Files\Symantec AntiVirus\SavEmail.dll
12:39:45.0947 5844 C:\Program Files\Symantec AntiVirus\SavEmail.dll - ok
12:39:45.0947 5844 [ BF0CFC7156E22D24184CC53BC5A8A50A ] C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll
12:39:45.0947 5844 C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll - ok
12:39:45.0963 5844 [ 0547AF400AE6B4F8646148739E0F24FA ] C:\Program Files\Dell Support Center\bin\sprtevent.dll
12:39:45.0963 5844 C:\Program Files\Dell Support Center\bin\sprtevent.dll - ok
12:39:45.0963 5844 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\goopdate.dll
12:39:45.0963 5844 C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\goopdate.dll - ok
12:39:45.0978 5844 [ A395ABC175604A4F863A0ECF9EE794CA ] C:\Program Files\Dell Support Center\bin\sprtui.dll
12:39:45.0978 5844 C:\Program Files\Dell Support Center\bin\sprtui.dll - ok
12:39:45.0978 5844 [ 7AC23E98BEC7A2E9C9F5754506C50C14 ] C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
12:39:45.0978 5844 C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll - ok
12:39:45.0994 5844 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
12:39:45.0994 5844 C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
12:39:45.0994 5844 [ 2EA4F4471281EF0E7295D12253F01DF3 ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\brkrsvch.dll
12:39:45.0994 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\brkrsvch.dll - ok
12:39:45.0994 5844 [ 896F1DAE48558CE96AF012C7E594CCC6 ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\grouph.dll
12:39:45.0994 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\grouph.dll - ok
12:39:46.0010 5844 [ D2C8BE14BCC8A49F9411557DB6028CAB ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\pnph.dll
12:39:46.0010 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\pnph.dll - ok
12:39:46.0010 5844 [ F08F525453D3AD31EC20AF779AE27040 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Utility.dll
12:39:46.0010 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Utility.dll - ok
12:39:46.0025 5844 [ A8A5453F6DAA4BCACD02FBF2EF3F7C1F ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\qdiagh.dll
12:39:46.0025 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\qdiagh.dll - ok
12:39:46.0025 5844 [ 755AD13D0042329925E2FAF3D070326D ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\trgloadh.dll
12:39:46.0025 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\trgloadh.dll - ok
12:39:46.0041 5844 [ 6472D141970830F856778DE71EB93319 ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\trgregh.dll
12:39:46.0041 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\trgregh.dll - ok
12:39:46.0041 5844 [ 7D1913E59C79AB565A73020F8BD13B40 ] C:\Program Files\DellSupport\trgmgr.dll
12:39:46.0041 5844 C:\Program Files\DellSupport\trgmgr.dll - ok
12:39:46.0041 5844 [ 7C5393905B52C3DC56A810C823DA4211 ] C:\Program Files\DellSupport\qdiagd.ocx
12:39:46.0041 5844 C:\Program Files\DellSupport\qdiagd.ocx - ok
12:39:46.0056 5844 [ 8F4757511BA745A81378CB93EB6C430D ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
12:39:46.0056 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll - ok
12:39:46.0056 5844 [ 1BBC044533A77BE2519497966354B763 ] C:\Program Files\DellSupport\gdql_d.dll
12:39:46.0056 5844 C:\Program Files\DellSupport\gdql_d.dll - ok
12:39:46.0072 5844 [ 995A1C3E7B9B5E2AA4568B667627B4AE ] C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a92b3267\System.Windows.Forms.dll
12:39:46.0072 5844 C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a92b3267\System.Windows.Forms.dll - ok
12:39:46.0072 5844 [ A03D9D6408A723F264F1FB77298EC63B ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.dll
12:39:46.0072 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.dll - ok
12:39:46.0088 5844 [ 65062D18283065799715EA6001C07709 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XMLSettings.dll
12:39:46.0088 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XMLSettings.dll - ok
12:39:46.0088 5844 [ E75963624A3F55C90AC8A7C2E65072FF ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
12:39:46.0088 5844 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
12:39:46.0103 5844 [ 6E787792EDD9039B02D8244C02E57DC4 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll
12:39:46.0103 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll - ok
12:39:46.0103 5844 [ 07F649CD36F266BBE33B814FA678AA43 ] C:\Windows\System32\mshtml.dll
12:39:46.0103 5844 C:\Windows\System32\mshtml.dll - ok
12:39:46.0103 5844 [ AC6B8F8058EE27932F9AF8A2D959D201 ] C:\Windows\System32\msimtf.dll
12:39:46.0103 5844 C:\Windows\System32\msimtf.dll - ok
12:39:46.0119 5844 [ 02EF2C66653D28D964B03EF44A942BF0 ] C:\PROGRA~1\DELLSU~1\GTAction\triggers\timert.dll
12:39:46.0119 5844 C:\PROGRA~1\DELLSU~1\GTAction\triggers\timert.dll - ok
12:39:46.0119 5844 [ 928C90E02E05244D2290C1551DF732C8 ] C:\Windows\System32\avicap32.dll
12:39:46.0119 5844 C:\Windows\System32\avicap32.dll - ok
12:39:46.0119 5844 [ A3FA99A16F10D44EDB7A8C340FA2EE1B ] C:\Windows\System32\jscript9.dll
12:39:46.0119 5844 C:\Windows\System32\jscript9.dll - ok
12:39:46.0134 5844 [ 96BA82BF1F1968E44FE80E5B6DE21E13 ] C:\PROGRA~1\DELLSU~1\GTAction\triggers\regt.dll
12:39:46.0134 5844 C:\PROGRA~1\DELLSU~1\GTAction\triggers\regt.dll - ok
12:39:46.0134 5844 [ 8992F45DED6B63B919BDEB6D270FF9C8 ] C:\Windows\System32\wshom.ocx
12:39:46.0134 5844 C:\Windows\System32\wshom.ocx - ok
12:39:46.0134 5844 [ 3DB1530CDD7AEF2BCFA6FB77D097CDDA ] C:\Windows\System32\scrrun.dll
12:39:46.0134 5844 C:\Windows\System32\scrrun.dll - ok
12:39:46.0150 5844 [ E9B39C81C87E5B790FCE121DA9E02701 ] C:\Windows\System32\d2d1.dll
12:39:46.0150 5844 C:\Windows\System32\d2d1.dll - ok
12:39:46.0150 5844 [ 7BC0410ADF51083C2694AC19FF3C6847 ] C:\Program Files\Windows Defender\MpRtMon.dll
12:39:46.0150 5844 C:\Program Files\Windows Defender\MpRtMon.dll - ok
12:39:46.0166 5844 [ 01B46BEECE252636A678E9312E6031FD ] C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll
12:39:46.0166 5844 C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll - ok
12:39:46.0166 5844 [ A61ACA63218EB5C9439CE06E30021B6C ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.DataAccess.dll
12:39:46.0166 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.DataAccess.dll - ok
12:39:46.0181 5844 [ 5FB486DB877DFBB52828D77F110EBA9D ] C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.dll
12:39:46.0181 5844 C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.dll - ok
12:39:46.0181 5844 [ BD7A81CFBA3ACFB5D82D180F6AD8635B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll
12:39:46.0181 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll - ok
12:39:46.0197 5844 [ CABD1B34BD05C986B4DBC18BC0E947EE ] C:\Windows\System32\DWrite.dll
12:39:46.0197 5844 C:\Windows\System32\DWrite.dll - ok
12:39:46.0197 5844 [ 3A72AB0BAF2DC1AE0BA6E1EE28FFCC0B ] C:\Windows\System32\msftedit.dll
12:39:46.0197 5844 C:\Windows\System32\msftedit.dll - ok
12:39:46.0197 5844 [ EE8E76761A4AEE5685D92A770A3B4B1F ] C:\Program Files\Dell Support Center\gs_agent\dsc.exe
12:39:46.0197 5844 C:\Program Files\Dell Support Center\gs_agent\dsc.exe - ok
12:39:46.0212 5844 [ 506B6592BF6116521F152DCCB39A6143 ] C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
12:39:46.0212 5844 C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - ok
12:39:46.0212 5844 [ 215AA9D65DABCF3CFB149B8D60F40346 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
12:39:46.0212 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll - ok
12:39:46.0228 5844 [ 35A936C7C029A5B705D3FFD40518D660 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
12:39:46.0228 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
12:39:46.0228 5844 [ 448452164AF599409FFB40139873E5F9 ] C:\PROGRA~1\DELLSU~1\GTAction\triggers\DSproct.dll
12:39:46.0228 5844 C:\PROGRA~1\DELLSU~1\GTAction\triggers\DSproct.dll - ok
12:39:46.0244 5844 [ 413F2D5F9D802688242C23B38F767ECB ] C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
12:39:46.0244 5844 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys - ok
12:39:46.0244 5844 [ 3D293E0DFDFD4C17AB7E5D4E6065C0E7 ] C:\PROGRA~1\DELLSU~1\GTAction\triggers\DSWnHnt.dll
12:39:46.0244 5844 C:\PROGRA~1\DELLSU~1\GTAction\triggers\DSWnHnt.dll - ok
12:39:46.0259 5844 [ 4A2A016491F169B5EC954D948565E251 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.BMU.dll
12:39:46.0259 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.BMU.dll - ok
12:39:46.0259 5844 [ 5256383D1D266A9EEFCDB270340C0E5C ] C:\Windows\System32\d3d10_1.dll
12:39:46.0259 5844 C:\Windows\System32\d3d10_1.dll - ok
12:39:46.0259 5844 [ B496B5322FC36979DDCA98B2BF43B150 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Interop.dll
12:39:46.0259 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Interop.dll - ok
12:39:46.0275 5844 [ A441F5B43EAF4BD4E3ACFBE38841B46B ] C:\Windows\System32\d3d10_1core.dll
12:39:46.0275 5844 C:\Windows\System32\d3d10_1core.dll - ok
12:39:46.0275 5844 [ 4A4C71376ECA305D6DEA021F1A44816D ] C:\Windows\System32\d3d10warp.dll
12:39:46.0275 5844 C:\Windows\System32\d3d10warp.dll - ok
12:39:46.0290 5844 [ A5D073E47008E57CAE3BF51838DA0F93 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\SQLite.NET.dll
12:39:46.0290 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\SQLite.NET.dll - ok
12:39:46.0290 5844 [ F3455E60B905D95D22F7AB8A6B49ACCE ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
12:39:46.0290 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll - ok
12:39:46.0306 5844 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\System32\msls31.dll
12:39:46.0306 5844 C:\Windows\System32\msls31.dll - ok
12:39:46.0306 5844 [ 16BEF6B679947E4B3C113B3798F746DB ] C:\Program Files\DellSupport\AUInst.dll
12:39:46.0306 5844 C:\Program Files\DellSupport\AUInst.dll - ok
12:39:46.0306 5844 [ 631289583481C45C7342EFD57442B738 ] C:\Program Files\Common Files\microsoft shared\vgx\VGX.dll
12:39:46.0306 5844 C:\Program Files\Common Files\microsoft shared\vgx\VGX.dll - ok
12:39:46.0322 5844 [ 8B02D2ECC7EF6E1F6AF08459E3F741F6 ] C:\Windows\System32\d3d10.dll
12:39:46.0322 5844 C:\Windows\System32\d3d10.dll - ok
12:39:46.0322 5844 [ 9C7094F537782A82B6A29B4A7172E180 ] C:\Windows\System32\d3d10core.dll
12:39:46.0322 5844 C:\Windows\System32\d3d10core.dll - ok
12:39:46.0337 5844 [ 76A341458F3DCBD0B869690BE8CFA6E3 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll
12:39:46.0337 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll - ok
12:39:46.0353 5844 [ 3DF8BDD8A7203239ABABA6241F91B757 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll
12:39:46.0353 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll - ok
12:39:46.0353 5844 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:39:46.0353 5844 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
12:39:46.0353 5844 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
12:39:46.0353 5844 C:\Windows\System32\msvcr100_clr0400.dll - ok
12:39:46.0368 5844 [ D466680EE8965924052C62B39E591155 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Third-party.Security.dll
12:39:46.0368 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Third-party.Security.dll - ok
12:39:46.0368 5844 [ A9154A572DB92D409131B333DAF66C0C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll
12:39:46.0368 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll - ok
12:39:46.0384 5844 [ 05C245593DCB591A6B38A796D0C1975E ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
12:39:46.0384 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
12:39:46.0384 5844 [ 14B1AF40195CF5DB586F39387A77AFB6 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
12:39:46.0384 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
12:39:46.0400 5844 [ 7A9DE8B16CF183D1038E49C9613275B7 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
12:39:46.0400 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
12:39:46.0400 5844 [ FB875FBE3BD042F6A69A4406178C561B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
12:39:46.0400 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
12:39:46.0415 5844 [ 304503DEE4D3F7989B8660C62CAFAE28 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
12:39:46.0415 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
12:39:46.0415 5844 [ 4BAEC13BCAA595639EBB5185278DEFEA ] C:\Windows\System32\fdWSD.dll
12:39:46.0415 5844 C:\Windows\System32\fdWSD.dll - ok
12:39:46.0415 5844 [ B5EF1DA337DB9859709A387638AC5E07 ] C:\Windows\System32\SearchProtocolHost.exe
12:39:46.0415 5844 C:\Windows\System32\SearchProtocolHost.exe - ok
12:39:46.0431 5844 [ 582BE479E7E286BB3B31C5A4C3DC3987 ] C:\Windows\System32\msshooks.dll
12:39:46.0431 5844 C:\Windows\System32\msshooks.dll - ok
12:39:46.0431 5844 [ 771AF583BC58373A84496CCD52C36E33 ] C:\Windows\System32\mssvp.dll
12:39:46.0431 5844 C:\Windows\System32\mssvp.dll - ok
12:39:46.0431 5844 [ 98C77FD99F3DB37B2C03F32B8F837B65 ] C:\Windows\System32\mapi32.dll
12:39:46.0431 5844 C:\Windows\System32\mapi32.dll - ok
12:39:46.0446 5844 [ 351319EF11C263C95FB721AC76F436D6 ] C:\Windows\System32\mssph.dll
12:39:46.0446 5844 C:\Windows\System32\mssph.dll - ok
12:39:46.0446 5844 [ E290E3FDF645DF29D00D6368B9127E30 ] C:\Windows\System32\msfeeds.dll
12:39:46.0446 5844 C:\Windows\System32\msfeeds.dll - ok
12:39:46.0462 5844 [ A1CD5CE96F0A5426DB9A2F793854D1B8 ] C:\Program Files\Microsoft Office\Office12\ONFILTER.DLL
12:39:46.0462 5844 C:\Program Files\Microsoft Office\Office12\ONFILTER.DLL - ok
12:39:46.0462 5844 [ C9EE7FF225EAC1CB9C78C413667CDB80 ] C:\Windows\System32\SearchFilterHost.exe
12:39:46.0462 5844 C:\Windows\System32\SearchFilterHost.exe - ok
12:39:46.0462 5844 [ 443C5961CACD4ABC16648874AF06E4A0 ] C:\Windows\System32\fdSSDP.dll
12:39:46.0462 5844 C:\Windows\System32\fdSSDP.dll - ok
12:39:46.0478 5844 [ 9B89B3BB79EA1ACF041F40A7B6FC5827 ] C:\Windows\System32\mobsync.exe
12:39:46.0478 5844 C:\Windows\System32\mobsync.exe - ok
12:39:46.0478 5844 [ ABAEAEE763E287BDD39094C4165E1F3F ] C:\Windows\System32\fdProxy.dll
12:39:46.0478 5844 C:\Windows\System32\fdProxy.dll - ok
12:39:46.0493 5844 [ 8078F8F8F7A79E2E6B494523A828C585 ] C:\Windows\System32\msdtckrm.dll
12:39:46.0493 5844 C:\Windows\System32\msdtckrm.dll - ok
12:39:46.0493 5844 [ 7599E425947A595448DA778B610923BC ] C:\Program Files\Windows Media Player\wmpsyncmgr.dll
12:39:46.0493 5844 C:\Program Files\Windows Media Player\wmpsyncmgr.dll - ok
12:39:46.0493 5844 [ 0629259E3AF6BB0534FCECA208973404 ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:39:46.0493 5844 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe - ok
12:39:46.0509 5844 [ FD647CA82ACF232DBE5F20345647B948 ] C:\Windows\AppPatch\AcGenral.dll
12:39:46.0509 5844 C:\Windows\AppPatch\AcGenral.dll - ok
12:39:46.0509 5844 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll
12:39:46.0509 5844 C:\Windows\System32\wuapi.dll - ok
12:39:46.0524 5844 [ 5E41139EC6EFBCAFFD96D46925E544AB ] C:\Windows\System32\mspatcha.dll
12:39:46.0524 5844 C:\Windows\System32\mspatcha.dll - ok
12:39:46.0524 5844 ============================================================
12:39:46.0524 5844 Scan finished
12:39:46.0524 5844 ============================================================
12:39:46.0540 5836 Detected object count: 20
12:39:46.0540 5836 Actual detected object count: 20
12:42:42.0509 5836 ADVService ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0509 5836 ADVService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0525 5836 Bentley SELECT Server Gateway ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0525 5836 Bentley SELECT Server Gateway ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0525 5836 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0525 5836 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0525 5836 DSBrokerService ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0525 5836 DSBrokerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0525 5836 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0525 5836 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0525 5836 dsunidrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0525 5836 dsunidrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0525 5836 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0525 5836 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0525 5836 IAANTMON ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0525 5836 IAANTMON ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0525 5836 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0525 5836 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0540 5836 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0540 5836 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0540 5836 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0540 5836 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0540 5836 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0540 5836 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0540 5836 RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0540 5836 RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0540 5836 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0540 5836 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0540 5836 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0540 5836 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0540 5836 sp_rssrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0540 5836 sp_rssrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0540 5836 SRTSPL ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0540 5836 SRTSPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0540 5836 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0540 5836 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0556 5836 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0556 5836 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:42:42.0556 5836 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
12:42:42.0556 5836 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:44:36.0359 2120 Deinitialize success
-
12:39:42.0640 5844 [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\Windows\explorer.exe
12:39:42.0640 5844 C:\Windows\explorer.exe - ok
12:39:42.0640 5844 [ 63396CBB1365769D520E0FD89C2419F2 ] C:\Windows\System32\localspl.dll
12:39:42.0640 5844 C:\Windows\System32\localspl.dll - ok
12:39:42.0656 5844 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\System32\sfc.dll
12:39:42.0656 5844 C:\Windows\System32\sfc.dll - ok
12:39:42.0656 5844 [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\Windows\System32\TSChannel.dll
12:39:42.0656 5844 C:\Windows\System32\TSChannel.dll - ok
12:39:42.0656 5844 [ 22DC912B075F4D335EEF042F50FE4855 ] C:\Windows\System32\AdobePDF.dll
12:39:42.0656 5844 C:\Windows\System32\AdobePDF.dll - ok
12:39:42.0671 5844 [ 9CBE089DAD91F83843CFCA7E019927EF ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll
12:39:42.0671 5844 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll - ok
12:39:42.0671 5844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
12:39:42.0671 5844 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
12:39:42.0687 5844 [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\Windows\System32\mdimon.dll
12:39:42.0687 5844 C:\Windows\System32\mdimon.dll - ok
12:39:42.0687 5844 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\System32\shdocvw.dll
12:39:42.0687 5844 C:\Windows\System32\shdocvw.dll - ok
12:39:42.0702 5844 [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\Windows\System32\HotStartUserAgent.dll
12:39:42.0702 5844 C:\Windows\System32\HotStartUserAgent.dll - ok
12:39:42.0702 5844 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll
12:39:42.0702 5844 C:\Windows\System32\mscoree.dll - ok
12:39:42.0718 5844 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
12:39:42.0718 5844 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
12:39:42.0718 5844 [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\Windows\System32\PlaySndSrv.dll
12:39:42.0718 5844 C:\Windows\System32\PlaySndSrv.dll - ok
12:39:42.0718 5844 [ 43E1054C713C48D252A1826C5E14AACA ] C:\Windows\System32\MsCtfMonitor.dll
12:39:42.0718 5844 C:\Windows\System32\MsCtfMonitor.dll - ok
12:39:42.0734 5844 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\System32\msi.dll
12:39:42.0734 5844 C:\Windows\System32\msi.dll - ok
12:39:42.0734 5844 [ 4504819D18FAC09B6108D8728467E5B2 ] C:\Windows\System32\browseui.dll
12:39:42.0734 5844 C:\Windows\System32\browseui.dll - ok
12:39:42.0749 5844 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
12:39:42.0749 5844 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
12:39:42.0749 5844 [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\Windows\System32\msutb.dll
12:39:42.0749 5844 C:\Windows\System32\msutb.dll - ok
12:39:42.0749 5844 [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\Windows\System32\TMM.dll
12:39:42.0749 5844 C:\Windows\System32\TMM.dll - ok
12:39:42.0765 5844 [ F28ADCF2E9B3574F25089A69B03DC756 ] C:\Windows\System32\AcSignIcon.dll
12:39:42.0765 5844 C:\Windows\System32\AcSignIcon.dll - ok
12:39:42.0765 5844 [ 7C87A5FB95777E4132B11FC3D92CAAF5 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
12:39:42.0765 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll - ok
12:39:42.0780 5844 [ 773E0B3E52D00AAE61AAAD1DD87FEBEF ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
12:39:42.0780 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - ok
12:39:42.0780 5844 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
12:39:42.0780 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll - ok
12:39:42.0780 5844 [ 686B224B4987C22B153FBB545FEE9657 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll
12:39:42.0780 5844 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll - ok
12:39:42.0796 5844 [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\Windows\System32\d3d9.dll
12:39:42.0796 5844 C:\Windows\System32\d3d9.dll - ok
12:39:42.0796 5844 [ 9090454E6772F7CFBCE240BF4DC5F7E8 ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll
12:39:42.0796 5844 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll - ok
12:39:42.0812 5844 [ 6D74290856347CF8682277A54B433D4B ] C:\Users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
12:39:42.0812 5844 C:\Users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll - ok
12:39:42.0812 5844 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Users\Mario\AppData\Roaming\Dropbox\bin\msvcp71.dll
12:39:42.0812 5844 C:\Users\Mario\AppData\Roaming\Dropbox\bin\msvcp71.dll - ok
12:39:42.0827 5844 [ D3B05D063A0929BFCA6C6D7FE2F3129C ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
12:39:42.0827 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - ok
12:39:42.0827 5844 [ D922592AB65C5D9B88B30B4510A3464E ] C:\Windows\System32\cscapi.dll
12:39:42.0827 5844 C:\Windows\System32\cscapi.dll - ok
12:39:42.0827 5844 [ D80C6539C00CB4F5D59066865479C308 ] C:\Windows\System32\dwmredir.dll
12:39:42.0827 5844 C:\Windows\System32\dwmredir.dll - ok
12:39:42.0843 5844 [ C99403A5B641520DAED0021DDA06F272 ] C:\Windows\System32\milcore.dll
12:39:42.0843 5844 C:\Windows\System32\milcore.dll - ok
12:39:42.0843 5844 [ 6FE5C4B61EC85D746ADFA9FFF8C2AC58 ] C:\Windows\System32\HPZ3LLHN.DLL
12:39:42.0843 5844 C:\Windows\System32\HPZ3LLHN.DLL - ok
12:39:42.0858 5844 [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\Windows\System32\d3d8thk.dll
12:39:42.0858 5844 C:\Windows\System32\d3d8thk.dll - ok
12:39:42.0858 5844 [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\Windows\System32\QAGENT.DLL
12:39:42.0858 5844 C:\Windows\System32\QAGENT.DLL - ok
12:39:42.0858 5844 [ 769D027B977CED05658C85E698D3C5B1 ] C:\Windows\System32\QUTIL.DLL
12:39:42.0858 5844 C:\Windows\System32\QUTIL.DLL - ok
12:39:42.0874 5844 [ AF238673651EFC0226EA74239B502A6F ] C:\Windows\System32\pdf995mon.dll
12:39:42.0874 5844 C:\Windows\System32\pdf995mon.dll - ok
12:39:42.0874 5844 [ 82FC59A500AA685F833E61E3A1BB7DAF ] C:\Windows\System32\nvd3dum.dll
12:39:42.0874 5844 C:\Windows\System32\nvd3dum.dll - ok
12:39:42.0890 5844 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\Windows\System32\msonpmon.dll
12:39:42.0890 5844 C:\Windows\System32\msonpmon.dll - ok
12:39:42.0890 5844 [ 0483F6206AF4D038DC0DA776B1E22070 ] C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b6dfd059\mscorlib.dll
12:39:42.0890 5844 C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b6dfd059\mscorlib.dll - ok
12:39:42.0905 5844 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Users\Mario\AppData\Roaming\Dropbox\bin\msvcr71.dll
12:39:42.0905 5844 C:\Users\Mario\AppData\Roaming\Dropbox\bin\msvcr71.dll - ok
12:39:42.0905 5844 [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\Windows\System32\tcpmon.dll
12:39:42.0905 5844 C:\Windows\System32\tcpmon.dll - ok
12:39:42.0905 5844 [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\Windows\System32\EhStorShell.dll
12:39:42.0905 5844 C:\Windows\System32\EhStorShell.dll - ok
12:39:42.0921 5844 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\System32\snmpapi.dll
12:39:42.0921 5844 C:\Windows\System32\snmpapi.dll - ok
12:39:42.0921 5844 [ 91BE165519A0A0523A98B9E1F5031CAC ] C:\Program Files\Google\Drive\googledrivesync32.dll
12:39:42.0921 5844 C:\Program Files\Google\Drive\googledrivesync32.dll - ok
12:39:42.0936 5844 [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\Windows\System32\wsnmp32.dll
12:39:42.0936 5844 C:\Windows\System32\wsnmp32.dll - ok
12:39:42.0936 5844 [ 024528E25BBE8768536861EA09BE1672 ] C:\Windows\System32\msxml6.dll
12:39:42.0936 5844 C:\Windows\System32\msxml6.dll - ok
12:39:42.0936 5844 [ 515383A387685564CA99542739D48E55 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
12:39:42.0936 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - ok
12:39:42.0952 5844 [ 0716C52D0A75F8A3CDB120875F523A43 ] C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
12:39:42.0952 5844 C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - ok
12:39:42.0952 5844 [ 5091452DC719281CF1DD69367E13B494 ] C:\Windows\System32\tcpmib.dll
12:39:42.0952 5844 C:\Windows\System32\tcpmib.dll - ok
12:39:42.0968 5844 [ 2F1C8714F66F3F0DDCB6D5A16F8CB32E ] C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
12:39:42.0968 5844 C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - ok
12:39:42.0968 5844 [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\Windows\System32\mgmtapi.dll
12:39:42.0968 5844 C:\Windows\System32\mgmtapi.dll - ok
12:39:42.0968 5844 [ 7A623F6B4C51F6F2BC1A31D5787FC0A7 ] C:\Windows\System32\uDWM.dll
12:39:42.0968 5844 C:\Windows\System32\uDWM.dll - ok
12:39:42.0983 5844 [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\Windows\System32\usbmon.dll
12:39:42.0983 5844 C:\Windows\System32\usbmon.dll - ok
12:39:42.0983 5844 [ 408416EB4F50DAB83625481C0B4E6692 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
12:39:42.0983 5844 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll - ok
12:39:42.0999 5844 [ 6DE5C66E434A9C1729575763D891C6C2 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcp90.dll
12:39:42.0999 5844 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcp90.dll - ok
12:39:42.0999 5844 [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\Windows\System32\WSDMon.dll
12:39:42.0999 5844 C:\Windows\System32\WSDMon.dll - ok
12:39:42.0999 5844 [ 5AFAB23E1A41B7B361B9FE20A5AC5C6F ] C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e0084a03\System.dll
12:39:42.0999 5844 C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e0084a03\System.dll - ok
12:39:43.0014 5844 [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\Windows\System32\WSDApi.dll
12:39:43.0014 5844 C:\Windows\System32\WSDApi.dll - ok
12:39:43.0014 5844 [ D9011D2091C6B037A5075C27A470188C ] C:\Windows\System32\httpapi.dll
12:39:43.0014 5844 C:\Windows\System32\httpapi.dll - ok
12:39:43.0030 5844 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\System32\cfgmgr32.dll
12:39:43.0030 5844 C:\Windows\System32\cfgmgr32.dll - ok
12:39:43.0030 5844 [ AAAE543C535ED596ECAD2AB8761C2C6F ] C:\Windows\System32\dxgi.dll
12:39:43.0030 5844 C:\Windows\System32\dxgi.dll - ok
12:39:43.0030 5844 [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\Windows\System32\fundisc.dll
12:39:43.0030 5844 C:\Windows\System32\fundisc.dll - ok
12:39:43.0046 5844 [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\Windows\System32\msxml3.dll
12:39:43.0046 5844 C:\Windows\System32\msxml3.dll - ok
12:39:43.0046 5844 [ E7D91D008FE76423962B91C43C88E4EB ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcr90.dll
12:39:43.0046 5844 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcr90.dll - ok
12:39:43.0061 5844 [ 801DECF3A583C270E5C398FCD082E3DD ] C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
12:39:43.0061 5844 C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL - ok
12:39:43.0061 5844 [ 30DB64D316F502558DB2380F7343C9FD ] C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
12:39:43.0061 5844 C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - ok
12:39:43.0061 5844 [ EA8647A21BCB56C5F15712D4B7407501 ] C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
12:39:43.0061 5844 C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll - ok
12:39:43.0077 5844 [ F348280907B38FDBDB3CEF55D456E149 ] C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
12:39:43.0077 5844 C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll - ok
12:39:43.0077 5844 [ 207204AF80505AF51271FE164B56F662 ] C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
12:39:43.0077 5844 C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll - ok
12:39:43.0092 5844 [ 30EFEBDC960A482E3E188B9960B286E2 ] C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
12:39:43.0092 5844 C:\Program Files\Microsoft Office\Office12\GrooveNew.dll - ok
12:39:43.0092 5844 [ 3E9A33113D663D8BD5ED38858E669652 ] C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
12:39:43.0092 5844 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll - ok
12:39:43.0108 5844 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\System32\imageres.dll
12:39:43.0108 5844 C:\Windows\System32\imageres.dll - ok
12:39:43.0108 5844 [ 28BD81378C1D1B267E66827B628114DD ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
12:39:43.0108 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - ok
12:39:43.0108 5844 [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\Windows\System32\win32spl.dll
12:39:43.0108 5844 C:\Windows\System32\win32spl.dll - ok
12:39:43.0124 5844 [ 8EF51657459A18090C95C04ACD5D83B2 ] C:\Windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
12:39:43.0124 5844 C:\Windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - ok
12:39:43.0124 5844 [ 33128A1A1E0AB2F17EBD19A03BECE04C ] C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.Common.dll
12:39:43.0124 5844 C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.Common.dll - ok
12:39:43.0139 5844 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
12:39:43.0139 5844 C:\Program Files\Bonjour\mDNSResponder.exe - ok
12:39:43.0139 5844 [ E4C96FF933C3AFE0C355F0382A99D752 ] C:\Program Files\Bentley\SELECTserver\Bentley.logging.dll
12:39:43.0139 5844 C:\Program Files\Bentley\SELECTserver\Bentley.logging.dll - ok
12:39:43.0155 5844 [ 4BF053944E973C073339BE841C9ECF28 ] C:\Windows\System32\netrap.dll
12:39:43.0155 5844 C:\Windows\System32\netrap.dll - ok
12:39:43.0155 5844 [ 7AB63B775A5F61A3E5FF0A84FCBB2025 ] C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.Database.Shared.dll
12:39:43.0155 5844 C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.Database.Shared.dll - ok
12:39:43.0155 5844 [ 1896E7F1F4B41BDD08C6A90058026BBC ] C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Configuration.dll
12:39:43.0155 5844 C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Configuration.dll - ok
12:39:43.0170 5844 [ E340845C8E96D107C36420065D7A5733 ] C:\Windows\System32\printcom.dll
12:39:43.0170 5844 C:\Windows\System32\printcom.dll - ok
12:39:43.0170 5844 [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\System32\SensApi.dll
12:39:43.0170 5844 C:\Windows\System32\SensApi.dll - ok
12:39:43.0186 5844 [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\Windows\System32\vssapi.dll
12:39:43.0186 5844 C:\Windows\System32\vssapi.dll - ok
12:39:43.0186 5844 [ A713CA5E01700C06B7E0BB21D57AED9D ] C:\Program Files\Bentley\SELECTserver\Bentley.logging.log4net.dll
12:39:43.0186 5844 C:\Program Files\Bentley\SELECTserver\Bentley.logging.log4net.dll - ok
12:39:43.0202 5844 [ F432260E59AAE3284ED7E795264C16D0 ] C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
12:39:43.0202 5844 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe - ok
12:39:43.0202 5844 [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\Windows\System32\inetpp.dll
12:39:43.0202 5844 C:\Windows\System32\inetpp.dll - ok
12:39:43.0217 5844 [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\Windows\System32\vsstrace.dll
12:39:43.0217 5844 C:\Windows\System32\vsstrace.dll - ok
12:39:43.0233 5844 [ 09469B8EDD2755143FDA06867AAD7E73 ] C:\Windows\System32\cryptnet.dll
12:39:43.0233 5844 C:\Windows\System32\cryptnet.dll - ok
12:39:43.0233 5844 [ 1A60302F6153B4A11B0510642333239C ] C:\Windows\System32\vpnapi.dll
12:39:43.0233 5844 C:\Windows\System32\vpnapi.dll - ok
12:39:43.0248 5844 [ 992B1994668D8FB07EEBF610F41FEB0B ] C:\Windows\System32\msvcirt.dll
12:39:43.0248 5844 C:\Windows\System32\msvcirt.dll - ok
12:39:43.0248 5844 [ 2310A32BB0164552A311BFA02102A3D6 ] C:\Windows\System32\msvcp60.dll
12:39:43.0248 5844 C:\Windows\System32\msvcp60.dll - ok
12:39:43.0248 5844 [ C1561312448395907CBFC0A2D9B98C62 ] C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
12:39:43.0248 5844 C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - ok
12:39:43.0264 5844 [ EF24642D5FB52A1EEF56DE9E47CBB993 ] C:\Windows\System32\mfc42.dll
12:39:43.0264 5844 C:\Windows\System32\mfc42.dll - ok
12:39:43.0264 5844 [ 862363973DCBCC31DD161EF41A69153C ] C:\Windows\System32\odbc32.dll
12:39:43.0264 5844 C:\Windows\System32\odbc32.dll - ok
12:39:43.0280 5844 [ 0DAAF8032546D1B4543D7B101B53FD6C ] C:\Windows\System32\odbcint.dll
12:39:43.0280 5844 C:\Windows\System32\odbcint.dll - ok
12:39:43.0280 5844 [ A5205B3AF85B1477AB2C2A1E12201598 ] C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
12:39:43.0280 5844 C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll - ok
12:39:43.0295 5844 [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] C:\Windows\System32\drivers\CVPNDRVA.sys
12:39:43.0295 5844 C:\Windows\System32\drivers\CVPNDRVA.sys - ok
12:39:43.0295 5844 [ FB937277E87F8468603F4E2D8CF9DB4A ] C:\Program Files\Symantec AntiVirus\DefWatch.exe
12:39:43.0295 5844 C:\Program Files\Symantec AntiVirus\DefWatch.exe - ok
12:39:43.0311 5844 [ C65A4DCA1B69D95407D77C86A32CC7C9 ] C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_379cfb60\System.Xml.dll
12:39:43.0311 5844 C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_379cfb60\System.Xml.dll - ok
12:39:43.0311 5844 [ 7DF281B808B9EEE4761B2BABEA0D9995 ] C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll
12:39:43.0311 5844 C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll - ok
12:39:43.0326 5844 [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\Windows\System32\taskschd.dll
12:39:43.0326 5844 C:\Windows\System32\taskschd.dll - ok
12:39:43.0326 5844 [ 64FA28C15DD71A80BEF3527E1EF07DF6 ] C:\Program Files\DellSupport\Drivers\dsunidrv.sys
12:39:43.0326 5844 C:\Program Files\DellSupport\Drivers\dsunidrv.sys - ok
12:39:43.0326 5844 [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\Windows\System32\wdscore.dll
12:39:43.0326 5844 C:\Windows\System32\wdscore.dll - ok
12:39:43.0342 5844 [ 0BCEE844A02747DD7F1E30352E619F2E ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
12:39:43.0342 5844 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok
12:39:43.0342 5844 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\Windows\System32\ncsi.dll
12:39:43.0342 5844 C:\Windows\System32\ncsi.dll - ok
12:39:43.0358 5844 [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\Windows\System32\ssdpapi.dll
12:39:43.0358 5844 C:\Windows\System32\ssdpapi.dll - ok
12:39:43.0358 5844 [ 1171C834C5E6515765684C6938B609A1 ] C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
12:39:43.0358 5844 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe - ok
12:39:43.0373 5844 [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\Windows\System32\drivers\PEAuth.sys
12:39:43.0373 5844 C:\Windows\System32\drivers\PEAuth.sys - ok
12:39:43.0373 5844 [ 6F640DC052CF77161A23E29261593793 ] C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
12:39:43.0373 5844 C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll - ok
12:39:43.0373 5844 [ F6204F0756157E47DAAA68BA1FBC7586 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
12:39:43.0373 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll - ok
12:39:43.0389 5844 [ 51DB25324454E812195A5D1E4454BA9E ] C:\Program Files\Bentley\SELECTserver\Bentley.License.Library.NET.dll
12:39:43.0389 5844 C:\Program Files\Bentley\SELECTserver\Bentley.License.Library.NET.dll - ok
12:39:43.0389 5844 [ 236B31C60D401F1AB428CA14D808DC95 ] C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
12:39:43.0389 5844 C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll - ok
12:39:43.0404 5844 [ D35233B57EA2E6AE67F65E114A967389 ] C:\Program Files\Bentley\SELECTserver\Bentley.liclib.dll
12:39:43.0404 5844 C:\Program Files\Bentley\SELECTserver\Bentley.liclib.dll - ok
12:39:43.0404 5844 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Bentley\SELECTserver\msvcp71.dll
12:39:43.0404 5844 C:\Program Files\Bentley\SELECTserver\msvcp71.dll - ok
12:39:43.0420 5844 [ 99EB84256BFA43C3A2A32341EDB8189E ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
12:39:43.0420 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe - ok
12:39:43.0420 5844 [ 0AF6AAA54F74F48049C8D042D67600C0 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
12:39:43.0420 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll - ok
12:39:43.0420 5844 [ 24BB2810506502DAF47E956103A2FCE0 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
12:39:43.0420 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\alink.dll - ok
12:39:43.0436 5844 [ 5C9D79CCBD4B1869EE331B35157EAB9F ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
12:39:43.0436 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll - ok
12:39:43.0436 5844 [ DF695E9850F66CCCC70659975184DF2A ] C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
12:39:43.0436 5844 C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll - ok
12:39:43.0451 5844 [ 3AF693F9315CEA0AB54BD0D3B23D3027 ] C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cf894e71\System.Drawing.dll
12:39:43.0451 5844 C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cf894e71\System.Drawing.dll - ok
12:39:43.0451 5844 [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\Windows\System32\IconCodecService.dll
12:39:43.0451 5844 C:\Windows\System32\IconCodecService.dll - ok
12:39:43.0467 5844 [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\Windows\System32\esent.dll
12:39:43.0467 5844 C:\Windows\System32\esent.dll - ok
12:39:43.0467 5844 [ 4B32BF2B3DCC76AB97DF96B33302F0F5 ] C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
12:39:43.0467 5844 C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - ok
12:39:43.0482 5844 [ AD91F75D7387043986DF5E5CA39C4266 ] C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
12:39:43.0482 5844 C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll - ok
12:39:43.0482 5844 [ 4CCC82B2EE8ED6D744CC635325B18EDA ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
12:39:43.0482 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe - ok
12:39:43.0498 5844 [ E43FBF47A18621AA0B6FB350E3026060 ] C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.LicenseManager.dll
12:39:43.0498 5844 C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.LicenseManager.dll - ok
12:39:43.0498 5844 [ 2D981B8CBD48D9E76C9CE58DF0D17DA2 ] C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
12:39:43.0498 5844 C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll - ok
12:39:43.0514 5844 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
12:39:43.0514 5844 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
12:39:43.0514 5844 [ 1E9B9A70D332103C52995E957DC09EF8 ] C:\Windows\System32\drivers\fastfat.sys
12:39:43.0514 5844 C:\Windows\System32\drivers\fastfat.sys - ok
12:39:43.0514 5844 [ 4E87EF38A053F02E454935C8440EC91A ] C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
12:39:43.0514 5844 C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe - ok
12:39:43.0529 5844 [ D202BAA425176287017FFE1FB5D1B77C ] C:\Program Files\PostgreSQL\8.3\bin\libintl3.dll
12:39:43.0529 5844 C:\Program Files\PostgreSQL\8.3\bin\libintl3.dll - ok
12:39:43.0529 5844 [ 331F570AA7C20BC93DEB7B237B21CC9C ] C:\Program Files\PostgreSQL\8.3\bin\libiconv2.dll
12:39:43.0529 5844 C:\Program Files\PostgreSQL\8.3\bin\libiconv2.dll - ok
12:39:43.0545 5844 [ 4DAF88FE7A8CC7C8B0A8E4CF9355237B ] C:\Program Files\PostgreSQL\8.3\bin\libpq.dll
12:39:43.0545 5844 C:\Program Files\PostgreSQL\8.3\bin\libpq.dll - ok
12:39:43.0545 5844 [ 19174858C208FABFA5C79013D0E406CD ] C:\Program Files\PostgreSQL\8.3\bin\ssleay32.dll
12:39:43.0545 5844 C:\Program Files\PostgreSQL\8.3\bin\ssleay32.dll - ok
12:39:43.0560 5844 [ 29B0D8A99C2BD0B6D5093FACE4E5F52C ] C:\Program Files\PostgreSQL\8.3\bin\libeay32.dll
12:39:43.0560 5844 C:\Program Files\PostgreSQL\8.3\bin\libeay32.dll - ok
12:39:43.0560 5844 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\PostgreSQL\8.3\bin\msvcr71.dll
12:39:43.0560 5844 C:\Program Files\PostgreSQL\8.3\bin\msvcr71.dll - ok
12:39:43.0560 5844 [ 249C1B8608B8C73DAC8E6AD7912B1271 ] C:\Program Files\PostgreSQL\8.3\bin\krb5_32.dll
12:39:43.0560 5844 C:\Program Files\PostgreSQL\8.3\bin\krb5_32.dll - ok
12:39:43.0576 5844 [ D2B96B34A34A9D2E3903C3A978F26857 ] C:\Program Files\PostgreSQL\8.3\bin\comerr32.dll
12:39:43.0576 5844 C:\Program Files\PostgreSQL\8.3\bin\comerr32.dll - ok
12:39:43.0576 5844 [ E8F42B0DC3CA94EED0E87E29FC788D21 ] C:\Program Files\PostgreSQL\8.3\bin\k5sprt32.dll
12:39:43.0576 5844 C:\Program Files\PostgreSQL\8.3\bin\k5sprt32.dll - ok
12:39:43.0576 5844 [ A1C71790ABF6B7EF920138C5942316AF ] C:\Program Files\PostgreSQL\8.3\bin\gssapi32.dll
12:39:43.0576 5844 C:\Program Files\PostgreSQL\8.3\bin\gssapi32.dll - ok
12:39:43.0592 5844 [ D0494460421A03CD5225CCA0059AA146 ] C:\Windows\System32\IPSECSVC.DLL
12:39:43.0654 5844 C:\Windows\System32\IPSECSVC.DLL - ok
12:39:43.0670 5844 [ B0F7B0AE267A27747596F8E23465C938 ] C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
12:39:43.0670 5844 C:\Program Files\PostgreSQL\8.3\bin\postgres.exe - ok
12:39:43.0670 5844 [ 096D5E5683819F0D3B3F93428597A29C ] C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll
12:39:43.0670 5844 C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll - ok
12:39:43.0685 5844 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
12:39:43.0685 5844 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe - ok
12:39:43.0685 5844 [ F6C66188DEF298E2C3827AF6FB2C0637 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll
12:39:43.0685 5844 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll - ok
12:39:43.0701 5844 [ 73AF5773BF5627FE771BF6809EC839F9 ] C:\Program Files\PostgreSQL\8.3\bin\iconv.dll
12:39:43.0701 5844 C:\Program Files\PostgreSQL\8.3\bin\iconv.dll - ok
12:39:43.0701 5844 [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\Windows\System32\FwRemoteSvr.dll
12:39:43.0701 5844 C:\Windows\System32\FwRemoteSvr.dll - ok
12:39:43.0716 5844 [ 3C03DB6F66C9792C9B6E30473E847CA2 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
12:39:43.0716 5844 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll - ok
12:39:43.0716 5844 [ 80E41408F6D641DC1C0F5353A0CC8125 ] C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll
12:39:43.0716 5844 C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll - ok
12:39:43.0732 5844 [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\Windows\System32\mstask.dll
12:39:43.0732 5844 C:\Windows\System32\mstask.dll - ok
12:39:43.0732 5844 [ 7609C14BB34922001C005668BB306A43 ] C:\Program Files\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
12:39:43.0732 5844 C:\Program Files\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll - ok
12:39:43.0748 5844 [ 5FCE5B36991DBAA99DA9E9C62D8E60AC ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll
12:39:43.0748 5844 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll - ok
12:39:43.0748 5844 [ 1BAC818025403333C11817DAFBCEE283 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll
12:39:43.0748 5844 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll - ok
12:39:43.0748 5844 [ C7C30B24C8C57078654BA9574CE70E3D ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll
12:39:43.0748 5844 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll - ok
12:39:43.0763 5844 [ 41857DA3EA7A2568E1AAE8FEDC8D8939 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll
12:39:43.0763 5844 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll - ok
12:39:43.0763 5844 [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\Windows\System32\msxml4.dll
12:39:43.0763 5844 C:\Windows\System32\msxml4.dll - ok
12:39:43.0779 5844 [ D610CDEDF1F702EB0A86B0FBD9BB49E5 ] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
12:39:43.0779 5844 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - ok
12:39:43.0779 5844 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
12:39:43.0779 5844 C:\Windows\System32\drivers\secdrv.sys - ok
12:39:43.0794 5844 [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files\Skype\Updater\Updater.exe
12:39:43.0794 5844 C:\Program Files\Skype\Updater\Updater.exe - ok
12:39:43.0794 5844 [ 777115C9CC675BD98127660712D2F784 ] C:\Program Files\Dell Support Center\bin\sprtsvc.exe
12:39:43.0794 5844 C:\Program Files\Dell Support Center\bin\sprtsvc.exe - ok
12:39:43.0794 5844 [ 07B74B353CEDA9629092AE2AA3C53F90 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
12:39:43.0794 5844 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok
12:39:43.0810 5844 [ 8E8D1251C52DE0256C076CAAA79AF327 ] C:\Program Files\Dell Support Center\bin\sprtsched.dll
12:39:43.0810 5844 C:\Program Files\Dell Support Center\bin\sprtsched.dll - ok
12:39:43.0810 5844 [ AA21CF891D0D8248ECA1E9BA201ACBEF ] C:\Program Files\Spyware Terminator\sp_rsser.exe
12:39:43.0810 5844 C:\Program Files\Spyware Terminator\sp_rsser.exe - ok
12:39:43.0826 5844 [ 0AB6629467D8F073B762FCA1D416BF2D ] C:\Program Files\Dell Support Center\bin\sprtfod.dll
12:39:43.0826 5844 C:\Program Files\Dell Support Center\bin\sprtfod.dll - ok
12:39:43.0826 5844 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\Windows\System32\shfolder.dll
12:39:43.0826 5844 C:\Windows\System32\shfolder.dll - ok
12:39:43.0826 5844 [ 428FF21418ADCD6FAD6189CD9520A67B ] C:\Windows\System32\wiatrace.dll
12:39:43.0826 5844 C:\Windows\System32\wiatrace.dll - ok
12:39:43.0841 5844 [ 27DF2E313052DB2270972AD7CB15C8DB ] C:\Program Files\Dell Support Center\bin\sprtsync.dll
12:39:43.0841 5844 C:\Program Files\Dell Support Center\bin\sprtsync.dll - ok
12:39:43.0841 5844 [ 4DBA143F06BAD1DF935CB9603140CF2A ] C:\Windows\System32\wsdchngr.dll
12:39:43.0841 5844 C:\Windows\System32\wsdchngr.dll - ok
12:39:43.0841 5844 [ E4D3F600CFF1E76950ABB0D790F2A1EF ] C:\Program Files\Dell Support Center\bin\sprtupdate.dll
12:39:43.0841 5844 C:\Program Files\Dell Support Center\bin\sprtupdate.dll - ok
12:39:43.0857 5844 [ 716CCAD4089663248F1D98B1FE3BB234 ] C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll
12:39:43.0857 5844 C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll - ok
12:39:43.0857 5844 [ F5F08BF486998EFA8171CB09065B15D9 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll
12:39:43.0857 5844 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll - ok
12:39:43.0872 5844 [ 5C5209B04B1942A534259C2AB7BB1EEA ] C:\Program Files\Dell Support Center\bin\libeay32.dll
12:39:43.0872 5844 C:\Program Files\Dell Support Center\bin\libeay32.dll - ok
12:39:43.0872 5844 [ A548ACF535D81A96E1B38F76A2DE658F ] C:\Program Files\Symantec AntiVirus\Rtvscan.exe
12:39:43.0872 5844 C:\Program Files\Symantec AntiVirus\Rtvscan.exe - ok
12:39:43.0888 5844 [ AAB386DA22268B3F4B1B98B77D324126 ] C:\Windows\System32\cba.dll
12:39:43.0888 5844 C:\Windows\System32\cba.dll - ok
12:39:43.0904 5844 [ E045C58E45895065CC2763239460ECDB ] C:\Windows\System32\msgsys.dll
12:39:43.0904 5844 C:\Windows\System32\msgsys.dll - ok
12:39:43.0904 5844 [ 2E7B56837CDE8B1A875DF870E5200A2F ] C:\Windows\System32\nts.dll
12:39:43.0904 5844 C:\Windows\System32\nts.dll - ok
12:39:43.0904 5844 [ 1A58834E9C2AECCB3BD2A5801A9CDFE9 ] C:\Windows\System32\pds.dll
12:39:43.0904 5844 C:\Windows\System32\pds.dll - ok
12:39:43.0919 5844 [ 94B9215E224B555AC47839C9BCD39137 ] C:\Program Files\Symantec AntiVirus\NAVLU.dll
12:39:43.0919 5844 C:\Program Files\Symantec AntiVirus\NAVLU.dll - ok
12:39:43.0919 5844 [ 900A9D261859EC999C9C7243410C3203 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\HomeUtils9.dll
12:39:43.0919 5844 C:\Program Files\Common Files\Roxio Shared\DLLShared\HomeUtils9.dll - ok
12:39:43.0935 5844 [ 743E556A998074ED7EEB99CA495B2E5D ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll
12:39:43.0935 5844 C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll - ok
12:39:43.0935 5844 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Windows\System32\mfc71.dll
12:39:43.0935 5844 C:\Windows\System32\mfc71.dll - ok
12:39:43.0950 5844 [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\Windows\System32\MFC71ENU.DLL
12:39:43.0950 5844 C:\Windows\System32\MFC71ENU.DLL - ok
12:39:43.0950 5844 [ 608C345A255D82A6289C2D468EB41FD7 ] C:\Windows\System32\drivers\tcpipreg.sys
12:39:43.0950 5844 C:\Windows\System32\drivers\tcpipreg.sys - ok
12:39:43.0950 5844 [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\Windows\System32\msiltcfg.dll
12:39:43.0950 5844 C:\Windows\System32\msiltcfg.dll - ok
12:39:43.0966 5844 [ 300B4847E1157BDD7A306B18ED65A97E ] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
12:39:43.0966 5844 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe - ok
12:39:43.0966 5844 [ 138AB06ADBBF300AA804D7974A5AEC82 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
12:39:43.0966 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe - ok
12:39:43.0982 5844 [ 0C84B6AFFA7486422235584110D7176F ] C:\Windows\System32\icaapi.dll
12:39:43.0982 5844 C:\Windows\System32\icaapi.dll - ok
12:39:43.0982 5844 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\System32\sfc_os.dll
12:39:43.0982 5844 C:\Windows\System32\sfc_os.dll - ok
12:39:43.0997 5844 [ 38FEAF71F0DACC4DBE3DF9EF347BEA60 ] C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL
12:39:43.0997 5844 C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL - ok
12:39:43.0997 5844 [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\Windows\System32\wbem\wbemprox.dll
12:39:43.0997 5844 C:\Windows\System32\wbem\wbemprox.dll - ok
12:39:43.0997 5844 [ 3C84FCA13C4EB607478A45F2D7E16DB3 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll
12:39:43.0997 5844 C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll - ok
12:39:44.0013 5844 [ 4E289C24E5BEB5FF9CF5B118AB96FDB0 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
12:39:44.0013 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
12:39:44.0013 5844 [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\Windows\System32\wbemcomn.dll
12:39:44.0013 5844 C:\Windows\System32\wbemcomn.dll - ok
12:39:44.0028 5844 [ DCA3FA9F9DD103DC39C24C85EF073DB1 ] C:\Windows\System32\icmp.dll
12:39:44.0028 5844 C:\Windows\System32\icmp.dll - ok
12:39:44.0028 5844 [ 143A247AB424D2AB25A94189D10484AA ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
12:39:44.0028 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll - ok
12:39:44.0044 5844 [ 48F7A3E0B70C815A5AE88BF7736103A9 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
12:39:44.0044 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll - ok
12:39:44.0044 5844 [ F2533BD06936D2A9D9F4FD41CAEAA6E5 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll
12:39:44.0044 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll - ok
12:39:44.0044 5844 [ 3787A4BC97CE6C630F4B581425223D96 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
12:39:44.0044 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
12:39:44.0075 5844 [ E74AEDF39F5C7FA9F6C1FDCCBD7C648D ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\MemeoRemoteCore.dll
12:39:44.0075 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\MemeoRemoteCore.dll - ok
12:39:44.0075 5844 [ 219AF0F9A54EBEEB3E7E20025D801034 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
12:39:44.0075 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
12:39:44.0091 5844 [ 9E248A8415937ED62DBDE943E6373049 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
12:39:44.0091 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll - ok
12:39:44.0091 5844 [ A3A77A46B71724DDB609E289F430F38C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
12:39:44.0091 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll - ok
12:39:44.0106 5844 [ A3DA2901494298675BA64C331CC3E815 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
12:39:44.0106 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll - ok
12:39:44.0106 5844 [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\Windows\System32\wbem\WinMgmtR.dll
12:39:44.0106 5844 C:\Windows\System32\wbem\WinMgmtR.dll - ok
12:39:44.0106 5844 [ 2205A220A264E8C8B86492BF3D112907 ] C:\Windows\System32\PortableDeviceApi.dll
12:39:44.0106 5844 C:\Windows\System32\PortableDeviceApi.dll - ok
12:39:44.0122 5844 [ B53BD9E63867CD9FD853F666CA172713 ] C:\Windows\System32\PortableDeviceConnectApi.dll
12:39:44.0122 5844 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
12:39:44.0122 5844 [ DEB9D08750423069647C3A066CEC7A1B ] C:\Windows\System32\tquery.dll
12:39:44.0122 5844 C:\Windows\System32\tquery.dll - ok
12:39:44.0138 5844 [ 218B73EA8341EA9FDF018D43052E790A ] C:\Windows\System32\mssrch.dll
12:39:44.0138 5844 C:\Windows\System32\mssrch.dll - ok
12:39:44.0138 5844 [ AAB5FEAABF4CB6F76D794203831C8D94 ] C:\Windows\System32\msidle.dll
12:39:44.0138 5844 C:\Windows\System32\msidle.dll - ok
12:39:44.0153 5844 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\Windows\System32\netprofm.dll
12:39:44.0153 5844 C:\Windows\System32\netprofm.dll - ok
12:39:44.0153 5844 [ B458B58F7BB97C48D01AC3CF5805AAAC ] C:\Windows\System32\Query.dll
12:39:44.0153 5844 C:\Windows\System32\Query.dll - ok
12:39:44.0169 5844 [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\Windows\System32\npmproxy.dll
12:39:44.0169 5844 C:\Windows\System32\npmproxy.dll - ok
12:39:44.0169 5844 [ BF7E4D6F60A6D9E866432855C6F8C262 ] C:\Windows\System32\sqmapi.dll
12:39:44.0169 5844 C:\Windows\System32\sqmapi.dll - ok
12:39:44.0169 5844 [ BF2156D8D9866983B55D95382131DC4A ] C:\Windows\System32\lsmproxy.dll
12:39:44.0169 5844 C:\Windows\System32\lsmproxy.dll - ok
12:39:44.0184 5844 [ F21F255B91CA4F04E4250DECD2067CBB ] C:\Windows\System32\bitsperf.dll
12:39:44.0184 5844 C:\Windows\System32\bitsperf.dll - ok
12:39:44.0184 5844 [ F0062778F50838145AC46B384FFB4FA3 ] C:\Windows\System32\pcadm.dll
12:39:44.0184 5844 C:\Windows\System32\pcadm.dll - ok
12:39:44.0200 5844 [ 632557F2495931D952161465AA177B3B ] C:\Windows\System32\bitsigd.dll
12:39:44.0200 5844 C:\Windows\System32\bitsigd.dll - ok
12:39:44.0200 5844 [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\Windows\System32\diagperf.dll
12:39:44.0200 5844 C:\Windows\System32\diagperf.dll - ok
12:39:44.0216 5844 [ FEA6D21F78922D641A0C9346D885133B ] C:\Windows\System32\mssprxy.dll
12:39:44.0216 5844 C:\Windows\System32\mssprxy.dll - ok
12:39:44.0216 5844 [ B8A21907FE2F1A113F3487D9AB60BEF9 ] C:\Windows\System32\en-US\tquery.dll.mui
12:39:44.0216 5844 C:\Windows\System32\en-US\tquery.dll.mui - ok
12:39:44.0231 5844 [ F85134BF76CB335A39F8D7BC4173D4FB ] C:\Windows\System32\msscb.dll
12:39:44.0231 5844 C:\Windows\System32\msscb.dll - ok
12:39:44.0231 5844 [ 6BC5FCEF351E4CB5A269C1E84B5A06DA ] C:\Windows\System32\netcfgx.dll
12:39:44.0231 5844 C:\Windows\System32\netcfgx.dll - ok
12:39:44.0231 5844 [ 1D6B95871DC006190964B04E5657E35F ] C:\Windows\System32\rastapi.dll
12:39:44.0231 5844 C:\Windows\System32\rastapi.dll - ok
12:39:44.0247 5844 [ 3192ED5E2FFDF5B630541B9643AE1AA3 ] C:\Windows\System32\upnp.dll
12:39:44.0247 5844 C:\Windows\System32\upnp.dll - ok
12:39:44.0247 5844 [ A952D0DED445F26AEFCF593A935AB300 ] C:\Windows\System32\hnetcfg.dll
12:39:44.0247 5844 C:\Windows\System32\hnetcfg.dll - ok
12:39:44.0247 5844 [ 21322832C99E8DE85BD047689A2A69DB ] C:\Windows\System32\pnpts.dll
12:39:44.0247 5844 C:\Windows\System32\pnpts.dll - ok
12:39:44.0262 5844 [ B96B60EC821F86D445C9739A0F3DED59 ] C:\Windows\System32\unimdm.tsp
12:39:44.0262 5844 C:\Windows\System32\unimdm.tsp - ok
12:39:44.0262 5844 [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\Windows\System32\wbem\wbemcore.dll
12:39:44.0262 5844 C:\Windows\System32\wbem\wbemcore.dll - ok
12:39:44.0278 5844 [ DFBAADF1B624DC71E88D34D86B3595BE ] C:\Windows\System32\uniplat.dll
12:39:44.0278 5844 C:\Windows\System32\uniplat.dll - ok
12:39:44.0278 5844 [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\Windows\System32\wbem\esscli.dll
12:39:44.0278 5844 C:\Windows\System32\wbem\esscli.dll - ok
12:39:44.0294 5844 [ 953193A9DEA40348C1086D171F6440AE ] C:\Windows\System32\kmddsp.tsp
12:39:44.0294 5844 C:\Windows\System32\kmddsp.tsp - ok
12:39:44.0294 5844 [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\Windows\System32\wbem\fastprox.dll
12:39:44.0294 5844 C:\Windows\System32\wbem\fastprox.dll - ok
12:39:44.0309 5844 [ 2F6776ACEFE41EE889C464EA407918F2 ] C:\Windows\System32\ndptsp.tsp
12:39:44.0309 5844 C:\Windows\System32\ndptsp.tsp - ok
12:39:44.0325 5844 [ B4B59AC042EE3733A862F26CBC0B17FC ] C:\Windows\System32\hidphone.tsp
12:39:44.0325 5844 C:\Windows\System32\hidphone.tsp - ok
12:39:44.0325 5844 [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\Windows\System32\wbem\wbemsvc.dll
12:39:44.0325 5844 C:\Windows\System32\wbem\wbemsvc.dll - ok
12:39:44.0325 5844 [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\Windows\System32\wbem\wmiutils.dll
12:39:44.0325 5844 C:\Windows\System32\wbem\wmiutils.dll - ok
12:39:44.0340 5844 [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\Windows\System32\wbem\repdrvfs.dll
12:39:44.0340 5844 C:\Windows\System32\wbem\repdrvfs.dll - ok
12:39:44.0340 5844 [ 8B645890A93F1FBBC7DA3E07CC72D762 ] C:\Windows\System32\rasppp.dll
12:39:44.0340 5844 C:\Windows\System32\rasppp.dll - ok
12:39:44.0356 5844 [ 56E315ACFB08A177B4D01E42B9044DB5 ] C:\Windows\System32\mprapi.dll
12:39:44.0356 5844 C:\Windows\System32\mprapi.dll - ok
12:39:44.0356 5844 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\System32\runonce.exe
12:39:44.0356 5844 C:\Windows\System32\runonce.exe - ok
12:39:44.0356 5844 [ 88225070DD2F7B0B2ED51E7935078641 ] C:\Windows\System32\rasqec.dll
12:39:44.0356 5844 C:\Windows\System32\rasqec.dll - ok
12:39:44.0372 5844 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\Windows\System32\raschap.dll
12:39:44.0372 5844 C:\Windows\System32\raschap.dll - ok
12:39:44.0372 5844 [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\Windows\System32\rastls.dll
12:39:44.0372 5844 C:\Windows\System32\rastls.dll - ok
12:39:44.0372 5844 [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\Windows\System32\cryptui.dll
12:39:44.0372 5844 C:\Windows\System32\cryptui.dll - ok
12:39:44.0387 5844 [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\Windows\System32\wbem\WmiPrvSD.dll
12:39:44.0387 5844 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
12:39:44.0387 5844 [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\Windows\System32\cmd.exe
12:39:44.0387 5844 C:\Windows\System32\cmd.exe - ok
12:39:44.0403 5844 [ A609A192E98934A8D352704C99AB8577 ] C:\Windows\System32\wbem\wbemess.dll
12:39:44.0403 5844 C:\Windows\System32\wbem\wbemess.dll - ok
12:39:44.0403 5844 [ 10F13FFF542FEC4A2C4FA734EEBE56B9 ] C:\Windows\System32\qmgrprxy.dll
12:39:44.0403 5844 C:\Windows\System32\qmgrprxy.dll - ok
12:39:44.0418 5844 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\System32\ieframe.dll
12:39:44.0418 5844 C:\Windows\System32\ieframe.dll - ok
12:39:44.0418 5844 [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\Windows\System32\wbem\NCProv.dll
12:39:44.0418 5844 C:\Windows\System32\wbem\NCProv.dll - ok
12:39:44.0434 5844 [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\Windows\System32\wbem\WmiPrvSE.exe
12:39:44.0434 5844 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
12:39:44.0434 5844 [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\Windows\System32\wbem\wbemcons.dll
12:39:44.0434 5844 C:\Windows\System32\wbem\wbemcons.dll - ok
12:39:44.0450 5844 [ A9206960C92F5377E453EA4F32AB3346 ] C:\Program Files\Common Files\Symantec Shared\SSC\ScsComms.dll
12:39:44.0450 5844 C:\Program Files\Common Files\Symantec Shared\SSC\ScsComms.dll - ok
12:39:44.0450 5844 [ F723422A11CD6FA13036746272200993 ] C:\Windows\System32\wbem\cimwin32.dll
12:39:44.0450 5844 C:\Windows\System32\wbem\cimwin32.dll - ok
12:39:44.0465 5844 [ 67BB7141F7F5F37411F796943B3418B6 ] C:\Windows\System32\framedynos.dll
12:39:44.0465 5844 C:\Windows\System32\framedynos.dll - ok
12:39:44.0465 5844 [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\Windows\System32\wmi.dll
12:39:44.0465 5844 C:\Windows\System32\wmi.dll - ok
12:39:44.0465 5844 [ 24422E879BAEA2B69C9B131548D16888 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll
12:39:44.0465 5844 C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll - ok
12:39:44.0481 5844 [ 4386CD92BA73C860AB0F8CC62434B2EA ] C:\Program Files\Symantec AntiVirus\I2ldvp3.dll
12:39:44.0481 5844 C:\Program Files\Symantec AntiVirus\I2ldvp3.dll - ok
12:39:44.0481 5844 [ ABAC02B5FE10D703251374C6FB187B83 ] C:\Program Files\Common Files\Symantec Shared\ccDec.dll
12:39:44.0481 5844 C:\Program Files\Common Files\Symantec Shared\ccDec.dll - ok
12:39:44.0496 5844 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Mario\AppData\Local\Temp\DC1FF712-4F29-4892-BE9C-4EA429F07EB4.exe
12:39:44.0496 5844 C:\Users\Mario\AppData\Local\Temp\DC1FF712-4F29-4892-BE9C-4EA429F07EB4.exe - ok
12:39:44.0496 5844 [ AB2F99FC684EEB007CF048666C4CD7D8 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\DecSDK.dll
12:39:44.0496 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\DecSDK.dll - ok
12:39:44.0512 5844 [ 545446BA4583B471739AFFE9625F7D39 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll
12:39:44.0512 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll - ok
12:39:44.0512 5844 [ DCFD4B0B4654F6A070873C8C75A458DF ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
12:39:44.0512 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll - ok
12:39:44.0528 5844 [ A0E10B03C91DA932C85875E0587F30C7 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
12:39:44.0528 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll - ok
12:39:44.0528 5844 [ 33B3051F2A2BEF1474DCBD8879F62AAB ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
12:39:44.0528 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll - ok
12:39:44.0543 5844 [ E58C5C07812E99FFCE7A9A88495C39CA ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
12:39:44.0543 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll - ok
12:39:44.0543 5844 [ B1C720D4D4FE004625808915F8D85377 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
12:39:44.0543 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll - ok
12:39:44.0543 5844 [ AADAF917CB38A78CFADBED3855EC00A3 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
12:39:44.0543 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll - ok
-
12:39:13.0031 5844 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:39:13.0250 5844 tdx - ok
12:39:13.0312 5844 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:39:13.0343 5844 TermDD - ok
12:39:13.0437 5844 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
12:39:13.0593 5844 TermService - ok
12:39:13.0764 5844 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
12:39:13.0796 5844 Themes - ok
12:39:13.0842 5844 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:39:13.0889 5844 THREADORDER - ok
12:39:13.0983 5844 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:39:14.0217 5844 TrkWks - ok
12:39:14.0513 5844 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:39:14.0638 5844 TrustedInstaller - ok
12:39:14.0700 5844 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:39:14.0763 5844 tssecsrv - ok
12:39:14.0919 5844 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:39:14.0981 5844 tunmp - ok
12:39:15.0246 5844 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:39:15.0340 5844 tunnel - ok
12:39:15.0387 5844 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:39:15.0418 5844 uagp35 - ok
12:39:15.0621 5844 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:39:16.0042 5844 udfs - ok
12:39:16.0104 5844 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:39:16.0245 5844 UI0Detect - ok
12:39:16.0338 5844 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:39:16.0370 5844 uliagpkx - ok
12:39:16.0494 5844 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:39:16.0806 5844 uliahci - ok
12:39:16.0869 5844 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:39:16.0962 5844 UlSata - ok
12:39:17.0025 5844 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:39:17.0072 5844 ulsata2 - ok
12:39:17.0134 5844 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:39:17.0196 5844 umbus - ok
12:39:17.0290 5844 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
12:39:17.0352 5844 UMPass - ok
12:39:17.0462 5844 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:39:17.0540 5844 upnphost - ok
12:39:17.0680 5844 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:39:17.0820 5844 USBAAPL - ok
12:39:17.0930 5844 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:39:18.0023 5844 usbccgp - ok
12:39:18.0132 5844 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:39:18.0351 5844 usbcir - ok
12:39:18.0491 5844 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:39:18.0600 5844 usbehci - ok
12:39:18.0694 5844 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:39:18.0741 5844 usbhub - ok
12:39:18.0803 5844 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:39:18.0897 5844 usbohci - ok
12:39:18.0959 5844 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:39:19.0037 5844 usbprint - ok
12:39:19.0162 5844 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:39:19.0209 5844 USBSTOR - ok
12:39:19.0349 5844 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:39:19.0380 5844 usbuhci - ok
12:39:19.0505 5844 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
12:39:19.0536 5844 UxSms - ok
12:39:19.0724 5844 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
12:39:19.0848 5844 vds - ok
12:39:19.0942 5844 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:39:20.0020 5844 vga - ok
12:39:20.0160 5844 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:39:20.0254 5844 VgaSave - ok
12:39:20.0332 5844 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:39:20.0348 5844 viaagp - ok
12:39:20.0488 5844 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:39:20.0691 5844 ViaC7 - ok
12:39:20.0753 5844 [ C0ACE9D0F5A5EE0B00F58345947A57FC ] viaide C:\Windows\system32\drivers\viaide.sys
12:39:20.0784 5844 viaide - ok
12:39:20.0878 5844 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:39:20.0909 5844 volmgr - ok
12:39:21.0159 5844 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:39:21.0299 5844 volmgrx - ok
12:39:21.0424 5844 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:39:21.0455 5844 volsnap - ok
12:39:21.0549 5844 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:39:21.0674 5844 vsmraid - ok
12:39:22.0485 5844 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
12:39:22.0750 5844 VSS - ok
12:39:22.0812 5844 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
12:39:22.0859 5844 W32Time - ok
12:39:22.0906 5844 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:39:23.0000 5844 WacomPen - ok
12:39:23.0062 5844 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:39:23.0202 5844 Wanarp - ok
12:39:23.0234 5844 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:39:23.0265 5844 Wanarpv6 - ok
12:39:23.0530 5844 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:39:23.0561 5844 wcncsvc - ok
12:39:23.0655 5844 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:39:23.0702 5844 WcsPlugInService - ok
12:39:23.0889 5844 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
12:39:23.0936 5844 Wd - ok
12:39:23.0982 5844 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
12:39:24.0107 5844 WDC_SAM - ok
12:39:24.0294 5844 [ 300B4847E1157BDD7A306B18ED65A97E ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
12:39:24.0341 5844 WDDMService ( UnsignedFile.Multi.Generic ) - warning
12:39:24.0341 5844 WDDMService - detected UnsignedFile.Multi.Generic (1)
12:39:24.0591 5844 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:39:24.0669 5844 Wdf01000 - ok
12:39:24.0731 5844 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:39:24.0794 5844 WdiServiceHost - ok
12:39:24.0809 5844 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:39:24.0840 5844 WdiSystemHost - ok
12:39:25.0277 5844 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
12:39:25.0324 5844 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
12:39:25.0324 5844 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
12:39:25.0386 5844 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
12:39:25.0433 5844 WebClient - ok
12:39:25.0574 5844 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:39:25.0652 5844 Wecsvc - ok
12:39:25.0730 5844 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:39:25.0776 5844 wercplsupport - ok
12:39:25.0948 5844 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:39:26.0010 5844 WerSvc - ok
12:39:26.0338 5844 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:39:26.0369 5844 WinDefend - ok
12:39:26.0369 5844 WinHttpAutoProxySvc - ok
12:39:26.0775 5844 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:39:26.0806 5844 Winmgmt - ok
12:39:27.0274 5844 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:39:27.0399 5844 WinRM - ok
12:39:27.0680 5844 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:39:27.0804 5844 Wlansvc - ok
12:39:28.0007 5844 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:39:28.0210 5844 WmiAcpi - ok
12:39:28.0319 5844 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:39:28.0413 5844 wmiApSrv - ok
12:39:28.0787 5844 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:39:28.0943 5844 WMPNetworkSvc - ok
12:39:29.0037 5844 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:39:29.0115 5844 WPCSvc - ok
12:39:29.0162 5844 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:39:29.0349 5844 WPDBusEnum - ok
12:39:29.0474 5844 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:39:29.0520 5844 WpdUsb - ok
12:39:30.0238 5844 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:39:30.0550 5844 WPFFontCache_v0400 - ok
12:39:30.0612 5844 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:39:30.0706 5844 ws2ifsl - ok
12:39:30.0800 5844 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
12:39:30.0831 5844 wscsvc - ok
12:39:30.0831 5844 WSearch - ok
12:39:31.0283 5844 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:39:31.0626 5844 wuauserv - ok
12:39:31.0876 5844 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:39:32.0094 5844 WudfPf - ok
12:39:32.0188 5844 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:39:32.0297 5844 WUDFRd - ok
12:39:32.0406 5844 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:39:32.0484 5844 wudfsvc - ok
12:39:32.0484 5844 ================ Scan global ===============================
12:39:32.0640 5844 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:39:32.0781 5844 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:39:32.0921 5844 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:39:33.0062 5844 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:39:33.0108 5844 [Global] - ok
12:39:33.0108 5844 ================ Scan MBR ==================================
12:39:33.0171 5844 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:39:39.0239 5844 \Device\Harddisk0\DR0 - ok
12:39:39.0255 5844 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
12:39:39.0458 5844 \Device\Harddisk1\DR1 - ok
12:39:39.0458 5844 ================ Scan VBR ==================================
12:39:39.0489 5844 [ AA10A8A29399887039B811387402C3A5 ] \Device\Harddisk0\DR0\Partition1
12:39:39.0504 5844 \Device\Harddisk0\DR0\Partition1 - ok
12:39:39.0536 5844 [ 62ABD247F3BA0E5274CB6FB0F132001B ] \Device\Harddisk0\DR0\Partition2
12:39:39.0536 5844 \Device\Harddisk0\DR0\Partition2 - ok
12:39:39.0551 5844 [ F500ABC5DFBC21AA0DCF08B88777E65B ] \Device\Harddisk1\DR1\Partition1
12:39:39.0551 5844 \Device\Harddisk1\DR1\Partition1 - ok
12:39:39.0551 5844 ================ Scan active images ========================
12:39:39.0551 5844 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys
12:39:39.0551 5844 C:\Windows\System32\drivers\crashdmp.sys - ok
12:39:39.0567 5844 [ E9F704CA833BD24BFAA3B4A59707633A ] C:\Windows\System32\drivers\iaStor.sys
12:39:39.0567 5844 C:\Windows\System32\drivers\iaStor.sys - ok
12:39:39.0567 5844 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys
12:39:39.0567 5844 C:\Windows\System32\drivers\tunnel.sys - ok
12:39:39.0582 5844 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS
12:39:39.0582 5844 C:\Windows\System32\drivers\TUNMP.SYS - ok
12:39:39.0582 5844 [ 224191001E78C89DFA78924C3EA595FF ] C:\Windows\System32\drivers\intelppm.sys
12:39:39.0582 5844 C:\Windows\System32\drivers\intelppm.sys - ok
12:39:39.0582 5844 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] C:\Windows\System32\drivers\nvlddmkm.sys
12:39:39.0582 5844 C:\Windows\System32\drivers\nvlddmkm.sys - ok
12:39:39.0598 5844 [ 5D41063463FC5D4C34B45FCD8487A29F ] C:\Windows\System32\drivers\nvBridge.kmd
12:39:39.0598 5844 C:\Windows\System32\drivers\nvBridge.kmd - ok
12:39:39.0598 5844 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys
12:39:39.0598 5844 C:\Windows\System32\drivers\dxgkrnl.sys - ok
12:39:39.0598 5844 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys
12:39:39.0598 5844 C:\Windows\System32\drivers\watchdog.sys - ok
12:39:39.0614 5844 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] C:\Windows\System32\drivers\e1e6032.sys
12:39:39.0614 5844 C:\Windows\System32\drivers\e1e6032.sys - ok
12:39:39.0614 5844 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys
12:39:39.0614 5844 C:\Windows\System32\drivers\usbport.sys - ok
12:39:39.0629 5844 [ 814D653EFC4D48BE3B04A307ECEFF56F ] C:\Windows\System32\drivers\usbuhci.sys
12:39:39.0629 5844 C:\Windows\System32\drivers\usbuhci.sys - ok
12:39:39.0629 5844 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys
12:39:39.0629 5844 C:\Windows\System32\drivers\usbehci.sys - ok
12:39:39.0629 5844 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys
12:39:39.0629 5844 C:\Windows\System32\drivers\hdaudbus.sys - ok
12:39:39.0645 5844 [ 5230CDB7E715F3A3B4A882E254CDD35D ] C:\Windows\System32\drivers\DLACDBHM.SYS
12:39:39.0645 5844 C:\Windows\System32\drivers\DLACDBHM.SYS - ok
12:39:39.0645 5844 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys
12:39:39.0645 5844 C:\Windows\System32\drivers\cdrom.sys - ok
12:39:39.0660 5844 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\Windows\System32\drivers\GEARAspiWDM.sys
12:39:39.0660 5844 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
12:39:39.0660 5844 [ 7B4FDFBE97C047175E613AA96F3DE987 ] C:\Windows\System32\drivers\dne2000.sys
12:39:39.0660 5844 C:\Windows\System32\drivers\dne2000.sys - ok
12:39:39.0676 5844 [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\Windows\System32\drivers\Storport.sys
12:39:39.0676 5844 C:\Windows\System32\drivers\Storport.sys - ok
12:39:39.0676 5844 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys
12:39:39.0676 5844 C:\Windows\System32\drivers\msiscsi.sys - ok
12:39:39.0676 5844 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys
12:39:39.0676 5844 C:\Windows\System32\drivers\rasl2tp.sys - ok
12:39:39.0692 5844 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys
12:39:39.0692 5844 C:\Windows\System32\drivers\tdi.sys - ok
12:39:39.0692 5844 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys
12:39:39.0692 5844 C:\Windows\System32\drivers\ndistapi.sys - ok
12:39:39.0707 5844 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys
12:39:39.0707 5844 C:\Windows\System32\drivers\ndiswan.sys - ok
12:39:39.0707 5844 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys
12:39:39.0707 5844 C:\Windows\System32\drivers\raspppoe.sys - ok
12:39:39.0707 5844 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys
12:39:39.0707 5844 C:\Windows\System32\drivers\raspptp.sys - ok
12:39:39.0723 5844 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys
12:39:39.0723 5844 C:\Windows\System32\drivers\rassstp.sys - ok
12:39:39.0723 5844 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys
12:39:39.0723 5844 C:\Windows\System32\drivers\kbdclass.sys - ok
12:39:39.0738 5844 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys
12:39:39.0738 5844 C:\Windows\System32\drivers\termdd.sys - ok
12:39:39.0738 5844 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys
12:39:39.0738 5844 C:\Windows\System32\drivers\mouclass.sys - ok
12:39:39.0754 5844 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys
12:39:39.0754 5844 C:\Windows\System32\drivers\ks.sys - ok
12:39:39.0754 5844 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys
12:39:39.0754 5844 C:\Windows\System32\drivers\swenum.sys - ok
12:39:39.0754 5844 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys
12:39:39.0754 5844 C:\Windows\System32\drivers\mssmbios.sys - ok
12:39:39.0770 5844 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys
12:39:39.0770 5844 C:\Windows\System32\drivers\umbus.sys - ok
12:39:39.0770 5844 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys
12:39:39.0770 5844 C:\Windows\System32\drivers\usbhub.sys - ok
12:39:39.0785 5844 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys
12:39:39.0785 5844 C:\Windows\System32\drivers\ndproxy.sys - ok
12:39:39.0785 5844 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys
12:39:39.0785 5844 C:\Windows\System32\drivers\drmk.sys - ok
12:39:39.0785 5844 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys
12:39:39.0785 5844 C:\Windows\System32\drivers\portcls.sys - ok
12:39:39.0801 5844 [ 9CEA131B5EB0EA653F6B3EA80B54956D ] C:\Windows\System32\drivers\stwrt.sys
12:39:39.0801 5844 C:\Windows\System32\drivers\stwrt.sys - ok
12:39:39.0801 5844 [ 1B2A1C6BC76E1EBE8BC2F4A4F3D43E23 ] C:\Windows\System32\drivers\srtsp.sys
12:39:39.0801 5844 C:\Windows\System32\drivers\srtsp.sys - ok
12:39:39.0816 5844 [ D02812F89E18C6FB32F901BE1E10BC17 ] C:\Windows\System32\drivers\srtspx.sys
12:39:39.0816 5844 C:\Windows\System32\drivers\srtspx.sys - ok
12:39:39.0816 5844 [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\Windows\System32\drivers\usbccgp.sys
12:39:39.0816 5844 C:\Windows\System32\drivers\usbccgp.sys - ok
12:39:39.0832 5844 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys
12:39:39.0832 5844 C:\Windows\System32\drivers\usbd.sys - ok
12:39:39.0832 5844 [ 826F699B69E88A3920C70F344DD42D88 ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX15.SYS
12:39:39.0832 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX15.SYS - ok
12:39:39.0832 5844 [ 5961CADB7CAD938368D2028725EF771D ] C:\Windows\System32\drivers\hidclass.sys
12:39:39.0832 5844 C:\Windows\System32\drivers\hidclass.sys - ok
12:39:39.0848 5844 [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\Windows\System32\drivers\hidparse.sys
12:39:39.0848 5844 C:\Windows\System32\drivers\hidparse.sys - ok
12:39:39.0848 5844 [ CCA4B519B17E23A00B826C55716809CC ] C:\Windows\System32\drivers\hidusb.sys
12:39:39.0848 5844 C:\Windows\System32\drivers\hidusb.sys - ok
12:39:39.0863 5844 [ 9D98270B5F10A4C84E8DA417C30756E1 ] C:\Windows\System32\drivers\SYMEVENT.SYS
12:39:39.0863 5844 C:\Windows\System32\drivers\SYMEVENT.SYS - ok
12:39:39.0863 5844 [ 8E4C77AD9BB279900C00F870CC0C674B ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG.SYS
12:39:39.0863 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG.SYS - ok
12:39:39.0863 5844 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] C:\Windows\System32\drivers\kbdhid.sys
12:39:39.0863 5844 C:\Windows\System32\drivers\kbdhid.sys - ok
12:39:39.0879 5844 [ 93B8D4869E12CFBE663915502900876F ] C:\Windows\System32\drivers\mouhid.sys
12:39:39.0879 5844 C:\Windows\System32\drivers\mouhid.sys - ok
12:39:39.0879 5844 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys
12:39:39.0879 5844 C:\Windows\System32\drivers\fs_rec.sys - ok
12:39:39.0894 5844 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys
12:39:39.0894 5844 C:\Windows\System32\drivers\null.sys - ok
12:39:39.0894 5844 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys
12:39:39.0894 5844 C:\Windows\System32\drivers\beep.sys - ok
12:39:39.0894 5844 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] C:\Windows\System32\drivers\DLARTL_M.SYS
12:39:39.0894 5844 C:\Windows\System32\drivers\DLARTL_M.SYS - ok
12:39:39.0910 5844 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys
12:39:39.0910 5844 C:\Windows\System32\drivers\vga.sys - ok
12:39:39.0910 5844 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys
12:39:39.0910 5844 C:\Windows\System32\drivers\videoprt.sys - ok
12:39:39.0926 5844 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys
12:39:39.0926 5844 C:\Windows\System32\drivers\RDPCDD.sys - ok
12:39:39.0926 5844 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys
12:39:39.0926 5844 C:\Windows\System32\drivers\RDPENCDD.sys - ok
12:39:39.0941 5844 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys
12:39:39.0941 5844 C:\Windows\System32\drivers\msfs.sys - ok
12:39:39.0941 5844 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys
12:39:39.0941 5844 C:\Windows\System32\drivers\npfs.sys - ok
12:39:39.0941 5844 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys
12:39:39.0941 5844 C:\Windows\System32\drivers\rasacd.sys - ok
12:39:39.0957 5844 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys
12:39:39.0957 5844 C:\Windows\System32\drivers\tdx.sys - ok
12:39:39.0957 5844 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys
12:39:39.0957 5844 C:\Windows\System32\drivers\smb.sys - ok
12:39:39.0972 5844 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys
12:39:39.0972 5844 C:\Windows\System32\drivers\afd.sys - ok
12:39:39.0972 5844 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys
12:39:39.0972 5844 C:\Windows\System32\drivers\netbt.sys - ok
12:39:39.0972 5844 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys
12:39:39.0988 5844 C:\Windows\System32\drivers\pacer.sys - ok
12:39:39.0988 5844 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys
12:39:39.0988 5844 C:\Windows\System32\drivers\netbios.sys - ok
12:39:39.0988 5844 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys
12:39:39.0988 5844 C:\Windows\System32\drivers\wanarp.sys - ok
12:39:40.0004 5844 [ 2F03CBDB0F22278D05D5D616C993AB58 ] C:\Windows\System32\drivers\symtdi.sys
12:39:40.0004 5844 C:\Windows\System32\drivers\symtdi.sys - ok
12:39:40.0004 5844 [ 8831252BCF05FCFB5ABD116A22E552D8 ] C:\Windows\System32\drivers\sp_rsdrv2.sys
12:39:40.0004 5844 C:\Windows\System32\drivers\sp_rsdrv2.sys - ok
12:39:40.0019 5844 [ 905782BCF15B6E5AF9905B77923C7FA2 ] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:39:40.0019 5844 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys - ok
12:39:40.0019 5844 [ 16B1ABE7F3E35F21DAC57592B6C5D464 ] C:\Windows\System32\drivers\scdemu.sys
12:39:40.0019 5844 C:\Windows\System32\drivers\scdemu.sys - ok
12:39:40.0035 5844 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys
12:39:40.0035 5844 C:\Windows\System32\drivers\rdbss.sys - ok
12:39:40.0035 5844 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys
12:39:40.0035 5844 C:\Windows\System32\drivers\nsiproxy.sys - ok
12:39:40.0050 5844 [ 85B8B4032A895A746D46A288A9B30DED ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:39:40.0050 5844 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
12:39:40.0050 5844 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:39:40.0050 5844 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
12:39:40.0066 5844 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys
12:39:40.0066 5844 C:\Windows\System32\drivers\dfsc.sys - ok
12:39:40.0066 5844 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe
12:39:40.0066 5844 C:\Windows\System32\smss.exe - ok
12:39:40.0066 5844 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll
12:39:40.0066 5844 C:\Windows\System32\ntdll.dll - ok
12:39:40.0082 5844 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe
12:39:40.0082 5844 C:\Windows\System32\autochk.exe - ok
12:39:40.0082 5844 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll
12:39:40.0082 5844 C:\Windows\System32\shlwapi.dll - ok
12:39:40.0097 5844 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll
12:39:40.0097 5844 C:\Windows\System32\user32.dll - ok
12:39:40.0097 5844 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll
12:39:40.0097 5844 C:\Windows\System32\comdlg32.dll - ok
12:39:40.0113 5844 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\System32\wininet.dll
12:39:40.0113 5844 C:\Windows\System32\wininet.dll - ok
12:39:40.0113 5844 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll
12:39:40.0113 5844 C:\Windows\System32\setupapi.dll - ok
12:39:40.0128 5844 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll
12:39:40.0128 5844 C:\Windows\System32\usp10.dll - ok
12:39:40.0128 5844 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll
12:39:40.0128 5844 C:\Windows\System32\ole32.dll - ok
12:39:40.0144 5844 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll
12:39:40.0144 5844 C:\Windows\System32\nsi.dll - ok
12:39:40.0144 5844 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll
12:39:40.0144 5844 C:\Windows\System32\Wldap32.dll - ok
12:39:40.0160 5844 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll
12:39:40.0160 5844 C:\Windows\System32\rpcrt4.dll - ok
12:39:40.0160 5844 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll
12:39:40.0160 5844 C:\Windows\System32\imm32.dll - ok
12:39:40.0175 5844 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll
12:39:40.0175 5844 C:\Windows\System32\shell32.dll - ok
12:39:40.0175 5844 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll
12:39:40.0175 5844 C:\Windows\System32\oleaut32.dll - ok
12:39:40.0191 5844 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll
12:39:40.0191 5844 C:\Windows\System32\msvcrt.dll - ok
12:39:40.0191 5844 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll
12:39:40.0191 5844 C:\Windows\System32\clbcatq.dll - ok
12:39:40.0206 5844 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\System32\urlmon.dll
12:39:40.0206 5844 C:\Windows\System32\urlmon.dll - ok
12:39:40.0206 5844 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll
12:39:40.0206 5844 C:\Windows\System32\imagehlp.dll - ok
12:39:40.0206 5844 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll
12:39:40.0206 5844 C:\Windows\System32\lpk.dll - ok
12:39:40.0222 5844 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll
12:39:40.0222 5844 C:\Windows\System32\msctf.dll - ok
12:39:40.0222 5844 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll
12:39:40.0222 5844 C:\Windows\System32\gdi32.dll - ok
12:39:40.0238 5844 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\System32\iertutil.dll
12:39:40.0238 5844 C:\Windows\System32\iertutil.dll - ok
12:39:40.0238 5844 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll
12:39:40.0238 5844 C:\Windows\System32\normaliz.dll - ok
12:39:40.0238 5844 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll
12:39:40.0238 5844 C:\Windows\System32\advapi32.dll - ok
12:39:40.0253 5844 [ DC3105CC925A0D47F61B54E66AB730FC ] C:\Windows\System32\kernel32.dll
12:39:40.0253 5844 C:\Windows\System32\kernel32.dll - ok
12:39:40.0269 5844 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll
12:39:40.0269 5844 C:\Windows\System32\ws2_32.dll - ok
12:39:40.0269 5844 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll
12:39:40.0269 5844 C:\Windows\System32\comctl32.dll - ok
12:39:40.0269 5844 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll
12:39:40.0269 5844 C:\Windows\System32\psapi.dll - ok
12:39:40.0284 5844 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys
12:39:40.0284 5844 C:\Windows\System32\drivers\dxapi.sys - ok
12:39:40.0284 5844 [ F167606EC2C01D804FC72F8F84E73E19 ] C:\Windows\System32\win32k.sys
12:39:40.0284 5844 C:\Windows\System32\win32k.sys - ok
12:39:40.0300 5844 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe
12:39:40.0300 5844 C:\Windows\System32\csrss.exe - ok
12:39:40.0300 5844 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll
12:39:40.0300 5844 C:\Windows\System32\csrsrv.dll - ok
12:39:40.0316 5844 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll
12:39:40.0316 5844 C:\Windows\System32\basesrv.dll - ok
12:39:40.0316 5844 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll
12:39:40.0316 5844 C:\Windows\System32\winsrv.dll - ok
12:39:40.0316 5844 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys
12:39:40.0316 5844 C:\Windows\System32\drivers\monitor.sys - ok
12:39:40.0331 5844 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll
12:39:40.0331 5844 C:\Windows\System32\tsddd.dll - ok
12:39:40.0331 5844 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe
12:39:40.0331 5844 C:\Windows\System32\wininit.exe - ok
12:39:40.0347 5844 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll
12:39:40.0347 5844 C:\Windows\System32\userenv.dll - ok
12:39:40.0347 5844 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll
12:39:40.0347 5844 C:\Windows\System32\secur32.dll - ok
12:39:40.0347 5844 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL
12:39:40.0347 5844 C:\Windows\System32\KBDUS.DLL - ok
12:39:40.0362 5844 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll
12:39:40.0362 5844 C:\Windows\System32\cdd.dll - ok
12:39:40.0362 5844 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll
12:39:40.0362 5844 C:\Windows\System32\WlS0WndH.dll - ok
12:39:40.0362 5844 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll
12:39:40.0362 5844 C:\Windows\System32\apphelp.dll - ok
12:39:40.0378 5844 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe
12:39:40.0378 5844 C:\Windows\System32\services.exe - ok
12:39:40.0378 5844 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll
12:39:40.0378 5844 C:\Windows\System32\sxs.dll - ok
12:39:40.0394 5844 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe
12:39:40.0394 5844 C:\Windows\System32\winlogon.exe - ok
12:39:40.0394 5844 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll
12:39:40.0394 5844 C:\Windows\System32\winsta.dll - ok
12:39:40.0394 5844 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe
12:39:40.0394 5844 C:\Windows\System32\lsass.exe - ok
12:39:40.0409 5844 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll
12:39:40.0409 5844 C:\Windows\System32\scesrv.dll - ok
12:39:40.0409 5844 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll
12:39:40.0409 5844 C:\Windows\System32\authz.dll - ok
12:39:40.0425 5844 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll
12:39:40.0425 5844 C:\Windows\System32\lsasrv.dll - ok
12:39:40.0425 5844 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32\netapi32.dll
12:39:40.0425 5844 C:\Windows\System32\netapi32.dll - ok
12:39:40.0425 5844 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe
12:39:40.0425 5844 C:\Windows\System32\lsm.exe - ok
12:39:40.0440 5844 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll
12:39:40.0440 5844 C:\Windows\System32\sysntfy.dll - ok
12:39:40.0440 5844 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll
12:39:40.0440 5844 C:\Windows\System32\wmsgapi.dll - ok
12:39:40.0456 5844 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll
12:39:40.0456 5844 C:\Windows\System32\ncobjapi.dll - ok
12:39:40.0456 5844 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll
12:39:40.0456 5844 C:\Windows\System32\samsrv.dll - ok
12:39:40.0456 5844 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\Windows\System32\aelupsvc.dll
12:39:40.0456 5844 C:\Windows\System32\aelupsvc.dll - ok
12:39:40.0472 5844 [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe
12:39:40.0472 5844 C:\Windows\System32\alg.exe - ok
12:39:40.0472 5844 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll
12:39:40.0472 5844 C:\Windows\System32\cryptdll.dll - ok
12:39:40.0487 5844 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll
12:39:40.0487 5844 C:\Windows\System32\appinfo.dll - ok
12:39:40.0487 5844 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll
12:39:40.0487 5844 C:\Windows\System32\audiosrv.dll - ok
12:39:40.0487 5844 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll
12:39:40.0487 5844 C:\Windows\System32\dnsapi.dll - ok
12:39:40.0503 5844 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll
12:39:40.0503 5844 C:\Windows\System32\samlib.dll - ok
12:39:40.0503 5844 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL
12:39:40.0503 5844 C:\Windows\System32\BFE.DLL - ok
12:39:40.0518 5844 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll
12:39:40.0518 5844 C:\Windows\System32\msasn1.dll - ok
12:39:40.0518 5844 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll
12:39:40.0518 5844 C:\Windows\System32\ntdsapi.dll - ok
12:39:40.0518 5844 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll
12:39:40.0518 5844 C:\Windows\System32\feclient.dll - ok
12:39:40.0534 5844 [ 93952506C6D67330367F7E7934B6A02F ] C:\Windows\System32\qmgr.dll
12:39:40.0534 5844 C:\Windows\System32\qmgr.dll - ok
12:39:40.0534 5844 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll
12:39:40.0534 5844 C:\Windows\System32\mpr.dll - ok
12:39:40.0550 5844 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll
12:39:40.0550 5844 C:\Windows\System32\browser.dll - ok
12:39:40.0550 5844 [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\Windows\System32\crypt32.dll
12:39:40.0550 5844 C:\Windows\System32\crypt32.dll - ok
12:39:40.0550 5844 [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll
12:39:40.0550 5844 C:\Windows\System32\certprop.dll - ok
12:39:40.0565 5844 [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll
12:39:40.0565 5844 C:\Windows\System32\comres.dll - ok
12:39:40.0565 5844 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll
12:39:40.0565 5844 C:\Windows\System32\SLC.dll - ok
12:39:40.0581 5844 [ F1E8C34892336D33EDDCDFE44E474F64 ] C:\Windows\System32\cryptsvc.dll
12:39:40.0581 5844 C:\Windows\System32\cryptsvc.dll - ok
12:39:40.0581 5844 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll
12:39:40.0581 5844 C:\Windows\System32\wevtapi.dll - ok
12:39:40.0581 5844 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll
12:39:40.0581 5844 C:\Windows\System32\dfsrres.dll - ok
12:39:40.0596 5844 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll
12:39:40.0596 5844 C:\Windows\System32\oleres.dll - ok
12:39:40.0596 5844 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll
12:39:40.0596 5844 C:\Windows\System32\dhcpcsvc.dll - ok
12:39:40.0612 5844 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL
12:39:40.0612 5844 C:\Windows\System32\IPHLPAPI.DLL - ok
12:39:40.0612 5844 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll
12:39:40.0612 5844 C:\Windows\System32\winnsi.dll - ok
12:39:40.0612 5844 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll
12:39:40.0612 5844 C:\Windows\System32\dhcpcsvc6.dll - ok
12:39:40.0628 5844 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll
12:39:40.0628 5844 C:\Windows\System32\cngaudit.dll - ok
12:39:40.0628 5844 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32\ncrypt.dll
12:39:40.0628 5844 C:\Windows\System32\ncrypt.dll - ok
12:39:40.0643 5844 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll
12:39:40.0643 5844 C:\Windows\System32\bcrypt.dll - ok
12:39:40.0643 5844 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll
12:39:40.0643 5844 C:\Windows\System32\credssp.dll - ok
12:39:40.0643 5844 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll
12:39:40.0643 5844 C:\Windows\System32\dot3svc.dll - ok
12:39:40.0659 5844 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll
12:39:40.0659 5844 C:\Windows\System32\dps.dll - ok
12:39:40.0659 5844 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll
12:39:40.0659 5844 C:\Windows\System32\msprivs.dll - ok
12:39:40.0674 5844 [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll
12:39:40.0674 5844 C:\Windows\System32\eapsvc.dll - ok
12:39:40.0674 5844 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll
12:39:40.0674 5844 C:\Windows\System32\emdmgmt.dll - ok
12:39:40.0690 5844 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll
12:39:40.0690 5844 C:\Windows\System32\kerberos.dll - ok
12:39:40.0690 5844 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll
12:39:40.0690 5844 C:\Windows\System32\wevtsvc.dll - ok
12:39:40.0690 5844 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll
12:39:40.0690 5844 C:\Windows\System32\wship6.dll - ok
12:39:40.0706 5844 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL
12:39:40.0706 5844 C:\Windows\System32\WSHTCPIP.DLL - ok
12:39:40.0706 5844 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\Windows\System32\fdPHost.dll
12:39:40.0706 5844 C:\Windows\System32\fdPHost.dll - ok
12:39:40.0721 5844 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\Windows\System32\FDResPub.dll
12:39:40.0721 5844 C:\Windows\System32\FDResPub.dll - ok
12:39:40.0721 5844 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll
12:39:40.0721 5844 C:\Windows\System32\wshqos.dll - ok
12:39:40.0737 5844 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll
12:39:40.0737 5844 C:\Windows\System32\nlasvc.dll - ok
12:39:40.0737 5844 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll
12:39:40.0737 5844 C:\Windows\System32\NapiNSP.dll - ok
12:39:40.0737 5844 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll
12:39:40.0737 5844 C:\Windows\System32\pnrpnsp.dll - ok
12:39:40.0752 5844 [ 8CE364388C8ECA59B14B539179276D44 ] C:\Windows\System32\FntCache.dll
12:39:40.0752 5844 C:\Windows\System32\FntCache.dll - ok
12:39:40.0752 5844 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll
12:39:40.0752 5844 C:\Windows\System32\mswsock.dll - ok
12:39:40.0768 5844 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
12:39:40.0768 5844 C:\Windows\System32\msv1_0.dll - ok
12:39:40.0768 5844 [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\Windows\System32\PresentationHost.exe
12:39:40.0768 5844 C:\Windows\System32\PresentationHost.exe - ok
12:39:40.0768 5844 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32\netlogon.dll
12:39:40.0768 5844 C:\Windows\System32\netlogon.dll - ok
12:39:40.0784 5844 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll
12:39:40.0784 5844 C:\Windows\System32\gpapi.dll - ok
12:39:40.0784 5844 [ 84067081F3318162797385E11A8F0582 ] C:\Windows\System32\hidserv.dll
12:39:40.0784 5844 C:\Windows\System32\hidserv.dll - ok
12:39:40.0799 5844 [ D8AD255B37DA92434C26E4876DB7D418 ] C:\Windows\System32\KMSVC.DLL
12:39:40.0799 5844 C:\Windows\System32\KMSVC.DLL - ok
12:39:40.0799 5844 [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
12:39:40.0799 5844 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
12:39:40.0815 5844 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll
12:39:40.0815 5844 C:\Windows\System32\winbrand.dll - ok
12:39:40.0815 5844 [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\Windows\System32\IKEEXT.DLL
12:39:40.0815 5844 C:\Windows\System32\IKEEXT.DLL - ok
12:39:40.0830 5844 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll
12:39:40.0830 5844 C:\Windows\System32\IPBusEnum.dll - ok
12:39:40.0830 5844 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll
12:39:40.0830 5844 C:\Windows\System32\rascfg.dll - ok
12:39:40.0830 5844 [ 1998BD97F950680BB55F55A7244679C2 ] C:\Windows\System32\iphlpsvc.dll
12:39:40.0830 5844 C:\Windows\System32\iphlpsvc.dll - ok
12:39:40.0846 5844 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll
12:39:40.0846 5844 C:\Windows\System32\schannel.dll - ok
12:39:40.0846 5844 [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\Windows\System32\keyiso.dll
12:39:40.0846 5844 C:\Windows\System32\keyiso.dll - ok
12:39:40.0862 5844 [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\Windows\System32\srvsvc.dll
12:39:40.0862 5844 C:\Windows\System32\srvsvc.dll - ok
12:39:40.0862 5844 [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\Windows\System32\lltdres.dll
12:39:40.0862 5844 C:\Windows\System32\lltdres.dll - ok
12:39:40.0862 5844 [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\Windows\System32\wkssvc.dll
12:39:40.0862 5844 C:\Windows\System32\wkssvc.dll - ok
12:39:40.0877 5844 [ 35D40113E4A5B961B6CE5C5857702518 ] C:\Windows\System32\lmhsvc.dll
12:39:40.0877 5844 C:\Windows\System32\lmhsvc.dll - ok
12:39:40.0877 5844 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\Windows\System32\mmcss.dll
12:39:40.0877 5844 C:\Windows\System32\mmcss.dll - ok
12:39:40.0893 5844 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll
12:39:40.0893 5844 C:\Windows\System32\FirewallAPI.dll - ok
12:39:40.0893 5844 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll
12:39:40.0893 5844 C:\Windows\System32\wdigest.dll - ok
12:39:40.0893 5844 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll
12:39:40.0893 5844 C:\Windows\System32\rsaenh.dll - ok
12:39:40.0908 5844 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll
12:39:40.0908 5844 C:\Windows\System32\TSpkg.dll - ok
12:39:40.0908 5844 [ EA822412BBBA9B7D2B1A3748AD50EFB8 ] C:\Windows\System32\iscsidsc.dll
12:39:40.0908 5844 C:\Windows\System32\iscsidsc.dll - ok
12:39:40.0924 5844 [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\Windows\System32\msimsg.dll
12:39:40.0924 5844 C:\Windows\System32\msimsg.dll - ok
12:39:40.0924 5844 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\Windows\System32\QAGENTRT.DLL
12:39:40.0924 5844 C:\Windows\System32\QAGENTRT.DLL - ok
12:39:40.0924 5844 [ C8052711DAECC48B982434C5116CA401 ] C:\Windows\System32\netman.dll
12:39:40.0924 5844 C:\Windows\System32\netman.dll - ok
12:39:40.0940 5844 [ ED640F4CE585058119B824CC76591D9C ] C:\Windows\System32\netprof.dll
12:39:40.0940 5844 C:\Windows\System32\netprof.dll - ok
12:39:40.0940 5844 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\Windows\System32\nsisvc.dll
12:39:40.0940 5844 C:\Windows\System32\nsisvc.dll - ok
12:39:40.0940 5844 [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\Windows\System32\p2psvc.dll
12:39:40.0940 5844 C:\Windows\System32\p2psvc.dll - ok
12:39:40.0955 5844 [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\Windows\System32\pcasvc.dll
12:39:40.0955 5844 C:\Windows\System32\pcasvc.dll - ok
12:39:40.0955 5844 [ B1689DF169143F57053F795390C99DB3 ] C:\Windows\System32\pla.dll
12:39:40.0955 5844 C:\Windows\System32\pla.dll - ok
12:39:40.0971 5844 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll
12:39:40.0971 5844 C:\Windows\System32\umpnpmgr.dll - ok
12:39:40.0971 5844 [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\Windows\System32\polstore.dll
12:39:40.0971 5844 C:\Windows\System32\polstore.dll - ok
12:39:40.0971 5844 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll
12:39:40.0971 5844 C:\Windows\System32\profsvc.dll - ok
12:39:40.0986 5844 [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\Windows\System32\psbase.dll
12:39:40.0986 5844 C:\Windows\System32\psbase.dll - ok
12:39:40.0986 5844 [ E9ECAE663F47E6CB43962D18AB18890F ] C:\Windows\System32\qwave.dll
12:39:40.0986 5844 C:\Windows\System32\qwave.dll - ok
12:39:41.0002 5844 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys
12:39:41.0002 5844 C:\Windows\System32\drivers\qwavedrv.sys - ok
12:39:41.0002 5844 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\Windows\System32\rasauto.dll
12:39:41.0002 5844 C:\Windows\System32\rasauto.dll - ok
12:39:41.0002 5844 [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\Windows\System32\rasmans.dll
12:39:41.0002 5844 C:\Windows\System32\rasmans.dll - ok
12:39:41.0018 5844 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll
12:39:41.0018 5844 C:\Windows\System32\sstpsvc.dll - ok
12:39:41.0018 5844 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\Windows\System32\mprdim.dll
12:39:41.0018 5844 C:\Windows\System32\mprdim.dll - ok
12:39:41.0033 5844 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] C:\Windows\System32\regsvc.dll
12:39:41.0033 5844 C:\Windows\System32\regsvc.dll - ok
12:39:41.0033 5844 [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\Windows\System32\Locator.exe
12:39:41.0033 5844 C:\Windows\System32\Locator.exe - ok
12:39:41.0033 5844 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] C:\Windows\System32\SCardSvr.dll
12:39:41.0033 5844 C:\Windows\System32\SCardSvr.dll - ok
12:39:41.0049 5844 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll
12:39:41.0049 5844 C:\Windows\System32\schedsvc.dll - ok
12:39:41.0049 5844 [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\Windows\System32\sdrsvc.dll
12:39:41.0049 5844 C:\Windows\System32\sdrsvc.dll - ok
12:39:41.0064 5844 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\Windows\System32\seclogon.dll
12:39:41.0064 5844 C:\Windows\System32\seclogon.dll - ok
12:39:41.0064 5844 [ A9BBAB5759771E523F55563D6CBE140F ] C:\Windows\System32\Sens.dll
12:39:41.0064 5844 C:\Windows\System32\Sens.dll - ok
12:39:41.0064 5844 [ D2193326F729B163125610DBF3E17D57 ] C:\Windows\System32\SessEnv.dll
12:39:41.0064 5844 C:\Windows\System32\SessEnv.dll - ok
12:39:41.0080 5844 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] C:\Windows\System32\ipnathlp.dll
12:39:41.0080 5844 C:\Windows\System32\ipnathlp.dll - ok
12:39:41.0080 5844 [ C7230FBEE14437716701C15BE02C27B8 ] C:\Windows\System32\shsvcs.dll
12:39:41.0080 5844 C:\Windows\System32\shsvcs.dll - ok
12:39:41.0096 5844 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe
12:39:41.0096 5844 C:\Windows\System32\SLsvc.exe - ok
12:39:41.0096 5844 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\Windows\System32\SLUINotify.dll
12:39:41.0096 5844 C:\Windows\System32\SLUINotify.dll - ok
12:39:41.0096 5844 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll
12:39:41.0096 5844 C:\Windows\System32\tcpipcfg.dll - ok
12:39:41.0111 5844 [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\Windows\System32\snmptrap.exe
12:39:41.0111 5844 C:\Windows\System32\snmptrap.exe - ok
12:39:41.0111 5844 [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\Windows\System32\spoolsv.exe
12:39:41.0111 5844 C:\Windows\System32\spoolsv.exe - ok
12:39:41.0127 5844 [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\Windows\System32\ssdpsrv.dll
12:39:41.0127 5844 C:\Windows\System32\ssdpsrv.dll - ok
12:39:41.0127 5844 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] C:\Windows\System32\wiaservc.dll
12:39:41.0127 5844 C:\Windows\System32\wiaservc.dll - ok
12:39:41.0127 5844 [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\Windows\System32\swprv.dll
12:39:41.0127 5844 C:\Windows\System32\swprv.dll - ok
12:39:41.0142 5844 [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\Windows\System32\sysmain.dll
12:39:41.0142 5844 C:\Windows\System32\sysmain.dll - ok
12:39:41.0142 5844 [ 2DCA225EAE15F42C0933E998EE0231C3 ] C:\Windows\System32\TabSvc.dll
12:39:41.0142 5844 C:\Windows\System32\TabSvc.dll - ok
12:39:41.0158 5844 [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\Windows\System32\tapisrv.dll
12:39:41.0158 5844 C:\Windows\System32\tapisrv.dll - ok
12:39:41.0158 5844 [ CB05822CD9CC6C688168E113C603DBE7 ] C:\Windows\System32\tbssvc.dll
12:39:41.0158 5844 C:\Windows\System32\tbssvc.dll - ok
12:39:41.0158 5844 [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\Windows\System32\termsrv.dll
12:39:41.0158 5844 C:\Windows\System32\termsrv.dll - ok
12:39:41.0174 5844 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] C:\Windows\System32\trkwks.dll
12:39:41.0174 5844 C:\Windows\System32\trkwks.dll - ok
12:39:41.0189 5844 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\Windows\servicing\TrustedInstaller.exe
12:39:41.0189 5844 C:\Windows\servicing\TrustedInstaller.exe - ok
12:39:41.0189 5844 [ ECEF404F62863755951E09C802C94AD5 ] C:\Windows\System32\UI0Detect.exe
12:39:41.0189 5844 C:\Windows\System32\UI0Detect.exe - ok
12:39:41.0189 5844 [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\Windows\System32\upnphost.dll
12:39:41.0189 5844 C:\Windows\System32\upnphost.dll - ok
12:39:41.0205 5844 [ 01DD1004181FD46ECDC3628228EB269D ] C:\Windows\System32\dwm.exe
12:39:41.0205 5844 C:\Windows\System32\dwm.exe - ok
12:39:41.0205 5844 [ CD88D1B7776DC17A119049742EC07EB4 ] C:\Windows\System32\vds.exe
12:39:41.0205 5844 C:\Windows\System32\vds.exe - ok
12:39:41.0220 5844 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\Windows\System32\VSSVC.exe
12:39:41.0220 5844 C:\Windows\System32\VSSVC.exe - ok
12:39:41.0220 5844 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\Windows\System32\w32time.dll
12:39:41.0220 5844 C:\Windows\System32\w32time.dll - ok
12:39:41.0220 5844 [ A3CD60FD826381B49F03832590E069AF ] C:\Windows\System32\wcncsvc.dll
12:39:41.0220 5844 C:\Windows\System32\wcncsvc.dll - ok
12:39:41.0236 5844 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\Windows\System32\WcsPlugInService.dll
12:39:41.0236 5844 C:\Windows\System32\WcsPlugInService.dll - ok
12:39:41.0236 5844 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] C:\Windows\System32\drivers\Wdf01000.sys
12:39:41.0236 5844 C:\Windows\System32\drivers\Wdf01000.sys - ok
12:39:41.0252 5844 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\Windows\System32\wdi.dll
12:39:41.0252 5844 C:\Windows\System32\wdi.dll - ok
12:39:41.0252 5844 [ 04C37D8107320312FBAE09926103D5E2 ] C:\Windows\System32\WebClnt.dll
12:39:41.0252 5844 C:\Windows\System32\WebClnt.dll - ok
12:39:41.0252 5844 [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\Windows\System32\wecsvc.dll
12:39:41.0252 5844 C:\Windows\System32\wecsvc.dll - ok
12:39:41.0267 5844 [ 670FF720071ED741206D69BD995EA453 ] C:\Windows\System32\wercplsupport.dll
12:39:41.0267 5844 C:\Windows\System32\wercplsupport.dll - ok
12:39:41.0283 5844 [ 62DB790A860CDFC4278D2F03CC5675D8 ] C:\Program Files\Windows Defender\MsMpRes.dll
12:39:41.0283 5844 C:\Program Files\Windows Defender\MsMpRes.dll - ok
12:39:41.0283 5844 [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\Windows\System32\wersvc.dll
12:39:41.0283 5844 C:\Windows\System32\wersvc.dll - ok
12:39:41.0283 5844 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\System32\winhttp.dll
12:39:41.0283 5844 C:\Windows\System32\winhttp.dll - ok
12:39:41.0298 5844 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\Windows\System32\wbem\WMIsvc.dll
12:39:41.0298 5844 C:\Windows\System32\wbem\WMIsvc.dll - ok
12:39:41.0298 5844 [ 7CFE68BDC065E55AA5E8421607037511 ] C:\Windows\System32\WsmSvc.dll
12:39:41.0298 5844 C:\Windows\System32\WsmSvc.dll - ok
12:39:41.0314 5844 [ C008405E4FEEB069E30DA1D823910234 ] C:\Windows\System32\wlansvc.dll
12:39:41.0314 5844 C:\Windows\System32\wlansvc.dll - ok
12:39:41.0314 5844 [ 43BE3875207DCB62A85C8C49970B66CC ] C:\Windows\System32\wbem\WmiApSrv.exe
12:39:41.0314 5844 C:\Windows\System32\wbem\WmiApSrv.exe - ok
12:39:41.0314 5844 [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe
12:39:41.0314 5844 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
12:39:41.0330 5844 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\Windows\System32\wpcsvc.dll
12:39:41.0330 5844 C:\Windows\System32\wpcsvc.dll - ok
12:39:41.0330 5844 [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\Windows\System32\wpdbusenum.dll
12:39:41.0330 5844 C:\Windows\System32\wpdbusenum.dll - ok
12:39:41.0345 5844 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:39:41.0345 5844 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
12:39:41.0345 5844 [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\Windows\System32\wscsvc.dll
12:39:41.0345 5844 C:\Windows\System32\wscsvc.dll - ok
12:39:41.0345 5844 [ AED0DFF80C6B3914769407E78D7AB21A ] C:\Windows\System32\SearchIndexer.exe
12:39:41.0345 5844 C:\Windows\System32\SearchIndexer.exe - ok
12:39:41.0361 5844 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
12:39:41.0361 5844 C:\Windows\System32\wuaueng.dll - ok
12:39:41.0361 5844 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys
12:39:41.0361 5844 C:\Windows\System32\drivers\WUDFPf.sys - ok
12:39:41.0376 5844 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll
12:39:41.0376 5844 C:\Windows\System32\WUDFSvc.dll - ok
12:39:41.0376 5844 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll
12:39:41.0376 5844 C:\Windows\System32\scecli.dll - ok
12:39:41.0376 5844 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32\ntmarta.dll
12:39:41.0376 5844 C:\Windows\System32\ntmarta.dll - ok
12:39:41.0392 5844 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe
12:39:41.0392 5844 C:\Windows\System32\svchost.exe - ok
12:39:41.0392 5844 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll
12:39:41.0392 5844 C:\Windows\System32\powrprof.dll - ok
12:39:41.0408 5844 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys
12:39:41.0408 5844 C:\Windows\System32\drivers\luafv.sys - ok
12:39:41.0408 5844 [ FFC371525AA55D1BAE18715EBCB8797C ] C:\Windows\System32\drivers\DRVNDDM.SYS
12:39:41.0408 5844 C:\Windows\System32\drivers\DRVNDDM.SYS - ok
12:39:41.0408 5844 [ C950C2E7B9ED1A4FC4A2AC7EC044F1D6 ] C:\Windows\System32\DLA\DLADResM.SYS
12:39:41.0408 5844 C:\Windows\System32\DLA\DLADResM.SYS - ok
12:39:41.0423 5844 [ 24400137E387A24410C52A591F3CFB4D ] C:\Windows\System32\DLA\DLAIFS_M.SYS
12:39:41.0423 5844 C:\Windows\System32\DLA\DLAIFS_M.SYS - ok
12:39:41.0423 5844 [ 29A303FECEB28641ECEBDAE89EB71C63 ] C:\Windows\System32\DLA\DLAOPIOM.SYS
12:39:41.0423 5844 C:\Windows\System32\DLA\DLAOPIOM.SYS - ok
12:39:41.0439 5844 [ C93E33A22A1AE0C5508F3FB1F6D0A50C ] C:\Windows\System32\DLA\DLAPoolM.SYS
12:39:41.0454 5844 C:\Windows\System32\DLA\DLAPoolM.SYS - ok
12:39:41.0470 5844 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] C:\Windows\System32\nvvsvc.exe
12:39:41.0470 5844 C:\Windows\System32\nvvsvc.exe - ok
12:39:41.0470 5844 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll
12:39:41.0470 5844 C:\Windows\System32\wtsapi32.dll - ok
12:39:41.0486 5844 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
12:39:41.0486 5844 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
12:39:41.0486 5844 [ F0359F7CE712D69ACEF0886BDB4792ED ] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:39:41.0486 5844 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok
12:39:41.0486 5844 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll
12:39:41.0486 5844 C:\Windows\System32\version.dll - ok
12:39:41.0501 5844 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\System32\winspool.drv
12:39:41.0501 5844 C:\Windows\System32\winspool.drv - ok
12:39:41.0501 5844 [ 0C0D2C6E4921B5DB345E067647A5A91B ] C:\Windows\System32\atmfd.dll
12:39:41.0501 5844 C:\Windows\System32\atmfd.dll - ok
12:39:41.0517 5844 [ 145E7826A07D98628924A9B06F6273AB ] C:\Program Files\NVIDIA Corporation\3D Vision\nvstres.dll
12:39:41.0517 5844 C:\Program Files\NVIDIA Corporation\3D Vision\nvstres.dll - ok
12:39:41.0517 5844 [ 7AD857422AFA068A39A4B4BBF7FCC49C ] C:\Program Files\NVIDIA Corporation\3D Vision\nvwl.dll
12:39:41.0517 5844 C:\Program Files\NVIDIA Corporation\3D Vision\nvwl.dll - ok
12:39:41.0532 5844 [ B2E569EF26DAC9D6994A2AFF4F601B7A ] C:\Windows\System32\wintrust.dll
12:39:41.0532 5844 C:\Windows\System32\wintrust.dll - ok
12:39:41.0532 5844 [ A53723176D0002FEB486EFF8E17812F2 ] C:\Windows\System32\DLA\DLABMFSM.SYS
12:39:41.0532 5844 C:\Windows\System32\DLA\DLABMFSM.SYS - ok
12:39:41.0532 5844 [ D4587063ACEA776699251E177D719586 ] C:\Windows\System32\DLA\DLABOIOM.SYS
12:39:41.0532 5844 C:\Windows\System32\DLA\DLABOIOM.SYS - ok
12:39:41.0548 5844 [ B953498C35A31E5AC98F49ADBCF3E627 ] C:\Windows\System32\DLA\DLAUDFAM.SYS
12:39:41.0548 5844 C:\Windows\System32\DLA\DLAUDFAM.SYS - ok
12:39:41.0548 5844 [ 4897704C093C1F59CE58FC65E1E1EF1E ] C:\Windows\System32\DLA\DLAUDF_M.SYS
12:39:41.0548 5844 C:\Windows\System32\DLA\DLAUDF_M.SYS - ok
12:39:41.0564 5844 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll
12:39:41.0564 5844 C:\Windows\System32\rpcss.dll - ok
12:39:41.0564 5844 [ 4575AA12561C5648483403541D0D7F2B ] C:\Program Files\Windows Defender\MpSvc.dll
12:39:41.0564 5844 C:\Program Files\Windows Defender\MpSvc.dll - ok
12:39:41.0579 5844 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe
12:39:41.0579 5844 C:\Windows\System32\LogonUI.exe - ok
12:39:41.0579 5844 [ 1BD363738B672A394EBE3B8A78EAB9D3 ] C:\Program Files\Windows Defender\MpClient.dll
12:39:41.0579 5844 C:\Program Files\Windows Defender\MpClient.dll - ok
12:39:41.0579 5844 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll
12:39:41.0579 5844 C:\Windows\System32\authui.dll - ok
12:39:41.0595 5844 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll
12:39:41.0595 5844 C:\Windows\System32\msimg32.dll - ok
12:39:41.0595 5844 [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\System32\cabinet.dll
12:39:41.0595 5844 C:\Windows\System32\cabinet.dll - ok
12:39:41.0610 5844 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll
12:39:41.0610 5844 C:\Windows\System32\uxtheme.dll - ok
12:39:41.0610 5844 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
12:39:41.0610 5844 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok
12:39:41.0626 5844 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll
12:39:41.0626 5844 C:\Windows\System32\duser.dll - ok
12:39:41.0626 5844 [ DA887F28054D78EE8637BEBB924A2DB5 ] C:\Windows\System32\slwga.dll
12:39:41.0626 5844 C:\Windows\System32\slwga.dll - ok
12:39:41.0642 5844 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll
12:39:41.0642 5844 C:\Windows\System32\xmllite.dll - ok
12:39:41.0642 5844 [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\Windows\System32\p2pcollab.dll
12:39:41.0642 5844 C:\Windows\System32\p2pcollab.dll - ok
12:39:41.0657 5844 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll
12:39:41.0657 5844 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
12:39:41.0657 5844 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll
12:39:41.0657 5844 C:\Windows\System32\rasplap.dll - ok
12:39:41.0657 5844 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll
12:39:41.0657 5844 C:\Windows\System32\rasapi32.dll - ok
12:39:41.0673 5844 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll
12:39:41.0673 5844 C:\Windows\System32\rasman.dll - ok
12:39:41.0673 5844 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll
12:39:41.0673 5844 C:\Windows\System32\rtutils.dll - ok
12:39:41.0673 5844 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll
12:39:41.0688 5844 C:\Windows\System32\tapi32.dll - ok
12:39:41.0688 5844 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll
12:39:41.0688 5844 C:\Windows\System32\winmm.dll - ok
12:39:41.0688 5844 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll
12:39:41.0688 5844 C:\Windows\System32\oleacc.dll - ok
12:39:41.0704 5844 [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\Windows\System32\WinSCard.dll
12:39:41.0704 5844 C:\Windows\System32\WinSCard.dll - ok
12:39:41.0704 5844 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\Windows\System32\shgina.dll
12:39:41.0704 5844 C:\Windows\System32\shgina.dll - ok
12:39:41.0704 5844 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\Windows\System32\shacct.dll
12:39:41.0704 5844 C:\Windows\System32\shacct.dll - ok
12:39:41.0720 5844 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\System32\propsys.dll
12:39:41.0720 5844 C:\Windows\System32\propsys.dll - ok
12:39:41.0720 5844 [ 11F06C27DAD83CD5E907D664CA591805 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpengine.dll
12:39:41.0720 5844 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpengine.dll - ok
12:39:41.0720 5844 [ B144A2223EF11ED42310124A7839258E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpasbase.vdm
12:39:41.0720 5844 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpasbase.vdm - ok
12:39:41.0735 5844 [ E1BD3BF5BEE672EC61B1B6D61A27F804 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpasdlta.vdm
12:39:41.0735 5844 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpasdlta.vdm - ok
12:39:41.0735 5844 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\Windows\System32\drivers\fltMgr.sys
12:39:41.0735 5844 C:\Windows\System32\drivers\fltMgr.sys - ok
12:39:41.0751 5844 [ 56B5914070B2C243DFB3D186070DA89D ] C:\Windows\System32\MMDevAPI.dll
12:39:41.0751 5844 C:\Windows\System32\MMDevAPI.dll - ok
12:39:41.0751 5844 [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\Windows\System32\avrt.dll
12:39:41.0751 5844 C:\Windows\System32\avrt.dll - ok
12:39:41.0751 5844 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\Windows\System32\adtschema.dll
12:39:41.0766 5844 C:\Windows\System32\adtschema.dll - ok
12:39:41.0766 5844 [ 22F73612087430A94DBE912AB58E0C79 ] C:\Windows\System32\ci.dll
12:39:41.0766 5844 C:\Windows\System32\ci.dll - ok
12:39:41.0766 5844 [ 57418956DDAE128D1023C508E7D07071 ] C:\Windows\System32\PSHED.DLL
12:39:41.0766 5844 C:\Windows\System32\PSHED.DLL - ok
12:39:41.0782 5844 [ 97FEF831AB90BEE128C9AF390E243F80 ] C:\Windows\System32\drivers\drmkaud.sys
12:39:41.0782 5844 C:\Windows\System32\drivers\drmkaud.sys - ok
12:39:41.0782 5844 [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\Windows\System32\audiodg.exe
12:39:41.0782 5844 C:\Windows\System32\audiodg.exe - ok
12:39:41.0798 5844 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\Windows\System32\gpsvc.dll
12:39:41.0798 5844 C:\Windows\System32\gpsvc.dll - ok
12:39:41.0798 5844 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\System32\nlaapi.dll
12:39:41.0798 5844 C:\Windows\System32\nlaapi.dll - ok
12:39:41.0813 5844 [ 409F36C8BD06FCE184631EB4142B009A ] C:\Windows\System32\atl.dll
12:39:41.0813 5844 C:\Windows\System32\atl.dll - ok
12:39:41.0813 5844 [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\System32\es.dll
12:39:41.0813 5844 C:\Windows\System32\es.dll - ok
12:39:41.0813 5844 [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\Windows\System32\drivers\spsys.sys
12:39:41.0813 5844 C:\Windows\System32\drivers\spsys.sys - ok
12:39:41.0829 5844 [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\Windows\System32\uxsms.dll
12:39:41.0829 5844 C:\Windows\System32\uxsms.dll - ok
12:39:41.0829 5844 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\System32\hid.dll
12:39:41.0829 5844 C:\Windows\System32\hid.dll - ok
12:39:41.0844 5844 [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll
12:39:41.0844 5844 C:\Windows\System32\WUDFPlatform.dll - ok
12:39:41.0844 5844 [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\Windows\System32\drivers\lltdio.sys
12:39:41.0844 5844 C:\Windows\System32\drivers\lltdio.sys - ok
12:39:41.0860 5844 [ 9C508F4074A39E8B4B31D27198146FAD ] C:\Windows\System32\drivers\rspndr.sys
12:39:41.0860 5844 C:\Windows\System32\drivers\rspndr.sys - ok
12:39:41.0860 5844 [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\Windows\System32\WindowsCodecs.dll
12:39:41.0860 5844 C:\Windows\System32\WindowsCodecs.dll - ok
12:39:41.0876 5844 [ C71F2B4D0151CFEDE5D405C5D60B6FCE ] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
12:39:41.0876 5844 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - ok
12:39:41.0876 5844 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] C:\Windows\System32\dnsrslvr.dll
12:39:41.0876 5844 C:\Windows\System32\dnsrslvr.dll - ok
12:39:41.0876 5844 [ 47312A6AF7D84F99EA9EB7B0DE5440BC ] C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:39:41.0876 5844 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - ok
12:39:41.0891 5844 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Windows\System32\msvcp71.dll
12:39:41.0891 5844 C:\Windows\System32\msvcp71.dll - ok
12:39:41.0891 5844 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\System32\msvcr71.dll
12:39:41.0891 5844 C:\Windows\System32\msvcr71.dll - ok
12:39:41.0907 5844 [ C84A3E2A295D6A0C7D46BCB17B0BE295 ] C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
12:39:41.0907 5844 C:\Program Files\Common Files\Symantec Shared\ccL60U.dll - ok
12:39:41.0907 5844 [ 4934241CD20AC87D78121352E3BA8318 ] C:\Windows\System32\dbghelp.dll
12:39:41.0907 5844 C:\Windows\System32\dbghelp.dll - ok
12:39:41.0922 5844 [ 749ABA9C6E9D5CD0FBCBA8820F0B8B5C ] C:\Program Files\Common Files\Symantec Shared\SymNeti.dll
12:39:41.0922 5844 C:\Program Files\Common Files\Symantec Shared\SymNeti.dll - ok
12:39:41.0922 5844 [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\System32\wsock32.dll
12:39:41.0922 5844 C:\Windows\System32\wsock32.dll - ok
12:39:41.0922 5844 [ 9C167BB694823E91663268B9F903D2CA ] C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
12:39:41.0922 5844 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll - ok
12:39:41.0938 5844 [ 7D33F2009086256D21E4408D8AB4F2CE ] C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
12:39:41.0938 5844 C:\Program Files\Common Files\Symantec Shared\ccSvc.dll - ok
12:39:41.0938 5844 [ 1170C75A713A38622709DD56307EA754 ] C:\Program Files\Common Files\Symantec Shared\ccSet.dll
12:39:41.0938 5844 C:\Program Files\Common Files\Symantec Shared\ccSet.dll - ok
12:39:41.0954 5844 [ 3F0FA6D9AA344012EC31CF979576DD9C ] C:\PROGRA~1\COMMON~1\SYMANT~1\ccSetPlg.dll
12:39:41.0954 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\ccSetPlg.dll - ok
12:39:41.0954 5844 [ 359D05C93E20FB1E653AFF1BBD5F9825 ] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSvc.dll
12:39:41.0954 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSvc.dll - ok
12:39:41.0969 5844 [ DC5FB71C1FD81198F77961FCDB41FAFC ] C:\Program Files\Common Files\Symantec Shared\ccL60.dll
12:39:41.0969 5844 C:\Program Files\Common Files\Symantec Shared\ccL60.dll - ok
12:39:41.0969 5844 [ E73763D1C5A06862DE75D9D1F2B03B8B ] C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtPlg.dll
12:39:41.0969 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtPlg.dll - ok
12:39:41.0969 5844 [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\Windows\System32\wdmaud.drv
12:39:41.0969 5844 C:\Windows\System32\wdmaud.drv - ok
12:39:41.0985 5844 [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\Windows\System32\ksuser.dll
12:39:41.0985 5844 C:\Windows\System32\ksuser.dll - ok
12:39:41.0985 5844 [ 1AD0F8346FEC3337834D6B5A19DB9291 ] C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll
12:39:41.0985 5844 C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll - ok
12:39:41.0985 5844 [ 7258434974EA735725FD2D4A65C5E821 ] C:\Windows\System32\AudioSes.dll
12:39:41.0985 5844 C:\Windows\System32\AudioSes.dll - ok
12:39:42.0000 5844 [ DB7F4AB85298F3FE522C5512B8B0F56D ] C:\Windows\System32\AudioEng.dll
12:39:42.0000 5844 C:\Windows\System32\AudioEng.dll - ok
12:39:42.0000 5844 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
12:39:42.0000 5844 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
12:39:42.0016 5844 [ FE5A8FFC7FD8FBF4BE2BE53C2F0CD2BE ] C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEvt.dll
12:39:42.0016 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEvt.dll - ok
12:39:42.0016 5844 [ CA0B849566776A17F35F0339BE17DFD9 ] C:\Windows\System32\ktmw32.dll
12:39:42.0016 5844 C:\Windows\System32\ktmw32.dll - ok
12:39:42.0016 5844 [ 166F004D73EA2CF4AC61800CA469458D ] C:\Windows\System32\msacm32.drv
12:39:42.0016 5844 C:\Windows\System32\msacm32.drv - ok
12:39:42.0032 5844 [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\System32\msacm32.dll
12:39:42.0032 5844 C:\Windows\System32\msacm32.dll - ok
12:39:42.0032 5844 [ 83199EF88D691E730B80666E29F90D58 ] C:\Windows\System32\midimap.dll
12:39:42.0032 5844 C:\Windows\System32\midimap.dll - ok
12:39:42.0047 5844 [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\Windows\System32\taskcomp.dll
12:39:42.0047 5844 C:\Windows\System32\taskcomp.dll - ok
12:39:42.0047 5844 [ 7D1F2AFE12BAFC4C18C5A0E3C6866E38 ] C:\Program Files\Windows Defender\MpRtPlug.dll
12:39:42.0047 5844 C:\Program Files\Windows Defender\MpRtPlug.dll - ok
12:39:42.0063 5844 [ 8A38B5E8493A9D103083B8620AC5F3A1 ] C:\Windows\System32\tdh.dll
12:39:42.0063 5844 C:\Windows\System32\tdh.dll - ok
12:39:42.0063 5844 [ EA4DAC53650DC65E7D56D9F28D98C64E ] C:\PROGRA~1\COMMON~1\SYMANT~1\SRTSP\Srtsp32.dll
12:39:42.0063 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\SRTSP\Srtsp32.dll - ok
12:39:42.0063 5844 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] C:\Windows\System32\drivers\http.sys
12:39:42.0063 5844 C:\Windows\System32\drivers\http.sys - ok
12:39:42.0078 5844 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\Windows\System32\wscapi.dll
12:39:42.0078 5844 C:\Windows\System32\wscapi.dll - ok
12:39:42.0078 5844 [ 50DCD40A177E6C84F36D555D7F727655 ] C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
12:39:42.0078 5844 C:\Program Files\Common Files\Symantec Shared\ccProSub.dll - ok
12:39:42.0094 5844 [ 132C031B41B0E5786E9FEA5B0FE50EA8 ] C:\PROGRA~1\COMMON~1\SYMANT~1\ccSetEvt.dll
12:39:42.0094 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\ccSetEvt.dll - ok
12:39:42.0094 5844 [ 8F2097E8B174F38178570C611464935F ] C:\Windows\System32\atl71.dll
12:39:42.0094 5844 C:\Windows\System32\atl71.dll - ok
12:39:42.0094 5844 [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\Windows\System32\wiarpc.dll
12:39:42.0094 5844 C:\Windows\System32\wiarpc.dll - ok
12:39:42.0110 5844 [ DEC53E152E18541D3D585794D99F02B7 ] C:\Windows\System32\nvsvc.dll
12:39:42.0110 5844 C:\Windows\System32\nvsvc.dll - ok
12:39:42.0110 5844 [ E79FDA8D320147FDC347C504B3487F87 ] C:\Windows\System32\spoolss.dll
12:39:42.0110 5844 C:\Windows\System32\spoolss.dll - ok
12:39:42.0125 5844 [ 296937202E4D930AAE98085B99D744D8 ] C:\Windows\System32\AUDIOKSE.dll
12:39:42.0125 5844 C:\Windows\System32\AUDIOKSE.dll - ok
12:39:42.0125 5844 [ DD749A6F27E53F003DE6177C96904D81 ] C:\Windows\System32\stapo.dll
12:39:42.0125 5844 C:\Windows\System32\stapo.dll - ok
12:39:42.0141 5844 [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\Windows\System32\drivers\srvnet.sys
12:39:42.0141 5844 C:\Windows\System32\drivers\srvnet.sys - ok
12:39:42.0141 5844 [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\Windows\System32\FWPUCLNT.DLL
12:39:42.0141 5844 C:\Windows\System32\FWPUCLNT.DLL - ok
12:39:42.0141 5844 [ 35F376253F687BDE63976CCB3F2108CA ] C:\Windows\System32\drivers\bowser.sys
12:39:42.0141 5844 C:\Windows\System32\drivers\bowser.sys - ok
12:39:42.0156 5844 [ 11695C9D4ADB2E9C6C5B0B6447F4EAD7 ] C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll
12:39:42.0156 5844 C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll - ok
12:39:42.0156 5844 [ 5F1DEC3824E566457F53F24F493FEF08 ] C:\Windows\System32\mscms.dll
12:39:42.0156 5844 C:\Windows\System32\mscms.dll - ok
12:39:42.0172 5844 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\System32\dwmapi.dll
12:39:42.0172 5844 C:\Windows\System32\dwmapi.dll - ok
12:39:42.0172 5844 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\Windows\System32\drivers\mpsdrv.sys
12:39:42.0172 5844 C:\Windows\System32\drivers\mpsdrv.sys - ok
12:39:42.0172 5844 [ 82CEA0395524AACFEB58BA1448E8325C ] C:\Windows\System32\drivers\mrxdav.sys
12:39:42.0172 5844 C:\Windows\System32\drivers\mrxdav.sys - ok
12:39:42.0188 5844 [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\Windows\System32\MPSSVC.dll
12:39:42.0188 5844 C:\Windows\System32\MPSSVC.dll - ok
12:39:42.0203 5844 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\Windows\System32\drivers\mrxsmb.sys
12:39:42.0203 5844 C:\Windows\System32\drivers\mrxsmb.sys - ok
12:39:42.0203 5844 [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\Windows\System32\drivers\mrxsmb10.sys
12:39:42.0203 5844 C:\Windows\System32\drivers\mrxsmb10.sys - ok
12:39:42.0203 5844 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\Windows\System32\drivers\mrxsmb20.sys
12:39:42.0203 5844 C:\Windows\System32\drivers\mrxsmb20.sys - ok
12:39:42.0219 5844 [ FF33AFF99564B1AA534F58868CBE41EF ] C:\Windows\System32\drivers\srv2.sys
12:39:42.0219 5844 C:\Windows\System32\drivers\srv2.sys - ok
12:39:42.0219 5844 [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\Windows\System32\drivers\srv.sys
12:39:42.0219 5844 C:\Windows\System32\drivers\srv.sys - ok
12:39:42.0234 5844 [ A324D72A06C110152E7607745F39BFA1 ] C:\Windows\System32\netmsg.dll
12:39:42.0234 5844 C:\Windows\System32\netmsg.dll - ok
12:39:42.0234 5844 [ 452341E471D2D961229DFE0842957272 ] C:\Windows\System32\sscore.dll
12:39:42.0234 5844 C:\Windows\System32\sscore.dll - ok
12:39:42.0250 5844 [ D333058925CE305E39DE8D5AD2B52A46 ] C:\Windows\System32\clusapi.dll
12:39:42.0250 5844 C:\Windows\System32\clusapi.dll - ok
12:39:42.0250 5844 [ 0745D6EAD386710110817FBEC03F5161 ] C:\Windows\System32\wfapigp.dll
12:39:42.0250 5844 C:\Windows\System32\wfapigp.dll - ok
12:39:42.0250 5844 [ F654842D0653472BB37BBD016CFED0E3 ] C:\Windows\System32\ctapo32.dll
12:39:42.0250 5844 C:\Windows\System32\ctapo32.dll - ok
12:39:42.0266 5844 [ 1311171CF8F6D2954441EF2A42693035 ] C:\Windows\System32\WsmRes.dll
12:39:42.0266 5844 C:\Windows\System32\WsmRes.dll - ok
12:39:42.0266 5844 [ CEDE7CB889F5BAE7B6FA90C8BBA79498 ] C:\Windows\System32\nvapi.dll
12:39:42.0266 5844 C:\Windows\System32\nvapi.dll - ok
12:39:42.0266 5844 [ E230F3776F373F4C5E788794B53101E4 ] C:\Windows\System32\plasrv.exe
12:39:42.0266 5844 C:\Windows\System32\plasrv.exe - ok
12:39:42.0281 5844 [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\Windows\System32\activeds.dll
12:39:42.0281 5844 C:\Windows\System32\activeds.dll - ok
12:39:42.0297 5844 [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\Windows\System32\adsldpc.dll
12:39:42.0297 5844 C:\Windows\System32\adsldpc.dll - ok
12:39:42.0297 5844 [ 0727200F10320A6BA7E59433094FBBA7 ] C:\Windows\System32\WMALFXGFXDSP.dll
12:39:42.0297 5844 C:\Windows\System32\WMALFXGFXDSP.dll - ok
12:39:42.0297 5844 [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\Windows\System32\credui.dll
12:39:42.0297 5844 C:\Windows\System32\credui.dll - ok
12:39:42.0312 5844 [ 4ED8382D5F1C9D2028FBDA35E3B2DD47 ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll
12:39:42.0312 5844 C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok
12:39:42.0312 5844 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\Windows\System32\resutils.dll
12:39:42.0312 5844 C:\Windows\System32\resutils.dll - ok
12:39:42.0328 5844 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:39:42.0328 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
12:39:42.0328 5844 [ BF142D4F8C61ED3629A9CDD7BA867900 ] C:\Windows\System32\mfplat.dll
12:39:42.0328 5844 C:\Windows\System32\mfplat.dll - ok
12:39:42.0344 5844 [ 04D603957DA11F2A401D114B7FF9BF36 ] C:\Program Files\NVIDIA Corporation\Display\nvuir.dll
12:39:42.0344 5844 C:\Program Files\NVIDIA Corporation\Display\nvuir.dll - ok
12:39:42.0344 5844 [ 572CBECE3BAA034CD3AF3CBBA5A6F8F2 ] C:\Windows\System32\nvsvcr.dll
12:39:42.0344 5844 C:\Windows\System32\nvsvcr.dll - ok
12:39:42.0344 5844 [ 4E78E6587B4D5B014874E5938B3FBF5F ] C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll
12:39:42.0344 5844 C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll - ok
12:39:42.0359 5844 [ 3B313DD380E041BE611577D5ADC7DC97 ] C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll
12:39:42.0359 5844 C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll - ok
12:39:42.0359 5844 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
12:39:42.0359 5844 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
12:39:42.0375 5844 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
12:39:42.0375 5844 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
12:39:42.0375 5844 [ 6C63DC384A15E2AFD4A860031EF40267 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
12:39:42.0375 5844 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
12:39:42.0390 5844 [ 8B22CF51B907E3A221267CF1E502993A ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
12:39:42.0390 5844 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
12:39:42.0390 5844 [ 054B87C872292A960B9B8A834B34DFA7 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
12:39:42.0390 5844 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
12:39:42.0406 5844 [ D8D46A439659B8B43A41B266E4646527 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
12:39:42.0406 5844 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
12:39:42.0406 5844 [ 794950DB77AA590C2964ECA0A5874A09 ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
12:39:42.0406 5844 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
12:39:42.0406 5844 [ 250BF888DDBE88D61EB19A9D4957C794 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
12:39:42.0406 5844 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
12:39:42.0422 5844 [ 8A6A3A6750E99EDC2AD7B9C79FDCF419 ] C:\Windows\System32\PhysX.cpl
12:39:42.0422 5844 C:\Windows\System32\PhysX.cpl - ok
12:39:42.0422 5844 [ 9BA2B36132A41AEBDA66C1D90F8470C2 ] C:\Windows\System32\nvcpl.dll
12:39:42.0422 5844 C:\Windows\System32\nvcpl.dll - ok
12:39:42.0437 5844 [ 4B555106290BD117334E9A08761C035A ] C:\Windows\System32\rundll32.exe
12:39:42.0437 5844 C:\Windows\System32\rundll32.exe - ok
12:39:42.0437 5844 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\System32\shimeng.dll
12:39:42.0437 5844 C:\Windows\System32\shimeng.dll - ok
12:39:42.0437 5844 [ D6804F089CBB6749E95124E7C4D80900 ] C:\Windows\AppPatch\AcLayers.dll
12:39:42.0437 5844 C:\Windows\AppPatch\AcLayers.dll - ok
12:39:42.0453 5844 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
12:39:42.0453 5844 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
12:39:42.0468 5844 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
12:39:42.0468 5844 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
12:39:42.0468 5844 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
12:39:42.0468 5844 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
12:39:42.0468 5844 [ 37CF2461CB5E40C4CFAB82C8FC79A2BC ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
12:39:42.0468 5844 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
12:39:42.0484 5844 [ 500BBC336E6273A3035CED554ACB1EF6 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
12:39:42.0484 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
12:39:42.0484 5844 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\System32\dnssd.dll
12:39:42.0484 5844 C:\Windows\System32\dnssd.dll - ok
12:39:42.0500 5844 [ 5922444C2C55E2DC6CDDB7902A85BF8A ] C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe
12:39:42.0500 5844 C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe - ok
12:39:42.0500 5844 [ C440345A38FDA337AFB7333863CC8533 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
12:39:42.0500 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
12:39:42.0515 5844 [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
12:39:42.0515 5844 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
12:39:42.0515 5844 [ FC33CBBB9CADCEC307DA010FE763D04C ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
12:39:42.0515 5844 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
12:39:42.0531 5844 [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
12:39:42.0531 5844 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
12:39:42.0531 5844 [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
12:39:42.0531 5844 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
12:39:42.0546 5844 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\System32\dllhost.exe
12:39:42.0546 5844 C:\Windows\System32\dllhost.exe - ok
12:39:42.0546 5844 [ 3CD1B69551236977918E60F9543C89A2 ] C:\Windows\System32\AtBroker.exe
12:39:42.0546 5844 C:\Windows\System32\AtBroker.exe - ok
12:39:42.0562 5844 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\System32\winrnr.dll
12:39:42.0593 5844 C:\Windows\System32\winrnr.dll - ok
12:39:42.0593 5844 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
12:39:42.0593 5844 C:\Program Files\Bonjour\mdnsNSP.dll - ok
12:39:42.0609 5844 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\System32\rasadhlp.dll
12:39:42.0609 5844 C:\Windows\System32\rasadhlp.dll - ok
12:39:42.0609 5844 [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\Windows\System32\userinit.exe
12:39:42.0609 5844 C:\Windows\System32\userinit.exe - ok
12:39:42.0624 5844 [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\Windows\System32\taskeng.exe
12:39:42.0624 5844 C:\Windows\System32\taskeng.exe - ok
12:39:42.0624 5844 [ E45051C374F845EDF3DB02A35BA13193 ] C:\Windows\System32\umb.dll
12:39:42.0624 5844 C:\Windows\System32\umb.dll - ok
-
The log file is too long, so I am splitting it into 3 parts.
12:34:14.0144 2180 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:34:14.0191 2180 ============================================================
12:34:14.0191 2180 Current date / time: 2012/12/15 12:34:14.0191
12:34:14.0191 2180 SystemInfo:
12:34:14.0191 2180
12:34:14.0191 2180 OS Version: 6.0.6002 ServicePack: 2.0
12:34:14.0191 2180 Product type: Workstation
12:34:14.0191 2180 ComputerName: NOFACE
12:34:14.0191 2180 UserName: Mario
12:34:14.0191 2180 Windows directory: C:\Windows
12:34:14.0191 2180 System windows directory: C:\Windows
12:34:14.0191 2180 Processor architecture: Intel x86
12:34:14.0191 2180 Number of processors: 2
12:34:14.0191 2180 Page size: 0x1000
12:34:14.0191 2180 Boot type: Normal boot
12:34:14.0191 2180 ============================================================
12:34:14.0783 2180 BG loaded
12:34:15.0595 2180 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:34:15.0626 2180 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:34:15.0844 2180 ============================================================
12:34:15.0844 2180 \Device\Harddisk0\DR0:
12:34:15.0891 2180 MBR partitions:
12:34:15.0891 2180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
12:34:15.0891 2180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x115E9800
12:34:15.0891 2180 \Device\Harddisk1\DR1:
12:34:15.0891 2180 MBR partitions:
12:34:15.0891 2180 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
12:34:15.0891 2180 ============================================================
12:34:16.0094 2180 C: <-> \Device\Harddisk0\DR0\Partition2
12:34:16.0234 2180 D: <-> \Device\Harddisk0\DR0\Partition1
12:34:16.0234 2180 F: <-> \Device\Harddisk1\DR1\Partition1
12:34:16.0234 2180 ============================================================
12:34:16.0234 2180 Initialize success
12:34:16.0234 2180 ============================================================
12:37:20.0663 5844 ============================================================
12:37:20.0663 5844 Scan started
12:37:20.0663 5844 Mode: Manual; SigCheck; TDLFS;
12:37:20.0663 5844 ============================================================
12:37:23.0659 5844 ================ Scan system memory ========================
12:37:23.0659 5844 System memory - ok
12:37:23.0659 5844 ================ Scan services =============================
12:37:23.0939 5844 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:37:24.0064 5844 ACPI - ok
12:37:24.0251 5844 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
12:37:24.0283 5844 Adobe Version Cue CS3 - ok
12:37:24.0376 5844 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:37:26.0092 5844 AdobeFlashPlayerUpdateSvc - ok
12:37:26.0420 5844 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:37:26.0794 5844 adp94xx - ok
12:37:26.0825 5844 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:37:26.0872 5844 adpahci - ok
12:37:26.0888 5844 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:37:26.0903 5844 adpu160m - ok
12:37:26.0935 5844 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:37:26.0950 5844 adpu320 - ok
12:37:27.0075 5844 [ E111E51C5FB8627A61E76BDE63B5D810 ] ADVService C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
12:37:27.0153 5844 ADVService ( UnsignedFile.Multi.Generic ) - warning
12:37:27.0153 5844 ADVService - detected UnsignedFile.Multi.Generic (1)
12:37:27.0309 5844 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:37:28.0151 5844 AeLookupSvc - ok
12:37:28.0214 5844 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
12:37:28.0261 5844 AFD - ok
12:37:28.0307 5844 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:37:28.0339 5844 agp440 - ok
12:37:28.0370 5844 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:37:28.0385 5844 aic78xx - ok
12:37:28.0448 5844 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:37:29.0337 5844 ALG - ok
12:37:29.0368 5844 [ 5C42A992E68724D2CD3DDB4FC3B0409F ] aliide C:\Windows\system32\drivers\aliide.sys
12:37:29.0399 5844 aliide - ok
12:37:29.0462 5844 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:37:29.0493 5844 amdagp - ok
12:37:29.0524 5844 [ 849DFACDDE533DA5D1810F0CAF84EB19 ] amdide C:\Windows\system32\drivers\amdide.sys
12:37:29.0555 5844 amdide - ok
12:37:29.0587 5844 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:37:31.0115 5844 AmdK7 - ok
12:37:31.0147 5844 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:37:31.0256 5844 AmdK8 - ok
12:37:31.0303 5844 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:37:31.0396 5844 Appinfo - ok
12:37:31.0630 5844 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:37:31.0646 5844 Apple Mobile Device - ok
12:37:31.0724 5844 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
12:37:31.0755 5844 arc - ok
12:37:31.0786 5844 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:37:31.0817 5844 arcsas - ok
12:37:31.0864 5844 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:37:31.0927 5844 AsyncMac - ok
12:37:31.0958 5844 [ 9E7E85EC61D1C9C3171CC08427108863 ] atapi C:\Windows\system32\drivers\atapi.sys
12:37:31.0989 5844 atapi - ok
12:37:32.0083 5844 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:37:32.0129 5844 AudioEndpointBuilder - ok
12:37:32.0192 5844 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:37:32.0207 5844 Audiosrv - ok
12:37:32.0410 5844 [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
12:37:32.0441 5844 Autodesk Licensing Service - ok
12:37:32.0504 5844 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:37:32.0597 5844 Beep - ok
12:37:32.0831 5844 [ 5922444C2C55E2DC6CDDB7902A85BF8A ] Bentley SELECT Server Gateway C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe
12:37:32.0894 5844 Bentley SELECT Server Gateway ( UnsignedFile.Multi.Generic ) - warning
12:37:32.0894 5844 Bentley SELECT Server Gateway - detected UnsignedFile.Multi.Generic (1)
12:37:33.0190 5844 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
12:37:33.0268 5844 BFE - ok
12:37:33.0471 5844 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
12:37:33.0549 5844 BITS - ok
12:37:33.0549 5844 blbdrive - ok
12:37:33.0799 5844 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:37:33.0830 5844 Bonjour Service - ok
12:37:33.0939 5844 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:37:34.0048 5844 bowser - ok
12:37:34.0126 5844 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:37:34.0282 5844 BrFiltLo - ok
12:37:34.0313 5844 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:37:34.0485 5844 BrFiltUp - ok
12:37:34.0547 5844 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:37:34.0625 5844 Browser - ok
12:37:34.0750 5844 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:37:34.0937 5844 Brserid - ok
12:37:34.0984 5844 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:37:35.0047 5844 BrSerWdm - ok
12:37:35.0140 5844 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:37:35.0265 5844 BrUsbMdm - ok
12:37:35.0343 5844 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:37:35.0499 5844 BrUsbSer - ok
12:37:35.0546 5844 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:37:35.0639 5844 BTHMODEM - ok
12:37:35.0811 5844 [ 47312A6AF7D84F99EA9EB7B0DE5440BC ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:37:35.0827 5844 ccEvtMgr - ok
12:37:35.0842 5844 [ 47312A6AF7D84F99EA9EB7B0DE5440BC ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:37:35.0858 5844 ccSetMgr - ok
12:37:35.0967 5844 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:37:36.0076 5844 cdfs - ok
12:37:36.0154 5844 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:37:36.0232 5844 cdrom - ok
12:37:36.0295 5844 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:37:36.0388 5844 CertPropSvc - ok
12:37:36.0513 5844 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
12:37:36.0591 5844 circlass - ok
12:37:36.0669 5844 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
12:37:36.0700 5844 CLFS - ok
12:37:36.0919 5844 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:37:36.0950 5844 clr_optimization_v2.0.50727_32 - ok
12:37:37.0433 5844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:37:37.0777 5844 clr_optimization_v4.0.30319_32 - ok
12:37:37.0886 5844 [ DE11A06E187756ECB86CFA82DAC40FF7 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:37:37.0933 5844 cmdide - ok
12:37:37.0979 5844 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:37:38.0011 5844 Compbatt - ok
12:37:38.0026 5844 COMSysApp - ok
12:37:38.0073 5844 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:37:38.0104 5844 crcdisk - ok
12:37:38.0229 5844 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:37:38.0323 5844 Crusoe - ok
12:37:38.0432 5844 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:37:38.0510 5844 CryptSvc - ok
12:37:38.0557 5844 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
12:37:38.0603 5844 CVirtA - ok
12:37:38.0728 5844 [ F432260E59AAE3284ED7E795264C16D0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
12:37:38.0775 5844 CVPND - ok
12:37:38.0884 5844 [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
12:37:38.0931 5844 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
12:37:38.0931 5844 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
12:37:38.0993 5844 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:37:39.0103 5844 DcomLaunch - ok
12:37:39.0181 5844 [ FB937277E87F8468603F4E2D8CF9DB4A ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
12:37:39.0181 5844 DefWatch - ok
12:37:39.0243 5844 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:37:39.0337 5844 DfsC - ok
12:37:39.0836 5844 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
12:37:40.0460 5844 DFSR - ok
12:37:40.0553 5844 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:37:40.0600 5844 Dhcp - ok
12:37:40.0647 5844 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
12:37:40.0678 5844 disk - ok
12:37:40.0772 5844 [ A53723176D0002FEB486EFF8E17812F2 ] DLABMFSM C:\Windows\system32\DLA\DLABMFSM.SYS
12:37:40.0803 5844 DLABMFSM - ok
12:37:40.0834 5844 [ D4587063ACEA776699251E177D719586 ] DLABOIOM C:\Windows\system32\DLA\DLABOIOM.SYS
12:37:40.0865 5844 DLABOIOM - ok
12:37:40.0943 5844 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\Windows\system32\Drivers\DLACDBHM.SYS
12:37:40.0959 5844 DLACDBHM - ok
12:37:41.0006 5844 [ C950C2E7B9ED1A4FC4A2AC7EC044F1D6 ] DLADResM C:\Windows\system32\DLA\DLADResM.SYS
12:37:41.0021 5844 DLADResM - ok
12:37:41.0068 5844 [ 24400137E387A24410C52A591F3CFB4D ] DLAIFS_M C:\Windows\system32\DLA\DLAIFS_M.SYS
12:37:41.0099 5844 DLAIFS_M - ok
12:37:41.0146 5844 [ 29A303FECEB28641ECEBDAE89EB71C63 ] DLAOPIOM C:\Windows\system32\DLA\DLAOPIOM.SYS
12:37:41.0177 5844 DLAOPIOM - ok
12:37:41.0193 5844 [ C93E33A22A1AE0C5508F3FB1F6D0A50C ] DLAPoolM C:\Windows\system32\DLA\DLAPoolM.SYS
12:37:41.0224 5844 DLAPoolM - ok
12:37:41.0271 5844 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\Windows\system32\Drivers\DLARTL_M.SYS
12:37:41.0302 5844 DLARTL_M - ok
12:37:41.0333 5844 [ B953498C35A31E5AC98F49ADBCF3E627 ] DLAUDFAM C:\Windows\system32\DLA\DLAUDFAM.SYS
12:37:41.0365 5844 DLAUDFAM - ok
12:37:41.0411 5844 [ 4897704C093C1F59CE58FC65E1E1EF1E ] DLAUDF_M C:\Windows\system32\DLA\DLAUDF_M.SYS
12:37:41.0443 5844 DLAUDF_M - ok
12:37:41.0521 5844 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
12:37:41.0536 5844 DNE - ok
12:37:41.0599 5844 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:37:41.0708 5844 Dnscache - ok
12:37:41.0801 5844 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:37:41.0833 5844 dot3svc - ok
12:37:41.0895 5844 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:37:41.0942 5844 DPS - ok
12:37:41.0973 5844 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:37:42.0020 5844 drmkaud - ok
12:37:42.0067 5844 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\Windows\system32\Drivers\DRVMCDB.SYS
12:37:42.0098 5844 DRVMCDB - ok
12:37:42.0113 5844 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\Windows\system32\Drivers\DRVNDDM.SYS
12:37:42.0145 5844 DRVNDDM - ok
12:37:42.0223 5844 [ 01D5B95D0A12A916BBDC258629113258 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
12:37:42.0254 5844 DSBrokerService ( UnsignedFile.Multi.Generic ) - warning
12:37:42.0254 5844 DSBrokerService - detected UnsignedFile.Multi.Generic (1)
12:37:42.0379 5844 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
12:37:42.0441 5844 DSproct ( UnsignedFile.Multi.Generic ) - warning
12:37:42.0441 5844 DSproct - detected UnsignedFile.Multi.Generic (1)
12:37:42.0488 5844 [ 64FA28C15DD71A80BEF3527E1EF07DF6 ] dsunidrv C:\Program Files\DellSupport\Drivers\dsunidrv.sys
12:37:42.0488 5844 dsunidrv ( UnsignedFile.Multi.Generic ) - warning
12:37:42.0488 5844 dsunidrv - detected UnsignedFile.Multi.Generic (1)
12:37:42.0722 5844 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:37:42.0753 5844 DXGKrnl - ok
12:37:42.0893 5844 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
12:37:42.0956 5844 e1express - ok
12:37:43.0003 5844 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:37:43.0081 5844 E1G60 - ok
12:37:43.0127 5844 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:37:43.0159 5844 EapHost - ok
12:37:43.0237 5844 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:37:43.0252 5844 Ecache - ok
12:37:43.0330 5844 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:37:43.0393 5844 eeCtrl - ok
12:37:43.0502 5844 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:37:43.0533 5844 elxstor - ok
12:37:43.0689 5844 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:37:43.0954 5844 EMDMgmt - ok
12:37:44.0017 5844 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:37:44.0048 5844 EraserUtilRebootDrv - ok
12:37:44.0266 5844 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
12:37:44.0344 5844 EventSystem - ok
12:37:44.0438 5844 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
12:37:44.0547 5844 exfat - ok
12:37:44.0609 5844 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:37:44.0641 5844 fastfat - ok
12:37:44.0687 5844 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:37:44.0765 5844 fdc - ok
12:37:44.0843 5844 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:37:44.0890 5844 fdPHost - ok
12:37:44.0921 5844 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:37:44.0999 5844 FDResPub - ok
12:37:45.0062 5844 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:37:45.0077 5844 FileInfo - ok
12:37:45.0171 5844 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:37:45.0218 5844 Filetrace - ok
12:37:45.0343 5844 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:37:45.0577 5844 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:37:45.0577 5844 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:37:45.0608 5844 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:37:45.0701 5844 flpydisk - ok
12:37:45.0779 5844 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:37:45.0795 5844 FltMgr - ok
12:37:46.0076 5844 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
12:37:46.0154 5844 FontCache - ok
12:37:46.0357 5844 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:37:46.0372 5844 FontCache3.0.0.0 - ok
12:37:46.0435 5844 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:37:46.0513 5844 Fs_Rec - ok
12:37:46.0591 5844 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:37:46.0606 5844 gagp30kx - ok
12:37:46.0637 5844 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:37:46.0637 5844 GEARAspiWDM - ok
12:37:46.0778 5844 GoogleDesktopManager-051210-111108 - ok
12:37:46.0871 5844 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:37:46.0903 5844 gpsvc - ok
12:37:46.0996 5844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:37:47.0012 5844 gupdate - ok
12:37:47.0012 5844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:37:47.0027 5844 gupdatem - ok
12:37:47.0090 5844 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:37:47.0183 5844 HdAudAddService - ok
12:37:47.0371 5844 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:37:47.0464 5844 HDAudBus - ok
12:37:47.0589 5844 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:37:47.0683 5844 HidBth - ok
12:37:47.0714 5844 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:37:47.0807 5844 HidIr - ok
12:37:47.0885 5844 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
12:37:47.0995 5844 hidserv - ok
12:37:48.0041 5844 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:37:48.0104 5844 HidUsb - ok
12:37:48.0135 5844 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:37:48.0182 5844 hkmsvc - ok
12:37:48.0197 5844 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:37:48.0229 5844 HpCISSs - ok
12:37:48.0291 5844 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:37:48.0369 5844 HTTP - ok
12:37:48.0400 5844 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:37:48.0416 5844 i2omp - ok
12:37:48.0463 5844 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:37:48.0634 5844 i8042prt - ok
12:37:48.0712 5844 [ 0BCEE844A02747DD7F1E30352E619F2E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
12:37:48.0743 5844 IAANTMON ( UnsignedFile.Multi.Generic ) - warning
12:37:48.0743 5844 IAANTMON - detected UnsignedFile.Multi.Generic (1)
12:37:48.0821 5844 [ E9F704CA833BD24BFAA3B4A59707633A ] iaStor C:\Windows\system32\drivers\iastor.sys
12:37:48.0884 5844 iaStor - ok
12:37:48.0993 5844 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:37:49.0087 5844 iaStorV - ok
12:37:49.0196 5844 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:37:49.0227 5844 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:37:49.0227 5844 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:37:49.0321 5844 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:37:49.0383 5844 idsvc - ok
12:37:49.0414 5844 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:37:49.0445 5844 iirsp - ok
12:37:49.0617 5844 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:37:49.0679 5844 IKEEXT - ok
12:37:49.0711 5844 [ 1B16626BEAE3A52E611FC681CD796F86 ] intelide C:\Windows\system32\drivers\intelide.sys
12:37:49.0742 5844 intelide - ok
12:37:49.0789 5844 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:37:49.0835 5844 intelppm - ok
12:37:49.0945 5844 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:37:50.0023 5844 IPBusEnum - ok
12:37:50.0054 5844 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:37:50.0132 5844 IpFilterDriver - ok
12:37:50.0194 5844 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:37:50.0241 5844 iphlpsvc - ok
12:37:50.0241 5844 IpInIp - ok
12:37:50.0303 5844 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:37:50.0381 5844 IPMIDRV - ok
12:37:50.0491 5844 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:37:50.0615 5844 IPNAT - ok
12:37:50.0896 5844 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:37:50.0943 5844 iPod Service - ok
12:37:51.0021 5844 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:37:54.0172 5844 IRENUM - ok
12:37:54.0250 5844 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:37:54.0281 5844 isapnp - ok
12:37:54.0375 5844 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:37:54.0391 5844 iScsiPrt - ok
12:37:54.0422 5844 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:37:54.0469 5844 iteatapi - ok
12:37:54.0500 5844 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:37:54.0531 5844 iteraid - ok
12:37:54.0578 5844 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:37:54.0593 5844 kbdclass - ok
12:37:54.0656 5844 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:37:54.0671 5844 kbdhid - ok
12:37:54.0749 5844 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
12:37:54.0843 5844 KeyIso - ok
12:37:54.0983 5844 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:37:55.0233 5844 KSecDD - ok
12:37:55.0373 5844 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:37:55.0483 5844 KtmRm - ok
12:37:55.0529 5844 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
12:37:55.0701 5844 LanmanServer - ok
12:37:55.0763 5844 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:37:55.0810 5844 LanmanWorkstation - ok
12:37:55.0997 5844 [ 3C7FCBBC35E0A52CE9B12E9CC4F5B991 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:37:56.0668 5844 LiveUpdate - ok
12:37:56.0777 5844 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:37:56.0824 5844 lltdio - ok
12:37:56.0902 5844 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:37:57.0058 5844 lltdsvc - ok
12:37:57.0105 5844 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:37:57.0167 5844 lmhosts - ok
12:37:57.0214 5844 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:37:57.0230 5844 LSI_FC - ok
12:37:57.0277 5844 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:37:57.0292 5844 LSI_SAS - ok
12:37:57.0355 5844 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:37:57.0386 5844 LSI_SCSI - ok
12:37:57.0433 5844 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:37:57.0495 5844 luafv - ok
12:37:57.0620 5844 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
12:38:00.0989 5844 McComponentHostService - ok
12:38:01.0083 5844 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
12:38:01.0114 5844 megasas - ok
12:38:01.0395 5844 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:38:01.0426 5844 Microsoft Office Groove Audit Service - ok
12:38:01.0457 5844 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:38:01.0504 5844 MMCSS - ok
12:38:01.0551 5844 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:38:01.0613 5844 Modem - ok
12:38:01.0660 5844 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:38:01.0707 5844 monitor - ok
12:38:01.0754 5844 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:38:01.0769 5844 mouclass - ok
12:38:01.0801 5844 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:38:01.0863 5844 mouhid - ok
12:38:01.0894 5844 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:38:01.0925 5844 MountMgr - ok
12:38:02.0066 5844 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:38:02.0097 5844 MozillaMaintenance - ok
12:38:02.0159 5844 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
12:38:02.0222 5844 mpio - ok
12:38:02.0269 5844 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:38:02.0284 5844 mpsdrv - ok
12:38:02.0440 5844 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:38:02.0503 5844 MpsSvc - ok
12:38:02.0581 5844 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:38:02.0612 5844 Mraid35x - ok
12:38:02.0659 5844 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:38:02.0674 5844 MRxDAV - ok
12:38:02.0768 5844 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:38:02.0846 5844 mrxsmb - ok
12:38:02.0939 5844 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:38:02.0986 5844 mrxsmb10 - ok
12:38:03.0017 5844 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:38:03.0064 5844 mrxsmb20 - ok
12:38:03.0142 5844 [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci C:\Windows\system32\drivers\msahci.sys
12:38:03.0158 5844 msahci - ok
12:38:03.0173 5844 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:38:03.0205 5844 msdsm - ok
12:38:03.0251 5844 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:38:03.0329 5844 MSDTC - ok
12:38:03.0407 5844 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:38:03.0485 5844 Msfs - ok
12:38:03.0595 5844 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:38:03.0610 5844 msisadrv - ok
12:38:03.0673 5844 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:38:03.0766 5844 MSiSCSI - ok
12:38:03.0766 5844 msiserver - ok
12:38:03.0813 5844 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:38:03.0891 5844 MSKSSRV - ok
12:38:03.0938 5844 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:38:04.0016 5844 MSPCLOCK - ok
12:38:04.0546 5844 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:38:04.0593 5844 MSPQM - ok
12:38:04.0640 5844 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:38:04.0655 5844 MsRPC - ok
12:38:04.0702 5844 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:38:04.0718 5844 mssmbios - ok
12:38:04.0827 5844 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:38:04.0889 5844 MSTEE - ok
12:38:04.0936 5844 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
12:38:04.0967 5844 Mup - ok
12:38:05.0077 5844 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
12:38:05.0139 5844 napagent - ok
12:38:05.0170 5844 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:38:05.0233 5844 NativeWifiP - ok
12:38:05.0841 5844 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG.SYS
12:38:05.0872 5844 NAVENG - ok
12:38:06.0028 5844 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX15.SYS
12:38:06.0106 5844 NAVEX15 - ok
12:38:06.0278 5844 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:38:06.0371 5844 NDIS - ok
12:38:06.0434 5844 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:38:06.0449 5844 NdisTapi - ok
12:38:06.0481 5844 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:38:06.0652 5844 Ndisuio - ok
12:38:06.0808 5844 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:38:06.0886 5844 NdisWan - ok
12:38:06.0949 5844 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:38:06.0964 5844 NDProxy - ok
12:38:07.0027 5844 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:38:07.0058 5844 NetBIOS - ok
12:38:07.0167 5844 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:38:07.0276 5844 netbt - ok
12:38:07.0323 5844 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
12:38:07.0510 5844 Netlogon - ok
12:38:07.0604 5844 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:38:07.0666 5844 Netman - ok
12:38:07.0760 5844 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:38:07.0791 5844 netprofm - ok
12:38:07.0885 5844 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:38:07.0947 5844 NetTcpPortSharing - ok
12:38:08.0009 5844 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:38:08.0134 5844 nfrd960 - ok
12:38:08.0228 5844 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:38:08.0290 5844 NlaSvc - ok
12:38:08.0337 5844 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:38:08.0446 5844 Npfs - ok
12:38:08.0493 5844 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:38:08.0555 5844 nsi - ok
12:38:08.0587 5844 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:38:08.0665 5844 nsiproxy - ok
12:38:09.0195 5844 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:38:09.0647 5844 Ntfs - ok
12:38:09.0710 5844 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:38:10.0006 5844 ntrigdigi - ok
12:38:10.0053 5844 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:38:10.0396 5844 Null - ok
12:38:12.0845 5844 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:38:15.0794 5844 nvlddmkm - ok
12:38:15.0872 5844 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:38:15.0934 5844 nvraid - ok
12:38:15.0965 5844 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:38:15.0997 5844 nvstor - ok
12:38:16.0699 5844 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:38:16.0777 5844 nvsvc - ok
12:38:20.0177 5844 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:38:20.0630 5844 nvUpdatusService - ok
12:38:20.0739 5844 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:38:20.0755 5844 nv_agp - ok
12:38:20.0770 5844 NwlnkFlt - ok
12:38:20.0770 5844 NwlnkFwd - ok
12:38:22.0018 5844 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:38:22.0408 5844 odserv - ok
12:38:22.0486 5844 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:38:23.0032 5844 ohci1394 - ok
12:38:23.0219 5844 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:38:23.0453 5844 ose - ok
12:38:25.0185 5844 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:38:25.0731 5844 p2pimsvc - ok
12:38:26.0168 5844 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:38:26.0277 5844 p2psvc - ok
12:38:26.0527 5844 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
12:38:26.0776 5844 Parport - ok
12:38:26.0885 5844 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:38:26.0979 5844 partmgr - ok
12:38:27.0151 5844 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:38:27.0322 5844 Parvdm - ok
12:38:27.0400 5844 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:38:27.0634 5844 PcaSvc - ok
12:38:28.0009 5844 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
12:38:28.0133 5844 pci - ok
12:38:28.0367 5844 [ 54D23DC5B5072311116826FDB7F6E83E ] pciide C:\Windows\system32\drivers\pciide.sys
12:38:28.0601 5844 pciide - ok
12:38:28.0820 5844 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:38:29.0007 5844 pcmcia - ok
12:38:29.0709 5844 [ 1171C834C5E6515765684C6938B609A1 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
12:38:29.0865 5844 PCToolsSSDMonitorSvc - ok
12:38:30.0302 5844 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:38:30.0723 5844 PEAUTH - ok
12:38:30.0895 5844 pgfilter - ok
12:38:31.0051 5844 [ 4E87EF38A053F02E454935C8440EC91A ] pgsql-8.3 C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
12:38:31.0285 5844 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - warning
12:38:31.0285 5844 pgsql-8.3 - detected UnsignedFile.Multi.Generic (1)
12:38:31.0456 5844 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:38:31.0784 5844 pla - ok
12:38:31.0815 5844 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:38:32.0002 5844 PlugPlay - ok
12:38:32.0096 5844 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:38:32.0283 5844 PNRPAutoReg - ok
12:38:32.0673 5844 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:38:32.0876 5844 PNRPsvc - ok
12:38:33.0016 5844 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:38:33.0157 5844 PolicyAgent - ok
12:38:33.0250 5844 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:38:33.0359 5844 PptpMiniport - ok
12:38:33.0406 5844 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
12:38:33.0578 5844 Processor - ok
12:38:33.0656 5844 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:38:33.0718 5844 ProfSvc - ok
12:38:33.0749 5844 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:38:33.0952 5844 ProtectedStorage - ok
12:38:33.0999 5844 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:38:34.0077 5844 PSched - ok
12:38:34.0139 5844 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:38:34.0202 5844 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
12:38:34.0202 5844 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
12:38:34.0576 5844 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:38:35.0528 5844 ql2300 - ok
12:38:35.0653 5844 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:38:35.0731 5844 ql40xx - ok
12:38:36.0074 5844 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:38:38.0242 5844 QWAVE - ok
12:38:38.0367 5844 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:38:38.0539 5844 QWAVEdrv - ok
12:38:39.0381 5844 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
12:38:40.0754 5844 R300 - ok
12:38:40.0832 5844 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:38:40.0910 5844 RasAcd - ok
12:38:41.0019 5844 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:38:41.0066 5844 RasAuto - ok
12:38:41.0128 5844 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:38:41.0222 5844 Rasl2tp - ok
12:38:41.0284 5844 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
12:38:41.0362 5844 RasMan - ok
12:38:41.0471 5844 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:38:41.0503 5844 RasPppoe - ok
12:38:41.0643 5844 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:38:41.0737 5844 RasSstp - ok
12:38:41.0783 5844 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:38:41.0939 5844 rdbss - ok
12:38:42.0189 5844 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:38:42.0236 5844 RDPCDD - ok
12:38:42.0329 5844 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:38:42.0501 5844 rdpdr - ok
12:38:42.0641 5844 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:38:42.0688 5844 RDPENCDD - ok
12:38:42.0813 5844 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:38:42.0922 5844 RDPWD - ok
12:38:43.0016 5844 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:38:43.0141 5844 RemoteAccess - ok
12:38:43.0234 5844 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:38:45.0778 5844 RemoteRegistry - ok
12:38:46.0464 5844 [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:38:46.0808 5844 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
12:38:46.0808 5844 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
12:38:46.0932 5844 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
12:38:46.0995 5844 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
12:38:46.0995 5844 RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
12:38:47.0057 5844 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:38:47.0244 5844 RpcLocator - ok
12:38:47.0385 5844 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
12:38:47.0432 5844 RpcSs - ok
12:38:47.0666 5844 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:38:47.0790 5844 rspndr - ok
12:38:47.0884 5844 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
12:38:47.0915 5844 SamSs - ok
12:38:48.0414 5844 [ DEE1270BD551E9A2633CD5180F22729E ] SandraDataSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
12:38:48.0524 5844 SandraDataSrv - ok
12:38:48.0773 5844 [ 90A2A2E1B375784B506AC5C6B7733C25 ] SandraTheSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
12:38:49.0116 5844 SandraTheSrv - ok
12:38:49.0584 5844 [ 3D6AB454353A7834A0919E4CDC77B566 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
12:38:49.0616 5844 SavRoam - ok
12:38:49.0725 5844 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:38:49.0787 5844 sbp2port - ok
12:38:49.0881 5844 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:38:49.0928 5844 SCardSvr - ok
12:38:49.0990 5844 [ 16B1ABE7F3E35F21DAC57592B6C5D464 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
12:38:50.0006 5844 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
12:38:50.0006 5844 SCDEmu - detected UnsignedFile.Multi.Generic (1)
12:38:50.0286 5844 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
12:38:50.0489 5844 Schedule - ok
12:38:50.0552 5844 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:38:50.0583 5844 SCPolicySvc - ok
12:38:50.0692 5844 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:38:50.0770 5844 SDRSVC - ok
12:38:50.0864 5844 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:38:50.0910 5844 secdrv - ok
12:38:50.0988 5844 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:38:51.0035 5844 seclogon - ok
12:38:51.0144 5844 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
12:38:51.0238 5844 SENS - ok
12:38:51.0269 5844 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:38:51.0363 5844 Serenum - ok
12:38:51.0441 5844 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
12:38:51.0690 5844 Serial - ok
12:38:51.0784 5844 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:38:51.0909 5844 sermouse - ok
12:38:52.0034 5844 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:38:52.0065 5844 SessionEnv - ok
12:38:52.0127 5844 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:38:52.0283 5844 sffdisk - ok
12:38:52.0408 5844 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:38:52.0470 5844 sffp_mmc - ok
12:38:52.0548 5844 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:38:52.0626 5844 sffp_sd - ok
12:38:52.0704 5844 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:38:52.0860 5844 sfloppy - ok
12:38:52.0954 5844 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:38:53.0032 5844 SharedAccess - ok
12:38:53.0141 5844 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:38:53.0250 5844 ShellHWDetection - ok
12:38:53.0297 5844 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:38:53.0328 5844 sisagp - ok
12:38:53.0422 5844 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:38:53.0547 5844 SiSRaid2 - ok
12:38:53.0672 5844 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:38:53.0718 5844 SiSRaid4 - ok
12:38:54.0046 5844 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:38:54.0670 5844 SkypeUpdate - ok
12:38:55.0731 5844 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
12:38:56.0105 5844 slsvc - ok
12:38:56.0292 5844 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:38:56.0417 5844 SLUINotify - ok
12:38:56.0620 5844 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:38:56.0714 5844 Smb - ok
12:38:56.0792 5844 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:38:56.0901 5844 SNMPTRAP - ok
12:38:57.0462 5844 [ 905782BCF15B6E5AF9905B77923C7FA2 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:38:57.0494 5844 SPBBCDrv - ok
12:38:57.0728 5844 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:38:57.0759 5844 spldr - ok
12:38:57.0821 5844 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
12:38:58.0055 5844 Spooler - ok
12:38:58.0305 5844 sprtsvc_dellsupportcenter - ok
12:38:58.0570 5844 [ 8831252BCF05FCFB5ABD116A22E552D8 ] sp_rsdrv2 C:\Windows\system32\drivers\sp_rsdrv2.sys
12:38:58.0726 5844 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
12:38:58.0726 5844 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
12:38:59.0334 5844 [ AA21CF891D0D8248ECA1E9BA201ACBEF ] sp_rssrv C:\Program Files\Spyware Terminator\sp_rsser.exe
12:38:59.0366 5844 sp_rssrv ( UnsignedFile.Multi.Generic ) - warning
12:38:59.0366 5844 sp_rssrv - detected UnsignedFile.Multi.Generic (1)
12:38:59.0490 5844 [ 1B2A1C6BC76E1EBE8BC2F4A4F3D43E23 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
12:38:59.0522 5844 SRTSP - ok
12:38:59.0600 5844 [ F01A7F6E60E95FE83345CF92728A32D4 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
12:38:59.0678 5844 SRTSPL ( UnsignedFile.Multi.Generic ) - warning
12:38:59.0678 5844 SRTSPL - detected UnsignedFile.Multi.Generic (1)
12:38:59.0896 5844 [ D02812F89E18C6FB32F901BE1E10BC17 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
12:38:59.0943 5844 SRTSPX - ok
12:39:00.0021 5844 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:39:00.0130 5844 srv - ok
12:39:00.0380 5844 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:39:00.0504 5844 srv2 - ok
12:39:00.0567 5844 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:39:00.0660 5844 srvnet - ok
12:39:00.0785 5844 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:39:00.0863 5844 SSDPSRV - ok
12:39:00.0941 5844 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:39:01.0004 5844 SstpSvc - ok
12:39:01.0331 5844 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:39:01.0440 5844 Stereo Service - ok
12:39:01.0721 5844 [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA C:\Windows\system32\drivers\stwrt.sys
12:39:01.0830 5844 STHDA - ok
12:39:02.0064 5844 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
12:39:02.0189 5844 stisvc - ok
12:39:02.0501 5844 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:39:02.0517 5844 stllssvr ( UnsignedFile.Multi.Generic ) - warning
12:39:02.0517 5844 stllssvr - detected UnsignedFile.Multi.Generic (1)
12:39:02.0642 5844 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:39:02.0673 5844 swenum - ok
12:39:02.0829 5844 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
12:39:02.0938 5844 swprv - ok
12:39:03.0422 5844 [ A548ACF535D81A96E1B38F76A2DE658F ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
12:39:03.0718 5844 Symantec AntiVirus - ok
12:39:03.0780 5844 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:39:03.0843 5844 Symc8xx - ok
12:39:04.0046 5844 [ 9D98270B5F10A4C84E8DA417C30756E1 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
12:39:04.0124 5844 SymEvent - ok
12:39:04.0217 5844 [ 7F4011A719BF30E3DBD84D3A0A45C91C ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
12:39:04.0264 5844 SYMREDRV - ok
12:39:04.0358 5844 [ 2F03CBDB0F22278D05D5D616C993AB58 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
12:39:04.0389 5844 SYMTDI - ok
12:39:04.0592 5844 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:39:06.0994 5844 Sym_hi - ok
12:39:07.0025 5844 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:39:07.0150 5844 Sym_u3 - ok
12:39:07.0368 5844 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
12:39:07.0509 5844 SysMain - ok
12:39:07.0602 5844 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:39:07.0665 5844 TabletInputService - ok
12:39:07.0790 5844 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:39:07.0899 5844 TapiSrv - ok
12:39:07.0992 5844 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:39:08.0070 5844 TBS - ok
12:39:08.0414 5844 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:39:08.0928 5844 Tcpip - ok
12:39:09.0662 5844 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:39:09.0864 5844 Tcpip6 - ok
12:39:10.0020 5844 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:39:12.0672 5844 tcpipreg - ok
12:39:12.0704 5844 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:39:12.0797 5844 TDPIPE - ok
12:39:12.0891 5844 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:39:12.0953 5844 TDTCP - ok
-
I have uninstalled µTorrent. When I ran mbar.exe, a popup message appeared, to which I clicked 'No': "Registry value 'AppInit_Dlls' has been found, which may be caused by rootkit activity. Note: Press 'No' button if your'e not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press 'Yes' should this message appear again. Do you want to remove this value and restart the tool?"
Another item: I have an external hard drive which I sometimes attach to my computer. This drive was not attached when Malwarebytes found the initial problem of this post, but I'm wondering if I should attach the drive while I run these cleaning processes.
Thanks.
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.14.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mario :: NOFACE [administrator]
12/14/2012 2:46:46 PM
mbar-log-2012-12-14 (14-46-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 33774
Time elapsed: 29 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
Registry Values Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (PUM.UserWLoad) -> Data: C:\Users\Mario\LOCALS~1\Temp\msewbax.com -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Trojan.Ransom) -> Data: C:\Users\Mario\LOCALS~1\Temp\msewbax.com -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\U (Trojan.Siredef.C) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\L (Trojan.Siredef.C) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b (Trojan.Siredef.C) -> Delete on reboot.
Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\@ (Trojan.Siredef.C) -> Delete on reboot.
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 3218305024, free: 1146331136
------------ Kernel report ------------
12/14/2012 14:14:59
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\DRVMCDB.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\SRTSP.SYS
\SystemRoot\System32\Drivers\SRTSPX.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\SYMTDI.SYS
\??\C:\Windows\system32\drivers\sp_rsdrv2.sys
\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResM.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\DLA\DLABMFSM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX15.SYS
\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\SYMREDRV.SYS
\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8713e4b8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff85d06030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8713eac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff85cf2030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Downloaded database version: v2012.12.14.09
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8713eac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8703b108, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8713eac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85cf2030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffb9de9bf8, 0xffffffff8713eac8, 0xffffffff874971e0
Lower DeviceData: 0xffffffff8ddb0a68, 0xffffffff85cf2030, 0xffffffff873da1d8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 38000000
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 112392
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 112640 Numsec = 20971520
Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 21084160 Numsec = 291411968
Partition file system is NTFS
Partition is bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 160000000000 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8713e4b8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8713e138, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8713e4b8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85d06030, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffb9d81090, 0xffffffff8713e4b8, 0xffffffff87452040
Lower DeviceData: 0xffffffff89b1daa0, 0xffffffff85d06030, 0xffffffff87102898
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9AE71CAD
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 976769024
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\instance.dat" is compressed (flags = 1)
Infected: C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\@ --> [Trojan.Siredef.C]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [PUM.UserWLoad]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [Trojan.Ransom]
Infected: C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b --> [Trojan.Siredef.C]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Mario at 15:08:05 on 2012-12-14
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1217 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\users\mario\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ultimateHistory] c:\users\mario\appdata\roaming\8a1713\8A1713.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [sigmatelSysTrayApp] sttray.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [RMAlert] "c:\program files\pc tools registry mechanic\Alert.exe" /PRODUCT=RM /R
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Z1] c:\users\mario\desktop\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} -
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{95BD10A2-992E-4E20-AAAE-45F7BB90EB14} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mario\appdata\roaming\mozilla\firefox\profiles\5xwdjfww.new profile1\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: c:\users\mario\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\mario\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"
FileExt: .reg: regfile=regedit.exe "%1" %*
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-12-14 18:49:59 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc6c61f-1d0b-46d7-879a-6e57fcb8c5dc}\offreg.dll
2012-12-13 07:05:12 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-13 07:04:19 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-13 07:03:14 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-12-13 06:57:54 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 06:57:40 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 06:57:40 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 06:57:40 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 06:57:39 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 06:57:39 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 06:57:37 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 06:57:37 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 06:57:36 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 06:57:36 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 06:57:36 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 05:29:42 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc6c61f-1d0b-46d7-879a-6e57fcb8c5dc}\mpengine.dll
2012-12-13 05:28:58 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 05:28:54 75776 ----a-w- c:\windows\system32\synceng.dll
2012-12-13 05:28:52 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 05:28:52 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 05:28:39 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 05:28:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 05:28:26 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 05:28:03 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2012-12-13 04:31:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-13 04:31:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-11 02:15:04 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:15:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:14:50 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-11 02:14:50 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-11 02:14:46 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:14:44 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-11 02:14:42 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:14:28 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:14:22 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-11 02:14:22 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-11 02:14:16 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:14:16 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 18:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 15:09:47.14 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Mario at 15:08:05 on 2012-12-14
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1217 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\users\mario\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ultimateHistory] c:\users\mario\appdata\roaming\8a1713\8A1713.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [sigmatelSysTrayApp] sttray.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [RMAlert] "c:\program files\pc tools registry mechanic\Alert.exe" /PRODUCT=RM /R
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Z1] c:\users\mario\desktop\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} -
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{95BD10A2-992E-4E20-AAAE-45F7BB90EB14} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mario\appdata\roaming\mozilla\firefox\profiles\5xwdjfww.new profile1\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: c:\users\mario\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\mario\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"
FileExt: .reg: regfile=regedit.exe "%1" %*
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-12-14 18:49:59 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc6c61f-1d0b-46d7-879a-6e57fcb8c5dc}\offreg.dll
2012-12-13 07:05:12 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-13 07:04:19 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-13 07:03:14 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-12-13 06:57:54 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 06:57:40 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 06:57:40 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 06:57:40 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 06:57:39 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 06:57:39 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 06:57:37 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 06:57:37 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 06:57:36 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 06:57:36 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 06:57:36 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 05:29:42 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc6c61f-1d0b-46d7-879a-6e57fcb8c5dc}\mpengine.dll
2012-12-13 05:28:58 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 05:28:54 75776 ----a-w- c:\windows\system32\synceng.dll
2012-12-13 05:28:52 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 05:28:52 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 05:28:39 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 05:28:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 05:28:26 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 05:28:03 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2012-12-13 04:31:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-13 04:31:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-11 02:15:04 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:15:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:14:50 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-11 02:14:50 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-11 02:14:46 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:14:44 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-11 02:14:42 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:14:28 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:14:22 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-11 02:14:22 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-11 02:14:16 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:14:16 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 18:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 15:09:47.14 ===============
-
Hello Maniac,
I would like to proceed with the cleaning. Quick question - if I choose at some point to reformat & reinstall the OS, are there any files that can safely be transferred? For example, my music, movie, and photo collection?
Thanks!
-
Hello,
When I run Malwarebytes, it finds two items, I select to remove, and yet after restart and rerunning Malwarebytes, the two items reappear: PUM.UserWLoad and Trojan.Ransom. I also get a popup message upon startup - I am attaching a screenshot.
Below is the Malwarebytes log, followed by dds.txt and attach.txt.
Thanks for any help you can give!
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.13.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mario :: NOFACE [administrator]
12/12/2012 11:53:54 PM
mbam-log-2012-12-12 (23-53-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263795
Time elapsed: 15 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Mario\LOCALS~1\Temp\msewbax.com -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Mario\LOCALS~1\Temp\msewbax.com -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2
Run by Mario at 0:17:08 on 2012-12-13
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1345 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418
uWindows: Load = c:\users\mario\locals~1\temp\msewbax.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\users\mario\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ultimateHistory] c:\users\mario\appdata\roaming\8a1713\8A1713.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [sigmatelSysTrayApp] sttray.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [RMAlert] "c:\program files\pc tools registry mechanic\Alert.exe" /PRODUCT=RM /R
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} -
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{95BD10A2-992E-4E20-AAAE-45F7BB90EB14} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mario\appdata\roaming\mozilla\firefox\profiles\5xwdjfww.new profile1\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: c:\users\mario\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\mario\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-7-7 142592]
R2 Bentley SELECT Server Gateway;Bentley SELECT Server Gateway;c:\program files\bentley\selectserver\Bentley.SelectServer.Gateway.exe [2007-3-26 102400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-22 21504]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-4-5 793048]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"
FileExt: .reg: regfile=regedit.exe "%1" %*
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-11-14 00:25:39 -------- d-----w- c:\users\mario\appdata\roaming\Papa
2012-11-14 00:25:38 -------- d-----w- c:\users\mario\appdata\roaming\Luagod
2012-11-14 00:25:38 -------- d-----w- c:\users\mario\appdata\roaming\Fuoda
2012-11-13 07:06:45 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ba07b63b-26c0-4c02-8ac6-5fe1caf4687b}\mpengine.dll
.
==================== Find3M ====================
.
2012-12-13 04:31:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-13 04:31:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 0:19:25.70 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 4/17/2007 2:35:27 PM
System Uptime: 12/12/2012 11:46:17 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0CT017
Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 1.486 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.75 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 40.372 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP2224: 12/11/2012 9:35:40 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 4.57
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.1.3
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Amazon Unbox Video
AnswerWorks 5.0 English Runtime
Any Video Converter 3.1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoCAD 2002
AutoCAD 2008 - English
Autodesk DWF Viewer 7
AutoHotkey 1.0.48.05
Bentley MicroStation V8 XM Edition 08.09.04.51
Bentley SELECT Server V8 XM Edition
Bloomberg SFD Data Dictionary
Bonjour
CCleaner
CinemaForge
Cisco Connect
Cisco Systems VPN Client 5.0.02.0090
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
DHTML Editing Component
DivX Content Uploader
DivX Setup
DNA
Documentation & Support Launcher
Dropbox
Evernote v. 4.1
Fences
Free iPod Video Converter 1.26
Full Tilt Poker.Net
Games, Music, & Photos Launcher
GameTime+
Google Chrome
Google Desktop
Google Drive
Google Earth
Google SketchUp 7.1
Google Talk (remove only)
Google Update Helper
GTK+ Runtime 2.12.1 rev b (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
Internet Explorer Developer Toolbar
iTunes
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
K-Lite Codec Pack 2.27 Full
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSN Money Investment Toolbox
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PC Tools Registry Mechanic 11.0
PDF Settings
Pdf995
PeerBlock 1.1 (r518)
Pidgin
Poker Grapher
Poker Tracker Version 2.16.03d
PokerAce Hud (remove only)
Pokerazor 1.28
PokerStars
PokerStove version 1.23
PokerTracker 3 (remove only)
PostgreSQL 8.3
PowerDVD
PowerISO
Qualxserve Service Agreement
Quicken 2008
QuickTime
RealPlayer
RedistSysFiles
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
SigmaTel Audio
SiSoftware Sandra Lite XII.SP1
Skype™ 5.10
Sonic Activation Module
Spyware Terminator
Symantec AntiVirus
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
VBA (2627.01)
VC80CRTRedist - 8.0.50727.6195
VirtualDJ Home FREE
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
VLC media player 1.0.0
WD SmartWare
WebEx Recorder and Player
WinRAR archiver
WinZip 15.5
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
12/12/2012 11:47:27 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel. .
12/12/2012 11:45:29 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
.
==== End Of File ===========================
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
in Resolved Malware Removal Logs
Posted
Maniac,
Below is the log file from JRT. The popup no longer appears on startup and I haven't noticed any other issues. Should I uninstall any of the programs I ran through the course of this cleaning? Are there any other steps?
Thanks,
maa
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows Vista Home Basic x86
Ran by Mario on Wed 01/09/2013 at 21:17:24.92
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-293651391-2175594108-1919989058-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Mario\appdata\locallow\boost_interprocess"
~~~ FireFox
Successfully deleted: [File] "C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\3l4hn9aq.default\extensions\isreaditlater@ideashower.com.xpi"
Emptied folder: C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\3l4hn9aq.default\minidumps [2 files]
Emptied folder: C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\5xwdjfww.New Profile1\minidumps [17 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/09/2013 at 21:19:55.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~