Jump to content

MalwareBytes Won't Run in Safe Mode (DDS Report Included)


Recommended Posts

I am helping a friend with her laptop, and she has been unable to run MalwareBytes, both in normal mode and safe mode. The scan will run for around 11 seconds before stopping altogether. MalwareBytes is up to date. I've tried running RKill first (I also have the RKill log if necessary), I've tried running MalwareBytes in Chameleon mode, and I've tried going through her processes to see if there are any malicious or otherwise unidentified processes running (I looked in Safe mode and Normal), but no luck.

I'm only thinking it is a virus at this point because MalwareBytes won't run, and it has always been able to run--even a full scan as opposed to a quick scan--in the past. Her computer has gotten slow and she has recently had some driver problems where the screen will go black, then come back, and say a driver failed and then recovered. However, because she is prone to viruses and has had some other slow-down issues, I wanted to check if the logs were clean first. The driver problem has supposedly been fixed by another friend, and while I had some hands-on time with the machine, I didn't notice any display driver problems, and the screen never went black. When I ran RKill, it returned clean results except for removing an Explorer policy and resetting a couple of registry associations.

Anyway, here are the logs, and thanks for any help you guys can give me. If it turns out not to be a malware or virus issue, I'll happily post on over in the PC Help forum. I was just very concerned that something is preventing MalwareBytes from running in the first place, and is not particularly slowing down the rest of the machine.

The DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Kristen at 14:13:02 on 2012-08-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2833 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\System Control Manager\MSIService.exe

C:\Program Files (x86)\GIMP\GIMPUpdateChecker.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=c6dc987d000000000000485d60618af9

uDefault_Page_URL = hxxp://msi.msn.com

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://start.facemoods.com/?a=guppy1&s={searchTerms}&f=4

uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: TheBflix Class: {be861541-7376-4545-967b-20da8431c8ce} - C:\ProgramData\TheBflix\bhoclass.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder

mRun: [Powersuite Monitor] "C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx"&"prod=90"&"ver=10.0.1416

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\2375942554030313 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\34865627475737 : DhcpNameServer = 216.130.152.4 216.130.156.12 192.168.0.1

TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\355726771697 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D1365E23-B7BC-4BEC-8374-139068AF032F} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO-X64: AOL Messaging Toolbar Loader - No File

BHO-X64: TheBflix Class: {BE861541-7376-4545-967B-20DA8431C8CE} - C:\ProgramData\TheBflix\bhoclass.dll

BHO-X64: TheBflix - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder

mRun-x64: [Powersuite Monitor] "C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe"

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx"&"prod=90"&"ver=10.0.1416

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-7-1 160768]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-1 3027840]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\msi\Live Update 5\msibios64_100507.sys [2012-8-8 33592]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\msi\Live Update 5\NTIOLib_X64.sys [2012-8-8 14136]

R3 pmkbdfltr;PenMount Keyboard Device Filter Driver;C:\windows\system32\DRIVERS\pmkbdfltr.sys --> C:\windows\system32\DRIVERS\pmkbdfltr.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SmbDrv;SmbDrv;C:\windows\system32\DRIVERS\Smb_driver.sys --> C:\windows\system32\DRIVERS\Smb_driver.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-1 13336]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-8 655944]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-1 2320920]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

S3 EUCR;EUCR;C:\windows\system32\DRIVERS\EUCR6SK.SYS --> C:\windows\system32\DRIVERS\EUCR6SK.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]

S3 mbamchameleon;mbamchameleon;\??\C:\windows\system32\drivers\mbamchameleon.sys --> C:\windows\system32\drivers\mbamchameleon.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-11 17:19:42 36168 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys

2012-08-10 19:12:30 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{361032DB-ECA4-4168-BEE5-3E09CDF853A8}\mpengine.dll

2012-08-09 04:33:14 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-08 05:59:40 22800 ----a-w- C:\windows\System32\drivers\Smb_driver.sys

2012-08-08 05:57:24 317440 ----a-w- C:\windows\System32\drivers\IntcDAud.sys

2012-08-08 05:57:24 14848 ----a-w- C:\windows\System32\IntcDAuC.dll

2012-08-08 05:55:44 18832 ----a-w- C:\windows\System32\drivers\pmkbdfltr.sys

2012-08-08 04:57:22 -------- d-----w- C:\Users\Kristen\AppData\Roaming\Uniblue

2012-08-08 04:57:22 -------- d-----w- C:\Program Files (x86)\Uniblue

2012-07-19 00:26:09 3148800 ----a-w- C:\windows\System32\win32k.sys

2012-07-18 16:22:16 2004480 ----a-w- C:\windows\System32\msxml6.dll

2012-07-18 16:16:41 -------- d-----w- C:\Program Files (x86)\GUMF64F.tmp

.

==================== Find3M ====================

.

2012-07-03 17:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

.

============= FINISH: 14:14:32.63 ===============

The Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/15/2011 10:18:57 AM

System Uptime: 8/11/2012 2:09:58 PM (0 hours ago)

.

Motherboard: Micro-Star International | | A6200

Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU 1 | 2399/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 173 GiB total, 42.872 GiB free.

D: is FIXED (FAT32) - 113 GiB total, 113.165 GiB free.

E: is CDROM (UDF)

F: is CDROM (CDFS)

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP374: 8/5/2012 9:06:03 PM - Scheduled Checkpoint

RP375: 8/7/2012 11:31:55 AM - Windows Update

RP376: 8/8/2012 12:56:40 AM - Uniblue Powersuite installation

RP377: 8/8/2012 1:17:53 AM - Powersuite - 8/8/2012 1:17:53 AM

RP378: 8/10/2012 3:11:47 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Acrobat.com

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Reader 9.1

Adobe Stock Photos 1.0

AIM 7

AOL Messaging Toolbar

Apple Application Support

Apple Software Update

ArcSoft Magic-i Visual Effects 2

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Brochures & Flyers

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Funhouse II

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Photo Prints

ArcSoft Print Creations - Poster Creator

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

ArcSoft WebCam Companion 3

BurnRecovery

Compatibility Pack for the 2007 Office system

Download Updater (AOL LLC)

Fable - The Lost Chapters

GIMP

Google Chrome

Google Update Helper

IBM ViaVoice Command and Control Runtime 5.3

InstallIQ Updater

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Live Update 5

LNZ Pro

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft WSE 3.0 Runtime

msi Software Install

MSVCRT

Origin

Pando Media Booster

Pet Workshop

Petz 3

Petz 4

Petz 5

PetzA 2.2.5

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype Click to Call

Skype™ 5.5

System Control Manager

TeamViewer 7

TextPad 5

The Sims™ 3

Tinker 1.9.1

Uniblue Powersuite

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual Studio 2008 x64 Redistributables

VLC

VLC media player 1.1.5

WBFS Manager 3.0

WBFS to ISO

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 7:59:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

8/9/2012 7:59:40 PM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/9/2012 7:59:10 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

8/5/2012 9:47:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/5/2012 6:34:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/5/2012 3:27:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/4/2012 1:01:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/11/2012 2:10:09 PM, Error: volmgr [46] - Crash dump initialization failed!

8/11/2012 2:04:30 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

8/11/2012 1:56:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/11/2012 1:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

8/11/2012 1:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

8/11/2012 1:50:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/11/2012 1:50:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/11/2012 1:50:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/11/2012 1:50:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/11/2012 1:50:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf

8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/11/2012 1:49:52 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

8/11/2012 1:17:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr sptd Wanarpv6

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

My friend finally got back to me, and she had run the TDSS utility and it found 2 rootkits, which it supposedly quarantined. Unfortunately, she forgot to send me the report. A day and a half to two days later, I get a text saying she can't do anything on the computer anymore, including getting to facebook or her e-mail so that she can send me the report. She can't really browse the internet at all, or even watch videos on her harddrive.

I'm hoping to get my hands on the machine personally so I can work on it without any restraints, but does this sound like anything in particular to anyone? Frankly, it just sounds like standard rootkit--hide a while and then disable your system, depending on its purpose, but I'm trying to cover all my options here while also doing some damage control.

Hopefully I'll have the TDSS report soon and a new DDS after the ComboFix, but any help in advance of that would be greatly appreciated.

Link to post
Share on other sites

Unfortunately, more than one scan of TDSSKiller was run, but here is the most recent one.

Here is the TDSSKiller report:

15:00:28.0086 1864 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

15:00:28.0102 1864 ============================================================

15:00:28.0102 1864 Current date / time: 2012/08/16 15:00:28.0102

15:00:28.0102 1864 SystemInfo:

15:00:28.0102 1864

15:00:28.0102 1864 OS Version: 6.1.7601 ServicePack: 1.0

15:00:28.0102 1864 Product type: Workstation

15:00:28.0102 1864 ComputerName: KRISTEN-MSI

15:00:28.0102 1864 UserName: Kristen

15:00:28.0102 1864 Windows directory: C:\windows

15:00:28.0102 1864 System windows directory: C:\windows

15:00:28.0102 1864 Running under WOW64

15:00:28.0102 1864 Processor architecture: Intel x64

15:00:28.0102 1864 Number of processors: 2

15:00:28.0102 1864 Page size: 0x1000

15:00:28.0102 1864 Boot type: Safe boot with network

15:00:28.0102 1864 ============================================================

15:00:28.0757 1864 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:00:28.0757 1864 ============================================================

15:00:28.0757 1864 \Device\Harddisk0\DR0:

15:00:28.0757 1864 MBR partitions:

15:00:28.0757 1864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x15997000

15:00:28.0757 1864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x171C9800, BlocksNum 0xE264800

15:00:28.0757 1864 ============================================================

15:00:28.0788 1864 C: <-> \Device\Harddisk0\DR0\Partition1

15:00:28.0820 1864 D: <-> \Device\Harddisk0\DR0\Partition2

15:00:28.0820 1864 ============================================================

15:00:28.0820 1864 Initialize success

15:00:28.0820 1864 ============================================================

15:00:30.0489 1904 ============================================================

15:00:30.0489 1904 Scan started

15:00:30.0489 1904 Mode: Manual;

15:00:30.0489 1904 ============================================================

15:00:30.0598 1904 ================ Scan services =============================

15:00:30.0770 1904 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

15:00:30.0770 1904 1394ohci - ok

15:00:30.0848 1904 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

15:00:30.0863 1904 ACDaemon - ok

15:00:30.0926 1904 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\windows\system32\drivers\ACPI.sys

15:00:30.0926 1904 ACPI - ok

15:00:30.0988 1904 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

15:00:30.0988 1904 AcpiPmi - ok

15:00:31.0066 1904 [ 8b46d5a1d3ef08232c04d0eafb871fb2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

15:00:31.0082 1904 Adobe LM Service - ok

15:00:31.0144 1904 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys

15:00:31.0160 1904 adp94xx - ok

15:00:31.0191 1904 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys

15:00:31.0191 1904 adpahci - ok

15:00:31.0222 1904 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys

15:00:31.0222 1904 adpu320 - ok

15:00:31.0253 1904 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

15:00:31.0269 1904 AeLookupSvc - ok

15:00:31.0331 1904 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\windows\system32\drivers\afd.sys

15:00:31.0331 1904 AFD - ok

15:00:31.0378 1904 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\windows\system32\drivers\agp440.sys

15:00:31.0394 1904 agp440 - ok

15:00:31.0425 1904 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\windows\System32\alg.exe

15:00:31.0425 1904 ALG - ok

15:00:31.0472 1904 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\windows\system32\drivers\aliide.sys

15:00:31.0487 1904 aliide - ok

15:00:31.0487 1904 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\windows\system32\drivers\amdide.sys

15:00:31.0487 1904 amdide - ok

15:00:31.0534 1904 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys

15:00:31.0534 1904 AmdK8 - ok

15:00:31.0550 1904 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

15:00:31.0550 1904 AmdPPM - ok

15:00:31.0612 1904 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\windows\system32\drivers\amdsata.sys

15:00:31.0612 1904 amdsata - ok

15:00:31.0643 1904 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys

15:00:31.0643 1904 amdsbs - ok

15:00:31.0675 1904 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

15:00:31.0675 1904 amdxata - ok

15:00:31.0706 1904 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\windows\system32\drivers\appid.sys

15:00:31.0706 1904 AppID - ok

15:00:31.0768 1904 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\windows\System32\appidsvc.dll

15:00:31.0768 1904 AppIDSvc - ok

15:00:31.0815 1904 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\windows\System32\appinfo.dll

15:00:31.0815 1904 Appinfo - ok

15:00:31.0893 1904 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:00:31.0893 1904 Apple Mobile Device - ok

15:00:31.0940 1904 [ c484f8ceb1717c540242531db7845c4e ] arc C:\windows\system32\DRIVERS\arc.sys

15:00:31.0940 1904 arc - ok

15:00:31.0971 1904 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\windows\system32\DRIVERS\arcsas.sys

15:00:31.0971 1904 arcsas - ok

15:00:32.0002 1904 [ c130bc4a51b1382b2be8e44579ec4c0a ] ArcSoftKsUFilter C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys

15:00:32.0018 1904 ArcSoftKsUFilter - ok

15:00:32.0049 1904 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

15:00:32.0049 1904 AsyncMac - ok

15:00:32.0080 1904 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\windows\system32\drivers\atapi.sys

15:00:32.0080 1904 atapi - ok

15:00:32.0205 1904 [ 481cc0e01a941ba4dd0d949c1d47b417 ] athr C:\windows\system32\DRIVERS\athrx.sys

15:00:32.0283 1904 athr - ok

15:00:32.0345 1904 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

15:00:32.0361 1904 AudioEndpointBuilder - ok

15:00:32.0377 1904 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\windows\System32\Audiosrv.dll

15:00:32.0377 1904 AudioSrv - ok

15:00:32.0439 1904 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\windows\System32\AxInstSV.dll

15:00:32.0439 1904 AxInstSV - ok

15:00:32.0501 1904 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys

15:00:32.0501 1904 b06bdrv - ok

15:00:32.0564 1904 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

15:00:32.0564 1904 b57nd60a - ok

15:00:32.0626 1904 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\windows\System32\bdesvc.dll

15:00:32.0626 1904 BDESVC - ok

15:00:32.0642 1904 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\windows\system32\drivers\Beep.sys

15:00:32.0642 1904 Beep - ok

15:00:32.0704 1904 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\windows\System32\bfe.dll

15:00:32.0720 1904 BFE - ok

15:00:32.0782 1904 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\windows\System32\qmgr.dll

15:00:32.0798 1904 BITS - ok

15:00:32.0845 1904 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

15:00:32.0845 1904 blbdrive - ok

15:00:32.0954 1904 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:00:32.0954 1904 Bonjour Service - ok

15:00:32.0985 1904 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

15:00:32.0985 1904 bowser - ok

15:00:33.0016 1904 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys

15:00:33.0016 1904 BrFiltLo - ok

15:00:33.0032 1904 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys

15:00:33.0032 1904 BrFiltUp - ok

15:00:33.0079 1904 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\windows\System32\browser.dll

15:00:33.0079 1904 Browser - ok

15:00:33.0125 1904 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\windows\System32\Drivers\Brserid.sys

15:00:33.0125 1904 Brserid - ok

15:00:33.0172 1904 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

15:00:33.0172 1904 BrSerWdm - ok

15:00:33.0172 1904 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

15:00:33.0172 1904 BrUsbMdm - ok

15:00:33.0172 1904 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

15:00:33.0172 1904 BrUsbSer - ok

15:00:33.0188 1904 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys

15:00:33.0188 1904 BTHMODEM - ok

15:00:33.0235 1904 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\windows\system32\bthserv.dll

15:00:33.0235 1904 bthserv - ok

15:00:33.0281 1904 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

15:00:33.0281 1904 cdfs - ok

15:00:33.0344 1904 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

15:00:33.0344 1904 cdrom - ok

15:00:33.0391 1904 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\windows\System32\certprop.dll

15:00:33.0391 1904 CertPropSvc - ok

15:00:33.0422 1904 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\windows\system32\DRIVERS\circlass.sys

15:00:33.0422 1904 circlass - ok

15:00:33.0453 1904 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\windows\system32\CLFS.sys

15:00:33.0453 1904 CLFS - ok

15:00:33.0531 1904 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:00:33.0547 1904 clr_optimization_v2.0.50727_32 - ok

15:00:33.0578 1904 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:00:33.0593 1904 clr_optimization_v2.0.50727_64 - ok

15:00:33.0671 1904 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:00:33.0703 1904 clr_optimization_v4.0.30319_32 - ok

15:00:33.0734 1904 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:00:33.0765 1904 clr_optimization_v4.0.30319_64 - ok

15:00:33.0796 1904 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

15:00:33.0796 1904 CmBatt - ok

15:00:33.0812 1904 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\windows\system32\drivers\cmdide.sys

15:00:33.0812 1904 cmdide - ok

15:00:33.0874 1904 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\windows\system32\Drivers\cng.sys

15:00:33.0874 1904 CNG - ok

15:00:33.0890 1904 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

15:00:33.0890 1904 Compbatt - ok

15:00:33.0937 1904 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys

15:00:33.0937 1904 CompositeBus - ok

15:00:33.0968 1904 COMSysApp - ok

15:00:33.0983 1904 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys

15:00:33.0983 1904 crcdisk - ok

15:00:34.0030 1904 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\windows\system32\cryptsvc.dll

15:00:34.0046 1904 CryptSvc - ok

15:00:34.0077 1904 [ 76e02db615a03801d698199a2bc4a06a ] dc3d C:\windows\system32\DRIVERS\dc3d.sys

15:00:34.0077 1904 dc3d - ok

15:00:34.0124 1904 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\windows\system32\rpcss.dll

15:00:34.0124 1904 DcomLaunch - ok

15:00:34.0155 1904 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\windows\System32\defragsvc.dll

15:00:34.0171 1904 defragsvc - ok

15:00:34.0233 1904 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

15:00:34.0233 1904 DfsC - ok

15:00:34.0280 1904 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\windows\system32\dhcpcore.dll

15:00:34.0280 1904 Dhcp - ok

15:00:34.0342 1904 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\windows\system32\drivers\discache.sys

15:00:34.0342 1904 discache - ok

15:00:34.0373 1904 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\windows\system32\DRIVERS\disk.sys

15:00:34.0373 1904 Disk - ok

15:00:34.0420 1904 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\windows\System32\dnsrslvr.dll

15:00:34.0420 1904 Dnscache - ok

15:00:34.0467 1904 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\windows\System32\dot3svc.dll

15:00:34.0467 1904 dot3svc - ok

15:00:34.0545 1904 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\windows\system32\dps.dll

15:00:34.0545 1904 DPS - ok

15:00:34.0576 1904 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

15:00:34.0576 1904 drmkaud - ok

15:00:34.0623 1904 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

15:00:34.0639 1904 DXGKrnl - ok

15:00:34.0701 1904 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\windows\System32\eapsvc.dll

15:00:34.0701 1904 EapHost - ok

15:00:34.0810 1904 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\windows\system32\DRIVERS\evbda.sys

15:00:34.0888 1904 ebdrv - ok

15:00:34.0935 1904 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\windows\System32\lsass.exe

15:00:34.0935 1904 EFS - ok

15:00:34.0982 1904 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

15:00:34.0997 1904 ehRecvr - ok

15:00:35.0044 1904 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\windows\ehome\ehsched.exe

15:00:35.0060 1904 ehSched - ok

15:00:35.0107 1904 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys

15:00:35.0122 1904 elxstor - ok

15:00:35.0153 1904 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\windows\system32\drivers\errdev.sys

15:00:35.0153 1904 ErrDev - ok

15:00:35.0231 1904 [ 89d11159b361dd1eac5dd4e9895c04a4 ] EUCR C:\windows\system32\DRIVERS\EUCR6SK.SYS

15:00:35.0231 1904 EUCR - ok

15:00:35.0278 1904 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\windows\system32\es.dll

15:00:35.0294 1904 EventSystem - ok

15:00:35.0341 1904 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\windows\system32\drivers\exfat.sys

15:00:35.0341 1904 exfat - ok

15:00:35.0356 1904 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\windows\system32\drivers\fastfat.sys

15:00:35.0356 1904 fastfat - ok

15:00:35.0419 1904 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\windows\system32\fxssvc.exe

15:00:35.0434 1904 Fax - ok

15:00:35.0450 1904 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\windows\system32\DRIVERS\fdc.sys

15:00:35.0450 1904 fdc - ok

15:00:35.0481 1904 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\windows\system32\fdPHost.dll

15:00:35.0481 1904 fdPHost - ok

15:00:35.0481 1904 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\windows\system32\fdrespub.dll

15:00:35.0481 1904 FDResPub - ok

15:00:35.0543 1904 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

15:00:35.0543 1904 FileInfo - ok

15:00:35.0559 1904 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

15:00:35.0559 1904 Filetrace - ok

15:00:35.0575 1904 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys

15:00:35.0575 1904 flpydisk - ok

15:00:35.0637 1904 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

15:00:35.0637 1904 FltMgr - ok

15:00:35.0684 1904 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\windows\system32\FntCache.dll

15:00:35.0715 1904 FontCache - ok

15:00:35.0762 1904 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:00:35.0762 1904 FontCache3.0.0.0 - ok

15:00:35.0777 1904 [ d43703496149971890703b4b1b723eac ] FsDepends C:\windows\system32\drivers\FsDepends.sys

15:00:35.0793 1904 FsDepends - ok

15:00:35.0809 1904 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

15:00:35.0809 1904 Fs_Rec - ok

15:00:35.0855 1904 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

15:00:35.0855 1904 fvevol - ok

15:00:35.0871 1904 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys

15:00:35.0887 1904 gagp30kx - ok

15:00:35.0918 1904 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

15:00:35.0918 1904 GEARAspiWDM - ok

15:00:35.0980 1904 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\windows\System32\gpsvc.dll

15:00:35.0996 1904 gpsvc - ok

15:00:36.0105 1904 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:00:36.0105 1904 gupdate - ok

15:00:36.0152 1904 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:00:36.0152 1904 gupdatem - ok

15:00:36.0183 1904 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

15:00:36.0199 1904 hcw85cir - ok

15:00:36.0230 1904 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

15:00:36.0230 1904 HdAudAddService - ok

15:00:36.0261 1904 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys

15:00:36.0261 1904 HDAudBus - ok

15:00:36.0323 1904 [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys

15:00:36.0323 1904 HECIx64 - ok

15:00:36.0339 1904 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys

15:00:36.0339 1904 HidBatt - ok

15:00:36.0339 1904 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys

15:00:36.0355 1904 HidBth - ok

15:00:36.0355 1904 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys

15:00:36.0355 1904 HidIr - ok

15:00:36.0370 1904 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\windows\system32\hidserv.dll

15:00:36.0386 1904 hidserv - ok

15:00:36.0417 1904 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys

15:00:36.0433 1904 HidUsb - ok

15:00:36.0448 1904 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\windows\system32\kmsvc.dll

15:00:36.0464 1904 hkmsvc - ok

15:00:36.0511 1904 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\windows\system32\ListSvc.dll

15:00:36.0511 1904 HomeGroupListener - ok

15:00:36.0542 1904 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

15:00:36.0542 1904 HomeGroupProvider - ok

15:00:36.0557 1904 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

15:00:36.0557 1904 HpSAMD - ok

15:00:36.0620 1904 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\windows\system32\drivers\HTTP.sys

15:00:36.0620 1904 HTTP - ok

15:00:36.0651 1904 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

15:00:36.0651 1904 hwpolicy - ok

15:00:36.0713 1904 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys

15:00:36.0713 1904 i8042prt - ok

15:00:36.0791 1904 [ abbf174cb394f5c437410a788b7e404a ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

15:00:36.0791 1904 iaStor - ok

15:00:36.0885 1904 [ 31a0e93cdf29007d6c6fffb632f375ed ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

15:00:36.0885 1904 IAStorDataMgrSvc - ok

15:00:36.0932 1904 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

15:00:36.0932 1904 iaStorV - ok

15:00:37.0010 1904 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

15:00:37.0010 1904 IDriverT - ok

15:00:37.0088 1904 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:00:37.0119 1904 idsvc - ok

15:00:37.0415 1904 [ f4f91789c7c7a159ce8215c1f69f2a85 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

15:00:37.0696 1904 igfx - ok

15:00:37.0743 1904 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys

15:00:37.0743 1904 iirsp - ok

15:00:37.0790 1904 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\windows\System32\ikeext.dll

15:00:37.0805 1904 IKEEXT - ok

15:00:37.0821 1904 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys

15:00:37.0837 1904 Impcd - ok

15:00:37.0930 1904 [ 3c4b4ee54febb09f7e9f58776de96dca ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

15:00:37.0977 1904 IntcAzAudAddService - ok

15:00:38.0024 1904 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

15:00:38.0024 1904 IntcDAud - ok

15:00:38.0055 1904 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\windows\system32\drivers\intelide.sys

15:00:38.0055 1904 intelide - ok

15:00:38.0086 1904 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

15:00:38.0086 1904 intelppm - ok

15:00:38.0133 1904 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\windows\system32\ipbusenum.dll

15:00:38.0133 1904 IPBusEnum - ok

15:00:38.0180 1904 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

15:00:38.0180 1904 IpFilterDriver - ok

15:00:38.0211 1904 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

15:00:38.0227 1904 iphlpsvc - ok

15:00:38.0242 1904 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

15:00:38.0242 1904 IPMIDRV - ok

15:00:38.0273 1904 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

15:00:38.0273 1904 IPNAT - ok

15:00:38.0351 1904 [ ee4c2a137c7088911a8919effc9812e7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:00:38.0414 1904 iPod Service - ok

15:00:38.0429 1904 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\windows\system32\drivers\irenum.sys

15:00:38.0429 1904 IRENUM - ok

15:00:38.0476 1904 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\windows\system32\drivers\isapnp.sys

15:00:38.0476 1904 isapnp - ok

15:00:38.0507 1904 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

15:00:38.0507 1904 iScsiPrt - ok

15:00:38.0554 1904 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys

15:00:38.0554 1904 kbdclass - ok

15:00:38.0601 1904 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

15:00:38.0601 1904 kbdhid - ok

15:00:38.0632 1904 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\windows\system32\lsass.exe

15:00:38.0632 1904 KeyIso - ok

15:00:38.0663 1904 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

15:00:38.0663 1904 KSecDD - ok

15:00:38.0663 1904 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

15:00:38.0679 1904 KSecPkg - ok

15:00:38.0695 1904 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

15:00:38.0710 1904 ksthunk - ok

15:00:38.0726 1904 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\windows\system32\msdtckrm.dll

15:00:38.0726 1904 KtmRm - ok

15:00:38.0788 1904 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\windows\system32\srvsvc.dll

15:00:38.0788 1904 LanmanServer - ok

15:00:38.0835 1904 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\windows\System32\wkssvc.dll

15:00:38.0835 1904 LanmanWorkstation - ok

15:00:38.0866 1904 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

15:00:38.0866 1904 lltdio - ok

15:00:38.0897 1904 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\windows\System32\lltdsvc.dll

15:00:38.0913 1904 lltdsvc - ok

15:00:38.0944 1904 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\windows\System32\lmhsvc.dll

15:00:38.0944 1904 lmhosts - ok

15:00:39.0007 1904 [ 7485fbcef9136f530953575e2977859d ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

15:00:39.0007 1904 LMS - ok

15:00:39.0038 1904 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys

15:00:39.0038 1904 LSI_FC - ok

15:00:39.0085 1904 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys

15:00:39.0085 1904 LSI_SAS - ok

15:00:39.0116 1904 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys

15:00:39.0116 1904 LSI_SAS2 - ok

15:00:39.0147 1904 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys

15:00:39.0147 1904 LSI_SCSI - ok

15:00:39.0178 1904 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\windows\system32\drivers\luafv.sys

15:00:39.0178 1904 luafv - ok

15:00:39.0225 1904 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\windows\system32\drivers\mbam.sys

15:00:39.0225 1904 MBAMProtector - ok

15:00:39.0334 1904 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:00:39.0350 1904 MBAMService - ok

15:00:39.0397 1904 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

15:00:39.0397 1904 Mcx2Svc - ok

15:00:39.0428 1904 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\windows\system32\DRIVERS\megasas.sys

15:00:39.0443 1904 megasas - ok

15:00:39.0475 1904 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys

15:00:39.0475 1904 MegaSR - ok

15:00:39.0521 1904 MGHwCtrl - ok

15:00:39.0584 1904 [ 71c6748ee8de938532057ef10b4b7e44 ] Micro Star SCM C:\Program Files (x86)\System Control Manager\MSIService.exe

15:00:39.0584 1904 Micro Star SCM - ok

15:00:39.0662 1904 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

15:00:39.0662 1904 Microsoft Office Groove Audit Service - ok

15:00:39.0693 1904 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\windows\system32\mmcss.dll

15:00:39.0693 1904 MMCSS - ok

15:00:39.0709 1904 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\windows\system32\drivers\modem.sys

15:00:39.0709 1904 Modem - ok

15:00:39.0755 1904 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\windows\system32\DRIVERS\monitor.sys

15:00:39.0755 1904 monitor - ok

15:00:39.0787 1904 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\windows\system32\drivers\mouclass.sys

15:00:39.0787 1904 mouclass - ok

15:00:39.0802 1904 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

15:00:39.0818 1904 mouhid - ok

15:00:39.0849 1904 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\windows\system32\drivers\mountmgr.sys

15:00:39.0849 1904 mountmgr - ok

15:00:39.0896 1904 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys

15:00:39.0911 1904 MpFilter - ok

15:00:39.0943 1904 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\windows\system32\drivers\mpio.sys

15:00:39.0943 1904 mpio - ok

15:00:39.0958 1904 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

15:00:39.0958 1904 mpsdrv - ok

15:00:40.0005 1904 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\windows\system32\mpssvc.dll

15:00:40.0036 1904 MpsSvc - ok

15:00:40.0083 1904 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

15:00:40.0083 1904 MRxDAV - ok

15:00:40.0114 1904 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

15:00:40.0114 1904 mrxsmb - ok

15:00:40.0161 1904 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

15:00:40.0161 1904 mrxsmb10 - ok

15:00:40.0177 1904 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

15:00:40.0177 1904 mrxsmb20 - ok

15:00:40.0223 1904 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\windows\system32\drivers\msahci.sys

15:00:40.0223 1904 msahci - ok

15:00:40.0239 1904 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\windows\system32\drivers\msdsm.sys

15:00:40.0239 1904 msdsm - ok

15:00:40.0270 1904 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\windows\System32\msdtc.exe

15:00:40.0286 1904 MSDTC - ok

15:00:40.0317 1904 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\windows\system32\drivers\Msfs.sys

15:00:40.0317 1904 Msfs - ok

15:00:40.0348 1904 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

15:00:40.0364 1904 mshidkmdf - ok

15:00:40.0395 1904 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\windows\system32\drivers\msisadrv.sys

15:00:40.0395 1904 msisadrv - ok

15:00:40.0411 1904 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

15:00:40.0426 1904 MSiSCSI - ok

15:00:40.0442 1904 msiserver - ok

15:00:40.0457 1904 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

15:00:40.0457 1904 MSKSSRV - ok

15:00:40.0567 1904 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe

15:00:40.0567 1904 MsMpSvc - ok

15:00:40.0582 1904 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

15:00:40.0582 1904 MSPCLOCK - ok

15:00:40.0582 1904 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

15:00:40.0582 1904 MSPQM - ok

15:00:40.0629 1904 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\windows\system32\drivers\MsRPC.sys

15:00:40.0629 1904 MsRPC - ok

15:00:40.0660 1904 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys

15:00:40.0660 1904 mssmbios - ok

15:00:40.0676 1904 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

15:00:40.0676 1904 MSTEE - ok

15:00:40.0691 1904 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys

15:00:40.0691 1904 MTConfig - ok

15:00:40.0723 1904 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\windows\system32\Drivers\mup.sys

15:00:40.0723 1904 Mup - ok

15:00:40.0769 1904 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\windows\system32\qagentRT.dll

15:00:40.0785 1904 napagent - ok

15:00:40.0832 1904 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

15:00:40.0832 1904 NativeWifiP - ok

15:00:40.0894 1904 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\windows\system32\drivers\ndis.sys

15:00:40.0910 1904 NDIS - ok

15:00:40.0941 1904 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

15:00:40.0941 1904 NdisCap - ok

15:00:40.0972 1904 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

15:00:40.0972 1904 NdisTapi - ok

15:00:41.0019 1904 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

15:00:41.0019 1904 Ndisuio - ok

15:00:41.0050 1904 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

15:00:41.0050 1904 NdisWan - ok

15:00:41.0097 1904 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

15:00:41.0097 1904 NDProxy - ok

15:00:41.0113 1904 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

15:00:41.0113 1904 NetBIOS - ok

15:00:41.0159 1904 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

15:00:41.0175 1904 NetBT - ok

15:00:41.0175 1904 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\windows\system32\lsass.exe

15:00:41.0175 1904 Netlogon - ok

15:00:41.0206 1904 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\windows\System32\netman.dll

15:00:41.0206 1904 Netman - ok

15:00:41.0237 1904 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\windows\System32\netprofm.dll

15:00:41.0237 1904 netprofm - ok

15:00:41.0284 1904 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:00:41.0284 1904 NetTcpPortSharing - ok

15:00:41.0315 1904 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys

15:00:41.0315 1904 nfrd960 - ok

15:00:41.0362 1904 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys

15:00:41.0362 1904 NisDrv - ok

15:00:41.0425 1904 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe

15:00:41.0425 1904 NisSrv - ok

15:00:41.0471 1904 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\windows\System32\nlasvc.dll

15:00:41.0471 1904 NlaSvc - ok

15:00:41.0503 1904 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\windows\system32\drivers\Npfs.sys

15:00:41.0503 1904 Npfs - ok

15:00:41.0534 1904 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\windows\system32\nsisvc.dll

15:00:41.0534 1904 nsi - ok

15:00:41.0565 1904 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

15:00:41.0565 1904 nsiproxy - ok

15:00:41.0627 1904 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

15:00:41.0674 1904 Ntfs - ok

15:00:41.0690 1904 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\windows\system32\drivers\Null.sys

15:00:41.0690 1904 Null - ok

15:00:41.0705 1904 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\windows\system32\drivers\nvraid.sys

15:00:41.0721 1904 nvraid - ok

15:00:41.0768 1904 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\windows\system32\drivers\nvstor.sys

15:00:41.0768 1904 nvstor - ok

15:00:41.0799 1904 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

15:00:41.0799 1904 nv_agp - ok

15:00:41.0861 1904 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:00:41.0877 1904 odserv - ok

15:00:41.0908 1904 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

15:00:41.0908 1904 ohci1394 - ok

15:00:41.0955 1904 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:00:41.0955 1904 ose - ok

15:00:42.0002 1904 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\windows\system32\pnrpsvc.dll

15:00:42.0002 1904 p2pimsvc - ok

15:00:42.0017 1904 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\windows\system32\p2psvc.dll

15:00:42.0033 1904 p2psvc - ok

15:00:42.0064 1904 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\windows\system32\DRIVERS\parport.sys

15:00:42.0080 1904 Parport - ok

15:00:42.0111 1904 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\windows\system32\drivers\partmgr.sys

15:00:42.0111 1904 partmgr - ok

15:00:42.0142 1904 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

15:00:42.0142 1904 PcaSvc - ok

15:00:42.0158 1904 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\windows\system32\drivers\pci.sys

15:00:42.0158 1904 pci - ok

15:00:42.0173 1904 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\windows\system32\drivers\pciide.sys

15:00:42.0173 1904 pciide - ok

15:00:42.0205 1904 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys

15:00:42.0205 1904 pcmcia - ok

15:00:42.0205 1904 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\windows\system32\drivers\pcw.sys

15:00:42.0220 1904 pcw - ok

15:00:42.0236 1904 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\windows\system32\drivers\peauth.sys

15:00:42.0251 1904 PEAUTH - ok

15:00:42.0345 1904 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\windows\SysWow64\perfhost.exe

15:00:42.0345 1904 PerfHost - ok

15:00:42.0407 1904 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\windows\system32\pla.dll

15:00:42.0439 1904 pla - ok

15:00:42.0485 1904 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

15:00:42.0485 1904 PlugPlay - ok

15:00:42.0517 1904 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

15:00:42.0532 1904 PNRPAutoReg - ok

15:00:42.0563 1904 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\windows\system32\pnrpsvc.dll

15:00:42.0563 1904 PNRPsvc - ok

15:00:42.0595 1904 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

15:00:42.0626 1904 PolicyAgent - ok

15:00:42.0657 1904 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\windows\system32\umpo.dll

15:00:42.0657 1904 Power - ok

15:00:42.0688 1904 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

15:00:42.0688 1904 PptpMiniport - ok

15:00:42.0735 1904 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\windows\system32\DRIVERS\processr.sys

15:00:42.0735 1904 Processor - ok

15:00:42.0766 1904 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\windows\system32\profsvc.dll

15:00:42.0766 1904 ProfSvc - ok

15:00:42.0766 1904 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\windows\system32\lsass.exe

15:00:42.0766 1904 ProtectedStorage - ok

15:00:42.0813 1904 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\windows\system32\DRIVERS\pacer.sys

15:00:42.0829 1904 Psched - ok

15:00:42.0891 1904 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys

15:00:42.0922 1904 ql2300 - ok

15:00:42.0953 1904 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys

15:00:42.0953 1904 ql40xx - ok

15:00:42.0969 1904 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\windows\system32\qwave.dll

15:00:42.0985 1904 QWAVE - ok

15:00:42.0985 1904 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

15:00:43.0000 1904 QWAVEdrv - ok

15:00:43.0000 1904 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

15:00:43.0000 1904 RasAcd - ok

15:00:43.0063 1904 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

15:00:43.0063 1904 RasAgileVpn - ok

15:00:43.0078 1904 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\windows\System32\rasauto.dll

15:00:43.0078 1904 RasAuto - ok

15:00:43.0125 1904 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

15:00:43.0125 1904 Rasl2tp - ok

15:00:43.0203 1904 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\windows\System32\rasmans.dll

15:00:43.0203 1904 RasMan - ok

15:00:43.0234 1904 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

15:00:43.0234 1904 RasPppoe - ok

15:00:43.0250 1904 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

15:00:43.0250 1904 RasSstp - ok

15:00:43.0297 1904 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

15:00:43.0297 1904 rdbss - ok

15:00:43.0312 1904 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys

15:00:43.0312 1904 rdpbus - ok

15:00:43.0328 1904 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

15:00:43.0328 1904 RDPCDD - ok

15:00:43.0343 1904 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

15:00:43.0343 1904 RDPENCDD - ok

15:00:43.0359 1904 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

15:00:43.0359 1904 RDPREFMP - ok

15:00:43.0406 1904 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\windows\system32\drivers\RDPWD.sys

15:00:43.0406 1904 RDPWD - ok

15:00:43.0437 1904 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

15:00:43.0453 1904 rdyboost - ok

15:00:43.0468 1904 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\windows\System32\mprdim.dll

15:00:43.0484 1904 RemoteAccess - ok

15:00:43.0515 1904 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

15:00:43.0515 1904 RemoteRegistry - ok

15:00:43.0531 1904 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

15:00:43.0531 1904 RpcEptMapper - ok

15:00:43.0562 1904 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\windows\system32\locator.exe

15:00:43.0562 1904 RpcLocator - ok

15:00:43.0624 1904 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\windows\system32\rpcss.dll

15:00:43.0624 1904 RpcSs - ok

15:00:43.0655 1904 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

15:00:43.0655 1904 rspndr - ok

15:00:43.0687 1904 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

15:00:43.0687 1904 RTL8167 - ok

15:00:43.0702 1904 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\windows\system32\lsass.exe

15:00:43.0702 1904 SamSs - ok

15:00:43.0733 1904 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\windows\system32\drivers\sbp2port.sys

15:00:43.0733 1904 sbp2port - ok

15:00:43.0780 1904 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\windows\System32\SCardSvr.dll

15:00:43.0780 1904 SCardSvr - ok

15:00:43.0811 1904 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

15:00:43.0811 1904 scfilter - ok

15:00:43.0858 1904 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\windows\system32\schedsvc.dll

15:00:43.0889 1904 Schedule - ok

15:00:43.0936 1904 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\windows\System32\certprop.dll

15:00:43.0936 1904 SCPolicySvc - ok

15:00:43.0967 1904 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\windows\system32\drivers\sdbus.sys

15:00:43.0967 1904 sdbus - ok

15:00:44.0014 1904 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

15:00:44.0014 1904 SDRSVC - ok

15:00:44.0123 1904 [ 4a5809a1d796e2675ac0332bf7b0cb11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

15:00:44.0123 1904 SeaPort - ok

15:00:44.0155 1904 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

15:00:44.0155 1904 secdrv - ok

15:00:44.0170 1904 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\windows\system32\seclogon.dll

15:00:44.0170 1904 seclogon - ok

15:00:44.0201 1904 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\windows\System32\sens.dll

15:00:44.0201 1904 SENS - ok

15:00:44.0233 1904 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\windows\system32\sensrsvc.dll

15:00:44.0233 1904 SensrSvc - ok

15:00:44.0248 1904 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\windows\system32\DRIVERS\serenum.sys

15:00:44.0264 1904 Serenum - ok

15:00:44.0311 1904 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\windows\system32\DRIVERS\serial.sys

15:00:44.0311 1904 Serial - ok

15:00:44.0342 1904 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys

15:00:44.0342 1904 sermouse - ok

15:00:44.0373 1904 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\windows\system32\sessenv.dll

15:00:44.0389 1904 SessionEnv - ok

15:00:44.0404 1904 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\windows\system32\drivers\sffdisk.sys

15:00:44.0404 1904 sffdisk - ok

15:00:44.0420 1904 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

15:00:44.0420 1904 sffp_mmc - ok

15:00:44.0435 1904 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

15:00:44.0435 1904 sffp_sd - ok

15:00:44.0435 1904 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys

15:00:44.0435 1904 sfloppy - ok

15:00:44.0467 1904 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\windows\System32\ipnathlp.dll

15:00:44.0482 1904 SharedAccess - ok

15:00:44.0529 1904 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\windows\System32\shsvcs.dll

15:00:44.0529 1904 ShellHWDetection - ok

15:00:44.0545 1904 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys

15:00:44.0545 1904 SiSRaid2 - ok

15:00:44.0591 1904 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys

15:00:44.0607 1904 SiSRaid4 - ok

15:00:44.0638 1904 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\windows\system32\DRIVERS\smb.sys

15:00:44.0638 1904 Smb - ok

15:00:44.0685 1904 [ 7ae8bca90539ecbde87ac45ba1436be3 ] smserial C:\windows\system32\DRIVERS\SmSerl64.sys

15:00:44.0716 1904 smserial - ok

15:00:44.0763 1904 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\windows\System32\snmptrap.exe

15:00:44.0763 1904 SNMPTRAP - ok

15:00:44.0779 1904 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\windows\system32\drivers\spldr.sys

15:00:44.0779 1904 spldr - ok

15:00:44.0825 1904 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\windows\System32\spoolsv.exe

15:00:44.0825 1904 Spooler - ok

15:00:44.0935 1904 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\windows\system32\sppsvc.exe

15:00:45.0013 1904 sppsvc - ok

15:00:45.0028 1904 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\windows\system32\sppuinotify.dll

15:00:45.0028 1904 sppuinotify - ok

15:00:45.0091 1904 [ a6cff1af7664627a296b6a0a96cf876e ] sptd C:\windows\System32\Drivers\sptd.sys

15:00:45.0106 1904 sptd - ok

15:00:45.0153 1904 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\windows\system32\DRIVERS\srv.sys

15:00:45.0153 1904 srv - ok

15:00:45.0169 1904 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

15:00:45.0184 1904 srv2 - ok

15:00:45.0200 1904 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

15:00:45.0200 1904 srvnet - ok

15:00:45.0215 1904 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

15:00:45.0231 1904 SSDPSRV - ok

15:00:45.0231 1904 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\windows\system32\sstpsvc.dll

15:00:45.0231 1904 SstpSvc - ok

15:00:45.0278 1904 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\windows\system32\DRIVERS\stexstor.sys

15:00:45.0278 1904 stexstor - ok

15:00:45.0325 1904 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\windows\System32\wiaservc.dll

15:00:45.0340 1904 stisvc - ok

15:00:45.0356 1904 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\windows\system32\drivers\swenum.sys

15:00:45.0356 1904 swenum - ok

15:00:45.0387 1904 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\windows\System32\swprv.dll

15:00:45.0403 1904 swprv - ok

15:00:45.0449 1904 [ e5d73228176c9f69072d1f91ced83484 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

15:00:45.0449 1904 SynTP - ok

15:00:45.0512 1904 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\windows\system32\sysmain.dll

15:00:45.0559 1904 SysMain - ok

15:00:45.0590 1904 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\windows\System32\TabSvc.dll

15:00:45.0590 1904 TabletInputService - ok

15:00:48.0835 1904 [ 3a05225b4172d0fa20107bd503a84681 ] TapiSrv C:\windows\System32\tapisrv.dll

15:12:30.0134 1904 Suspicious file (NoAccess): C:\windows\System32\tapisrv.dll. md5: 3a05225b4172d0fa20107bd503a84681

15:13:56.0636 1904 TapiSrv ( LockedFile.Multi.Generic ) - warning

15:13:56.0636 1904 TapiSrv - detected LockedFile.Multi.Generic (1)

15:13:56.0792 1904 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\windows\System32\tbssvc.dll

15:13:56.0792 1904 TBS - ok

15:13:56.0932 1904 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\windows\system32\drivers\tcpip.sys

15:13:56.0979 1904 Tcpip - ok

15:13:57.0057 1904 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

15:13:57.0073 1904 TCPIP6 - ok

15:13:57.0166 1904 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

15:13:57.0166 1904 tcpipreg - ok

15:13:57.0198 1904 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

15:13:57.0198 1904 TDPIPE - ok

15:13:57.0229 1904 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

15:13:57.0229 1904 TDTCP - ok

15:13:57.0276 1904 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

15:13:57.0276 1904 tdx - ok

15:13:57.0494 1904 [ 3e85bdd019e3db66d9471dad7fd6a887 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

15:13:57.0572 1904 TeamViewer7 - ok

15:13:57.0603 1904 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\windows\system32\drivers\termdd.sys

15:13:57.0603 1904 TermDD - ok

15:13:57.0666 1904 [ 2e648163254233755035b46dd7b89123 ] TermService C:\windows\System32\termsrv.dll

15:13:57.0681 1904 TermService - ok

15:13:57.0728 1904 [ f0344071948d1a1fa732231785a0664c ] Themes C:\windows\system32\themeservice.dll

15:13:57.0744 1904 Themes - ok

15:13:57.0744 1904 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\windows\system32\mmcss.dll

15:13:57.0744 1904 THREADORDER - ok

15:13:57.0790 1904 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\windows\System32\trkwks.dll

15:13:57.0790 1904 TrkWks - ok

15:13:57.0853 1904 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

15:13:57.0853 1904 TrustedInstaller - ok

15:13:57.0946 1904 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

15:13:57.0946 1904 tssecsrv - ok

15:13:58.0118 1904 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

15:13:58.0118 1904 TsUsbFlt - ok

15:13:58.0196 1904 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

15:13:58.0196 1904 tunnel - ok

15:13:58.0243 1904 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys

15:13:58.0243 1904 uagp35 - ok

15:13:58.0305 1904 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

15:13:58.0305 1904 udfs - ok

15:13:58.0336 1904 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\windows\system32\UI0Detect.exe

15:13:58.0336 1904 UI0Detect - ok

15:13:58.0368 1904 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

15:13:58.0368 1904 uliagpkx - ok

15:13:58.0399 1904 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\windows\system32\drivers\umbus.sys

15:13:58.0399 1904 umbus - ok

15:13:58.0399 1904 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\windows\system32\DRIVERS\umpass.sys

15:13:58.0414 1904 UmPass - ok

15:13:58.0570 1904 [ 765f2dd351ba064f657751d8d75e58c0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

15:13:58.0648 1904 UNS - ok

15:13:58.0711 1904 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\windows\System32\upnphost.dll

15:13:58.0711 1904 upnphost - ok

15:13:58.0773 1904 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

15:13:58.0773 1904 USBAAPL64 - ok

15:13:58.0851 1904 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

15:13:58.0851 1904 usbccgp - ok

15:13:58.0914 1904 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\windows\system32\drivers\usbcir.sys

15:13:58.0914 1904 usbcir - ok

15:13:58.0945 1904 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\windows\system32\drivers\usbehci.sys

15:13:58.0945 1904 usbehci - ok

15:13:58.0976 1904 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

15:13:58.0976 1904 usbhub - ok

15:13:58.0992 1904 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\windows\system32\drivers\usbohci.sys

15:13:58.0992 1904 usbohci - ok

15:13:59.0038 1904 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

15:13:59.0038 1904 usbprint - ok

15:13:59.0101 1904 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

15:13:59.0101 1904 usbscan - ok

15:13:59.0132 1904 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

15:13:59.0132 1904 USBSTOR - ok

15:13:59.0163 1904 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\windows\system32\drivers\usbuhci.sys

15:13:59.0163 1904 usbuhci - ok

15:13:59.0194 1904 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys

15:13:59.0210 1904 usbvideo - ok

15:13:59.0257 1904 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\windows\System32\uxsms.dll

15:13:59.0257 1904 UxSms - ok

15:13:59.0257 1904 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\windows\system32\lsass.exe

15:13:59.0257 1904 VaultSvc - ok

15:13:59.0272 1904 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

15:13:59.0272 1904 vdrvroot - ok

15:13:59.0319 1904 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\windows\System32\vds.exe

15:13:59.0335 1904 vds - ok

15:13:59.0397 1904 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\windows\system32\DRIVERS\vgapnp.sys

15:13:59.0397 1904 vga - ok

15:13:59.0413 1904 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\windows\System32\drivers\vga.sys

15:13:59.0413 1904 VgaSave - ok

15:13:59.0428 1904 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\windows\system32\drivers\vhdmp.sys

15:13:59.0444 1904 vhdmp - ok

15:13:59.0475 1904 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\windows\system32\drivers\viaide.sys

15:13:59.0491 1904 viaide - ok

15:13:59.0506 1904 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\windows\system32\drivers\volmgr.sys

15:13:59.0506 1904 volmgr - ok

15:13:59.0553 1904 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\windows\system32\drivers\volmgrx.sys

15:13:59.0553 1904 volmgrx - ok

15:13:59.0600 1904 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\windows\system32\drivers\volsnap.sys

15:13:59.0600 1904 volsnap - ok

15:13:59.0616 1904 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys

15:13:59.0616 1904 vsmraid - ok

15:13:59.0678 1904 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\windows\system32\vssvc.exe

15:13:59.0725 1904 VSS - ok

15:13:59.0740 1904 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

15:13:59.0756 1904 vwifibus - ok

15:13:59.0772 1904 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

15:13:59.0772 1904 vwififlt - ok

15:13:59.0803 1904 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\windows\system32\w32time.dll

15:13:59.0818 1904 W32Time - ok

15:13:59.0834 1904 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys

15:13:59.0834 1904 WacomPen - ok

15:13:59.0865 1904 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

15:13:59.0865 1904 WANARP - ok

15:13:59.0881 1904 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

15:13:59.0881 1904 Wanarpv6 - ok

15:13:59.0943 1904 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

15:13:59.0990 1904 WatAdminSvc - ok

15:14:00.0052 1904 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\windows\system32\wbengine.exe

15:14:00.0099 1904 wbengine - ok

15:14:00.0146 1904 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

15:14:00.0146 1904 WbioSrvc - ok

15:14:00.0193 1904 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\windows\System32\wcncsvc.dll

15:14:00.0193 1904 wcncsvc - ok

15:14:00.0224 1904 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

15:14:00.0224 1904 WcsPlugInService - ok

15:14:00.0271 1904 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\windows\system32\DRIVERS\wd.sys

15:14:00.0271 1904 Wd - ok

15:14:00.0302 1904 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

15:14:00.0318 1904 Wdf01000 - ok

15:14:00.0349 1904 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\windows\system32\wdi.dll

15:14:00.0364 1904 WdiServiceHost - ok

15:14:00.0380 1904 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\windows\system32\wdi.dll

15:14:00.0380 1904 WdiSystemHost - ok

15:14:00.0411 1904 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\windows\System32\webclnt.dll

15:14:00.0427 1904 WebClient - ok

15:14:00.0442 1904 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\windows\system32\wecsvc.dll

15:14:00.0458 1904 Wecsvc - ok

15:14:00.0474 1904 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\windows\System32\wercplsupport.dll

15:14:00.0474 1904 wercplsupport - ok

15:14:00.0505 1904 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\windows\System32\WerSvc.dll

15:14:00.0505 1904 WerSvc - ok

15:14:00.0536 1904 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

15:14:00.0536 1904 WfpLwf - ok

15:14:00.0552 1904 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\windows\system32\drivers\wimmount.sys

15:14:00.0552 1904 WIMMount - ok

15:14:00.0567 1904 WinHttpAutoProxySvc - ok

15:14:00.0645 1904 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

15:14:00.0645 1904 Winmgmt - ok

15:14:00.0708 1904 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\windows\system32\WsmSvc.dll

15:14:00.0786 1904 WinRM - ok

15:14:00.0864 1904 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

15:14:00.0864 1904 WinUsb - ok

15:14:00.0910 1904 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\windows\System32\wlansvc.dll

15:14:00.0942 1904 Wlansvc - ok

15:14:01.0066 1904 [ 98f138897ef4246381d197cb81846d62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:14:01.0129 1904 wlidsvc - ok

15:14:01.0160 1904 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

15:14:01.0160 1904 WmiAcpi - ok

15:14:01.0191 1904 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

15:14:01.0191 1904 wmiApSrv - ok

15:14:01.0207 1904 WMPNetworkSvc - ok

15:14:01.0254 1904 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\windows\System32\wpcsvc.dll

15:14:01.0269 1904 WPCSvc - ok

15:14:01.0300 1904 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

15:14:01.0300 1904 WPDBusEnum - ok

15:14:01.0332 1904 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

15:14:01.0332 1904 ws2ifsl - ok

15:14:01.0347 1904 WSearch - ok

15:14:01.0425 1904 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\windows\system32\wuaueng.dll

15:14:01.0488 1904 wuauserv - ok

15:14:01.0503 1904 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\windows\system32\drivers\WudfPf.sys

15:14:01.0503 1904 WudfPf - ok

15:14:01.0550 1904 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

15:14:01.0550 1904 WUDFRd - ok

15:14:01.0581 1904 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll

15:14:01.0581 1904 wudfsvc - ok

15:14:01.0612 1904 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\windows\System32\wwansvc.dll

15:14:01.0628 1904 WwanSvc - ok

15:14:01.0644 1904 ================ Scan global ===============================

15:14:01.0690 1904 (ba0cd8c393e8c9f83354106093832c7b) C:\windows\system32\basesrv.dll

15:14:01.0722 1904 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll

15:14:01.0737 1904 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll

15:14:01.0768 1904 (d6160f9d869ba3af0b787f971db56368) C:\windows\system32\sxssrv.dll

15:14:01.0800 1904 (24acb7e5be595468e3b9aa488b9b4fcb) C:\windows\system32\services.exe

15:14:01.0800 1904 [Global] - ok

15:14:01.0800 1904 ================ Scan MBR ==================================

15:14:01.0815 1904 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

15:14:02.0112 1904 \Device\Harddisk0\DR0 - ok

15:14:02.0112 1904 ================ Scan VBR ==================================

15:14:02.0127 1904 Boot (0x1200) (75d188b3daba70ee81504f1fbb8fa2af) \Device\Harddisk0\DR0\Partition1

15:14:02.0127 1904 \Device\Harddisk0\DR0\Partition1 - ok

15:14:02.0377 1904 Boot (0x1200) (c5bce75a797337cf53bd256d9e81836f) \Device\Harddisk0\DR0\Partition2

15:14:02.0377 1904 \Device\Harddisk0\DR0\Partition2 - ok

15:14:02.0377 1904 ============================================================

15:14:02.0377 1904 Scan finished

15:14:02.0377 1904 ============================================================

15:14:02.0392 1896 Detected object count: 1

15:14:02.0392 1896 Actual detected object count: 1

15:15:02.0156 1896 TapiSrv ( LockedFile.Multi.Generic ) - skipped by user

15:15:02.0156 1896 TapiSrv ( LockedFile.Multi.Generic ) - User select action: Skip

15:15:13.0341 1860 Deinitialize success

Link to post
Share on other sites

Two posts incoming. First, the ComboFix log, and then the new DDS log.

Here is the ComboFix log:

ComboFix 12-08-17.03 - Kristen 08/17/2012 20:03:27.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2610 [GMT -4:00]

Running from: F:\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\kikin

c:\program files (x86)\Search Toolbar

c:\program files (x86)\Search Toolbar\SearchToolbar.dll

c:\programdata\TheBflix

c:\programdata\TheBflix\background.html

c:\programdata\TheBflix\bccldkoinakjmmgebambiaggjobhikfg.crx

c:\programdata\TheBflix\bhoclass.dll

c:\programdata\TheBflix\content.js

c:\programdata\TheBflix\settings.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))

.

.

2012-08-18 00:16 . 2012-08-18 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-17 21:50 . 2012-08-17 21:50 -------- d-----w- C:\found.000

2012-08-16 18:31 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE361D27-BF17-48FB-9787-64F6AB56D406}\mpengine.dll

2012-08-14 17:19 . 2012-08-14 17:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-11 17:19 . 2012-08-11 17:19 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-10 19:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-08 05:59 . 2012-08-08 05:59 22800 ----a-w- c:\windows\system32\drivers\Smb_driver.sys

2012-08-08 05:57 . 2012-08-08 05:57 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys

2012-08-08 05:57 . 2012-08-08 05:57 14848 ----a-w- c:\windows\system32\IntcDAuC.dll

2012-08-08 05:55 . 2012-08-08 05:55 18832 ----a-w- c:\windows\system32\drivers\pmkbdfltr.sys

2012-08-08 04:57 . 2012-08-08 04:57 -------- d-----w- c:\users\Kristen\AppData\Roaming\Uniblue

2012-08-08 04:57 . 2012-08-08 04:57 -------- d-----w- c:\program files (x86)\Uniblue

2012-07-19 00:26 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 03:38 . 2011-02-14 05:49 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 17:46 . 2011-02-14 02:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-09 05:43 . 2012-07-18 16:22 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-18 16:22 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-18 16:22 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-18 16:22 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-18 16:22 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-18 16:22 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-18 16:22 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-22 01:00 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 01:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 01:00 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 01:00 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 01:00 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 01:00 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 01:00 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 00:59 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 00:59 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-18 17:14 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-18 17:14 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-18 17:14 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-18 17:14 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-18 17:14 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-18 17:14 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-18 17:14 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-18 17:14 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-18 17:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-18 17:14 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-18 17:14 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-18 17:14 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-18 17:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-18 17:14 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-18 17:14 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-18 17:14 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-18 17:14 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-18 17:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-18 17:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-18 16:22 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-18 16:22 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-18 16:22 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-18 16:22 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-18 16:22 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-18 16:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-18 16:22 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-18 16:22 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-18 16:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys

[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

.

[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys

[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys

.

[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys

[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys

[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys

.

[7] 2010-11-20 . 79B47FD40D9A817E932F9D26FAC0A81C . 951680 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

[7] 2010-11-20 . 79B47FD40D9A817E932F9D26FAC0A81C . 951680 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys

.

[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys

[7] 2011-03-11 . 87B104128D4D3BA3C13098BAEBF38082 . 1659776 . . [6.1.7601.21680] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys

[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys

.

[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys

[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys

.

[7] 2012-03-30 . ACB82BDA8F46C84F465C1AFA517DC4B9 . 1918320 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys

.

[7] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

[7] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys

.

[7] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll

[7] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll

.

[7] 2012-06-04 . 79C908CAA6F43021EB05F4C733A927D1 . 31232 . . [6.1.7601.22010] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe

[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe

[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe

[7] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe

[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe

[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\system32\lsass.exe

.

[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll

.

[7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

[7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll

.

[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll

.

[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe

.

[7] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe

[7] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe

.

[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe

.

[7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuauclt.exe

[7] 2010-11-20 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe

[7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\system32\wuauclt.exe

.

[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll

[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll

[7] 2010-11-20 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll

[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll

.

[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll

[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll

.

[7] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7601.17827] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll

[7] 2012-04-24 . B7337E9C9E5936355BB700AA33E0936E . 186880 . . [6.1.7601.21979] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

[7] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll

[7] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll

.

[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll

[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll

.

[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll

[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll

.

[7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll

[7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\system32\usp10.dll

.

[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll

[7] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll

[7] 2011-05-14 . 0E1B2E16235AA7F89F064EE75DFC905E . 1162752 . . [6.1.7601.17617] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll

[7] 2011-05-14 . 6743E8705A96FCBF71279B5AE2CCFDBC . 1163264 . . [6.1.7601.21728] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll

[7] 2010-11-20 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll

[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll

.

[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll

[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll

.

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_07e67eed71336b74\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_086f1b6e8a51f1e7\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll

[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll

.

[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll

[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll

.

[7] 2012-06-02 . 89C4B3BF66D3C2F3D83F9DEDF1B218D6 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_87d1b2c1f4d80db3\mshtml.dll

[7] 2012-06-02 . 0C26F50D6C347CE294C84347E6FAEAA8 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_884c7e790e016412\mshtml.dll

[7] 2012-05-18 . DE469470D93DEB4A1A81EDE72B848198 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_87d0b277f4d8f45c\mshtml.dll

[7] 2012-05-18 . BE1E4779329040ED334651CD877C416D . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_884a7de50e033164\mshtml.dll

[7] 2012-02-28 . D785A16A6F03F76CB862F28C9F8C9672 . 17790976 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_87cdb199f4dba857\mshtml.dll

[7] 2012-02-28 . 97BB8C752A400556A4FF2E1AAFA0A138 . 17790976 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_885c4fd70df4c6d4\mshtml.dll

[7] 2011-12-14 . E61288581AD9E647ABEFB1489B250B5C . 17790464 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_87cbb105f4dd75a9\mshtml.dll

[7] 2011-12-14 . 153963F44A26A7840ACDF52C2CD1B9DC . 17790464 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_885a4f430df69426\mshtml.dll

[7] 2011-11-04 . 5770C4BA825C42D6EFD9486029747108 . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_88584eaf0df86178\mshtml.dll

[7] 2011-11-04 . E7BD23BEC69CF23436EEDE9B18DE186D . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_87cab0bbf4de5c52\mshtml.dll

[7] 2011-09-15 . B721EFCC393D76390A319A8A30B1B654 . 17782272 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_87d981cff4d2a5bd\mshtml.dll

[7] 2011-09-01 . 02B4E6CCCA443568764281391635F5A4 . 17781760 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_87dc82adf4cff1c2\mshtml.dll

[7] 2011-09-01 . 0254785C0A7715E478FE89540A992CB5 . 17781760 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20537_none_88661f790ded918c\mshtml.dll

[7] 2011-05-28 . 6AD9DD5EEF68114AE3956236A61EBC08 . 9001984 . . [8.00.7601.17622] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_8c1690a8afd4e444\mshtml.dll

[7] 2011-05-28 . 1452199CC181AA4FFC2AB8AF0BA7A99E . 9001984 . . [8.00.7601.21735] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_8c985e65c8f7ec04\mshtml.dll

[7] 2011-01-07 . 688872E9CAFCC2758E7FE92A0622B4F9 . 8995328 . . [8.00.7601.17537] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_8c10c048afd881c1\mshtml.dll

[7] 2011-01-07 . D0AFD5813136F0EAC80A048740553840 . 8995328 . . [8.00.7601.21636] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_8c995cc9c8f70834\mshtml.dll

[7] 2010-11-20 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll

[7] 2012-06-02 . 89C4B3BF66D3C2F3D83F9DEDF1B218D6 . 17807360 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll

.

[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll

[7] 2011-12-16 . F9A4C695C86CC32048FE2C987A0BD387 . 634880 . . [7.0.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll

[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll

[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll

.

[7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll

[7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll

.

[7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll

.

[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll

[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll

.

[7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

[7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll

.

[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll

[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll

.

[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe

.

.

[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe

.

[7] 2012-06-02 . 5A45FA344F4AD99D903F4B20E43B89EC . 1392128 . . [9.00.8112.16447] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_767793a37481a47d\wininet.dll

[7] 2012-06-02 . 571E809181EBF0A04FEFAA9BC9961F5B . 1392128 . . [9.00.8112.20553] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_76f25f5a8daafadc\wininet.dll

[7] 2012-05-18 . 870ECFEBD41C7B8F9C6777748368D51F . 1392128 . . [9.00.8112.16446] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_7676935974828b26\wininet.dll

[7] 2012-05-18 . BDC16D105BF011D4B1C3F09CF7A64314 . 1392128 . . [9.00.8112.20551] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_76f05ec68dacc82e\wininet.dll

[7] 2012-02-28 . 228443FF3A1FB0B974D278F7C6403FAD . 1390080 . . [9.00.8112.16443] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_7673927b74853f21\wininet.dll

[7] 2012-02-28 . B70CDC073F70E6D082A62AB5880D6B07 . 1390080 . . [9.00.8112.20548] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_770230b88d9e5d9e\wininet.dll

[7] 2011-12-14 . B1AC85B6ADC005CF3F9EB4E28DFDCCE6 . 1390080 . . [9.00.8112.16441] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_767191e774870c73\wininet.dll

[7] 2011-12-14 . C2FA4DBD6BB91D1AFD7D155120654AB9 . 1390080 . . [9.00.8112.20546] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_770030248da02af0\wininet.dll

[7] 2011-11-04 . 244D45F786E33C169A93F70BA63BABF8 . 1390080 . . [9.00.8112.20544] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_76fe2f908da1f842\wininet.dll

[7] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16440] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll

[7] 2011-09-15 . 0732B49B250E306F7A6591029AF9885B . 1389056 . . [9.00.8112.16434] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_767f62b1747c3c87\wininet.dll

[7] 2011-09-01 . 271E8FB1354AA205A214F280A6766E30 . 1389056 . . [9.00.8112.16437] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_7682638f7479888c\wininet.dll

[7] 2011-09-01 . 1B2D2D8E611DE70CEB13F104D39814BA . 1389056 . . [9.00.8112.20537] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_770c005a8d972856\wininet.dll

[7] 2011-04-22 . 2DCA688631F71722B0B5E57F526BB2EB . 1188864 . . [8.00.7601.17601] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_7ad111182f6f29d5\wininet.dll

[7] 2011-04-22 . BC661E59AE2BC840C6D8165F170DE7DE . 1189376 . . [8.00.7601.21710] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_7b4eddad4895cc39\wininet.dll

[7] 2010-11-20 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll

[7] 2012-06-02 . 5A45FA344F4AD99D903F4B20E43B89EC . 1392128 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll

.

[7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll

[7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll

.

[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll

[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll

.

[7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll

[7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll

.

[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll

.

[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe

.

[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe

[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe

.

[7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll

[7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll

.

[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll

[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll

.

[7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll

[7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll

.

[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll

[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll

.

[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll

[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll

.

[7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe

[7] 2012-05-04 . 6A692DB27A943B463E97B749DD34F3DA . 5561200 . . [6.1.7601.21987] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe

[7] 2012-03-31 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe

[7] 2012-03-31 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe

[7] 2012-03-06 . BAA66E360105F79B5948A2FDAF3AA8FE . 5559152 . . [6.1.7601.17790] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe

[7] 2012-03-06 . FCAB208AC0F7263A84EB627B1517E5AC . 5561200 . . [6.1.7601.21936] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_cacc6a48e3ee9e78\ntoskrnl.exe

[7] 2011-11-19 . 1AFFF8D5352AECEF2ECD47FFA02D7F7D . 5559152 . . [6.1.7601.17727] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ntoskrnl.exe

[7] 2011-11-19 . 70A2D18E0B2A1ADBAE90008684E030AC . 5561200 . . [6.1.7601.21863] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe

[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe

[7] 2011-06-23 . CE6AF5EC2DB1567B6297ADCB56B39B5D . 5561728 . . [6.1.7601.21755] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe

[7] 2011-04-09 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe

[7] 2011-04-09 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe

[7] 2010-11-20 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe

[7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\system32\ntoskrnl.exe

.

[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll

[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll

.

[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll

[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll

[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll

[7] 2010-11-20 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

.

[7] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll

[7] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7601.17827] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll

[7] 2012-04-24 . 21993009E0CCB9B4FA195F14D3408626 . 142336 . . [6.1.7601.21979] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll

[7] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

.

[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll

[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

.

[7] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\SysWOW64\imm32.dll

[7] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll

.

[7] 2011-07-16 . D3CB12854171DF61D117D7C2BF22C675 . 1114112 . . [6.1.7601.21772] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll

[7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\kernel32.dll

[7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll

[7] 2011-05-14 . CC5CBC069944E7EA70D8674478A70A37 . 837632 . . [6.1.7601.21728] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll

[7] 2011-05-14 . 166116134C58DC36400DE59ACD64FB39 . 837632 . . [6.1.7601.17617] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll

[7] 2010-11-20 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll

.

[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll

[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll

.

[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\lpk.dll

[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll

[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll

[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll

[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll

[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll

.

[7] 2012-06-02 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll

[7] 2012-06-02 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_92265d142938cfae\mshtml.dll

[7] 2012-06-02 . 1ABF770552EA9D4FE90F654468FAF4CE . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_92a128cb4262260d\mshtml.dll

[7] 2012-05-17 . 9FB58F71104107D44540AF1195F7A14D . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_92255cca2939b657\mshtml.dll

[7] 2012-05-17 . 761D9111F5A2619CB5060661D36FBFFF . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_929f28374263f35f\mshtml.dll

[7] 2012-02-28 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_92225bec293c6a52\mshtml.dll

[7] 2012-02-28 . B9E083B14B1994F1255983F2DF31C7DF . 12281856 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_92b0fa29425588cf\mshtml.dll

[7] 2011-12-14 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_92205b58293e37a4\mshtml.dll

[7] 2011-12-14 . A29CFD4B9F6F2BBE06C8D64B6D07F1D4 . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_92aef99542575621\mshtml.dll

[7] 2011-11-03 . A21B983E40578D0E6CFA9864AC4E1219 . 12279808 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_92acf90142592373\mshtml.dll

[7] 2011-11-03 . 66C0AEE61D1C5C35BF1B4642A153B114 . 12279808 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_921f5b0e293f1e4d\mshtml.dll

[7] 2011-09-15 . E6D5C7E4AAC0C682169AA5021386EFF3 . 12273664 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_922e2c22293367b8\mshtml.dll

[7] 2011-09-01 . 04E0CD31A63DFC0D73725A3D1768FB5A . 12275200 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_92312d002930b3bd\mshtml.dll

[7] 2011-09-01 . 8C93AED0A332209434B62162D03C38C9 . 12275200 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20537_none_92bac9cb424e5387\mshtml.dll

[7] 2011-05-28 . 0C32D9FF0FC163239C4B052FE6EFA8E7 . 5984768 . . [8.00.7601.21735] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_96ed08b7fd58adff\mshtml.dll

[7] 2011-05-28 . F5B7C30075207A165FF2EED1FF89AB8D . 5984768 . . [8.00.7601.17622] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_966b3afae435a63f\mshtml.dll

[7] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7601.17537] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_96656a9ae43943bc\mshtml.dll

[7] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7601.21636] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_96ee071bfd57ca2f\mshtml.dll

[7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll

.

[7] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll

[7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\SysWOW64\msvcrt.dll

[7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll

[7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll

.

[7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll

[7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

.

[7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll

[7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

.

[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll

[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll

.

[7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll

[7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

.

[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll

[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll

.

[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe

[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

.

.

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

.

[7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe

[7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

.

[7] 2012-06-02 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll

[7] 2012-06-02 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16447] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll

[7] 2012-06-02 . E430161A632F9A8FE512DE0CA5685559 . 1129472 . . [9.00.8112.20553] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll

[7] 2012-05-17 . 1C191A4F0960F21B5D58C8A65BAF5427 . 1129472 . . [9.00.8112.16446] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll

[7] 2012-05-17 . 43BAC67996D8765A5F1B3A4EA6231E21 . 1129472 . . [9.00.8112.20551] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll

[7] 2012-02-28 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16443] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll

[7] 2012-02-28 . 11A34DCA08EB2A586246F2D6C2A81D58 . 1127424 . . [9.00.8112.20548] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll

[7] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16441] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll

[7] 2011-12-14 . 022A78194E2C7106F5AF9F2BC6AC8774 . 1127424 . . [9.00.8112.20546] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_1ae194a0d542b9ba\wininet.dll

[7] 2011-11-03 . 32569DF2F9BEF05DD7D56E30590EDFD9 . 1127424 . . [9.00.8112.20544] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\wininet.dll

[7] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16440] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll

[7] 2011-09-15 . 2C7332C222D1FE1FC57D622699A8C001 . 1126912 . . [9.00.8112.16434] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_1a60c72dbc1ecb51\wininet.dll

[7] 2011-09-01 . D3788D91530CFA005BD516189A4C676E . 1126912 . . [9.00.8112.16437] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\wininet.dll

[7] 2011-09-01 . C0FCEE8D760C70DB6EF858BB2262288E . 1126912 . . [9.00.8112.20537] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_1aed64d6d539b720\wininet.dll

[7] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll

[7] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll

[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll

.

[7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll

[7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

.

[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll

[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll

.

[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe

[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

.

[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe

.

[7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll

[7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll

.

[7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\SysWOW64\usp10.dll

[7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll

.

[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll

[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll

.

[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe

[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

.

[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll

[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll

.

[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll

[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

.

[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe

[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

.

[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll

[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll

.

[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll

[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll

.

[7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] .. c:\windows\SysWOW64\ntkrnlpa.exe

[7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe

[7] 2012-05-04 . AFF886D9D718D3747E5031816C0DA7D2 . 3971952 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe

[7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe

[7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe

[7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe

[7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe

[7] 2011-11-19 . 31C59B0CA08B1203E35D2BA19319279E . 3968368 . . [6.1.7601.17727] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe

[7] 2011-11-19 . 2EDA0DCCF5F00CDB91A9ECBE45CB0B3D . 3971440 . . [6.1.7601.21863] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe

[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe

[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe

[7] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe

[7] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe

[7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe

.

[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll

[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll

.

[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll

[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll

.

[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll

[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll

.

[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll

[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll

.

[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\olepro32.dll

[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll

.

[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll

[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll

.

[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll

[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll

.

[7] 2012-06-02 . 34B01BBD8F00B6B9C9248DC4F1E3CD01 . 748664 . . [9.00.8112.16447] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe

[7] 2012-06-02 . BE967C74B89577B78FB57C061E12B04C . 748664 . . [9.00.8112.20553] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe

[7] 2012-05-17 . 0129BB16161C2FD9A6B19111AB047198 . 748664 . . [9.00.8112.16446] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe

[7] 2012-05-17 . 268982F1FD671A077C6A2AF41E351436 . 748664 . . [9.00.8112.20551] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe

[7] 2011-09-15 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe

[7] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe

.

[7] 2012-05-04 . A37A39568C8EC9A17D1B7471445B81A8 . 3916656 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe

[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\SysWOW64\ntoskrnl.exe

[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe

[7] 2012-03-31 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe

[7] 2012-03-31 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe

[7] 2012-03-06 . 53B4BDEA12A032EEC71E60B6BFF42F37 . 3913072 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe

[7] 2012-03-06 . 57B7DE30C4E65AD19CA13AC3065EE60B . 3916656 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe

[7] 2011-11-19 . F0F0E99A65F598A1A7720F5111C4DA8F . 3913584 . . [6.1.7601.17727] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe

[7] 2011-11-19 . 00B12EA93ED392FBD09F07B63E926647 . 3916656 . . [6.1.7601.21863] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe

[7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe

[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe

[7] 2011-04-09 . 5D21C487F79F8245E799071589E035BF . 3912576 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe

[7] 2011-04-09 . D385343510B75545EC5DB3A64C2D2492 . 3912576 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe

[7] 2010-11-20 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe

.

[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll

[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll

.

[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll

[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll

.

[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL

[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-02-05 2408448]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx∏=90&ver=10.0.1416" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 51600]

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 87888]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]

R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-10 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-08-08 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-18 c:\windows\Tasks\GIMP Update Checker.job

- c:\program files (x86)\GIMP\GIMPUpdateChecker.exe [2011-06-02 21:38]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:57]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-08 11465832]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2012-08-08 1833576]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=c6dc987d000000000000485d60618af9

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)

BHO-{BE861541-7376-4545-967B-20DA8431C8CE} - c:\programdata\TheBflix\bhoclass.dll

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1847439074-2509161730-2765944069-1000\Software\SecuROM\License information*]

"datasecu"=hex:ae,b5,c5,71,f3,95,f8,58,5c,ac,31,ab,1f,85,e0,4b,9b,35,71,de,b2,

35,24,96,0a,f9,ab,ff,72,28,c8,e3,83,07,c9,cf,ab,e4,fb,aa,63,82,36,4d,a5,ad,\

"rkeysecu"=hex:8f,ab,8b,41,54,e8,74,ea,67,c4,e2,d8,37,c0,e7,1f

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe

c:\program files (x86)\TeamViewer\Version7\tv_w32.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

.

**************************************************************************

.

Completion time: 2012-08-17 22:09:40 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-18 02:09

.

Pre-Run: 46,180,532,224 bytes free

Post-Run: 45,998,645,248 bytes free

.

- - End Of File - - 945601FF7CE4D0BEA9042EF0FD220B0F

Link to post
Share on other sites

And here is the new DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Kristen at 6:21:40 on 2012-08-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2532 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\System Control Manager\MSIService.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\wuauclt.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=c6dc987d000000000000485d60618af9

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: TheBflix Class: {be861541-7376-4545-967b-20da8431c8ce} - C:\ProgramData\TheBflix\bhoclass.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx"&"prod=90"&"ver=10.0.1416

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\2375942554030313 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\34865627475737 : DhcpNameServer = 216.130.152.4 216.130.156.12 192.168.0.1

TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\355726771697 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D1365E23-B7BC-4BEC-8374-139068AF032F} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO-X64: AOL Messaging Toolbar Loader - No File

BHO-X64: TheBflix Class: {BE861541-7376-4545-967B-20DA8431C8CE} - C:\ProgramData\TheBflix\bhoclass.dll

BHO-X64: TheBflix - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx"&"prod=90"&"ver=10.0.1416

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-7-1 160768]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-1 3027840]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-1 2320920]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-1 13336]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-8 655944]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

S3 EUCR;EUCR;C:\windows\system32\DRIVERS\EUCR6SK.SYS --> C:\windows\system32\DRIVERS\EUCR6SK.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-18 04:52:01 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE361D27-BF17-48FB-9787-64F6AB56D406}\offreg.dll

2012-08-18 00:02:26 98816 ----a-w- C:\windows\sed.exe

2012-08-18 00:02:26 518144 ----a-w- C:\windows\SWREG.exe

2012-08-18 00:02:26 256000 ----a-w- C:\windows\PEV.exe

2012-08-18 00:02:26 208896 ----a-w- C:\windows\MBR.exe

2012-08-18 00:02:22 -------- d-----w- C:\ComboFix

2012-08-17 21:50:45 -------- d-----w- C:\found.000

2012-08-16 18:31:13 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE361D27-BF17-48FB-9787-64F6AB56D406}\mpengine.dll

2012-08-14 17:19:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-11 17:19:42 36168 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys

2012-08-10 19:12:30 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-08 05:59:40 22800 ----a-w- C:\windows\System32\drivers\Smb_driver.sys

2012-08-08 05:57:24 317440 ----a-w- C:\windows\System32\drivers\IntcDAud.sys

2012-08-08 05:57:24 14848 ----a-w- C:\windows\System32\IntcDAuC.dll

2012-08-08 05:55:44 18832 ----a-w- C:\windows\System32\drivers\pmkbdfltr.sys

2012-08-08 04:57:22 -------- d-----w- C:\Users\Kristen\AppData\Roaming\Uniblue

2012-08-08 04:57:22 -------- d-----w- C:\Program Files (x86)\Uniblue

.

==================== Find3M ====================

.

2012-07-03 17:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-06-12 03:08:36 3148800 ----a-w- C:\windows\System32\win32k.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

.

============= FINISH: 6:21:59.28 ===============

Link to post
Share on other sites

I've run a full scan of MalwareBytes and don't even see any malware on the machine, and it is not exhibiting any of the slowing down symptoms from before, so I'm going to assume it's clean.

The only thing it is doing now that I am not comfortable with, is that if I tell it to shut down, it will sit on the shut down screen for many, many minutes, seemingly doing nothing. It never did this before.

Any ideas on what may have caused this?

Link to post
Share on other sites

  • Staff

Hi,

We're not completely clear yet. Please grab a fresh copy of ComboFix, run it, and post its log.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Okay. For some reason Combofix can't seem to generate a log file. I've run it probably four different times, trying in both safe and normal modes, and after the restart (again, tried booting to normal and also safe modes), it gets hung up on generating the log file. Looking at the processes, there was nothing heavy in use. I think the heaviest was Windows Explorer. Also, the laptop can't seem to connect wirelessly to the network I have running, so I haven't yet run the ESET scan. Here are all the other scans and files you have asked for. It was the best I could come up with considering ComboFix wouldn't generate a log despite running.

Here are the posts in this order: TDSS, ADW, Security Check.

First, TDSS:

09:19:32.0934 1824 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03

09:19:32.0950 1824 ============================================================

09:19:32.0950 1824 Current date / time: 2012/08/23 09:19:32.0950

09:19:32.0950 1824 SystemInfo:

09:19:32.0950 1824

09:19:32.0950 1824 OS Version: 6.1.7601 ServicePack: 1.0

09:19:32.0950 1824 Product type: Workstation

09:19:32.0950 1824 ComputerName: KRISTEN-MSI

09:19:32.0950 1824 UserName: Kristen

09:19:32.0950 1824 Windows directory: C:\windows

09:19:32.0950 1824 System windows directory: C:\windows

09:19:32.0950 1824 Running under WOW64

09:19:32.0950 1824 Processor architecture: Intel x64

09:19:32.0950 1824 Number of processors: 2

09:19:32.0950 1824 Page size: 0x1000

09:19:32.0950 1824 Boot type: Safe boot

09:19:32.0950 1824 ============================================================

09:19:33.0621 1824 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:19:33.0636 1824 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

09:19:33.0636 1824 ============================================================

09:19:33.0636 1824 \Device\Harddisk0\DR0:

09:19:33.0636 1824 MBR partitions:

09:19:33.0636 1824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x15997000

09:19:33.0636 1824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x171C9800, BlocksNum 0xE264800

09:19:33.0636 1824 \Device\Harddisk1\DR1:

09:19:33.0636 1824 MBR partitions:

09:19:33.0636 1824 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0

09:19:33.0636 1824 ============================================================

09:19:33.0667 1824 C: <-> \Device\Harddisk0\DR0\Partition1

09:19:33.0683 1824 D: <-> \Device\Harddisk0\DR0\Partition2

09:19:33.0683 1824 ============================================================

09:19:33.0683 1824 Initialize success

09:19:33.0683 1824 ============================================================

09:19:36.0085 1856 ============================================================

09:19:36.0085 1856 Scan started

09:19:36.0085 1856 Mode: Manual;

09:19:36.0085 1856 ============================================================

09:19:36.0226 1856 ================ Scan system memory ========================

09:19:36.0226 1856 System memory - ok

09:19:36.0226 1856 ================ Scan services =============================

09:19:36.0444 1856 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

09:19:36.0444 1856 1394ohci - ok

09:19:36.0538 1856 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

09:19:36.0538 1856 ACDaemon - ok

09:19:36.0585 1856 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

09:19:36.0600 1856 ACPI - ok

09:19:36.0631 1856 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

09:19:36.0631 1856 AcpiPmi - ok

09:19:36.0725 1856 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

09:19:36.0725 1856 Adobe LM Service - ok

09:19:36.0787 1856 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys

09:19:36.0787 1856 adp94xx - ok

09:19:36.0850 1856 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys

09:19:36.0850 1856 adpahci - ok

09:19:36.0881 1856 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys

09:19:36.0881 1856 adpu320 - ok

09:19:36.0928 1856 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

09:19:36.0928 1856 AeLookupSvc - ok

09:19:36.0990 1856 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

09:19:36.0990 1856 AFD - ok

09:19:37.0021 1856 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

09:19:37.0021 1856 agp440 - ok

09:19:37.0053 1856 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

09:19:37.0068 1856 ALG - ok

09:19:37.0115 1856 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

09:19:37.0115 1856 aliide - ok

09:19:37.0131 1856 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

09:19:37.0131 1856 amdide - ok

09:19:37.0177 1856 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys

09:19:37.0177 1856 AmdK8 - ok

09:19:37.0193 1856 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

09:19:37.0193 1856 AmdPPM - ok

09:19:37.0240 1856 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

09:19:37.0240 1856 amdsata - ok

09:19:37.0255 1856 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys

09:19:37.0255 1856 amdsbs - ok

09:19:37.0287 1856 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

09:19:37.0287 1856 amdxata - ok

09:19:37.0318 1856 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

09:19:37.0318 1856 AppID - ok

09:19:37.0349 1856 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

09:19:37.0365 1856 AppIDSvc - ok

09:19:37.0411 1856 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

09:19:37.0411 1856 Appinfo - ok

09:19:37.0489 1856 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:19:37.0505 1856 Apple Mobile Device - ok

09:19:37.0567 1856 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys

09:19:37.0567 1856 arc - ok

09:19:37.0583 1856 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys

09:19:37.0583 1856 arcsas - ok

09:19:37.0630 1856 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys

09:19:37.0630 1856 ArcSoftKsUFilter - ok

09:19:37.0677 1856 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

09:19:37.0677 1856 AsyncMac - ok

09:19:37.0708 1856 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

09:19:37.0708 1856 atapi - ok

09:19:37.0817 1856 [ 481CC0E01A941BA4DD0D949C1D47B417 ] athr C:\windows\system32\DRIVERS\athrx.sys

09:19:37.0911 1856 athr - ok

09:19:37.0989 1856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

09:19:38.0004 1856 AudioEndpointBuilder - ok

09:19:38.0020 1856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

09:19:38.0020 1856 AudioSrv - ok

09:19:38.0067 1856 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

09:19:38.0067 1856 AxInstSV - ok

09:19:38.0129 1856 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys

09:19:38.0129 1856 b06bdrv - ok

09:19:38.0176 1856 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

09:19:38.0191 1856 b57nd60a - ok

09:19:38.0238 1856 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

09:19:38.0238 1856 BDESVC - ok

09:19:38.0254 1856 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

09:19:38.0254 1856 Beep - ok

09:19:38.0316 1856 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

09:19:38.0332 1856 BFE - ok

09:19:38.0394 1856 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll

09:19:38.0410 1856 BITS - ok

09:19:38.0441 1856 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

09:19:38.0441 1856 blbdrive - ok

09:19:38.0519 1856 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

09:19:38.0535 1856 Bonjour Service - ok

09:19:38.0566 1856 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

09:19:38.0566 1856 bowser - ok

09:19:38.0597 1856 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys

09:19:38.0597 1856 BrFiltLo - ok

09:19:38.0613 1856 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys

09:19:38.0613 1856 BrFiltUp - ok

09:19:38.0659 1856 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

09:19:38.0659 1856 BridgeMP - ok

09:19:38.0691 1856 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll

09:19:38.0691 1856 Browser - ok

09:19:38.0722 1856 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

09:19:38.0722 1856 Brserid - ok

09:19:38.0737 1856 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

09:19:38.0753 1856 BrSerWdm - ok

09:19:38.0769 1856 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

09:19:38.0769 1856 BrUsbMdm - ok

09:19:38.0769 1856 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

09:19:38.0769 1856 BrUsbSer - ok

09:19:38.0784 1856 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys

09:19:38.0784 1856 BTHMODEM - ok

09:19:38.0831 1856 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

09:19:38.0831 1856 bthserv - ok

09:19:38.0862 1856 catchme - ok

09:19:38.0925 1856 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

09:19:38.0940 1856 cdfs - ok

09:19:39.0018 1856 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

09:19:39.0018 1856 cdrom - ok

09:19:39.0049 1856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

09:19:39.0049 1856 CertPropSvc - ok

09:19:39.0081 1856 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys

09:19:39.0081 1856 circlass - ok

09:19:39.0096 1856 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

09:19:39.0112 1856 CLFS - ok

09:19:39.0190 1856 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:19:39.0221 1856 clr_optimization_v2.0.50727_32 - ok

09:19:39.0252 1856 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:19:39.0252 1856 clr_optimization_v2.0.50727_64 - ok

09:19:39.0330 1856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:19:39.0361 1856 clr_optimization_v4.0.30319_32 - ok

09:19:39.0393 1856 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:19:39.0424 1856 clr_optimization_v4.0.30319_64 - ok

09:19:39.0471 1856 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

09:19:39.0471 1856 CmBatt - ok

09:19:39.0486 1856 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

09:19:39.0486 1856 cmdide - ok

09:19:39.0533 1856 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

09:19:39.0533 1856 CNG - ok

09:19:39.0564 1856 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

09:19:39.0564 1856 Compbatt - ok

09:19:39.0595 1856 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys

09:19:39.0595 1856 CompositeBus - ok

09:19:39.0611 1856 COMSysApp - ok

09:19:39.0627 1856 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys

09:19:39.0642 1856 crcdisk - ok

09:19:39.0689 1856 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll

09:19:39.0705 1856 CryptSvc - ok

09:19:39.0736 1856 [ 76E02DB615A03801D698199A2BC4A06A ] dc3d C:\windows\system32\DRIVERS\dc3d.sys

09:19:39.0736 1856 dc3d - ok

09:19:39.0783 1856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

09:19:39.0783 1856 DcomLaunch - ok

09:19:39.0829 1856 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

09:19:39.0829 1856 defragsvc - ok

09:19:39.0876 1856 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

09:19:39.0892 1856 DfsC - ok

09:19:39.0939 1856 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

09:19:39.0939 1856 Dhcp - ok

09:19:40.0001 1856 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

09:19:40.0001 1856 discache - ok

09:19:40.0017 1856 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys

09:19:40.0017 1856 Disk - ok

09:19:40.0063 1856 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

09:19:40.0063 1856 Dnscache - ok

09:19:40.0110 1856 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

09:19:40.0110 1856 dot3svc - ok

09:19:40.0141 1856 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

09:19:40.0141 1856 DPS - ok

09:19:40.0188 1856 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

09:19:40.0188 1856 drmkaud - ok

09:19:40.0235 1856 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

09:19:40.0251 1856 DXGKrnl - ok

09:19:40.0297 1856 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

09:19:40.0297 1856 EapHost - ok

09:19:40.0375 1856 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys

09:19:40.0469 1856 ebdrv - ok

09:19:40.0531 1856 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

09:19:40.0531 1856 EFS - ok

09:19:40.0609 1856 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

09:19:40.0625 1856 ehRecvr - ok

09:19:40.0656 1856 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

09:19:40.0656 1856 ehSched - ok

09:19:40.0672 1856 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys

09:19:40.0687 1856 elxstor - ok

09:19:40.0703 1856 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

09:19:40.0703 1856 ErrDev - ok

09:19:40.0765 1856 [ 89D11159B361DD1EAC5DD4E9895C04A4 ] EUCR C:\windows\system32\DRIVERS\EUCR6SK.SYS

09:19:40.0765 1856 EUCR - ok

09:19:40.0812 1856 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

09:19:40.0812 1856 EventSystem - ok

09:19:40.0828 1856 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

09:19:40.0843 1856 exfat - ok

09:19:40.0859 1856 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

09:19:40.0859 1856 fastfat - ok

09:19:40.0906 1856 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

09:19:40.0937 1856 Fax - ok

09:19:40.0968 1856 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys

09:19:40.0968 1856 fdc - ok

09:19:40.0984 1856 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

09:19:40.0984 1856 fdPHost - ok

09:19:40.0999 1856 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

09:19:40.0999 1856 FDResPub - ok

09:19:41.0015 1856 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

09:19:41.0015 1856 FileInfo - ok

09:19:41.0031 1856 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

09:19:41.0031 1856 Filetrace - ok

09:19:41.0062 1856 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys

09:19:41.0062 1856 flpydisk - ok

09:19:41.0093 1856 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

09:19:41.0109 1856 FltMgr - ok

09:19:41.0171 1856 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

09:19:41.0202 1856 FontCache - ok

09:19:41.0265 1856 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:19:41.0265 1856 FontCache3.0.0.0 - ok

09:19:41.0280 1856 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

09:19:41.0280 1856 FsDepends - ok

09:19:41.0311 1856 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

09:19:41.0311 1856 Fs_Rec - ok

09:19:41.0374 1856 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

09:19:41.0374 1856 fvevol - ok

09:19:41.0389 1856 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys

09:19:41.0389 1856 gagp30kx - ok

09:19:41.0436 1856 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

09:19:41.0436 1856 GEARAspiWDM - ok

09:19:41.0514 1856 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

09:19:41.0530 1856 gpsvc - ok

09:19:41.0623 1856 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:19:41.0623 1856 gupdate - ok

09:19:41.0670 1856 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:19:41.0670 1856 gupdatem - ok

09:19:41.0701 1856 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

09:19:41.0701 1856 hcw85cir - ok

09:19:41.0748 1856 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

09:19:41.0748 1856 HdAudAddService - ok

09:19:41.0764 1856 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys

09:19:41.0764 1856 HDAudBus - ok

09:19:41.0811 1856 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys

09:19:41.0811 1856 HECIx64 - ok

09:19:41.0826 1856 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys

09:19:41.0826 1856 HidBatt - ok

09:19:41.0842 1856 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys

09:19:41.0842 1856 HidBth - ok

09:19:41.0857 1856 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys

09:19:41.0857 1856 HidIr - ok

09:19:41.0873 1856 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll

09:19:41.0873 1856 hidserv - ok

09:19:41.0920 1856 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys

09:19:41.0935 1856 HidUsb - ok

09:19:41.0951 1856 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

09:19:41.0967 1856 hkmsvc - ok

09:19:41.0998 1856 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

09:19:41.0998 1856 HomeGroupListener - ok

09:19:42.0045 1856 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

09:19:42.0045 1856 HomeGroupProvider - ok

09:19:42.0060 1856 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

09:19:42.0060 1856 HpSAMD - ok

09:19:42.0154 1856 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

09:19:42.0154 1856 HTTP - ok

09:19:42.0185 1856 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

09:19:42.0185 1856 hwpolicy - ok

09:19:42.0232 1856 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys

09:19:42.0232 1856 i8042prt - ok

09:19:42.0294 1856 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

09:19:42.0294 1856 iaStor - ok

09:19:42.0372 1856 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

09:19:42.0372 1856 IAStorDataMgrSvc - ok

09:19:42.0403 1856 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

09:19:42.0403 1856 iaStorV - ok

09:19:42.0481 1856 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

09:19:42.0481 1856 IDriverT - ok

09:19:42.0559 1856 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:19:42.0606 1856 idsvc - ok

09:19:42.0903 1856 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

09:19:43.0168 1856 igfx - ok

09:19:43.0215 1856 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys

09:19:43.0215 1856 iirsp - ok

09:19:43.0261 1856 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

09:19:43.0277 1856 IKEEXT - ok

09:19:43.0293 1856 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys

09:19:43.0293 1856 Impcd - ok

09:19:43.0417 1856 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

09:19:43.0480 1856 IntcAzAudAddService - ok

09:19:43.0527 1856 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

09:19:43.0527 1856 IntcDAud - ok

09:19:43.0542 1856 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

09:19:43.0542 1856 intelide - ok

09:19:43.0573 1856 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

09:19:43.0573 1856 intelppm - ok

09:19:43.0605 1856 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

09:19:43.0605 1856 IPBusEnum - ok

09:19:43.0651 1856 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

09:19:43.0651 1856 IpFilterDriver - ok

09:19:43.0698 1856 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

09:19:43.0698 1856 iphlpsvc - ok

09:19:43.0729 1856 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

09:19:43.0729 1856 IPMIDRV - ok

09:19:43.0761 1856 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

09:19:43.0761 1856 IPNAT - ok

09:19:43.0823 1856 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

09:19:43.0839 1856 iPod Service - ok

09:19:43.0870 1856 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

09:19:43.0870 1856 IRENUM - ok

09:19:43.0901 1856 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

09:19:43.0901 1856 isapnp - ok

09:19:43.0901 1856 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

09:19:43.0917 1856 iScsiPrt - ok

09:19:43.0963 1856 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys

09:19:43.0963 1856 kbdclass - ok

09:19:44.0010 1856 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

09:19:44.0010 1856 kbdhid - ok

09:19:44.0026 1856 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

09:19:44.0026 1856 KeyIso - ok

09:19:44.0073 1856 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

09:19:44.0073 1856 KSecDD - ok

09:19:44.0088 1856 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

09:19:44.0088 1856 KSecPkg - ok

09:19:44.0119 1856 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

09:19:44.0119 1856 ksthunk - ok

09:19:44.0182 1856 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

09:19:44.0182 1856 KtmRm - ok

09:19:44.0229 1856 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll

09:19:44.0244 1856 LanmanServer - ok

09:19:44.0275 1856 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

09:19:44.0275 1856 LanmanWorkstation - ok

09:19:44.0307 1856 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

09:19:44.0322 1856 lltdio - ok

09:19:44.0369 1856 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

09:19:44.0385 1856 lltdsvc - ok

09:19:44.0431 1856 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

09:19:44.0431 1856 lmhosts - ok

09:19:44.0478 1856 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

09:19:44.0478 1856 LMS - ok

09:19:44.0525 1856 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys

09:19:44.0525 1856 LSI_FC - ok

09:19:44.0541 1856 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys

09:19:44.0541 1856 LSI_SAS - ok

09:19:44.0572 1856 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys

09:19:44.0572 1856 LSI_SAS2 - ok

09:19:44.0603 1856 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys

09:19:44.0603 1856 LSI_SCSI - ok

09:19:44.0619 1856 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

09:19:44.0619 1856 luafv - ok

09:19:44.0681 1856 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\windows\system32\drivers\mbam.sys

09:19:44.0681 1856 MBAMProtector - ok

09:19:44.0775 1856 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

09:19:44.0790 1856 MBAMService - ok

09:19:44.0821 1856 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

09:19:44.0821 1856 Mcx2Svc - ok

09:19:44.0853 1856 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys

09:19:44.0853 1856 megasas - ok

09:19:44.0899 1856 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys

09:19:44.0899 1856 MegaSR - ok

09:19:44.0946 1856 MGHwCtrl - ok

09:19:45.0009 1856 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files (x86)\System Control Manager\MSIService.exe

09:19:45.0009 1856 Micro Star SCM - ok

09:19:45.0071 1856 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

09:19:45.0071 1856 Microsoft Office Groove Audit Service - ok

09:19:45.0118 1856 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

09:19:45.0118 1856 MMCSS - ok

09:19:45.0133 1856 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

09:19:45.0133 1856 Modem - ok

09:19:45.0180 1856 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

09:19:45.0180 1856 monitor - ok

09:19:45.0196 1856 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys

09:19:45.0196 1856 mouclass - ok

09:19:45.0227 1856 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

09:19:45.0227 1856 mouhid - ok

09:19:45.0258 1856 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

09:19:45.0258 1856 mountmgr - ok

09:19:45.0383 1856 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys

09:19:45.0383 1856 MpFilter - ok

09:19:45.0492 1856 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

09:19:45.0492 1856 mpio - ok

09:19:45.0523 1856 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

09:19:45.0523 1856 mpsdrv - ok

09:19:45.0601 1856 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

09:19:45.0617 1856 MpsSvc - ok

09:19:45.0664 1856 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

09:19:45.0679 1856 MRxDAV - ok

09:19:45.0773 1856 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

09:19:45.0773 1856 mrxsmb - ok

09:19:45.0820 1856 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

09:19:45.0820 1856 mrxsmb10 - ok

09:19:45.0835 1856 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

09:19:45.0851 1856 mrxsmb20 - ok

09:19:45.0913 1856 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

09:19:45.0913 1856 msahci - ok

09:19:45.0960 1856 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

09:19:45.0960 1856 msdsm - ok

09:19:46.0007 1856 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

09:19:46.0007 1856 MSDTC - ok

09:19:46.0054 1856 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

09:19:46.0054 1856 Msfs - ok

09:19:46.0085 1856 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

09:19:46.0085 1856 mshidkmdf - ok

09:19:46.0132 1856 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

09:19:46.0132 1856 msisadrv - ok

09:19:46.0163 1856 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

09:19:46.0163 1856 MSiSCSI - ok

09:19:46.0163 1856 msiserver - ok

09:19:46.0194 1856 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

09:19:46.0194 1856 MSKSSRV - ok

09:19:46.0366 1856 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe

09:19:46.0366 1856 MsMpSvc - ok

09:19:46.0397 1856 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

09:19:46.0397 1856 MSPCLOCK - ok

09:19:46.0397 1856 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

09:19:46.0397 1856 MSPQM - ok

09:19:46.0459 1856 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

09:19:46.0459 1856 MsRPC - ok

09:19:46.0537 1856 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys

09:19:46.0537 1856 mssmbios - ok

09:19:46.0584 1856 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

09:19:46.0584 1856 MSTEE - ok

09:19:46.0662 1856 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys

09:19:46.0662 1856 MTConfig - ok

09:19:46.0709 1856 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

09:19:46.0709 1856 Mup - ok

09:19:46.0771 1856 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

09:19:46.0771 1856 napagent - ok

09:19:46.0818 1856 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

09:19:46.0818 1856 NativeWifiP - ok

09:19:46.0927 1856 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys

09:19:46.0943 1856 NDIS - ok

09:19:46.0974 1856 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

09:19:46.0974 1856 NdisCap - ok

09:19:47.0005 1856 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

09:19:47.0005 1856 NdisTapi - ok

09:19:47.0068 1856 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

09:19:47.0068 1856 Ndisuio - ok

09:19:47.0115 1856 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

09:19:47.0115 1856 NdisWan - ok

09:19:47.0161 1856 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

09:19:47.0161 1856 NDProxy - ok

09:19:47.0177 1856 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

09:19:47.0177 1856 NetBIOS - ok

09:19:47.0208 1856 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

09:19:47.0208 1856 NetBT - ok

09:19:47.0224 1856 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

09:19:47.0224 1856 Netlogon - ok

09:19:47.0271 1856 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

09:19:47.0286 1856 Netman - ok

09:19:47.0302 1856 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

09:19:47.0317 1856 netprofm - ok

09:19:47.0364 1856 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:19:47.0364 1856 NetTcpPortSharing - ok

09:19:47.0395 1856 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys

09:19:47.0395 1856 nfrd960 - ok

09:19:47.0442 1856 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys

09:19:47.0442 1856 NisDrv - ok

09:19:47.0505 1856 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe

09:19:47.0505 1856 NisSrv - ok

09:19:47.0567 1856 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll

09:19:47.0567 1856 NlaSvc - ok

09:19:47.0567 1856 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

09:19:47.0567 1856 Npfs - ok

09:19:47.0598 1856 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

09:19:47.0598 1856 nsi - ok

09:19:47.0645 1856 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

09:19:47.0645 1856 nsiproxy - ok

09:19:47.0707 1856 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

09:19:47.0754 1856 Ntfs - ok

09:19:47.0770 1856 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

09:19:47.0770 1856 Null - ok

09:19:47.0785 1856 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

09:19:47.0801 1856 nvraid - ok

09:19:47.0848 1856 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

09:19:47.0848 1856 nvstor - ok

09:19:47.0879 1856 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

09:19:47.0879 1856 nv_agp - ok

09:19:47.0941 1856 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:19:47.0957 1856 odserv - ok

09:19:47.0988 1856 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

09:19:47.0988 1856 ohci1394 - ok

09:19:48.0019 1856 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:19:48.0019 1856 ose - ok

09:19:48.0066 1856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

09:19:48.0066 1856 p2pimsvc - ok

09:19:48.0097 1856 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

09:19:48.0097 1856 p2psvc - ok

09:19:48.0129 1856 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys

09:19:48.0129 1856 Parport - ok

09:19:48.0160 1856 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

09:19:48.0160 1856 partmgr - ok

09:19:48.0191 1856 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

09:19:48.0191 1856 PcaSvc - ok

09:19:48.0207 1856 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

09:19:48.0207 1856 pci - ok

09:19:48.0222 1856 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

09:19:48.0222 1856 pciide - ok

09:19:48.0238 1856 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys

09:19:48.0238 1856 pcmcia - ok

09:19:48.0253 1856 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

09:19:48.0253 1856 pcw - ok

09:19:48.0285 1856 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

09:19:48.0300 1856 PEAUTH - ok

09:19:48.0394 1856 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

09:19:48.0441 1856 PerfHost - ok

09:19:48.0503 1856 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

09:19:48.0534 1856 pla - ok

09:19:48.0612 1856 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

09:19:48.0612 1856 PlugPlay - ok

09:19:48.0675 1856 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

09:19:48.0675 1856 PNRPAutoReg - ok

09:19:48.0706 1856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

09:19:48.0706 1856 PNRPsvc - ok

09:19:48.0753 1856 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

09:19:48.0753 1856 PolicyAgent - ok

09:19:48.0784 1856 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

09:19:48.0784 1856 Power - ok

09:19:48.0846 1856 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

09:19:48.0846 1856 PptpMiniport - ok

09:19:48.0877 1856 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys

09:19:48.0877 1856 Processor - ok

09:19:48.0924 1856 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

09:19:48.0940 1856 ProfSvc - ok

09:19:48.0940 1856 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

09:19:48.0940 1856 ProtectedStorage - ok

09:19:48.0971 1856 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

09:19:48.0987 1856 Psched - ok

09:19:49.0033 1856 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys

09:19:49.0065 1856 ql2300 - ok

09:19:49.0080 1856 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys

09:19:49.0096 1856 ql40xx - ok

09:19:49.0111 1856 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

09:19:49.0111 1856 QWAVE - ok

09:19:49.0143 1856 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

09:19:49.0143 1856 QWAVEdrv - ok

09:19:49.0158 1856 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

09:19:49.0158 1856 RasAcd - ok

09:19:49.0205 1856 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

09:19:49.0205 1856 RasAgileVpn - ok

09:19:49.0221 1856 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

09:19:49.0236 1856 RasAuto - ok

09:19:49.0252 1856 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

09:19:49.0252 1856 Rasl2tp - ok

09:19:49.0314 1856 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

09:19:49.0330 1856 RasMan - ok

09:19:49.0345 1856 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

09:19:49.0345 1856 RasPppoe - ok

09:19:49.0361 1856 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

09:19:49.0361 1856 RasSstp - ok

09:19:49.0408 1856 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

09:19:49.0408 1856 rdbss - ok

09:19:49.0423 1856 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys

09:19:49.0423 1856 rdpbus - ok

09:19:49.0439 1856 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

09:19:49.0439 1856 RDPCDD - ok

09:19:49.0455 1856 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

09:19:49.0455 1856 RDPENCDD - ok

09:19:49.0470 1856 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

09:19:49.0470 1856 RDPREFMP - ok

09:19:49.0501 1856 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

09:19:49.0501 1856 RDPWD - ok

09:19:49.0533 1856 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

09:19:49.0533 1856 rdyboost - ok

09:19:49.0564 1856 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

09:19:49.0564 1856 RemoteAccess - ok

09:19:49.0611 1856 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

09:19:49.0626 1856 RemoteRegistry - ok

09:19:49.0673 1856 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

09:19:49.0673 1856 RpcEptMapper - ok

09:19:49.0704 1856 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

09:19:49.0704 1856 RpcLocator - ok

09:19:49.0751 1856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

09:19:49.0751 1856 RpcSs - ok

09:19:49.0798 1856 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

09:19:49.0798 1856 rspndr - ok

09:19:49.0845 1856 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

09:19:49.0845 1856 RTL8167 - ok

09:19:49.0860 1856 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

09:19:49.0860 1856 SamSs - ok

09:19:49.0891 1856 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

09:19:49.0891 1856 sbp2port - ok

09:19:49.0938 1856 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

09:19:49.0938 1856 SCardSvr - ok

09:19:49.0969 1856 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

09:19:49.0969 1856 scfilter - ok

09:19:50.0032 1856 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

09:19:50.0063 1856 Schedule - ok

09:19:50.0094 1856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

09:19:50.0094 1856 SCPolicySvc - ok

09:19:50.0125 1856 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys

09:19:50.0125 1856 sdbus - ok

09:19:50.0157 1856 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

09:19:50.0172 1856 SDRSVC - ok

09:19:50.0250 1856 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

09:19:50.0250 1856 SeaPort - ok

09:19:50.0297 1856 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

09:19:50.0297 1856 secdrv - ok

09:19:50.0344 1856 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

09:19:50.0344 1856 seclogon - ok

09:19:50.0375 1856 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll

09:19:50.0375 1856 SENS - ok

09:19:50.0406 1856 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

09:19:50.0406 1856 SensrSvc - ok

09:19:50.0437 1856 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys

09:19:50.0437 1856 Serenum - ok

09:19:50.0484 1856 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys

09:19:50.0500 1856 Serial - ok

09:19:50.0515 1856 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys

09:19:50.0515 1856 sermouse - ok

09:19:50.0578 1856 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

09:19:50.0578 1856 SessionEnv - ok

09:19:50.0609 1856 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

09:19:50.0609 1856 sffdisk - ok

09:19:50.0625 1856 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

09:19:50.0625 1856 sffp_mmc - ok

09:19:50.0625 1856 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

09:19:50.0625 1856 sffp_sd - ok

09:19:50.0671 1856 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys

09:19:50.0671 1856 sfloppy - ok

09:19:50.0703 1856 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

09:19:50.0718 1856 SharedAccess - ok

09:19:50.0749 1856 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

09:19:50.0765 1856 ShellHWDetection - ok

09:19:50.0781 1856 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys

09:19:50.0781 1856 SiSRaid2 - ok

09:19:50.0796 1856 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys

09:19:50.0796 1856 SiSRaid4 - ok

09:19:50.0812 1856 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

09:19:50.0812 1856 Smb - ok

09:19:50.0859 1856 [ 7AE8BCA90539ECBDE87AC45BA1436BE3 ] smserial C:\windows\system32\DRIVERS\SmSerl64.sys

09:19:50.0890 1856 smserial - ok

09:19:50.0921 1856 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

09:19:50.0937 1856 SNMPTRAP - ok

09:19:50.0937 1856 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

09:19:50.0937 1856 spldr - ok

09:19:50.0983 1856 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe

09:19:50.0983 1856 Spooler - ok

09:19:51.0093 1856 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

09:19:51.0186 1856 sppsvc - ok

09:19:51.0202 1856 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

09:19:51.0202 1856 sppuinotify - ok

09:19:51.0249 1856 [ A6CFF1AF7664627A296B6A0A96CF876E ] sptd C:\windows\System32\Drivers\sptd.sys

09:19:51.0249 1856 sptd - ok

09:19:51.0295 1856 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

09:19:51.0295 1856 srv - ok

09:19:51.0327 1856 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

09:19:51.0327 1856 srv2 - ok

09:19:51.0342 1856 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

09:19:51.0342 1856 srvnet - ok

09:19:51.0373 1856 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

09:19:51.0373 1856 SSDPSRV - ok

09:19:51.0389 1856 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

09:19:51.0389 1856 SstpSvc - ok

09:19:51.0420 1856 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys

09:19:51.0420 1856 stexstor - ok

09:19:51.0483 1856 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

09:19:51.0498 1856 stisvc - ok

09:19:51.0514 1856 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys

09:19:51.0514 1856 swenum - ok

09:19:51.0545 1856 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

09:19:51.0561 1856 swprv - ok

09:19:51.0592 1856 [ E5D73228176C9F69072D1F91CED83484 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

09:19:51.0592 1856 SynTP - ok

09:19:51.0670 1856 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

09:19:51.0717 1856 SysMain - ok

09:19:51.0748 1856 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

09:19:51.0748 1856 TabletInputService - ok

09:19:55.0133 1856 [ 3A05225B4172D0FA20107BD503A84681 ] TapiSrv C:\windows\System32\tapisrv.dll

09:36:35.0656 1856 Suspicious file (NoAccess): C:\windows\System32\tapisrv.dll. md5: 3A05225B4172D0FA20107BD503A84681

09:36:35.0703 1856 TapiSrv ( LockedFile.Multi.Generic ) - warning

09:36:35.0703 1856 TapiSrv - detected LockedFile.Multi.Generic (1)

09:36:35.0797 1856 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

09:36:35.0797 1856 TBS - ok

09:36:35.0906 1856 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys

09:36:35.0953 1856 Tcpip - ok

09:36:36.0015 1856 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

09:36:36.0015 1856 TCPIP6 - ok

09:36:36.0124 1856 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

09:36:36.0124 1856 tcpipreg - ok

09:36:36.0156 1856 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

09:36:36.0171 1856 TDPIPE - ok

09:36:36.0202 1856 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

09:36:36.0202 1856 TDTCP - ok

09:36:36.0249 1856 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

09:36:36.0249 1856 tdx - ok

09:36:36.0436 1856 [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

09:36:36.0514 1856 TeamViewer7 - ok

09:36:36.0577 1856 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys

09:36:36.0577 1856 TermDD - ok

09:36:36.0639 1856 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

09:36:36.0655 1856 TermService - ok

09:36:36.0686 1856 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

09:36:36.0686 1856 Themes - ok

09:36:36.0733 1856 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

09:36:36.0733 1856 THREADORDER - ok

09:36:36.0764 1856 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

09:36:36.0764 1856 TrkWks - ok

09:36:36.0858 1856 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

09:36:36.0858 1856 TrustedInstaller - ok

09:36:36.0904 1856 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

09:36:36.0904 1856 tssecsrv - ok

09:36:36.0951 1856 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

09:36:36.0951 1856 TsUsbFlt - ok

09:36:37.0029 1856 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

09:36:37.0029 1856 tunnel - ok

09:36:37.0060 1856 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys

09:36:37.0060 1856 uagp35 - ok

09:36:37.0092 1856 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

09:36:37.0092 1856 udfs - ok

09:36:37.0248 1856 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

09:36:37.0248 1856 UI0Detect - ok

09:36:37.0263 1856 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

09:36:37.0279 1856 uliagpkx - ok

09:36:37.0326 1856 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys

09:36:37.0326 1856 umbus - ok

09:36:37.0341 1856 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys

09:36:37.0341 1856 UmPass - ok

09:36:37.0450 1856 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

09:36:37.0528 1856 UNS - ok

09:36:37.0653 1856 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

09:36:37.0669 1856 upnphost - ok

09:36:37.0716 1856 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

09:36:37.0716 1856 USBAAPL64 - ok

09:36:37.0747 1856 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

09:36:37.0747 1856 usbccgp - ok

09:36:37.0809 1856 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

09:36:37.0825 1856 usbcir - ok

09:36:37.0825 1856 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys

09:36:37.0840 1856 usbehci - ok

09:36:37.0856 1856 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

09:36:37.0856 1856 usbhub - ok

09:36:37.0872 1856 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

09:36:37.0872 1856 usbohci - ok

09:36:37.0934 1856 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

09:36:37.0934 1856 usbprint - ok

09:36:38.0012 1856 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

09:36:38.0028 1856 usbscan - ok

09:36:38.0028 1856 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

09:36:38.0043 1856 USBSTOR - ok

09:36:38.0059 1856 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

09:36:38.0059 1856 usbuhci - ok

09:36:38.0106 1856 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys

09:36:38.0106 1856 usbvideo - ok

09:36:38.0137 1856 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

09:36:38.0137 1856 UxSms - ok

09:36:38.0152 1856 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

09:36:38.0152 1856 VaultSvc - ok

09:36:38.0168 1856 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

09:36:38.0168 1856 vdrvroot - ok

09:36:38.0230 1856 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

09:36:38.0246 1856 vds - ok

09:36:38.0277 1856 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

09:36:38.0277 1856 vga - ok

09:36:38.0277 1856 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

09:36:38.0293 1856 VgaSave - ok

09:36:38.0324 1856 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

09:36:38.0340 1856 vhdmp - ok

09:36:38.0386 1856 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

09:36:38.0386 1856 viaide - ok

09:36:38.0402 1856 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

09:36:38.0402 1856 volmgr - ok

09:36:38.0511 1856 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

09:36:38.0511 1856 volmgrx - ok

09:36:38.0527 1856 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

09:36:38.0527 1856 volsnap - ok

09:36:38.0574 1856 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys

09:36:38.0574 1856 vsmraid - ok

09:36:38.0698 1856 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

09:36:38.0730 1856 VSS - ok

09:36:38.0761 1856 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

09:36:38.0761 1856 vwifibus - ok

09:36:38.0776 1856 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

09:36:38.0776 1856 vwififlt - ok

09:36:38.0808 1856 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

09:36:38.0823 1856 W32Time - ok

09:36:38.0839 1856 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys

09:36:38.0839 1856 WacomPen - ok

09:36:38.0901 1856 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

09:36:38.0901 1856 WANARP - ok

09:36:38.0917 1856 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

09:36:38.0917 1856 Wanarpv6 - ok

09:36:38.0995 1856 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

09:36:39.0026 1856 WatAdminSvc - ok

09:36:39.0073 1856 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

09:36:39.0120 1856 wbengine - ok

09:36:39.0135 1856 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

09:36:39.0151 1856 WbioSrvc - ok

09:36:39.0182 1856 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

09:36:39.0182 1856 wcncsvc - ok

09:36:39.0213 1856 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

09:36:39.0213 1856 WcsPlugInService - ok

09:36:39.0260 1856 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys

09:36:39.0260 1856 Wd - ok

09:36:39.0291 1856 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

09:36:39.0307 1856 Wdf01000 - ok

09:36:39.0322 1856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

09:36:39.0338 1856 WdiServiceHost - ok

09:36:39.0354 1856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

09:36:39.0354 1856 WdiSystemHost - ok

09:36:39.0385 1856 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

09:36:39.0385 1856 WebClient - ok

09:36:39.0416 1856 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

09:36:39.0432 1856 Wecsvc - ok

09:36:39.0447 1856 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

09:36:39.0447 1856 wercplsupport - ok

09:36:39.0478 1856 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

09:36:39.0478 1856 WerSvc - ok

09:36:39.0525 1856 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

09:36:39.0525 1856 WfpLwf - ok

09:36:39.0556 1856 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

09:36:39.0556 1856 WIMMount - ok

09:36:39.0603 1856 WinDefend - ok

09:36:39.0634 1856 WinHttpAutoProxySvc - ok

09:36:39.0759 1856 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

09:36:39.0759 1856 Winmgmt - ok

09:36:39.0884 1856 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

09:36:39.0946 1856 WinRM - ok

09:36:40.0024 1856 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

09:36:40.0024 1856 WinUsb - ok

09:36:40.0087 1856 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

09:36:40.0118 1856 Wlansvc - ok

09:36:40.0290 1856 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:36:40.0352 1856 wlidsvc - ok

09:36:40.0383 1856 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

09:36:40.0383 1856 WmiAcpi - ok

09:36:40.0414 1856 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

09:36:40.0414 1856 wmiApSrv - ok

09:36:40.0477 1856 WMPNetworkSvc - ok

09:36:40.0508 1856 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

09:36:40.0508 1856 WPCSvc - ok

09:36:40.0555 1856 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

09:36:40.0570 1856 WPDBusEnum - ok

09:36:40.0586 1856 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

09:36:40.0586 1856 ws2ifsl - ok

09:36:40.0617 1856 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll

09:36:40.0617 1856 wscsvc - ok

09:36:40.0617 1856 WSearch - ok

09:36:40.0711 1856 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

09:36:40.0789 1856 wuauserv - ok

09:36:40.0820 1856 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys

09:36:40.0820 1856 WudfPf - ok

09:36:40.0851 1856 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

09:36:40.0867 1856 WUDFRd - ok

09:36:40.0929 1856 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll

09:36:40.0929 1856 wudfsvc - ok

09:36:40.0976 1856 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

09:36:40.0976 1856 WwanSvc - ok

09:36:41.0007 1856 ================ Scan global ===============================

09:36:41.0023 1856 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

09:36:41.0054 1856 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

09:36:41.0070 1856 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

09:36:41.0101 1856 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

09:36:41.0132 1856 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

09:36:41.0132 1856 [Global] - ok

09:36:41.0132 1856 ================ Scan MBR ==================================

09:36:41.0148 1856 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

09:36:41.0491 1856 \Device\Harddisk0\DR0 - ok

09:36:41.0491 1856 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

09:36:41.0491 1856 \Device\Harddisk1\DR1 - ok

09:36:41.0491 1856 ================ Scan VBR ==================================

09:36:41.0569 1856 [ 75D188B3DABA70EE81504F1FBB8FA2AF ] \Device\Harddisk0\DR0\Partition1

09:36:41.0569 1856 \Device\Harddisk0\DR0\Partition1 - ok

09:36:41.0943 1856 [ C5BCE75A797337CF53BD256D9E81836F ] \Device\Harddisk0\DR0\Partition2

09:36:41.0943 1856 \Device\Harddisk0\DR0\Partition2 - ok

09:36:41.0943 1856 [ 05070DF59B3356AAA3F03C1239081D69 ] \Device\Harddisk1\DR1\Partition1

09:36:41.0943 1856 \Device\Harddisk1\DR1\Partition1 - ok

09:36:41.0943 1856 ============================================================

09:36:41.0943 1856 Scan finished

09:36:41.0943 1856 ============================================================

09:36:42.0006 1848 Detected object count: 1

09:36:42.0006 1848 Actual detected object count: 1

09:48:59.0357 1848 C:\windows\System32\tapisrv.dll - copied to quarantine

09:48:59.0357 1848 TapiSrv ( LockedFile.Multi.Generic ) - User select action: Quarantine

Link to post
Share on other sites

ADW:

# AdwCleaner v1.801 - Logfile created 08/23/2012 at 10:21:06

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Kristen - KRISTEN-MSI

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Kristen\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Kristen\AppData\Local\Babylon

Folder Found : C:\Users\Kristen\AppData\Local\Conduit

Folder Found : C:\Users\Kristen\AppData\LocalLow\Conduit

Folder Found : C:\Users\Kristen\AppData\LocalLow\facemoods.com

Folder Found : C:\Users\Kristen\AppData\Roaming\Babylon

Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\Conduit

Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\ConduitEngine

Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\CT2956077

Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\FCTB

Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\extensions\{30aa252e-b1df-4aa2-9c5e-194c67a7c623}

Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\extensions\engine@conduit.com

Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\extensions\staged

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Found : C:\ProgramData\Premium

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

File Found : C:\user.js

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\dnUpdate

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Found : HKLM\SOFTWARE\Freeze.com

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

[x64] Key Found : HKCU\Software\Conduit

[x64] Key Found : HKCU\Software\Softonic

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdate

[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

[x64] Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=c6dc987d000000000000485d60618af9

-\\ Mozilla Firefox v [unable to get version]

Profile name : default

File : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\prefs.js

Found : user_pref("CT2418376..clientLogIsEnabled", true);

Found : user_pref("CT2418376..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT2418376..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT2418376.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2418376.CTID", "CT2418376");

Found : user_pref("CT2418376.CurrentServerDate", "29-3-2011");

Found : user_pref("CT2418376.DialogsAlignMode", "LTR");

Found : user_pref("CT2418376.DialogsGetterLastCheckTime", "Tue Mar 29 2011 02:48:20 GMT-0400 (Eastern Daylig[...]

Found : user_pref("CT2418376.DownloadReferralCookieData", "");

Found : user_pref("CT2418376.ExternalComponentPollDate5694225620172914022", "Sun Mar 27 2011 14:21:36 GMT-04[...]

Found : user_pref("CT2418376.FirstServerDate", "7-3-2011");

Found : user_pref("CT2418376.FirstTime", true);

Found : user_pref("CT2418376.FirstTimeFF3", true);

Found : user_pref("CT2418376.FirstTimeSettingsDone", true);

Found : user_pref("CT2418376.FixPageNotFoundErrors", true);

Found : user_pref("CT2418376.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2418376.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2418376.Initialize", true);

Found : user_pref("CT2418376.InitializeCommonPrefs", true);

Found : user_pref("CT2418376.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT2418376.InstallationType", "UnknownIntegration");

Found : user_pref("CT2418376.InstalledDate", "Sun Mar 06 2011 18:00:39 GMT-0500 (Eastern Standard Time)");

Found : user_pref("CT2418376.IsGrouping", false);

Found : user_pref("CT2418376.IsMulticommunity", false);

Found : user_pref("CT2418376.IsOpenThankYouPage", false);

Found : user_pref("CT2418376.IsOpenUninstallPage", true);

Found : user_pref("CT2418376.LanguagePackLastCheckTime", "Tue Mar 29 2011 02:48:19 GMT-0400 (Eastern Dayligh[...]

Found : user_pref("CT2418376.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2418376.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2418376.LastLogin_2.7.2.0", "Tue Mar 29 2011 00:48:55 GMT-0400 (Eastern Daylight Time)"[...]

Found : user_pref("CT2418376.LastLogin_3.3.3.2", "Tue Mar 29 2011 02:48:17 GMT-0400 (Eastern Daylight Time)"[...]

Found : user_pref("CT2418376.LatestVersion", "2.7.2.0");

Found : user_pref("CT2418376.Locale", "en");

Found : user_pref("CT2418376.LoginCache", 4);

Found : user_pref("CT2418376.MCDetectTooltipHeight", "83");

Found : user_pref("CT2418376.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2418376.MCDetectTooltipWidth", "295");

Found : user_pref("CT2418376.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]

Found : user_pref("CT2418376.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2418376.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT241[...]

Found : user_pref("CT2418376.SearchInNewTabEnabled", true);

Found : user_pref("CT2418376.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2418376.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 00:48:55 GMT-0400 (Eastern Dayli[...]

Found : user_pref("CT2418376.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2418376.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Found : user_pref("CT2418376.ServiceMapLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern Daylight [...]

Found : user_pref("CT2418376.SettingsCheckIntervalMin", 120);

Found : user_pref("CT2418376.SettingsLastCheckTime", "Tue Mar 29 2011 00:48:55 GMT-0400 (Eastern Daylight Ti[...]

Found : user_pref("CT2418376.SettingsLastUpdate", "1299600573");

Found : user_pref("CT2418376.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT2418376.ThirdPartyComponentsLastCheck", "Tue Mar 29 2011 00:48:55 GMT-0400 (Eastern Day[...]

Found : user_pref("CT2418376.ThirdPartyComponentsLastUpdate", "1246790578");

Found : user_pref("CT2418376.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2418376");

Found : user_pref("CT2418376.UserID", "UN91213649790182398");

Found : user_pref("CT2418376.ValidationData_Toolbar", 1);

Found : user_pref("CT2418376.alertChannelId", "812740");

Found : user_pref("CT2418376.clientLogIsEnabled", true);

Found : user_pref("CT2418376.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Found : user_pref("CT2418376.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]

Found : user_pref("CT2418376.globalFirstTimeInfoLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern [...]

Found : user_pref("CT2418376.isAppTrackingManagerOn", true);

Found : user_pref("CT2418376.myStuffEnabled", true);

Found : user_pref("CT2418376.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2418376.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2418376.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2418376.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2418376.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern D[...]

Found : user_pref("CT2418376.toolbarContextMenuLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern D[...]

Found : user_pref("CT2418376.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Found : user_pref("CT2956077..clientLogIsEnabled", true);

Found : user_pref("CT2956077..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT2956077..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT2956077.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2956077.AppTrackingLastCheckTime", "Tue Mar 29 2011 02:48:27 GMT-0400 (Eastern Daylight[...]

Found : user_pref("CT2956077.CT2956077", "CT2956077");

Found : user_pref("CT2956077.CurrentServerDate", "29-3-2011");

Found : user_pref("CT2956077.DialogsAlignMode", "LTR");

Found : user_pref("CT2956077.DialogsGetterLastCheckTime", "Tue Mar 29 2011 02:48:21 GMT-0400 (Eastern Daylig[...]

Found : user_pref("CT2956077.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]

Found : user_pref("CT2956077.FirstServerDate", "29-3-2011");

Found : user_pref("CT2956077.FirstTime", true);

Found : user_pref("CT2956077.FirstTimeFF3", true);

Found : user_pref("CT2956077.FixPageNotFoundErrors", false);

Found : user_pref("CT2956077.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2956077.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2956077.HasUserGlobalKeys", true);

Found : user_pref("CT2956077.Initialize", true);

Found : user_pref("CT2956077.InitializeCommonPrefs", true);

Found : user_pref("CT2956077.InstallationAndCookieDataSentCount", 1);

Found : user_pref("CT2956077.InstalledDate", "Tue Mar 29 2011 02:48:21 GMT-0400 (Eastern Daylight Time)");

Found : user_pref("CT2956077.InvalidateCache", false);

Found : user_pref("CT2956077.IsGrouping", false);

Found : user_pref("CT2956077.IsMulticommunity", false);

Found : user_pref("CT2956077.IsOpenThankYouPage", true);

Found : user_pref("CT2956077.IsOpenUninstallPage", true);

Found : user_pref("CT2956077.LanguagePackLastCheckTime", "Tue Mar 29 2011 02:48:19 GMT-0400 (Eastern Dayligh[...]

Found : user_pref("CT2956077.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2956077.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2956077.LastLogin_3.3.3.2", "Tue Mar 29 2011 02:48:17 GMT-0400 (Eastern Daylight Time)"[...]

Found : user_pref("CT2956077.LatestVersion", "3.2.5.2");

Found : user_pref("CT2956077.Locale", "en");

Found : user_pref("CT2956077.MCDetectTooltipHeight", "83");

Found : user_pref("CT2956077.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2956077.MCDetectTooltipWidth", "295");

Found : user_pref("CT2956077.RadioIsPodcast", false);

Found : user_pref("CT2956077.RadioLastCheckTime", "Tue Mar 29 2011 02:48:18 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT2956077.RadioLastUpdateIPServer", "3");

Found : user_pref("CT2956077.RadioLastUpdateServer", "3");

Found : user_pref("CT2956077.RadioMediaID", "9962");

Found : user_pref("CT2956077.RadioMediaType", "Media Player");

Found : user_pref("CT2956077.RadioMenuSelectedID", "EBRadioMenu_CT29560779962");

Found : user_pref("CT2956077.RadioStationName", "California%20Rock");

Found : user_pref("CT2956077.RadioStationURL", "hxxp://feedlive.net/california.asx");

Found : user_pref("CT2956077.SavedHomepage", "hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP");

Found : user_pref("CT2956077.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2956077.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT295[...]

Found : user_pref("CT2956077.SearchInNewTabEnabled", true);

Found : user_pref("CT2956077.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2956077.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 02:48:18 GMT-0400 (Eastern Dayli[...]

Found : user_pref("CT2956077.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2956077.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Found : user_pref("CT2956077.ServiceMapLastCheckTime", "Tue Mar 29 2011 02:48:15 GMT-0400 (Eastern Daylight [...]

Found : user_pref("CT2956077.SettingsLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern Daylight Ti[...]

Found : user_pref("CT2956077.SettingsLastUpdate", "1301092289");

Found : user_pref("CT2956077.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT2956077.ThirdPartyComponentsLastCheck", "Tue Mar 29 2011 02:48:15 GMT-0400 (Eastern Day[...]

Found : user_pref("CT2956077.ThirdPartyComponentsLastUpdate", "1246786978");

Found : user_pref("CT2956077.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2956077");

Found : user_pref("CT2956077.UserID", "UN06217710726421377");

Found : user_pref("CT2956077.WeatherNetwork", "");

Found : user_pref("CT2956077.WeatherPollDate", "Tue Mar 29 2011 02:48:17 GMT-0400 (Eastern Daylight Time)");

Found : user_pref("CT2956077.WeatherUnit", "F");

Found : user_pref("CT2956077.alertChannelId", "1347936");

Found : user_pref("CT2956077.approveUntrustedApps", true);

Found : user_pref("CT2956077.backendstorage._fb_dailyactivity", "31333031333831323938353136");

Found : user_pref("CT2956077.backendstorage._fb_lifetimesent", "54525545");

Found : user_pref("CT2956077.backendstorage.facebook_ctid_connect_send", "73656E646564");

Found : user_pref("CT2956077.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]

Found : user_pref("CT2956077.globalFirstTimeInfoLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern [...]

Found : user_pref("CT2956077.isAppTrackingManagerOn", true);

Found : user_pref("CT2956077.myStuffEnabled", true);

Found : user_pref("CT2956077.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2956077.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2956077.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2956077.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2956077.testingCtid", "");

Found : user_pref("CT2956077.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern D[...]

Found : user_pref("CT2956077.toolbarContextMenuLastCheckTime", "Tue Mar 29 2011 02:48:17 GMT-0400 (Eastern D[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1347936/1343597/US", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2418376", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2956077", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2956077",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2956077/CT2956077[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]

Found : user_pref("CommunityToolbar.EngineOwner", "CT2956077");

Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{30aa252e-b1df-4aa2-9c5e-194c67a7c623}");

Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "gamewrangler_v2");

Found : user_pref("CommunityToolbar.IsEngineShown", true);

Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.mochigames.com/conduit/app/?utm_source=co[...]

Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2956077");

Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{30aa252e-b1df-4aa2-9c5e-194c67a7c623}");

Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "gamewrangler_v2");

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?pc=ZUGO&form=[...]

Found : user_pref("CommunityToolbar.ToolbarsList", "CT2418376,ConduitEngine,CT2956077");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2418376,CT2956077");

Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Mar 29 2011 02:48:17 GMT-04[...]

Found : user_pref("CommunityToolbar.alert.alertEnabled", true);

Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Apr 13 2011 22:27:23 GMT-0400 (Easte[...]

Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.alert.locale", "en");

Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 13 2011 22:27:10 GMT-0400 (Eastern D[...]

Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");

Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.alert.userId", "742bb392-1288-4699-95cb-4b4ed573f1f2");

Found : user_pref("CommunityToolbar.globalUserId", "66d31b25-79e1-46d1-801a-1ebd41133792");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2956077");

Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Apr 08 2011 15:19:30 GMT-0400 (Eastern Dayl[...]

Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Apr 13 2011 21:19:07 GMT-0400 (Eastern Da[...]

Found : user_pref("ConduitEngine.FirstServerDate", "03/29/2011 09");

Found : user_pref("ConduitEngine.FirstTime", true);

Found : user_pref("ConduitEngine.FirstTimeFF3", true);

Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);

Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);

Found : user_pref("ConduitEngine.Initialize", true);

Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);

Found : user_pref("ConduitEngine.InstalledDate", "Tue Mar 29 2011 02:48:19 GMT-0400 (Eastern Daylight Time)"[...]

Found : user_pref("ConduitEngine.IsMulticommunity", false);

Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);

Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);

Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Apr 13 2011 22:27:11 GMT-0400 (Eastern Day[...]

Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 14 2011 16:43:09 GMT-0400 (Eastern Daylight Ti[...]

Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);

Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 14 2011 16:43:10 GMT-0400 (Eastern Dayligh[...]

Found : user_pref("ConduitEngine.UserID", "UN15873396995055304");

Found : user_pref("ConduitEngine.engineLocale", "en-US");

Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Apr 13 2011 22:27:12 GMT-0400 (Easte[...]

Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 14 2011 16:43:09 GMT-0400 (East[...]

Found : user_pref("ConduitEngine.initDone", true);

Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Found : user_pref("browser.search.defaultengine", "Ask.com");

Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Found : user_pref("browser.search.defaultthis.engineName", "gamewrangler_v2 Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2956077&Sea[...]

Found : user_pref("browser.search.order.1", "Search the web (Babylon)");

Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=c[...]

Found : user_pref("extensions.3499ur3ur4hfsudfs.scode", "\n(function(){var bdomains={\"search.babylon.com\":[...]

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111385");

Found : user_pref("extensions.BabylonToolbar_i.hardId", "c6dc987d000000000000485d60618af9");

Found : user_pref("extensions.BabylonToolbar_i.id", "c6dc987d000000000000485d60618af9");

Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15411");

Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar_i.newTab", true);

Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111385&babsrc=N[...]

Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:30:59");

Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Found : user_pref("extensions.facemoods.aflt", "_#guppy1");

Found : user_pref("extensions.facemoods.firstRun", false);

Found : user_pref("extensions.facemoods.lastActv", "14");

Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.FirstLaunchShown", true);

Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.LastDate", 14);

Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.session", "F96D49C259F47355B34590FC35331C0D098C[...]

Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.tb_lang", "en");

Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.user_id", "27472811");

Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.vars.disablecuidinject", "1");

Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.vars.lastcheck", "Wed%20Mar%2014%202012%2000%3A[...]

Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=111385&babsrc=KW_ss&mntrId=c6dc987d000000[...]

Found : user_pref("keyword.URL","hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10ai[...]

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [32079 octets] - [23/08/2012 10:21:06]

########## EOF - C:\AdwCleaner[R1].txt - [32208 octets] ##########

Link to post
Share on other sites

Security Check:

Results of screen317's Security Check version 0.99.46

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.60.1.1000

Java 6 Update 29

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 21.0.1180.77

Google Chrome 21.0.1180.79

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com (ensure that the Save As type is "All Files").

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

Okay! Here is the log:

ComboFix 12-08-28.03 - Kristen 08/28/2012 14:44:58.3.2 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.3099 [GMT -4:00]

Running from: c:\users\Kristen\Desktop\sega.com.exe

AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))

.

.

2012-08-28 19:16 . 2012-08-28 19:16 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE361D27-BF17-48FB-9787-64F6AB56D406}\offreg.dll

2012-08-28 19:13 . 2012-08-28 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-23 14:11 . 2012-08-23 14:11 -------- d-----w- C:\found.001

2012-08-17 21:50 . 2012-08-17 21:50 -------- d-----w- C:\found.000

2012-08-16 18:31 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE361D27-BF17-48FB-9787-64F6AB56D406}\mpengine.dll

2012-08-14 17:19 . 2012-08-23 13:37 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-11 17:19 . 2012-08-11 17:19 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-10 19:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-08 05:59 . 2012-08-08 05:59 22800 ----a-w- c:\windows\system32\drivers\Smb_driver.sys

2012-08-08 05:57 . 2012-08-08 05:57 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys

2012-08-08 05:57 . 2012-08-08 05:57 14848 ----a-w- c:\windows\system32\IntcDAuC.dll

2012-08-08 05:55 . 2012-08-08 05:55 18832 ----a-w- c:\windows\system32\drivers\pmkbdfltr.sys

2012-08-08 04:57 . 2012-08-08 04:57 -------- d-----w- c:\users\Kristen\AppData\Roaming\Uniblue

2012-08-08 04:57 . 2012-08-08 04:57 -------- d-----w- c:\program files (x86)\Uniblue

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 03:38 . 2011-02-14 05:49 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 17:46 . 2011-02-14 02:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-12 03:08 . 2012-07-19 00:26 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-18 16:22 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-18 16:22 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-18 16:22 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-18 16:22 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-18 16:22 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-18 16:22 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-18 16:22 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-22 01:00 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 01:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 01:00 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 01:00 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 01:00 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 01:00 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 01:00 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 00:59 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 00:59 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-18 17:14 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-18 17:14 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-18 17:14 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-18 17:14 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-18 17:14 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-18 17:14 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-18 17:14 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-18 17:14 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-18 17:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-18 17:14 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-18 17:14 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-18 17:14 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-18 17:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-18 17:14 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-18 17:14 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-18 17:14 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-18 17:14 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-18 17:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-18 17:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-18 16:22 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-18 16:22 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-18 16:22 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-18 16:22 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-18 16:22 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-18 16:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-18 16:22 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-18 16:22 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-18 16:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE861541-7376-4545-967B-20DA8431C8CE}]

c:\programdata\TheBflix\bhoclass.dll [bU]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-02-05 2408448]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx∏=90&ver=10.0.1416" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 51600]

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 87888]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]

R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-10 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-08-08 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-28 c:\windows\Tasks\GIMP Update Checker.job

- c:\program files (x86)\GIMP\GIMPUpdateChecker.exe [2011-06-02 21:38]

.

2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:57]

.

2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-08 11465832]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2012-08-08 1833576]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1847439074-2509161730-2765944069-1000\Software\SecuROM\License information*]

"datasecu"=hex:ae,b5,c5,71,f3,95,f8,58,5c,ac,31,ab,1f,85,e0,4b,9b,35,71,de,b2,

35,24,96,0a,f9,ab,ff,72,28,c8,e3,83,07,c9,cf,ab,e4,fb,aa,63,82,36,4d,a5,ad,\

"rkeysecu"=hex:8f,ab,8b,41,54,e8,74,ea,67,c4,e2,d8,37,c0,e7,1f

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

.

**************************************************************************

.

Completion time: 2012-08-28 16:45:27 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-28 20:45

ComboFix2.txt 2012-08-18 02:09

.

Pre-Run: 45,952,413,696 bytes free

Post-Run: 45,877,018,624 bytes free

.

- - End Of File - - A5C43241BAFF88755658FCDD901AA0B7

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 29

Adobe Flash Player 10

Adobe Reader 9

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Let me know what issues remain.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.