Jump to content

Unable to Remove Trojan.Agent


Recommended Posts

I run MalwareBytes, and it detects two problems: Trojan.Agent in a file and Trojan.Agent in a memory process, but is unable to remove it. I downloaded and ran DDS. Here are the two logs.

DDS.txt

DDS (Ver_2012-10-19.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16421

Run by Isabel at 21:05:13 on 2012-11-02

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2072 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

\\.\globalroot\systemroot\svchost.exe -netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - <orphaned>

uURLSearchHooks: Stardoll Toolbar: {192a6019-26d2-4611-aead-07cd7733b146} - C:\Program Files (x86)\Stardoll\prxtbSta0.dll

mURLSearchHooks: Stardoll Toolbar: {192a6019-26d2-4611-aead-07cd7733b146} - C:\Program Files (x86)\Stardoll\prxtbSta0.dll

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Stardoll Toolbar: {192a6019-26d2-4611-aead-07cd7733b146} - C:\Program Files (x86)\Stardoll\prxtbSta0.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Stardoll Toolbar: {192A6019-26D2-4611-AEAD-07CD7733B146} - C:\Program Files (x86)\Stardoll\prxtbSta0.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Stardoll Toolbar: {192a6019-26d2-4611-aead-07cd7733b146} - C:\Program Files (x86)\Stardoll\prxtbSta0.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [Google Update] "C:\Users\Isabel\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [AdobeBridge] <no file>

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\Isabel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{22F2CAF2-39BA-45A8-961D-9B034E3D4468} : DHCPNameServer = 68.87.74.162

TCP: Interfaces\{ACE883F6-43D2-4A8A-B366-DEFF954F86A8} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{ACE883F6-43D2-4A8A-B366-DEFF954F86A8}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{ACE883F6-43D2-4A8A-B366-DEFF954F86A8}\46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{ACE883F6-43D2-4A8A-B366-DEFF954F86A8}\46C696E6B60223 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{ACE883F6-43D2-4A8A-B366-DEFF954F86A8}\B6F6F6C6B61647071647331383 : DHCPNameServer = 65.32.5.111 65.32.5.112

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-20 349800]

S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]

S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-14 136176]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]

S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]

S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-20 13336]

S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-20 2320920]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-3 250808]

S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 118864]

S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 BTHprint;Microsoft Bluetooth Printer Class;C:\Windows\System32\drivers\BTHPRINT.SYS [2009-7-13 67072]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-2-20 344616]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-20 39464]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-14 136176]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-8 158976]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-8 317440]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-2-20 329832]

S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-17 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-03 00:57:45 20480 ----a-w- C:\Windows\svchost.exe

2012-10-16 00:56:51 -------- d-----w- C:\ProgramData\EA Core

2012-10-14 00:50:45 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-10-13 22:15:51 1462784 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-13 22:15:51 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-13 22:15:50 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-13 22:15:50 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-13 22:15:49 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-13 22:15:49 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-10-13 15:10:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

.

==================== Find3M ====================

.

2012-10-14 00:49:46 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-13 22:10:54 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-13 22:10:54 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-08-11 00:53:01 714752 ----a-w- C:\Windows\System32\kerberos.dll

2012-08-10 23:54:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

.

============= FINISH: 21:08:18.73 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 4/13/2011 4:23:29 PM

System Uptime: 11/2/2012 8:56:17 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 166A

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU | 2527/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 369.077 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 1.819 GiB free.

E: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP88: 10/13/2012 5:58:27 PM - Windows Update

RP89: 10/13/2012 8:47:24 PM - Installed Java 6 Update 35

RP90: 10/14/2012 1:24:01 PM - Windows Update

RP91: 10/15/2012 6:37:17 PM - Windows Update

RP92: 10/15/2012 9:49:11 PM - Windows Update

RP93: 10/17/2012 9:16:38 PM - Windows Update

RP94: 10/18/2012 4:54:28 PM - Windows Update

RP95: 10/18/2012 10:14:58 PM - Windows Update

RP96: 10/19/2012 11:47:46 PM - Windows Update

RP97: 10/20/2012 11:51:28 PM - Windows Update

.

==== Installed Programs ======================

.

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Photoshop CS5.1

Adobe Reader 9.3.3 MUI

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2011

Bejeweled 2 Deluxe

Bing Bar

Bing Rewards Client Installer

Blackhawk Striker 2

Blasterball 3

Blio

Bonjour

Bounce Symphony

Broadcom 2070 Bluetooth 3.0

Broadcom 802.11 Wireless LAN Adapter

Build-a-lot 2

Cake Mania

Chuzzle Deluxe

CyberLink DVD Suite

CyberLink YouCam

D3DX10

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

Energy Star Digital Logo

Escape Rosecliff Island

ESU for Microsoft Windows 7

Farm Frenzy

FATE

Final Drive Nitro

Google Chrome

Google Earth

Google SketchUp 8

Google Toolbar for Internet Explorer

Google Update Helper

Heroes of Hellas 2 - Olympia

HP Auto

HP Client Services

HP CloudDrive

HP Customer Experience Enhancements

HP Documentation

HP Game Console

HP Games

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

HP Wireless Assistant

HPAsset component for HP Active Support Library

IDT Audio

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

iTunes

Java Auto Updater

Java 6 Update 22 (64-bit)

Java 6 Update 35

Jewel Quest Solitaire 2

Junk Mail filter update

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Student 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - The London Caper

ooVoo

ooVoo toolbar, powered by Ask.com

ooVoo toolbar, powered by Ask.com Updater

OpenOffice.org 3.4.1

Origin

OverDrive Media Console

PDF Settings CS5

Penguins!

PictureMover

Plants vs. Zombies

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

QuickTime

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Recovery Manager

RoxioNow Player

SaveTheChildren Reminder by We-Care.com v4.0.20.4

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype™ 5.10

Spotify

Stardoll Toolbar

Synaptics Pointing Device Driver

The Sims™ 3

The Sims™ 3 Ambitions

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Virtual Families

Virtual Villagers 4 - The Tree of Life

Visual Studio 2008 x64 Redistributables

Wheel of Fortune 2

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wondershare DVD Slideshow Builder Deluxe(Build 6.1.1.44)

Wondershare Photo Recovery (build 3.0.3)

Yahoo! Detect

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

11/2/2012 9:06:39 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/2/2012 8:57:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

11/2/2012 8:57:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/2/2012 8:57:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/2/2012 8:57:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/2/2012 8:57:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/2/2012 8:57:09 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

11/2/2012 8:56:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6

11/2/2012 8:56:51 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

11/2/2012 8:17:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

10/28/2012 4:25:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000001000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca2995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102812-27300-01.

10/26/2012 5:13:36 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).

10/26/2012 5:13:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

10/26/2012 5:04:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000ff897, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c9b995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102612-29156-01.

.

==== End Of File ===========================

Any help would be GREATLY appreciated!!!!

Link to post
Share on other sites

Welcome to the forum.

Please uninstall the Stardoll Toolbar

~~~~~~~~~~~~~~~~~~~~~

Next.............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

Thanks for the quick reply. Here's the Roguekiller report:RogueKiller V8.2.1 [10/29/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Safe mode with network support

User : Isabel [Admin rights]

Mode : Scan -- Date : 11/02/2012 22:40:46

¤¤¤ Bad processes : 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++

--- User ---

[MBR] 72a8e36e8321df55d34d7537b4ac9ee7

[bSP] b27509906ed6353760ff27ab2267a1ef : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 461726 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946024448 | Size: 14910 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 8fc49605a37cbecce66a2e7b838040a8

[bSP] b27509906ed6353760ff27ab2267a1ef : Windows 7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 461726 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946024448 | Size: 14910 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] a2ce385a96e32a831145744730203c4f

[bSP] ed3feff8d8bf78d8b471be50e1e4e879 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 409600 | Size: 77824 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 159793152 | Size: 40000 Mo

2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 241713152 | Size: 800 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes

~~~~~~~~~~~~~~~~~~

Next.............

Please read the directions carefully so you don't end up deleting something that is good!!

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

I will list them in separate posts, because I got an error that it was too long when I tried to list them all in one. Here's the log from Listparts:

ListParts by Farbar Version: 30-10-2012

Ran by Isabel (administrator) on 03-11-2012 at 07:55:37

Windows 7 (X64)

Running From: C:\Users\Isabel\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 59%

Total physical RAM: 3893.86 MB

Available physical RAM: 1591.32 MB

Total Pagefile: 7785.86 MB

Available Pagefile: 5673.84 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:450.9 GB) (Free:368.18 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (RECOVERY) (Fixed) (Total:14.56 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive e: (Sims3EP02) (CDROM) (Total:4.6 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 103 MB

Partitions of Disk 0:

===============

======================================================================================================

==========================================================

TDL4: custom:26000022

****** End Of Log ******

Link to post
Share on other sites

1st Log - TDSSKiller 07:58:06.0812 2632 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

07:58:07.0270 2632 ============================================================

07:58:07.0270 2632 Current date / time: 2012/11/03 07:58:07.0270

07:58:07.0270 2632 SystemInfo:

07:58:07.0270 2632

07:58:07.0270 2632 OS Version: 6.1.7600 ServicePack: 0.0

07:58:07.0270 2632 Product type: Workstation

07:58:07.0271 2632 ComputerName: ISABEL-HP

07:58:07.0271 2632 UserName: Isabel

07:58:07.0271 2632 Windows directory: C:\Windows

07:58:07.0271 2632 System windows directory: C:\Windows

07:58:07.0271 2632 Running under WOW64

07:58:07.0271 2632 Processor architecture: Intel x64

07:58:07.0271 2632 Number of processors: 4

07:58:07.0271 2632 Page size: 0x1000

07:58:07.0271 2632 Boot type: Safe boot with network

07:58:07.0271 2632 ============================================================

07:58:08.0629 2632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:58:08.0633 2632 ============================================================

07:58:08.0633 2632 \Device\Harddisk0\DR0:

07:58:08.0645 2632 MBR partitions:

07:58:08.0645 2632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

07:58:08.0645 2632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385CF000

07:58:08.0645 2632 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38633000, BlocksNum 0x1D1F000

07:58:08.0645 2632 ============================================================

07:58:08.0668 2632 C: <-> \Device\Harddisk0\DR0\Partition2

07:58:08.0706 2632 D: <-> \Device\Harddisk0\DR0\Partition3

07:58:08.0706 2632 ============================================================

07:58:08.0706 2632 Initialize success

07:58:08.0707 2632 ============================================================

07:58:18.0534 3856 Deinitialize success

Link to post
Share on other sites

2nd log - TDSSKiller

08:05:15.0664 1424 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

08:05:17.0255 1424 ============================================================

08:05:17.0255 1424 Current date / time: 2012/11/03 08:05:17.0255

08:05:17.0255 1424 SystemInfo:

08:05:17.0255 1424

08:05:17.0255 1424 OS Version: 6.1.7600 ServicePack: 0.0

08:05:17.0255 1424 Product type: Workstation

08:05:17.0255 1424 ComputerName: ISABEL-HP

08:05:17.0255 1424 UserName: Isabel

08:05:17.0255 1424 Windows directory: C:\Windows

08:05:17.0255 1424 System windows directory: C:\Windows

08:05:17.0255 1424 Running under WOW64

08:05:17.0255 1424 Processor architecture: Intel x64

08:05:17.0255 1424 Number of processors: 4

08:05:17.0255 1424 Page size: 0x1000

08:05:17.0255 1424 Boot type: Safe boot with network

08:05:17.0255 1424 ============================================================

08:05:19.0127 1424 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:05:19.0127 1424 ============================================================

08:05:19.0127 1424 \Device\Harddisk0\DR0:

08:05:19.0143 1424 MBR partitions:

08:05:19.0143 1424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

08:05:19.0143 1424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385CF000

08:05:19.0143 1424 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38633000, BlocksNum 0x1D1F000

08:05:19.0143 1424 ============================================================

08:05:19.0189 1424 C: <-> \Device\Harddisk0\DR0\Partition2

08:05:19.0236 1424 D: <-> \Device\Harddisk0\DR0\Partition3

08:05:19.0236 1424 ============================================================

08:05:19.0236 1424 Initialize success

08:05:19.0236 1424 ============================================================

08:05:38.0658 1476 Deinitialize success

Link to post
Share on other sites

First half of the 3rd log - TDSSKiller

08:08:03.0638 1040 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

08:08:04.0433 1040 ============================================================

08:08:04.0433 1040 Current date / time: 2012/11/03 08:08:04.0433

08:08:04.0433 1040 SystemInfo:

08:08:04.0433 1040

08:08:04.0433 1040 OS Version: 6.1.7600 ServicePack: 0.0

08:08:04.0433 1040 Product type: Workstation

08:08:04.0433 1040 ComputerName: ISABEL-HP

08:08:04.0433 1040 UserName: Isabel

08:08:04.0433 1040 Windows directory: C:\Windows

08:08:04.0433 1040 System windows directory: C:\Windows

08:08:04.0433 1040 Running under WOW64

08:08:04.0433 1040 Processor architecture: Intel x64

08:08:04.0433 1040 Number of processors: 4

08:08:04.0433 1040 Page size: 0x1000

08:08:04.0433 1040 Boot type: Safe boot with network

08:08:04.0433 1040 ============================================================

08:08:04.0854 1040 BG loaded

08:08:05.0447 1040 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:08:05.0447 1040 ============================================================

08:08:05.0447 1040 \Device\Harddisk0\DR0:

08:08:05.0447 1040 MBR partitions:

08:08:05.0447 1040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

08:08:05.0447 1040 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385CF000

08:08:05.0447 1040 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38633000, BlocksNum 0x1D1F000

08:08:05.0447 1040 ============================================================

08:08:05.0463 1040 C: <-> \Device\Harddisk0\DR0\Partition2

08:08:05.0510 1040 D: <-> \Device\Harddisk0\DR0\Partition3

08:08:05.0510 1040 ============================================================

08:08:05.0510 1040 Initialize success

08:08:05.0510 1040 ============================================================

08:08:21.0250 1444 ============================================================

08:08:21.0250 1444 Scan started

08:08:21.0250 1444 Mode: Manual; SigCheck; TDLFS;

08:08:21.0250 1444 ============================================================

08:08:22.0139 1444 ================ Scan system memory ========================

08:08:22.0139 1444 System memory - ok

08:08:22.0139 1444 ================ Scan services =============================

08:08:22.0327 1444 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

08:09:05.0242 1444 1394ohci - ok

08:09:05.0414 1444 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

08:09:05.0445 1444 ACPI - ok

08:09:05.0523 1444 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

08:09:05.0835 1444 AcpiPmi - ok

08:09:07.0707 1444 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:09:07.0738 1444 AdobeFlashPlayerUpdateSvc - ok

08:09:07.0972 1444 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

08:09:08.0035 1444 adp94xx - ok

08:09:08.0128 1444 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

08:09:08.0175 1444 adpahci - ok

08:09:08.0315 1444 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

08:09:08.0347 1444 adpu320 - ok

08:09:08.0440 1444 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

08:09:09.0532 1444 AeLookupSvc - ok

08:09:09.0766 1444 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys

08:09:09.0875 1444 AFD - ok

08:09:09.0922 1444 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

08:09:09.0985 1444 agp440 - ok

08:09:10.0078 1444 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

08:09:10.0484 1444 ALG - ok

08:09:10.0609 1444 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

08:09:10.0655 1444 aliide - ok

08:09:10.0702 1444 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys

08:09:10.0718 1444 amdide - ok

08:09:10.0796 1444 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

08:09:10.0889 1444 AmdK8 - ok

08:09:11.0014 1444 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

08:09:11.0108 1444 AmdPPM - ok

08:09:11.0201 1444 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys

08:09:11.0248 1444 amdsata - ok

08:09:11.0357 1444 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

08:09:11.0389 1444 amdsbs - ok

08:09:11.0435 1444 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys

08:09:11.0467 1444 amdxata - ok

08:09:11.0591 1444 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys

08:09:12.0449 1444 AppID - ok

08:09:12.0543 1444 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

08:09:12.0668 1444 AppIDSvc - ok

08:09:12.0808 1444 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll

08:09:12.0917 1444 Appinfo - ok

08:09:13.0323 1444 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:09:13.0417 1444 Apple Mobile Device - ok

08:09:13.0604 1444 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

08:09:13.0619 1444 arc - ok

08:09:13.0697 1444 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

08:09:13.0729 1444 arcsas - ok

08:09:13.0791 1444 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

08:09:13.0869 1444 AsyncMac - ok

08:09:14.0072 1444 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys

08:09:14.0087 1444 atapi - ok

08:09:14.0431 1444 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

08:09:14.0696 1444 AudioEndpointBuilder - ok

08:09:14.0743 1444 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll

08:09:14.0789 1444 AudioSrv - ok

08:09:15.0788 1444 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

08:09:16.0100 1444 AVGIDSAgent - ok

08:09:16.0240 1444 [ E6671E90D38C88764412E07C9D9B3D63 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

08:09:16.0755 1444 AVGIDSDriver - ok

08:09:16.0817 1444 [ 1553B388E0F0462C25AD8F30C3C29E83 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

08:09:16.0833 1444 AVGIDSEH - ok

08:09:16.0849 1444 [ DCA426A66739E75F51A72160DFB945AD ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

08:09:16.0849 1444 AVGIDSFilter - ok

08:09:16.0895 1444 [ FF7383388A7D2283DAE5831ABC2B0720 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys

08:09:16.0911 1444 Avgldx64 - ok

08:09:16.0958 1444 [ 997D002827D3E3DCBBB25BF46DB161AB ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys

08:09:16.0958 1444 Avgmfx64 - ok

08:09:17.0067 1444 [ BCCFE3374C887075CDE2AC8FDB1CB2F8 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys

08:09:17.0083 1444 Avgrkx64 - ok

08:09:17.0192 1444 [ 0D49ADCEBE243B79366EA523B647519A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys

08:09:17.0207 1444 Avgtdia - ok

08:09:17.0363 1444 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

08:09:17.0410 1444 avgwd - ok

08:09:17.0535 1444 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

08:09:17.0941 1444 AxInstSV - ok

08:09:18.0175 1444 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

08:09:18.0455 1444 b06bdrv - ok

08:09:18.0783 1444 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

08:09:18.0861 1444 b57nd60a - ok

08:09:19.0157 1444 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

08:09:19.0220 1444 BBSvc - ok

08:09:19.0376 1444 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

08:09:19.0391 1444 BBUpdate - ok

08:09:20.0281 1444 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

08:09:20.0343 1444 BCM43XX - ok

08:09:20.0717 1444 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

08:09:21.0045 1444 BDESVC - ok

08:09:21.0123 1444 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

08:09:21.0232 1444 Beep - ok

08:09:21.0497 1444 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll

08:09:21.0607 1444 BFE - ok

08:09:21.0841 1444 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll

08:09:22.0059 1444 BITS - ok

08:09:22.0153 1444 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

08:09:22.0184 1444 blbdrive - ok

08:09:22.0309 1444 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

08:09:22.0324 1444 Bonjour Service - ok

08:09:22.0480 1444 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

08:09:22.0543 1444 bowser - ok

08:09:22.0605 1444 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:09:22.0714 1444 BrFiltLo - ok

08:09:22.0777 1444 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:09:22.0808 1444 BrFiltUp - ok

08:09:22.0979 1444 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll

08:09:23.0089 1444 Browser - ok

08:09:23.0182 1444 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

08:09:23.0401 1444 Brserid - ok

08:09:23.0432 1444 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

08:09:23.0479 1444 BrSerWdm - ok

08:09:23.0588 1444 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

08:09:23.0666 1444 BrUsbMdm - ok

08:09:23.0728 1444 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

08:09:23.0837 1444 BrUsbSer - ok

08:09:24.0040 1444 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

08:09:24.0274 1444 BthEnum - ok

08:09:24.0399 1444 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

08:09:24.0914 1444 BTHMODEM - ok

08:09:25.0023 1444 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

08:09:25.0070 1444 BthPan - ok

08:09:25.0351 1444 [ E10D1912634974EA273A1588C75CCB76 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

08:09:25.0475 1444 BTHPORT - ok

08:09:25.0600 1444 [ FBEBE2A6469EFB281EA143530A553F38 ] BTHprint C:\Windows\system32\DRIVERS\bthprint.sys

08:09:25.0694 1444 BTHprint - ok

08:09:25.0881 1444 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

08:09:26.0006 1444 bthserv - ok

08:09:26.0053 1444 [ 19B784B6ECBB3ADBB2242700FEE90BEC ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

08:09:26.0115 1444 BTHUSB - ok

08:09:26.0318 1444 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys

08:09:26.0645 1444 btwampfl - ok

08:09:26.0692 1444 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

08:09:26.0739 1444 btwaudio - ok

08:09:26.0864 1444 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\Windows\system32\drivers\btwavdt.sys

08:09:26.0942 1444 btwavdt - ok

08:09:27.0394 1444 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

08:09:27.0535 1444 btwdins - ok

08:09:27.0581 1444 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

08:09:27.0613 1444 btwl2cap - ok

08:09:27.0628 1444 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

08:09:27.0644 1444 btwrchid - ok

08:09:27.0759 1444 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

08:09:27.0869 1444 cdfs - ok

08:09:28.0009 1444 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

08:09:28.0049 1444 cdrom - ok

08:09:28.0179 1444 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll

08:09:28.0649 1444 CertPropSvc - ok

08:09:28.0779 1444 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

08:09:28.0829 1444 circlass - ok

08:09:28.0949 1444 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

08:09:28.0989 1444 CLFS - ok

08:09:29.0219 1444 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:09:29.0299 1444 clr_optimization_v2.0.50727_32 - ok

08:09:29.0379 1444 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:09:29.0389 1444 clr_optimization_v2.0.50727_64 - ok

08:09:29.0599 1444 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:09:29.0639 1444 clr_optimization_v4.0.30319_32 - ok

08:09:29.0669 1444 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:09:29.0689 1444 clr_optimization_v4.0.30319_64 - ok

08:09:29.0799 1444 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

08:09:29.0809 1444 clwvd - ok

08:09:29.0889 1444 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

08:09:29.0949 1444 CmBatt - ok

08:09:29.0969 1444 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

08:09:29.0979 1444 cmdide - ok

08:09:30.0029 1444 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys

08:09:30.0059 1444 CNG - ok

08:09:30.0169 1444 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

08:09:30.0199 1444 Compbatt - ok

08:09:30.0299 1444 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

08:09:30.0329 1444 CompositeBus - ok

08:09:30.0349 1444 COMSysApp - ok

08:09:30.0389 1444 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

08:09:30.0419 1444 crcdisk - ok

08:09:30.0619 1444 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll

08:09:30.0754 1444 CryptSvc - ok

08:09:30.0897 1444 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

08:09:30.0929 1444 cvhsvc - ok

08:09:31.0042 1444 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll

08:09:31.0127 1444 DcomLaunch - ok

08:09:31.0197 1444 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

08:09:31.0279 1444 defragsvc - ok

08:09:31.0344 1444 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

08:09:31.0409 1444 DfsC - ok

08:09:31.0587 1444 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll

08:09:31.0752 1444 Dhcp - ok

08:09:31.0800 1444 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

08:09:31.0890 1444 discache - ok

08:09:31.0961 1444 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

08:09:31.0975 1444 Disk - ok

08:09:32.0053 1444 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll

08:09:32.0082 1444 Dnscache - ok

08:09:32.0335 1444 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll

08:09:32.0413 1444 dot3svc - ok

08:09:32.0459 1444 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll

08:09:32.0548 1444 DPS - ok

08:09:32.0636 1444 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

08:09:32.0650 1444 drmkaud - ok

08:09:32.0873 1444 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

08:09:32.0927 1444 DXGKrnl - ok

08:09:33.0018 1444 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

08:09:33.0087 1444 EapHost - ok

08:09:33.0396 1444 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

08:09:33.0594 1444 ebdrv - ok

08:09:33.0650 1444 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe

08:09:33.0723 1444 EFS - ok

08:09:34.0017 1444 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe

08:09:34.0340 1444 ehRecvr - ok

08:09:34.0470 1444 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

08:09:34.0992 1444 ehSched - ok

08:09:35.0268 1444 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

08:09:35.0575 1444 elxstor - ok

08:09:35.0669 1444 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

08:09:35.0741 1444 ErrDev - ok

08:09:35.0867 1444 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

08:09:35.0929 1444 EventSystem - ok

08:09:35.0954 1444 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

08:09:36.0053 1444 exfat - ok

08:09:36.0126 1444 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

08:09:36.0191 1444 fastfat - ok

08:09:36.0667 1444 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe

08:09:36.0734 1444 Fax - ok

08:09:36.0812 1444 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

08:09:36.0860 1444 fdc - ok

08:09:36.0919 1444 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

08:09:36.0970 1444 fdPHost - ok

08:09:37.0049 1444 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

08:09:37.0133 1444 FDResPub - ok

08:09:37.0192 1444 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

08:09:37.0221 1444 FileInfo - ok

08:09:37.0251 1444 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

08:09:37.0323 1444 Filetrace - ok

08:09:37.0372 1444 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

08:09:37.0397 1444 flpydisk - ok

08:09:37.0490 1444 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

08:09:37.0504 1444 FltMgr - ok

08:09:37.0715 1444 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll

08:09:37.0803 1444 FontCache - ok

08:09:37.0971 1444 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:09:38.0071 1444 FontCache3.0.0.0 - ok

08:09:38.0107 1444 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

08:09:38.0118 1444 FsDepends - ok

08:09:38.0397 1444 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

08:09:38.0411 1444 Fs_Rec - ok

08:09:38.0652 1444 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

08:09:38.0672 1444 fvevol - ok

08:09:38.0722 1444 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

08:09:38.0736 1444 gagp30kx - ok

08:09:38.0896 1444 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

08:09:38.0912 1444 GameConsoleService - ok

08:09:38.0968 1444 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:09:38.0977 1444 GEARAspiWDM - ok

08:09:39.0487 1444 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll

08:09:39.0534 1444 gpsvc - ok

08:09:39.0733 1444 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:09:39.0784 1444 gupdate - ok

08:09:39.0876 1444 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:09:39.0887 1444 gupdatem - ok

08:09:39.0993 1444 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

08:09:40.0007 1444 gusvc - ok

08:09:40.0067 1444 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

08:09:40.0176 1444 hcw85cir - ok

08:09:40.0353 1444 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

08:09:40.0417 1444 HdAudAddService - ok

08:09:40.0491 1444 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

08:09:40.0532 1444 HDAudBus - ok

08:09:40.0571 1444 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

08:09:40.0581 1444 HECIx64 - ok

08:09:40.0603 1444 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

08:09:40.0663 1444 HidBatt - ok

08:09:40.0720 1444 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

08:09:40.0766 1444 HidBth - ok

08:09:40.0793 1444 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

08:09:40.0836 1444 HidIr - ok

08:09:40.0899 1444 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

08:09:40.0976 1444 hidserv - ok

08:09:41.0077 1444 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

08:09:41.0130 1444 HidUsb - ok

08:09:41.0175 1444 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

08:09:41.0256 1444 hkmsvc - ok

08:09:41.0339 1444 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

08:09:41.0414 1444 HomeGroupListener - ok

08:09:41.0496 1444 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

08:09:41.0524 1444 HomeGroupProvider - ok

08:09:41.0733 1444 [ 7A24AD37416B91E4B5E5B46BD25C075F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

08:09:41.0745 1444 HP Health Check Service - ok

08:09:41.0972 1444 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

08:09:42.0008 1444 HP Wireless Assistant Service - ok

08:09:42.0137 1444 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

08:09:42.0366 1444 HPClientSvc - ok

08:09:42.0565 1444 [ 2A047E7E0F1018E3134A4065636F2025 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

08:09:42.0576 1444 HPDrvMntSvc.exe - ok

08:09:42.0669 1444 [ 59CB6A1CA093EDC2881598A45518857D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

08:09:42.0697 1444 hpqwmiex - ok

08:09:42.0791 1444 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

08:09:42.0825 1444 HpSAMD - ok

08:09:42.0943 1444 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

08:09:42.0970 1444 HPWMISVC - ok

08:09:43.0141 1444 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

08:09:43.0218 1444 HTTP - ok

08:09:43.0260 1444 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

08:09:43.0294 1444 hwpolicy - ok

08:09:43.0412 1444 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

08:09:43.0424 1444 i8042prt - ok

08:09:43.0642 1444 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

08:09:43.0654 1444 iaStor - ok

08:09:43.0807 1444 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

08:09:43.0817 1444 IAStorDataMgrSvc - ok

08:09:43.0875 1444 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

08:09:43.0898 1444 iaStorV - ok

08:09:43.0977 1444 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:09:44.0010 1444 idsvc - ok

08:09:45.0082 1444 [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

08:09:45.0496 1444 igfx - ok

08:09:45.0563 1444 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

08:09:45.0586 1444 iirsp - ok

08:09:45.0630 1444 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll

08:09:45.0711 1444 IKEEXT - ok

08:09:45.0732 1444 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys

08:09:45.0772 1444 Impcd - ok

08:09:45.0994 1444 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

08:09:46.0094 1444 IntcDAud - ok

08:09:46.0154 1444 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys

08:09:46.0593 1444 intelide - ok

08:09:46.0705 1444 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

08:09:46.0763 1444 intelppm - ok

08:09:46.0826 1444 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

08:09:46.0892 1444 IPBusEnum - ok

08:09:46.0918 1444 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:09:47.0020 1444 IpFilterDriver - ok

08:09:47.0049 1444 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

08:09:47.0132 1444 iphlpsvc - ok

08:09:47.0184 1444 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

08:09:47.0213 1444 IPMIDRV - ok

08:09:47.0231 1444 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

08:09:47.0324 1444 IPNAT - ok

08:09:47.0601 1444 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

08:09:47.0636 1444 iPod Service - ok

08:09:47.0741 1444 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

08:09:47.0775 1444 IRENUM - ok

08:09:47.0798 1444 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

08:09:47.0825 1444 isapnp - ok

08:09:47.0900 1444 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

08:09:47.0919 1444 iScsiPrt - ok

08:09:47.0946 1444 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

08:09:47.0959 1444 kbdclass - ok

08:09:47.0978 1444 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

08:09:48.0039 1444 kbdhid - ok

08:09:48.0084 1444 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe

08:09:48.0096 1444 KeyIso - ok

08:09:48.0127 1444 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

08:09:48.0172 1444 KSecDD - ok

08:09:48.0458 1444 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

08:09:48.0476 1444 KSecPkg - ok

08:09:48.0922 1444 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

08:09:49.0230 1444 ksthunk - ok

08:09:49.0316 1444 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

08:09:49.0393 1444 KtmRm - ok

08:09:49.0480 1444 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll

08:09:49.0520 1444 LanmanServer - ok

08:09:49.0587 1444 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

08:09:49.0670 1444 LanmanWorkstation - ok

08:09:49.0837 1444 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

08:09:49.0842 1444 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

08:09:49.0842 1444 LightScribeService - detected UnsignedFile.Multi.Generic (1)

08:09:49.0934 1444 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

08:09:50.0003 1444 lltdio - ok

08:09:50.0029 1444 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

08:09:50.0072 1444 lltdsvc - ok

08:09:50.0127 1444 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

08:09:50.0175 1444 lmhosts - ok

08:09:50.0777 1444 [ 0405F4BCD1C7A7B309F620FE0B5DE5E6 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

08:09:50.0811 1444 LMS - ok

08:09:50.0868 1444 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

08:09:50.0883 1444 LSI_FC - ok

08:09:50.0915 1444 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

08:09:50.0937 1444 LSI_SAS - ok

08:09:51.0013 1444 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:09:51.0049 1444 LSI_SAS2 - ok

08:09:51.0119 1444 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:09:51.0135 1444 LSI_SCSI - ok

08:09:51.0184 1444 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

08:09:51.0248 1444 luafv - ok

08:09:51.0320 1444 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

08:09:51.0352 1444 Mcx2Svc - ok

08:09:51.0402 1444 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

08:09:51.0424 1444 megasas - ok

08:09:51.0490 1444 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

08:09:51.0509 1444 MegaSR - ok

08:09:51.0531 1444 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

08:09:51.0593 1444 MMCSS - ok

08:09:51.0635 1444 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

08:09:51.0737 1444 Modem - ok

08:09:51.0759 1444 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

08:09:51.0790 1444 monitor - ok

08:09:51.0835 1444 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

08:09:51.0848 1444 mouclass - ok

08:09:51.0906 1444 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

08:09:51.0937 1444 mouhid - ok

08:09:51.0964 1444 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

08:09:51.0979 1444 mountmgr - ok

08:09:52.0007 1444 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys

08:09:52.0023 1444 mpio - ok

08:09:52.0040 1444 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

08:09:52.0088 1444 mpsdrv - ok

08:09:52.0349 1444 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll

08:09:52.0568 1444 MpsSvc - ok

08:09:52.0661 1444 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

08:09:52.0713 1444 MRxDAV - ok

08:09:52.0771 1444 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

08:09:52.0826 1444 mrxsmb - ok

08:09:52.0981 1444 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:09:53.0010 1444 mrxsmb10 - ok

08:09:53.0067 1444 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:09:53.0116 1444 mrxsmb20 - ok

08:09:53.0145 1444 [ 2BA4FF3D5EB68587DD662A896F649C7D ] msahci C:\Windows\system32\DRIVERS\msahci.sys

08:09:53.0159 1444 msahci - ok

08:09:53.0198 1444 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

08:09:53.0212 1444 msdsm - ok

08:09:53.0225 1444 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

08:09:53.0242 1444 MSDTC - ok

08:09:53.0281 1444 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

08:09:53.0333 1444 Msfs - ok

08:09:53.0355 1444 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

08:09:53.0422 1444 mshidkmdf - ok

08:09:53.0442 1444 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

08:09:53.0455 1444 msisadrv - ok

08:09:53.0586 1444 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

08:09:53.0654 1444 MSiSCSI - ok

08:09:53.0658 1444 msiserver - ok

08:09:53.0706 1444 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

08:09:53.0779 1444 MSKSSRV - ok

08:09:53.0794 1444 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

08:09:53.0865 1444 MSPCLOCK - ok

08:09:53.0901 1444 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

08:09:54.0022 1444 MSPQM - ok

08:09:54.0064 1444 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

08:09:54.0086 1444 MsRPC - ok

08:09:54.0111 1444 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

08:09:54.0123 1444 mssmbios - ok

08:09:54.0600 1444 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

08:09:54.0896 1444 MSTEE - ok

08:09:55.0098 1444 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

08:09:55.0304 1444 MTConfig - ok

08:09:55.0376 1444 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

08:09:55.0390 1444 Mup - ok

08:09:55.0465 1444 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll

08:09:55.0546 1444 napagent - ok

08:09:55.0664 1444 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

08:09:55.0729 1444 NativeWifiP - ok

08:09:55.0759 1444 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys

08:09:55.0796 1444 NDIS - ok

08:09:55.0852 1444 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

08:09:55.0905 1444 NdisCap - ok

08:09:55.0961 1444 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

08:09:56.0004 1444 NdisTapi - ok

08:09:56.0054 1444 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

08:09:56.0139 1444 Ndisuio - ok

08:09:56.0190 1444 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

08:09:56.0242 1444 NdisWan - ok

08:09:56.0279 1444 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

08:09:56.0358 1444 NDProxy - ok

08:09:56.0424 1444 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

08:09:56.0490 1444 NetBIOS - ok

08:09:56.0521 1444 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

08:09:56.0588 1444 NetBT - ok

08:09:56.0628 1444 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe

08:09:56.0641 1444 Netlogon - ok

08:09:56.0786 1444 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

08:09:56.0861 1444 Netman - ok

08:09:57.0041 1444 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

08:09:57.0115 1444 netprofm - ok

08:09:57.0175 1444 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:09:57.0186 1444 NetTcpPortSharing - ok

08:09:57.0663 1444 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

08:09:57.0868 1444 netw5v64 - ok

08:09:57.0909 1444 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

08:09:57.0944 1444 nfrd960 - ok

08:09:58.0113 1444 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

08:09:58.0191 1444 NlaSvc - ok

08:09:58.0221 1444 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

08:09:58.0279 1444 Npfs - ok

08:09:58.0354 1444 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

08:09:58.0429 1444 nsi - ok

08:09:58.0490 1444 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

08:09:58.0560 1444 nsiproxy - ok

08:09:58.0626 1444 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

08:09:58.0680 1444 Ntfs - ok

08:09:58.0698 1444 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

08:09:58.0759 1444 Null - ok

08:09:58.0820 1444 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys

08:09:58.0837 1444 nvraid - ok

08:09:58.0937 1444 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys

08:09:58.0972 1444 nvstor - ok

08:09:59.0005 1444 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

08:09:59.0033 1444 nv_agp - ok

08:09:59.0098 1444 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

08:09:59.0123 1444 ohci1394 - ok

08:09:59.0227 1444 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:09:59.0240 1444 ose - ok

08:09:59.0393 1444 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

08:09:59.0628 1444 osppsvc - ok

08:09:59.0654 1444 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

08:09:59.0938 1444 p2pimsvc - ok

08:10:00.0043 1444 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

08:10:00.0599 1444 p2psvc - ok

08:10:00.0792 1444 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

08:10:00.0808 1444 Parport - ok

08:10:00.0859 1444 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys

08:10:00.0873 1444 partmgr - ok

08:10:00.0911 1444 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

08:10:00.0951 1444 PcaSvc - ok

08:10:00.0968 1444 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

08:10:00.0985 1444 pci - ok

08:10:01.0002 1444 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

08:10:01.0014 1444 pciide - ok

08:10:01.0044 1444 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

08:10:01.0062 1444 pcmcia - ok

08:10:01.0145 1444 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

08:10:01.0182 1444 pcw - ok

08:10:01.0299 1444 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

08:10:01.0373 1444 PEAUTH - ok

08:10:01.0465 1444 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

08:10:01.0525 1444 PerfHost - ok

08:10:01.0622 1444 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

08:10:01.0712 1444 pla - ok

08:10:01.0769 1444 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

08:10:01.0820 1444 PlugPlay - ok

08:10:01.0868 1444 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

08:10:01.0896 1444 PNRPAutoReg - ok

08:10:01.0919 1444 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

08:10:01.0936 1444 PNRPsvc - ok

08:10:02.0101 1444 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

08:10:02.0147 1444 PolicyAgent - ok

08:10:02.0232 1444 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

08:10:02.0307 1444 Power - ok

08:10:02.0907 1444 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

08:10:03.0217 1444 PptpMiniport - ok

08:10:03.0259 1444 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

08:10:03.0310 1444 Processor - ok

08:10:03.0356 1444 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll

08:10:03.0423 1444 ProfSvc - ok

08:10:03.0462 1444 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe

08:10:03.0474 1444 ProtectedStorage - ok

08:10:03.0546 1444 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

08:10:03.0594 1444 Psched - ok

08:10:03.0690 1444 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

08:10:03.0740 1444 ql2300 - ok

08:10:03.0838 1444 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

08:10:03.0853 1444 ql40xx - ok

08:10:03.0881 1444 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

08:10:03.0946 1444 QWAVE - ok

08:10:03.0974 1444 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

08:10:04.0009 1444 QWAVEdrv - ok

08:10:04.0033 1444 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

08:10:04.0098 1444 RasAcd - ok

08:10:04.0439 1444 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

08:10:04.0490 1444 RasAgileVpn - ok

08:10:04.0866 1444 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

08:10:05.0145 1444 RasAuto - ok

08:10:05.0202 1444 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

08:10:05.0288 1444 Rasl2tp - ok

08:10:05.0313 1444 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

08:10:05.0386 1444 RasMan - ok

08:10:05.0423 1444 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

08:10:05.0488 1444 RasPppoe - ok

08:10:05.0521 1444 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

08:10:05.0588 1444 RasSstp - ok

08:10:05.0611 1444 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

08:10:05.0676 1444 rdbss - ok

08:10:05.0699 1444 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

08:10:05.0732 1444 rdpbus - ok

08:10:05.0759 1444 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

08:10:05.0804 1444 RDPCDD - ok

08:10:05.0847 1444 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

08:10:05.0910 1444 RDPENCDD - ok

08:10:05.0943 1444 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

08:10:05.0996 1444 RDPREFMP - ok

08:10:06.0028 1444 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

08:10:06.0074 1444 RDPWD - ok

08:10:06.0094 1444 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

08:10:06.0114 1444 rdyboost - ok

08:10:06.0401 1444 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

08:10:06.0534 1444 RemoteAccess - ok

08:10:06.0848 1444 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

08:10:07.0070 1444 RemoteRegistry - ok

08:10:07.0191 1444 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

08:10:07.0228 1444 RFCOMM - ok

08:10:07.0289 1444 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

08:10:07.0307 1444 RoxioNow Service - ok

08:10:07.0391 1444 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

08:10:07.0448 1444 RpcEptMapper - ok

08:10:07.0478 1444 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

08:10:07.0504 1444 RpcLocator - ok

08:10:07.0544 1444 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll

08:10:07.0601 1444 RpcSs - ok

08:10:07.0670 1444 [ CA327A84085F68200452E6761F943298 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys

08:10:07.0690 1444 RSPCIESTOR - ok

08:10:07.0723 1444 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

08:10:07.0776 1444 rspndr - ok

08:10:07.0838 1444 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

08:10:07.0854 1444 RTL8167 - ok

08:10:07.0862 1444 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe

08:10:07.0875 1444 SamSs - ok

08:10:07.0890 1444 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

08:10:07.0904 1444 sbp2port - ok

08:10:07.0959 1444 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

08:10:08.0013 1444 SCardSvr - ok

08:10:08.0039 1444 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

08:10:08.0114 1444 scfilter - ok

08:10:08.0727 1444 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll

08:10:08.0806 1444 Schedule - ok

08:10:08.0839 1444 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

08:10:08.0889 1444 SCPolicySvc - ok

08:10:08.0939 1444 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

08:10:08.0958 1444 sdbus - ok

08:10:08.0989 1444 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

08:10:09.0027 1444 SDRSVC - ok

08:10:09.0066 1444 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

08:10:09.0123 1444 secdrv - ok

08:10:09.0156 1444 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

08:10:09.0242 1444 seclogon - ok

08:10:09.0268 1444 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

08:10:09.0337 1444 SENS - ok

08:10:09.0400 1444 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

08:10:09.0448 1444 SensrSvc - ok

08:10:09.0479 1444 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

08:10:09.0512 1444 Serenum - ok

08:10:09.0535 1444 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

08:10:09.0549 1444 Serial - ok

08:10:09.0624 1444 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

08:10:09.0680 1444 sermouse - ok

08:10:09.0740 1444 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

08:10:09.0807 1444 SessionEnv - ok

08:10:09.0839 1444 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

08:10:09.0941 1444 sffdisk - ok

08:10:10.0017 1444 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

08:10:10.0043 1444 sffp_mmc - ok

08:10:10.0066 1444 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

08:10:10.0090 1444 sffp_sd - ok

08:10:10.0111 1444 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

08:10:10.0174 1444 sfloppy - ok

08:10:10.0452 1444 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

08:10:10.0482 1444 Sftfs - ok

08:10:10.0562 1444 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

08:10:10.0597 1444 sftlist - ok

08:10:10.0626 1444 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

08:10:10.0642 1444 Sftplay - ok

08:10:10.0690 1444 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

08:10:10.0701 1444 Sftredir - ok

08:10:10.0755 1444 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

08:10:10.0765 1444 Sftvol - ok

08:10:10.0815 1444 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

08:10:10.0829 1444 sftvsa - ok

08:10:10.0845 1444 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

08:10:10.0901 1444 SharedAccess - ok

08:10:10.0956 1444 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

08:10:11.0011 1444 ShellHWDetection - ok

08:10:11.0089 1444 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:10:11.0104 1444 SiSRaid2 - ok

08:10:11.0146 1444 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

08:10:11.0159 1444 SiSRaid4 - ok

08:10:11.0289 1444 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

08:10:11.0302 1444 SkypeUpdate - ok

08:10:11.0338 1444 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

08:10:11.0406 1444 Smb - ok

08:10:11.0454 1444 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

08:10:11.0470 1444 SNMPTRAP - ok

08:10:11.0518 1444 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

08:10:11.0556 1444 spldr - ok

08:10:11.0630 1444 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe

08:10:11.0688 1444 Spooler - ok

08:10:11.0781 1444 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

08:10:11.0867 1444 sppsvc - ok

08:10:11.0886 1444 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

08:10:11.0952 1444 sppuinotify - ok

08:10:11.0992 1444 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys

08:10:12.0028 1444 srv - ok

08:10:12.0050 1444 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

08:10:12.0083 1444 srv2 - ok

08:10:12.0210 1444 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

08:10:12.0435 1444 SrvHsfHDA - ok

08:10:13.0006 1444 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

08:10:13.0363 1444 SrvHsfV92 - ok

08:10:13.0604 1444 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

08:10:13.0645 1444 SrvHsfWinac - ok

08:10:13.0718 1444 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

08:10:13.0765 1444 srvnet - ok

08:10:13.0966 1444 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

08:10:14.0042 1444 SSDPSRV - ok

08:10:14.0063 1444 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

08:10:14.0138 1444 SstpSvc - ok

08:10:14.0874 1444 [ 7C49A5E1943AFDA4672D80726AF3BAE4 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

08:10:15.0034 1444 STacSV - ok

08:10:15.0125 1444 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

08:10:15.0156 1444 stexstor - ok

08:10:15.0232 1444 [ 0AAD250A31A7EE96E0945AB9E1F3BAA7 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

08:10:15.0288 1444 STHDA - ok

08:10:15.0419 1444 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

08:10:15.0480 1444 stisvc - ok

08:10:15.0512 1444 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

08:10:15.0525 1444 swenum - ok

08:10:15.0666 1444 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

08:10:15.0686 1444 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

08:10:15.0686 1444 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

08:10:15.0744 1444 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

08:10:15.0803 1444 swprv - ok

08:10:15.0875 1444 [ 33E6A285DAA5134D8EA2247914C86C09 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

08:10:15.0913 1444 SynTP - ok

08:10:15.0970 1444 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

08:10:16.0059 1444 SysMain - ok

08:10:16.0086 1444 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

08:10:16.0123 1444 TabletInputService - ok

08:10:16.0262 1444 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

08:10:16.0397 1444 TapiSrv - ok

08:10:16.0895 1444 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

08:10:16.0984 1444 TBS - ok

08:10:17.0258 1444 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

08:10:17.0318 1444 Tcpip - ok

08:10:17.0391 1444 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

08:10:17.0444 1444 TCPIP6 - ok

08:10:17.0490 1444 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

08:10:17.0540 1444 tcpipreg - ok

08:10:17.0562 1444 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

08:10:17.0605 1444 TDPIPE - ok

08:10:17.0639 1444 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

08:10:17.0687 1444 TDTCP - ok

08:10:17.0715 1444 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

08:10:17.0769 1444 tdx - ok

08:10:17.0794 1444 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

08:10:17.0807 1444 TermDD - ok

08:10:17.0847 1444 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

08:10:17.0927 1444 TermService - ok

08:10:17.0945 1444 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

08:10:17.0978 1444 Themes - ok

08:10:17.0998 1444 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

08:10:18.0050 1444 THREADORDER - ok

08:10:18.0072 1444 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

08:10:18.0129 1444 TrkWks - ok

08:10:18.0925 1444 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

08:10:18.0979 1444 TrustedInstaller - ok

08:10:19.0028 1444 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

08:10:19.0106 1444 tssecsrv - ok

08:10:19.0163 1444 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

08:10:19.0219 1444 tunnel - ok

08:10:19.0255 1444 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

08:10:19.0268 1444 uagp35 - ok

08:10:19.0296 1444 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\Windows\system32\DRIVERS\udfs.sys

08:10:19.0345 1444 udfs - ok

08:10:19.0381 1444 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

08:10:19.0395 1444 UI0Detect - ok

08:10:19.0408 1444 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

08:10:19.0422 1444 uliagpkx - ok

08:10:19.0439 1444 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

08:10:19.0474 1444 umbus - ok

08:10:19.0554 1444 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

08:10:19.0598 1444 UmPass - ok

08:10:19.0708 1444 [ 6F895CA96552069B3D3EF5B4F6E90D3E ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

08:10:19.0775 1444 UNS - ok

08:10:19.0811 1444 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

08:10:19.0883 1444 upnphost - ok

08:10:19.0932 1444 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

08:10:19.0959 1444 USBAAPL64 - ok

08:10:19.0995 1444 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

08:10:20.0034 1444 usbccgp - ok

08:10:20.0081 1444 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

08:10:20.0117 1444 usbcir - ok

08:10:20.0336 1444 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys

08:10:20.0489 1444 usbehci - ok

08:10:20.0682 1444 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

08:10:20.0698 1444 usbhub - ok

08:10:20.0754 1444 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys

08:10:20.0766 1444 usbohci - ok

08:10:20.0833 1444 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

08:10:20.0852 1444 usbprint - ok

08:10:20.0897 1444 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:10:20.0985 1444 USBSTOR - ok

08:10:21.0064 1444 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

08:10:21.0097 1444 usbuhci - ok

08:10:21.0146 1444 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

08:10:21.0208 1444 usbvideo - ok

08:10:21.0252 1444 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

08:10:21.0328 1444 UxSms - ok

08:10:21.0351 1444 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe

08:10:21.0365 1444 VaultSvc - ok

08:10:21.0386 1444 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

08:10:21.0400 1444 vdrvroot - ok

08:10:21.0449 1444 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

08:10:21.0484 1444 vds - ok

08:10:21.0507 1444 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

08:10:21.0525 1444 vga - ok

08:10:21.0547 1444 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

08:10:21.0615 1444 VgaSave - ok

08:10:21.0655 1444 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

08:10:21.0673 1444 vhdmp - ok

08:10:21.0686 1444 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

08:10:21.0700 1444 viaide - ok

08:10:21.0727 1444 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

08:10:21.0741 1444 volmgr - ok

08:10:21.0762 1444 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

08:10:21.0783 1444 volmgrx - ok

08:10:21.0797 1444 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

08:10:21.0816 1444 volsnap - ok

08:10:21.0866 1444 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

08:10:21.0883 1444 vsmraid - ok

08:10:21.0936 1444 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

08:10:21.0980 1444 VSS - ok

08:10:22.0020 1444 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

08:10:22.0052 1444 vwifibus - ok

08:10:22.0100 1444 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

08:10:22.0136 1444 vwififlt - ok

08:10:22.0483 1444 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

08:10:22.0542 1444 W32Time - ok

08:10:22.0558 1444 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

08:10:22.0584 1444 WacomPen - ok

08:10:22.0628 1444 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

08:10:22.0699 1444 WANARP - ok

08:10:22.0703 1444 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

08:10:22.0754 1444 Wanarpv6 - ok

08:10:22.0807 1444 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

08:10:22.0850 1444 WatAdminSvc - ok

08:10:22.0908 1444 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

08:10:22.0974 1444 wbengine - ok

08:10:22.0998 1444 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

08:10:23.0023 1444 WbioSrvc - ok

08:10:23.0058 1444 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll

08:10:23.0116 1444 wcncsvc - ok

08:10:23.0132 1444 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

08:10:23.0187 1444 WcsPlugInService - ok

08:10:23.0221 1444 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

08:10:23.0235 1444 Wd - ok

08:10:23.0266 1444 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

08:10:23.0294 1444 Wdf01000 - ok

08:10:23.0340 1444 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

08:10:23.0378 1444 WdiServiceHost - ok

08:10:23.0381 1444 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

08:10:23.0406 1444 WdiSystemHost - ok

08:10:23.0437 1444 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll

08:10:23.0486 1444 WebClient - ok

08:10:23.0520 1444 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

08:10:23.0593 1444 Wecsvc - ok

08:10:23.0621 1444 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

08:10:23.0696 1444 wercplsupport - ok

08:10:23.0743 1444 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

08:10:23.0815 1444 WerSvc - ok

08:10:23.0839 1444 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

08:10:23.0887 1444 WfpLwf - ok

08:10:23.0905 1444 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

08:10:23.0917 1444 WIMMount - ok

08:10:23.0929 1444 WinDefend - ok

08:10:23.0952 1444 WinHttpAutoProxySvc - ok

08:10:23.0995 1444 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

08:10:24.0060 1444 Winmgmt - ok

08:10:24.0337 1444 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

08:10:24.0573 1444 WinRM - ok

08:10:25.0034 1444 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

08:10:25.0203 1444 WinUsb - ok

08:10:25.0443 1444 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

08:10:25.0505 1444 Wlansvc - ok

08:10:25.0566 1444 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

08:10:25.0577 1444 wlcrasvc - ok

08:10:25.0691 1444 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:10:25.0756 1444 wlidsvc - ok

08:10:25.0783 1444 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

08:10:25.0797 1444 WmiAcpi - ok

08:10:25.0836 1444 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

08:10:25.0867 1444 wmiApSrv - ok

08:10:25.0931 1444 WMPNetworkSvc - ok

08:10:25.0946 1444 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

08:10:25.0972 1444 WPCSvc - ok

08:10:25.0995 1444 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

08:10:26.0054 1444 WPDBusEnum - ok

08:10:26.0085 1444 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

08:10:26.0145 1444 ws2ifsl - ok

08:10:26.0486 1444 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll

08:10:26.0693 1444 wscsvc - ok

08:10:26.0698 1444 WSearch - ok

08:10:27.0282 1444 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

08:10:27.0368 1444 wuauserv - ok

08:10:27.0399 1444 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

08:10:27.0446 1444 WudfPf - ok

08:10:27.0484 1444 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

08:10:27.0531 1444 WUDFRd - ok

08:10:27.0576 1444 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll

08:10:27.0638 1444 wudfsvc - ok

08:10:27.0659 1444 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

08:10:27.0702 1444 WwanSvc - ok

08:10:27.0760 1444 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

08:10:27.0798 1444 yukonw7 - ok

08:10:27.0853 1444 ================ Scan global ===============================

08:10:27.0884 1444 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

08:10:27.0922 1444 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll

08:10:27.0929 1444 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll

08:10:27.0977 1444 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

08:10:28.0003 1444 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

08:10:28.0007 1444 [Global] - ok

08:10:28.0007 1444 ================ Scan MBR ==================================

08:10:28.0019 1444 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

08:10:28.0019 1444 Suspicious mbr (Forged): \Device\Harddisk0\DR0

08:10:28.0073 1444 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

08:10:28.0073 1444 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

08:10:28.0751 1444 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:10:28.0751 1444 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:10:28.0752 1444 ================ Scan VBR ==================================

08:10:28.0895 1444 [ 92326B6C06B7F412D06EBC4E14B422B4 ] \Device\Harddisk0\DR0\Partition1

08:10:28.0896 1444 \Device\Harddisk0\DR0\Partition1 - ok

08:10:28.0907 1444 [ 4BAEC38957C0939DCD1020AB92A4AD5C ] \Device\Harddisk0\DR0\Partition2

08:10:28.0908 1444 \Device\Harddisk0\DR0\Partition2 - ok

08:10:28.0940 1444 [ FE482E4B3FB20CED81BB73D438432663 ] \Device\Harddisk0\DR0\Partition3

08:10:28.0941 1444 \Device\Harddisk0\DR0\Partition3 - ok

08:10:28.0941 1444 ================ Scan active images ========================

08:10:28.0944 1444 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys

08:10:28.0945 1444 C:\Windows\System32\drivers\crashdmp.sys - ok

08:10:28.0951 1444 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] C:\Windows\System32\drivers\iaStor.sys

08:10:28.0951 1444 C:\Windows\System32\drivers\iaStor.sys - ok

08:10:28.0974 1444 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys

08:10:28.0974 1444 C:\Windows\System32\drivers\dumpfve.sys - ok

08:10:28.0978 1444 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys

08:10:28.0978 1444 C:\Windows\System32\drivers\null.sys - ok

08:10:28.0984 1444 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys

08:10:28.0984 1444 C:\Windows\System32\drivers\beep.sys - ok

08:10:28.0990 1444 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys

08:10:28.0990 1444 C:\Windows\System32\drivers\vga.sys - ok

08:10:28.0996 1444 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys

08:10:28.0996 1444 C:\Windows\System32\drivers\videoprt.sys - ok

08:10:29.0001 1444 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys

08:10:29.0001 1444 C:\Windows\System32\drivers\watchdog.sys - ok

08:10:29.0007 1444 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys

08:10:29.0008 1444 C:\Windows\System32\drivers\RDPENCDD.sys - ok

08:10:29.0014 1444 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys

08:10:29.0014 1444 C:\Windows\System32\drivers\msfs.sys - ok

08:10:29.0036 1444 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys

08:10:29.0036 1444 C:\Windows\System32\drivers\npfs.sys - ok

08:10:29.0041 1444 [ 0CA6FE26ACC7FFEE1BD0463F40835F32 ] C:\Windows\System32\drivers\tdi.sys

08:10:29.0041 1444 C:\Windows\System32\drivers\tdi.sys - ok

08:10:29.0045 1444 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] C:\Windows\System32\drivers\tdx.sys

08:10:29.0045 1444 C:\Windows\System32\drivers\tdx.sys - ok

08:10:29.0049 1444 [ 0D49ADCEBE243B79366EA523B647519A ] C:\Windows\System32\drivers\avgtdia.sys

08:10:29.0050 1444 C:\Windows\System32\drivers\avgtdia.sys - ok

08:10:29.0054 1444 [ 9162B273A44AB9DCE5B44362731D062A ] C:\Windows\System32\drivers\netbt.sys

08:10:29.0055 1444 C:\Windows\System32\drivers\netbt.sys - ok

08:10:29.0060 1444 [ DB9D6C6B2CD95A9CA414D045B627422E ] C:\Windows\System32\drivers\afd.sys

08:10:29.0060 1444 C:\Windows\System32\drivers\afd.sys - ok

08:10:29.0066 1444 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys

08:10:29.0066 1444 C:\Windows\System32\drivers\wfplwf.sys - ok

08:10:29.0072 1444 [ EE992183BD8EAEFD9973F352E587A299 ] C:\Windows\System32\drivers\pacer.sys

08:10:29.0072 1444 C:\Windows\System32\drivers\pacer.sys - ok

08:10:29.0077 1444 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys

08:10:29.0077 1444 C:\Windows\System32\drivers\vwififlt.sys - ok

08:10:29.0083 1444 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys

08:10:29.0083 1444 C:\Windows\System32\drivers\netbios.sys - ok

08:10:29.0137 1444 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys

08:10:29.0137 1444 C:\Windows\System32\drivers\nsiproxy.sys - ok

08:10:29.0143 1444 [ 3BAC8142102C15D59A87757C1D41DCE5 ] C:\Windows\System32\drivers\rdbss.sys

08:10:29.0143 1444 C:\Windows\System32\drivers\rdbss.sys - ok

08:10:29.0149 1444 [ 9C253CE7311CA60FC11C774692A13208 ] C:\Windows\System32\drivers\dfsc.sys

08:10:29.0149 1444 C:\Windows\System32\drivers\dfsc.sys - ok

08:10:29.0171 1444 [ 3836171A2CDF3AF8EF10856DB9835A70 ] C:\Windows\System32\drivers\tunnel.sys

08:10:29.0171 1444 C:\Windows\System32\drivers\tunnel.sys - ok

08:10:29.0176 1444 [ B6AC71AAA2B10848F57FC49D55A651AF ] C:\Windows\System32\drivers\HECIx64.sys

08:10:29.0176 1444 C:\Windows\System32\drivers\HECIx64.sys - ok

08:10:29.0182 1444 [ 68DB778AC4FD7896CE2F153353BA15C8 ] C:\Windows\System32\ntdll.dll

08:10:29.0182 1444 C:\Windows\System32\ntdll.dll - ok

08:10:29.0188 1444 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe

08:10:29.0188 1444 C:\Windows\System32\smss.exe - ok

08:10:29.0194 1444 [ B37C3BF3FFC97177B1A9C016B7C8CDD6 ] C:\Windows\System32\drivers\usbport.sys

08:10:29.0194 1444 C:\Windows\System32\drivers\usbport.sys - ok

08:10:29.0200 1444 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] C:\Windows\System32\drivers\usbehci.sys

08:10:29.0200 1444 C:\Windows\System32\drivers\usbehci.sys - ok

08:10:29.0206 1444 [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys

08:10:29.0206 1444 C:\Windows\System32\drivers\hdaudbus.sys - ok

08:10:29.0212 1444 [ 0E7A9264576B40638A3FBC804DE1FF76 ] C:\Windows\System32\drivers\BCMWL664.SYS

08:10:29.0212 1444 C:\Windows\System32\drivers\BCMWL664.SYS - ok

08:10:29.0234 1444 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys

08:10:29.0234 1444 C:\Windows\System32\drivers\vwifibus.sys - ok

08:10:29.0238 1444 [ B15C021C2C9BB217A799D9532E8F04D4 ] C:\Windows\System32\drivers\Rt64win7.sys

08:10:29.0238 1444 C:\Windows\System32\drivers\Rt64win7.sys - ok

08:10:29.0243 1444 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys

08:10:29.0243 1444 C:\Windows\System32\drivers\i8042prt.sys - ok

08:10:29.0248 1444 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys

08:10:29.0248 1444 C:\Windows\System32\drivers\kbdclass.sys - ok

08:10:29.0254 1444 [ 33E6A285DAA5134D8EA2247914C86C09 ] C:\Windows\System32\drivers\SynTP.sys

08:10:29.0255 1444 C:\Windows\System32\drivers\SynTP.sys - ok

08:10:29.0260 1444 [ F96F7835C8818895C47F6213E3A01F5D ] C:\Windows\System32\drivers\usbd.sys

08:10:29.0260 1444 C:\Windows\System32\drivers\usbd.sys - ok

08:10:29.0298 1444 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys

08:10:29.0298 1444 C:\Windows\System32\drivers\mouclass.sys - ok

08:10:29.0304 1444 [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys

08:10:29.0304 1444 C:\Windows\System32\drivers\cdrom.sys - ok

08:10:29.0310 1444 [ E403AACF8C7BB11375122D2464560311 ] C:\Windows\System32\drivers\GEARAspiWDM.sys

08:10:29.0311 1444 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok

08:10:29.0317 1444 [ DD587A55390ED2295BCE6D36AD567DA9 ] C:\Windows\System32\drivers\Impcd.sys

08:10:29.0317 1444 C:\Windows\System32\drivers\Impcd.sys - ok

08:10:29.0323 1444 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys

08:10:29.0323 1444 C:\Windows\System32\drivers\wmiacpi.sys - ok

08:10:29.0328 1444 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys

08:10:29.0328 1444 C:\Windows\System32\drivers\blbdrive.sys - ok

08:10:29.0350 1444 [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys

08:10:29.0351 1444 C:\Windows\System32\drivers\CompositeBus.sys - ok

08:10:29.0356 1444 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys

08:10:29.0356 1444 C:\Windows\System32\drivers\mssmbios.sys - ok

08:10:29.0362 1444 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys

08:10:29.0362 1444 C:\Windows\System32\drivers\agilevpn.sys - ok

08:10:29.0368 1444 [ 87A6E852A22991580D6D39ADC4790463 ] C:\Windows\System32\drivers\rasl2tp.sys

08:10:29.0368 1444 C:\Windows\System32\drivers\rasl2tp.sys - ok

08:10:29.0374 1444 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys

08:10:29.0374 1444 C:\Windows\System32\drivers\ndistapi.sys - ok

08:10:29.0380 1444 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] C:\Windows\System32\drivers\ndiswan.sys

08:10:29.0380 1444 C:\Windows\System32\drivers\ndiswan.sys - ok

08:10:29.0386 1444 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys

08:10:29.0386 1444 C:\Windows\System32\drivers\raspppoe.sys - ok

08:10:29.0391 1444 [ 27CC19E81BA5E3403C48302127BDA717 ] C:\Windows\System32\drivers\raspptp.sys

08:10:29.0391 1444 C:\Windows\System32\drivers\raspptp.sys - ok

08:10:29.0412 1444 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys

08:10:29.0412 1444 C:\Windows\System32\drivers\rassstp.sys - ok

08:10:29.0417 1444 [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys

08:10:29.0417 1444 C:\Windows\System32\drivers\termdd.sys - ok

08:10:29.0421 1444 [ 5C7AF4A20F5BF67042B2E613D123D111 ] C:\Windows\System32\drivers\ks.sys

08:10:29.0421 1444 C:\Windows\System32\drivers\ks.sys - ok

08:10:29.0426 1444 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys

08:10:29.0426 1444 C:\Windows\System32\drivers\swenum.sys - ok

08:10:29.0432 1444 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys

08:10:29.0432 1444 C:\Windows\System32\drivers\umbus.sys - ok

08:10:29.0439 1444 [ 6B7A8A99C4A459E73C286A6763EA24CC ] C:\Windows\System32\drivers\usbhub.sys

08:10:29.0439 1444 C:\Windows\System32\drivers\usbhub.sys - ok

Link to post
Share on other sites

Second half of the 3rd log - TDSSKiller (no more logs)

08:10:29.0445 1444 [ 659B74FB74B86228D6338D643CD3E3CF ] C:\Windows\System32\drivers\ndproxy.sys

08:10:29.0445 1444 C:\Windows\System32\drivers\ndproxy.sys - ok

08:10:29.0483 1444 [ 3AE12EC776AB9830462E8197FB5C88CF ] C:\Windows\System32\autochk.exe

08:10:29.0483 1444 C:\Windows\System32\autochk.exe - ok

08:10:29.0486 1444 [ B737DB264CB1B5FFA2A886E3B940434A ] C:\PROGRA~2\AVG\AVG10\avgchsva.exe

08:10:29.0486 1444 C:\PROGRA~2\AVG\AVG10\avgchsva.exe - ok

08:10:29.0493 1444 [ 8948D4B24E6415896960776B28E7BFFD ] C:\PROGRA~2\AVG\AVG10\avgrsa.exe

08:10:29.0493 1444 C:\PROGRA~2\AVG\AVG10\avgrsa.exe - ok

08:10:29.0499 1444 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] C:\Windows\System32\drivers\usbccgp.sys

08:10:29.0499 1444 C:\Windows\System32\drivers\usbccgp.sys - ok

08:10:29.0504 1444 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll

08:10:29.0505 1444 C:\Windows\System32\msctf.dll - ok

08:10:29.0511 1444 [ E1B1255D3A4B3367FE4E9C71E62E3B5A ] C:\Windows\System32\gdi32.dll

08:10:29.0511 1444 C:\Windows\System32\gdi32.dll - ok

08:10:29.0533 1444 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll

08:10:29.0533 1444 C:\Windows\System32\lpk.dll - ok

08:10:29.0538 1444 [ 7083F463788CB34FCC42F565D56F89E8 ] C:\Windows\System32\ws2_32.dll

08:10:29.0538 1444 C:\Windows\System32\ws2_32.dll - ok

08:10:29.0544 1444 [ F94B8644F3AFE040EC6E1B6FBC9EFAA9 ] C:\Windows\System32\comdlg32.dll

08:10:29.0544 1444 C:\Windows\System32\comdlg32.dll - ok

08:10:29.0550 1444 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll

08:10:29.0550 1444 C:\Windows\System32\sechost.dll - ok

08:10:29.0556 1444 [ 2885A3C3148F725CDA0B4C593BA8F7CE ] C:\Windows\System32\urlmon.dll

08:10:29.0556 1444 C:\Windows\System32\urlmon.dll - ok

08:10:29.0561 1444 [ 0E5E962B5649D544BE54E8C90761EA2B ] C:\Windows\System32\drivers\udfs.sys

08:10:29.0562 1444 C:\Windows\System32\drivers\udfs.sys - ok

08:10:29.0568 1444 [ 72D7B3EA16946E8F0CF7458150031CC6 ] C:\Windows\System32\user32.dll

08:10:29.0568 1444 C:\Windows\System32\user32.dll - ok

08:10:29.0574 1444 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll

08:10:29.0574 1444 C:\Windows\System32\normaliz.dll - ok

08:10:29.0579 1444 [ 48C903068B6BDAB5EF650B9CBEE85295 ] C:\Windows\System32\rpcrt4.dll

08:10:29.0580 1444 C:\Windows\System32\rpcrt4.dll - ok

08:10:29.0601 1444 [ 3D165C53E40236A68B7102D1A622D4E0 ] C:\Windows\System32\wininet.dll

08:10:29.0602 1444 C:\Windows\System32\wininet.dll - ok

08:10:29.0608 1444 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll

08:10:29.0608 1444 C:\Windows\System32\nsi.dll - ok

08:10:29.0613 1444 [ 2A46451EE42BCD2C842D8AA4923FAC16 ] C:\Windows\System32\oleaut32.dll

08:10:29.0613 1444 C:\Windows\System32\oleaut32.dll - ok

08:10:29.0651 1444 [ 15BDC173EB5FA4F92B67D9FFB269A6EA ] C:\Windows\System32\shlwapi.dll

08:10:29.0651 1444 C:\Windows\System32\shlwapi.dll - ok

08:10:29.0657 1444 [ 6A4EA4C29FBF78112AE20013FB71E9C1 ] C:\Windows\System32\setupapi.dll

08:10:29.0657 1444 C:\Windows\System32\setupapi.dll - ok

08:10:29.0662 1444 [ 5F2BDCA5FA0F20A6F452CF0EE2A2B18C ] C:\Windows\System32\usp10.dll

08:10:29.0662 1444 C:\Windows\System32\usp10.dll - ok

08:10:29.0668 1444 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll

08:10:29.0668 1444 C:\Windows\System32\clbcatq.dll - ok

08:10:29.0674 1444 [ 579F6AFC6A6561951FA2202EFC3FE485 ] C:\Windows\System32\msvcrt.dll

08:10:29.0674 1444 C:\Windows\System32\msvcrt.dll - ok

08:10:29.0680 1444 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll

08:10:29.0680 1444 C:\Windows\System32\psapi.dll - ok

08:10:29.0686 1444 [ E5CBF5F8623BBD1DB7B8148A66F6EBA4 ] C:\Windows\System32\Wldap32.dll

08:10:29.0686 1444 C:\Windows\System32\Wldap32.dll - ok

08:10:29.0691 1444 [ 8E7F88A62E1AA28F15C0D6784E4C78B6 ] C:\Windows\System32\kernel32.dll

08:10:29.0692 1444 C:\Windows\System32\kernel32.dll - ok

08:10:29.0698 1444 [ 48CC125A6AB6C72A13E3D3E9C39AD9D9 ] C:\Windows\System32\shell32.dll

08:10:29.0698 1444 C:\Windows\System32\shell32.dll - ok

08:10:29.0720 1444 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll

08:10:29.0720 1444 C:\Windows\System32\advapi32.dll - ok

08:10:29.0725 1444 [ D841F7629505EE542E26E5F0A4D20101 ] C:\Windows\System32\iertutil.dll

08:10:29.0725 1444 C:\Windows\System32\iertutil.dll - ok

08:10:29.0730 1444 [ 15A54626213EBF003F7D4C9D8380A656 ] C:\Windows\System32\imagehlp.dll

08:10:29.0730 1444 C:\Windows\System32\imagehlp.dll - ok

08:10:29.0734 1444 [ AC8F79017C5C1FB316930EDEAD0AF517 ] C:\Windows\System32\ole32.dll

08:10:29.0734 1444 C:\Windows\System32\ole32.dll - ok

08:10:29.0738 1444 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll

08:10:29.0738 1444 C:\Windows\System32\imm32.dll - ok

08:10:29.0744 1444 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll

08:10:29.0744 1444 C:\Windows\System32\difxapi.dll - ok

08:10:29.0750 1444 [ 987508ED06FC097E754A91BA8A8AAD0E ] C:\Windows\System32\wintrust.dll

08:10:29.0750 1444 C:\Windows\System32\wintrust.dll - ok

08:10:29.0756 1444 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\System32\comctl32.dll

08:10:29.0756 1444 C:\Windows\System32\comctl32.dll - ok

08:10:29.0761 1444 [ D256EB74BF77026FC9A3D7193861C7AD ] C:\Windows\System32\crypt32.dll

08:10:29.0761 1444 C:\Windows\System32\crypt32.dll - ok

08:10:29.0767 1444 [ D05E03C1B2824236531F5E37334B6A8A ] C:\Windows\System32\cfgmgr32.dll

08:10:29.0767 1444 C:\Windows\System32\cfgmgr32.dll - ok

08:10:29.0789 1444 [ 140A25BE1A1D2F6B17A019B305611A02 ] C:\Windows\System32\KernelBase.dll

08:10:29.0789 1444 C:\Windows\System32\KernelBase.dll - ok

08:10:29.0795 1444 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll

08:10:29.0795 1444 C:\Windows\System32\devobj.dll - ok

08:10:29.0801 1444 [ 98FB7DD3B28A92E3C0E5B4BD9D63EF01 ] C:\Windows\System32\msasn1.dll

08:10:29.0801 1444 C:\Windows\System32\msasn1.dll - ok

08:10:29.0807 1444 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll

08:10:29.0807 1444 C:\Windows\SysWOW64\normaliz.dll - ok

08:10:29.0844 1444 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys

08:10:29.0844 1444 C:\Windows\System32\drivers\dxapi.sys - ok

08:10:29.0849 1444 [ E37C71EA972AD883E7841D07BC6D5F1C ] C:\Windows\System32\win32k.sys

08:10:29.0849 1444 C:\Windows\System32\win32k.sys - ok

08:10:29.0855 1444 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe

08:10:29.0855 1444 C:\Windows\System32\csrss.exe - ok

08:10:29.0861 1444 [ E730EADB8F176DB06A378435BEB2E823 ] C:\Windows\System32\csrsrv.dll

08:10:29.0861 1444 C:\Windows\System32\csrsrv.dll - ok

08:10:29.0867 1444 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll

08:10:29.0867 1444 C:\Windows\System32\basesrv.dll - ok

08:10:29.0872 1444 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\System32\winsrv.dll

08:10:29.0872 1444 C:\Windows\System32\winsrv.dll - ok

08:10:29.0878 1444 [ FEDE0629ECB23650D48989517D4914DA ] C:\Windows\System32\drivers\dxg.sys

08:10:29.0878 1444 C:\Windows\System32\drivers\dxg.sys - ok

08:10:29.0884 1444 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll

08:10:29.0884 1444 C:\Windows\System32\tsddd.dll - ok

08:10:29.0889 1444 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll

08:10:29.0889 1444 C:\Windows\System32\sxssrv.dll - ok

08:10:29.0911 1444 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe

08:10:29.0911 1444 C:\Windows\System32\wininit.exe - ok

08:10:29.0916 1444 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll

08:10:29.0917 1444 C:\Windows\System32\profapi.dll - ok

08:10:29.0922 1444 [ 8BEC4D6AD2864EDF68D9AD0C6AA6C6D1 ] C:\Windows\System32\vga.dll

08:10:29.0922 1444 C:\Windows\System32\vga.dll - ok

08:10:29.0928 1444 [ E30B04A8FE665C52162D70233ABEA9A3 ] C:\Windows\System32\framebuf.dll

08:10:29.0928 1444 C:\Windows\System32\framebuf.dll - ok

08:10:29.0934 1444 [ F4389DA7DBDA2E7D292D360CF8E400C7 ] C:\Windows\System32\RpcRtRemote.dll

08:10:29.0934 1444 C:\Windows\System32\RpcRtRemote.dll - ok

08:10:29.0939 1444 [ B9A047D231D32FDF5AF2F281E4326A9D ] C:\Windows\System32\KBDUS.DLL

08:10:29.0939 1444 C:\Windows\System32\KBDUS.DLL - ok

08:10:29.0945 1444 [ DA3E2A6FA9660CC75B471530CE88453A ] C:\Windows\System32\winlogon.exe

08:10:29.0945 1444 C:\Windows\System32\winlogon.exe - ok

08:10:29.0952 1444 [ D8C88512BA9544AE1CC2034F50ECFA12 ] C:\Windows\System32\winsta.dll

08:10:29.0952 1444 C:\Windows\System32\winsta.dll - ok

08:10:29.0973 1444 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll

08:10:29.0973 1444 C:\Windows\System32\WlS0WndH.dll - ok

08:10:29.0979 1444 [ 456C92A9D8DB51B9938A6234BBC65FC9 ] C:\Windows\System32\sxs.dll

08:10:29.0979 1444 C:\Windows\System32\sxs.dll - ok

08:10:30.0013 1444 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll

08:10:30.0013 1444 C:\Windows\System32\cryptbase.dll - ok

08:10:30.0019 1444 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe

08:10:30.0019 1444 C:\Windows\System32\services.exe - ok

08:10:30.0025 1444 [ 156F6159457D0AA7E59B62681B56EB90 ] C:\Windows\System32\lsass.exe

08:10:30.0025 1444 C:\Windows\System32\lsass.exe - ok

08:10:30.0030 1444 [ 04FCA22B77A2E37332CC8226187AF87B ] C:\Windows\System32\lsm.exe

08:10:30.0030 1444 C:\Windows\System32\lsm.exe - ok

08:10:30.0037 1444 [ 68EA2513CA68AD8F741FF4F5B8D8590C ] C:\Windows\System32\sspisrv.dll

08:10:30.0037 1444 C:\Windows\System32\sspisrv.dll - ok

08:10:30.0042 1444 [ 1F582C6C84D5243692F9C3E04D0A663F ] C:\Windows\System32\sspicli.dll

08:10:30.0042 1444 C:\Windows\System32\sspicli.dll - ok

08:10:30.0048 1444 [ BFA69408620587AFDEC2E8C12CA60492 ] C:\Windows\System32\lsasrv.dll

08:10:30.0048 1444 C:\Windows\System32\lsasrv.dll - ok

08:10:30.0054 1444 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll

08:10:30.0054 1444 C:\Windows\System32\sysntfy.dll - ok

08:10:30.0059 1444 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll

08:10:30.0059 1444 C:\Windows\System32\wmsgapi.dll - ok

08:10:30.0065 1444 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll

08:10:30.0065 1444 C:\Windows\System32\scext.dll - ok

08:10:30.0071 1444 [ 74A0871810BF0F2AA3EB6681E9BECDD3 ] C:\Windows\System32\secur32.dll

08:10:30.0071 1444 C:\Windows\System32\secur32.dll - ok

08:10:30.0076 1444 [ 941AF3C8B0DE1B359BE22DD3288A8C8E ] C:\Windows\System32\scesrv.dll

08:10:30.0076 1444 C:\Windows\System32\scesrv.dll - ok

08:10:30.0099 1444 [ D23371AB9607651937C7641A38CD52BC ] C:\Windows\System32\srvcli.dll

08:10:30.0099 1444 C:\Windows\System32\srvcli.dll - ok

08:10:30.0105 1444 [ B160ADAEFC76031D92C4FBAC0918B033 ] C:\Windows\System32\samsrv.dll

08:10:30.0105 1444 C:\Windows\System32\samsrv.dll - ok

08:10:30.0111 1444 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll

08:10:30.0111 1444 C:\Windows\System32\cryptdll.dll - ok

08:10:30.0117 1444 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll

08:10:30.0117 1444 C:\Windows\System32\wevtapi.dll - ok

08:10:30.0122 1444 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll

08:10:30.0122 1444 C:\Windows\System32\cngaudit.dll - ok

08:10:30.0127 1444 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll

08:10:30.0127 1444 C:\Windows\System32\authz.dll - ok

08:10:30.0133 1444 [ E08926B4E52F92FF8852BECC0E2F358A ] C:\Windows\System32\ncrypt.dll

08:10:30.0133 1444 C:\Windows\System32\ncrypt.dll - ok

08:10:30.0138 1444 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll

08:10:30.0138 1444 C:\Windows\System32\bcrypt.dll - ok

08:10:30.0161 1444 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll

08:10:30.0161 1444 C:\Windows\System32\msprivs.dll - ok

08:10:30.0166 1444 [ B561B451320B0B40908A8BFD81705262 ] C:\Windows\System32\netjoin.dll

08:10:30.0167 1444 C:\Windows\System32\netjoin.dll - ok

08:10:30.0172 1444 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll

08:10:30.0173 1444 C:\Windows\System32\negoexts.dll - ok

08:10:30.0179 1444 [ 00B40A10E3DB79E4D3E127B9C2233A6B ] C:\Windows\System32\kerberos.dll

08:10:30.0179 1444 C:\Windows\System32\kerberos.dll - ok

08:10:30.0184 1444 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll

08:10:30.0184 1444 C:\Windows\System32\cryptsp.dll - ok

08:10:30.0190 1444 [ FC76FE3C1E1FDB761244D4F74EF560FD ] C:\Windows\System32\mswsock.dll

08:10:30.0190 1444 C:\Windows\System32\mswsock.dll - ok

08:10:30.0196 1444 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll

08:10:30.0196 1444 C:\Windows\System32\wship6.dll - ok

08:10:30.0202 1444 [ FA4DB05923DDDEDE3196ABD09AE0F1E9 ] C:\Windows\System32\msv1_0.dll

08:10:30.0202 1444 C:\Windows\System32\msv1_0.dll - ok

08:10:30.0207 1444 [ 956D030D375F207B22FB111E06EF9C35 ] C:\Windows\System32\netlogon.dll

08:10:30.0207 1444 C:\Windows\System32\netlogon.dll - ok

08:10:30.0230 1444 [ EFC5353E4F513DEF55ED7B7872363957 ] C:\Windows\System32\atmfd.dll

08:10:30.0230 1444 C:\Windows\System32\atmfd.dll - ok

08:10:30.0235 1444 [ E247E7DEB20C0CF0801A8AC39E9CE1DF ] C:\Windows\System32\dnsapi.dll

08:10:30.0235 1444 C:\Windows\System32\dnsapi.dll - ok

08:10:30.0241 1444 [ 8CE22E63F08613036DF8C7B00FBDF36B ] C:\Windows\System32\logoncli.dll

08:10:30.0241 1444 C:\Windows\System32\logoncli.dll - ok

08:10:30.0248 1444 [ 90B780886BD813882CB382FF3E90E092 ] C:\Windows\System32\schannel.dll

08:10:30.0248 1444 C:\Windows\System32\schannel.dll - ok

08:10:30.0254 1444 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll

08:10:30.0254 1444 C:\Windows\System32\wdigest.dll - ok

08:10:30.0259 1444 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll

08:10:30.0259 1444 C:\Windows\System32\rsaenh.dll - ok

08:10:30.0281 1444 [ 0DEFD5FBF801DD8F83BC0ED09861A8EC ] C:\Windows\System32\TSpkg.dll

08:10:30.0282 1444 C:\Windows\System32\TSpkg.dll - ok

08:10:30.0285 1444 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll

08:10:30.0285 1444 C:\Windows\System32\pku2u.dll - ok

08:10:30.0291 1444 [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL

08:10:30.0291 1444 C:\Windows\System32\LIVESSP.DLL - ok

08:10:30.0297 1444 [ DA090E97E57DCB48888015B5D3C749CD ] C:\Windows\System32\bcryptprimitives.dll

08:10:30.0297 1444 C:\Windows\System32\bcryptprimitives.dll - ok

08:10:30.0302 1444 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll

08:10:30.0302 1444 C:\Windows\System32\efslsaext.dll - ok

08:10:30.0339 1444 [ 9301B8810B2DA4EB6AD55DB75FC1E339 ] C:\Windows\System32\credssp.dll

08:10:30.0339 1444 C:\Windows\System32\credssp.dll - ok

08:10:30.0345 1444 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll

08:10:30.0345 1444 C:\Windows\System32\ubpm.dll - ok

08:10:30.0351 1444 [ 398712DDDAEFB85EDF61DF6A07B65C79 ] C:\Windows\System32\scecli.dll

08:10:30.0351 1444 C:\Windows\System32\scecli.dll - ok

08:10:30.0357 1444 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe

08:10:30.0357 1444 C:\Windows\System32\svchost.exe - ok

08:10:30.0363 1444 [ 98B1721B8718164293B9701B98C52D77 ] C:\Windows\System32\umpnpmgr.dll

08:10:30.0363 1444 C:\Windows\System32\umpnpmgr.dll - ok

08:10:30.0369 1444 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll

08:10:30.0369 1444 C:\Windows\System32\SPInf.dll - ok

08:10:30.0374 1444 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll

08:10:30.0375 1444 C:\Windows\System32\devrtl.dll - ok

08:10:30.0380 1444 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll

08:10:30.0380 1444 C:\Windows\System32\gpapi.dll - ok

08:10:30.0386 1444 [ 0776CF79590BDEF0A2728B0B9A813B96 ] C:\Windows\System32\userenv.dll

08:10:30.0386 1444 C:\Windows\System32\userenv.dll - ok

08:10:30.0408 1444 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll

08:10:30.0408 1444 C:\Windows\System32\umpo.dll - ok

08:10:30.0414 1444 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll

08:10:30.0414 1444 C:\Windows\System32\pcwum.dll - ok

08:10:30.0420 1444 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll

08:10:30.0420 1444 C:\Windows\System32\powrprof.dll - ok

08:10:30.0426 1444 [ 7CADC74271DD6461C452C271B30BD378 ] C:\Windows\System32\drivers\WUDFPf.sys

08:10:30.0426 1444 C:\Windows\System32\drivers\WUDFPf.sys - ok

08:10:30.0431 1444 [ 7266972E86890E2B30C0C322E906B027 ] C:\Windows\System32\rpcss.dll

08:10:30.0431 1444 C:\Windows\System32\rpcss.dll - ok

08:10:30.0437 1444 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll

08:10:30.0437 1444 C:\Windows\System32\RpcEpMap.dll - ok

08:10:30.0443 1444 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL

08:10:30.0443 1444 C:\Windows\System32\WSHTCPIP.DLL - ok

08:10:30.0449 1444 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll

08:10:30.0449 1444 C:\Windows\System32\wshqos.dll - ok

08:10:30.0454 1444 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll

08:10:30.0455 1444 C:\Windows\System32\FirewallAPI.dll - ok

08:10:30.0476 1444 [ 93E6A39B1DB898F7C949FA5567E774CF ] C:\Windows\System32\LogonUI.exe

08:10:30.0476 1444 C:\Windows\System32\LogonUI.exe - ok

08:10:30.0514 1444 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll

08:10:30.0514 1444 C:\Windows\System32\version.dll - ok

08:10:30.0534 1444 [ BCF0A980D21711E47D0803BDB0E99CAD ] C:\Windows\System32\authui.dll

08:10:30.0534 1444 C:\Windows\System32\authui.dll - ok

08:10:30.0540 1444 [ 99ABDA9C92EC76CBAF52F00239D909C9 ] C:\Windows\System32\wevtsvc.dll

08:10:30.0540 1444 C:\Windows\System32\wevtsvc.dll - ok

08:10:30.0546 1444 [ DBA90306A721FB922FDACED9E9728C28 ] C:\Windows\System32\cryptui.dll

08:10:30.0546 1444 C:\Windows\System32\cryptui.dll - ok

08:10:30.0553 1444 [ 113921FC4A80A3DDF646852998B836D0 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll

08:10:30.0553 1444 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll - ok

08:10:30.0559 1444 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll

08:10:30.0559 1444 C:\Windows\System32\netprofm.dll - ok

08:10:30.0565 1444 [ 97293447431311C06703368AD0F6C4BE ] C:\Windows\System32\profsvc.dll

08:10:30.0565 1444 C:\Windows\System32\profsvc.dll - ok

08:10:30.0570 1444 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll

08:10:30.0570 1444 C:\Windows\System32\adtschema.dll - ok

08:10:30.0576 1444 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll

08:10:30.0576 1444 C:\Windows\System32\atl.dll - ok

08:10:30.0598 1444 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll

08:10:30.0598 1444 C:\Windows\System32\wlansvc.dll - ok

08:10:30.0604 1444 [ 84F8C8B9FB1F12532999D25F5DD7E77C ] C:\Windows\System32\shacct.dll

08:10:30.0604 1444 C:\Windows\System32\shacct.dll - ok

08:10:30.0610 1444 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll

08:10:30.0610 1444 C:\Windows\System32\samlib.dll - ok

08:10:30.0616 1444 [ B551D6637AA0E132C18AC6E504F7B79B ] C:\Windows\System32\WUDFSvc.dll

08:10:30.0616 1444 C:\Windows\System32\WUDFSvc.dll - ok

08:10:30.0622 1444 [ B27EA141A7E748B607600A8551A44D5A ] C:\Windows\System32\propsys.dll

08:10:30.0622 1444 C:\Windows\System32\propsys.dll - ok

08:10:30.0628 1444 [ AECAB449567D1846DAD63ECE49E893E3 ] C:\Windows\System32\MPSSVC.dll

08:10:30.0628 1444 C:\Windows\System32\MPSSVC.dll - ok

08:10:30.0634 1444 [ 37B68E458C0BC255DF2FB7454D0798D3 ] C:\Windows\System32\WUDFPlatform.dll

08:10:30.0634 1444 C:\Windows\System32\WUDFPlatform.dll - ok

08:10:30.0640 1444 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys

08:10:30.0640 1444 C:\Windows\System32\drivers\nwifi.sys - ok

08:10:30.0646 1444 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll

08:10:30.0646 1444 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok

08:10:30.0668 1444 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll

08:10:30.0668 1444 C:\Windows\System32\uxtheme.dll - ok

08:10:30.0706 1444 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] C:\Windows\System32\drivers\ndisuio.sys

08:10:30.0706 1444 C:\Windows\System32\drivers\ndisuio.sys - ok

08:10:30.0711 1444 [ F7866AF72ABBAF84B1FA5AA195378C59 ] C:\Windows\System32\drivers\fltMgr.sys

08:10:30.0711 1444 C:\Windows\System32\drivers\fltMgr.sys - ok

08:10:30.0716 1444 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll

08:10:30.0716 1444 C:\Windows\System32\lmhsvc.dll - ok

08:10:30.0722 1444 [ 57FE2CFC2F25C200499D5D934EA24EB5 ] C:\Windows\System32\IPHLPAPI.DLL

08:10:30.0722 1444 C:\Windows\System32\IPHLPAPI.DLL - ok

08:10:30.0728 1444 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll

08:10:30.0728 1444 C:\Windows\System32\nsisvc.dll - ok

08:10:30.0735 1444 [ DD0701DE0AAA010E6EBD0F53B672DCEE ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll

08:10:30.0735 1444 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll - ok

08:10:30.0741 1444 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll

08:10:30.0741 1444 C:\Windows\System32\winnsi.dll - ok

08:10:30.0746 1444 [ FD5BA198F7190DFE9BE1947EB8710396 ] C:\Windows\System32\nrpsrv.dll

08:10:30.0746 1444 C:\Windows\System32\nrpsrv.dll - ok

08:10:30.0752 1444 [ CE3B9562D997F69B330D181A8875960F ] C:\Windows\System32\dhcpcore.dll

08:10:30.0752 1444 C:\Windows\System32\dhcpcore.dll - ok

08:10:30.0758 1444 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL

08:10:30.0758 1444 C:\Windows\System32\PSHED.DLL - ok

08:10:30.0781 1444 [ 85CF424C74A1D5EC33533E1DBFF9920A ] C:\Windows\System32\dnsrslvr.dll

08:10:30.0781 1444 C:\Windows\System32\dnsrslvr.dll - ok

08:10:30.0786 1444 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll

08:10:30.0786 1444 C:\Windows\System32\keyiso.dll - ok

08:10:30.0791 1444 [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll

08:10:30.0792 1444 C:\Windows\System32\dhcpcore6.dll - ok

08:10:30.0797 1444 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll

08:10:30.0797 1444 C:\Windows\System32\eapsvc.dll - ok

08:10:30.0803 1444 [ 982F5395AD181179320083A4FA7E7CA8 ] C:\Windows\System32\eapphost.dll

08:10:30.0804 1444 C:\Windows\System32\eapphost.dll - ok

08:10:30.0809 1444 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL

08:10:30.0809 1444 C:\Windows\System32\FWPUCLNT.DLL - ok

08:10:30.0815 1444 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll

08:10:30.0815 1444 C:\Windows\System32\dnsext.dll - ok

08:10:30.0821 1444 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll

08:10:30.0821 1444 C:\Windows\System32\dhcpcsvc.dll - ok

08:10:30.0827 1444 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll

08:10:30.0827 1444 C:\Windows\System32\wtsapi32.dll - ok

08:10:30.0850 1444 [ 2017BFE87CAB3D7EF632CFD2AA08D3F0 ] C:\Windows\System32\umb.dll

08:10:30.0850 1444 C:\Windows\System32\umb.dll - ok

08:10:30.0856 1444 [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll

08:10:30.0856 1444 C:\Windows\System32\dhcpcsvc6.dll - ok

08:10:30.0862 1444 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll

08:10:30.0862 1444 C:\Windows\System32\dsrole.dll - ok

08:10:30.0867 1444 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll

08:10:30.0868 1444 C:\Windows\System32\dui70.dll - ok

08:10:30.0904 1444 [ 48A31B7CF046702059A86836DC21D786 ] C:\Windows\System32\wlanmsm.dll

08:10:30.0904 1444 C:\Windows\System32\wlanmsm.dll - ok

08:10:30.0910 1444 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll

08:10:30.0910 1444 C:\Windows\System32\wlansec.dll - ok

08:10:30.0915 1444 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll

08:10:30.0915 1444 C:\Windows\System32\duser.dll - ok

08:10:30.0921 1444 [ D2B0D1C2BE5ECA80387F7CB8626DCAFE ] C:\Windows\System32\onex.dll

08:10:30.0921 1444 C:\Windows\System32\onex.dll - ok

08:10:30.0927 1444 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll

08:10:30.0927 1444 C:\Windows\System32\eappprxy.dll - ok

08:10:30.0932 1444 [ B2E3D4BB3389817FB5E4CD9378BC8791 ] C:\Windows\System32\SndVolSSO.dll

08:10:30.0932 1444 C:\Windows\System32\SndVolSSO.dll - ok

08:10:30.0938 1444 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll

08:10:30.0938 1444 C:\Windows\System32\eappcfg.dll - ok

08:10:30.0944 1444 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll

08:10:30.0944 1444 C:\Windows\System32\hid.dll - ok

08:10:30.0950 1444 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll

08:10:30.0950 1444 C:\Windows\System32\wlgpclnt.dll - ok

08:10:30.0971 1444 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll

08:10:30.0971 1444 C:\Windows\System32\MMDevAPI.dll - ok

08:10:30.0977 1444 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll

08:10:30.0977 1444 C:\Windows\System32\l2gpstore.dll - ok

08:10:30.0983 1444 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll

08:10:30.0983 1444 C:\Windows\System32\wlanutil.dll - ok

08:10:30.0989 1444 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll

08:10:30.0989 1444 C:\Windows\System32\dwmapi.dll - ok

08:10:30.0995 1444 [ 22E7431E7DAE8463AF94A79A054276E5 ] C:\Windows\System32\WinSCard.dll

08:10:30.0995 1444 C:\Windows\System32\WinSCard.dll - ok

08:10:31.0001 1444 [ 39F91A948E6017B732C4A0B3086A8E32 ] C:\Windows\System32\xmllite.dll

08:10:31.0001 1444 C:\Windows\System32\xmllite.dll - ok

08:10:31.0007 1444 [ 72D3D64526765C34DBFC7D895B4FBDF6 ] C:\Windows\System32\msxml6.dll

08:10:31.0007 1444 C:\Windows\System32\msxml6.dll - ok

08:10:31.0012 1444 [ EA99F234843BBDDA1ABD2767111ADE25 ] C:\Windows\System32\WindowsCodecs.dll

08:10:31.0012 1444 C:\Windows\System32\WindowsCodecs.dll - ok

08:10:31.0034 1444 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll

08:10:31.0034 1444 C:\Windows\System32\winbrand.dll - ok

08:10:31.0038 1444 [ 2A381A9740165D7A1405148B6DFB3E38 ] C:\Windows\System32\SmartcardCredentialProvider.dll

08:10:31.0038 1444 C:\Windows\System32\SmartcardCredentialProvider.dll - ok

08:10:31.0045 1444 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll

08:10:31.0045 1444 C:\Windows\System32\VaultCredProvider.dll - ok

08:10:31.0050 1444 [ 43FAB56AE5F639AD59D7209693F4C4C2 ] C:\Windows\System32\wlanext.exe

08:10:31.0050 1444 C:\Windows\System32\wlanext.exe - ok

08:10:31.0089 1444 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll

08:10:31.0089 1444 C:\Windows\System32\UXInit.dll - ok

08:10:31.0094 1444 [ 4992C609A6315671463E30F6512BC022 ] C:\Windows\System32\BFE.DLL

08:10:31.0094 1444 C:\Windows\System32\BFE.DLL - ok

08:10:31.0100 1444 [ 22FF251AE6A780960B02A6DEADFEA7FB ] C:\Windows\System32\conhost.exe

08:10:31.0100 1444 C:\Windows\System32\conhost.exe - ok

08:10:31.0105 1444 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll

08:10:31.0105 1444 C:\Windows\System32\slc.dll - ok

08:10:31.0109 1444 [ 19D20159708E152267E53B66677A4995 ] C:\Windows\System32\drivers\bowser.sys

08:10:31.0109 1444 C:\Windows\System32\drivers\bowser.sys - ok

08:10:31.0113 1444 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys

08:10:31.0114 1444 C:\Windows\System32\drivers\mpsdrv.sys - ok

08:10:31.0117 1444 [ 040D62A9D8AD28922632137ACDD984F2 ] C:\Windows\System32\drivers\mrxsmb.sys

08:10:31.0117 1444 C:\Windows\System32\drivers\mrxsmb.sys - ok

08:10:31.0121 1444 [ F0067552F8F9B33D7C59403AB808A3CB ] C:\Windows\System32\drivers\mrxsmb10.sys

08:10:31.0121 1444 C:\Windows\System32\drivers\mrxsmb10.sys - ok

08:10:31.0127 1444 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll

08:10:31.0127 1444 C:\Windows\System32\wfapigp.dll - ok

08:10:31.0133 1444 [ 3C142D31DE9F2F193218A53FE2632051 ] C:\Windows\System32\drivers\mrxsmb20.sys

08:10:31.0133 1444 C:\Windows\System32\drivers\mrxsmb20.sys - ok

08:10:31.0137 1444 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] C:\Windows\System32\wkssvc.dll

08:10:31.0137 1444 C:\Windows\System32\wkssvc.dll - ok

08:10:31.0158 1444 [ B33CBD1A8C2A33121321D0FEBD7DD870 ] C:\Windows\System32\wkscli.dll

08:10:31.0158 1444 C:\Windows\System32\wkscli.dll - ok

08:10:31.0164 1444 [ 961036B3C6282C646B9ADBC8BB32C983 ] C:\Windows\System32\mscms.dll

08:10:31.0164 1444 C:\Windows\System32\mscms.dll - ok

08:10:31.0169 1444 [ 4C8C2F987FC397DCE98874D6C9C0736A ] C:\Windows\System32\netutils.dll

08:10:31.0169 1444 C:\Windows\System32\netutils.dll - ok

08:10:31.0174 1444 [ C5B4683680DF085B57BC53E5EF34861F ] C:\Windows\System32\IKEEXT.DLL

08:10:31.0174 1444 C:\Windows\System32\IKEEXT.DLL - ok

08:10:31.0180 1444 [ A87205FE194B239D8D96E4972B779CC1 ] C:\Windows\System32\samcli.dll

08:10:31.0180 1444 C:\Windows\System32\samcli.dll - ok

08:10:31.0186 1444 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll

08:10:31.0186 1444 C:\Windows\System32\imageres.dll - ok

08:10:31.0191 1444 [ BAF19B633933A9FB4883D27D66C39E9A ] C:\Windows\System32\cryptsvc.dll

08:10:31.0191 1444 C:\Windows\System32\cryptsvc.dll - ok

08:10:31.0197 1444 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll

08:10:31.0197 1444 C:\Windows\System32\pcasvc.dll - ok

08:10:31.0203 1444 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe

08:10:31.0203 1444 C:\Windows\System32\snmptrap.exe - ok

08:10:31.0224 1444 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll

08:10:31.0224 1444 C:\Windows\System32\wbem\WMIsvc.dll - ok

08:10:31.0260 1444 [ 4FAC55936209B4F3EB78532181C9ED5E ] C:\Windows\System32\cryptnet.dll

08:10:31.0260 1444 C:\Windows\System32\cryptnet.dll - ok

08:10:31.0266 1444 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll

08:10:31.0267 1444 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok

08:10:31.0271 1444 [ FAF9BA81FB0543CB4B7EFFD24CFA815F ] C:\Windows\System32\wbemcomn.dll

08:10:31.0271 1444 C:\Windows\System32\wbemcomn.dll - ok

08:10:31.0275 1444 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll

08:10:31.0275 1444 C:\Windows\System32\ntmarta.dll - ok

08:10:31.0279 1444 [ A7582A70802D5B9F28ED3940F6A3E9ED ] C:\Windows\System32\wbem\WmiDcPrv.dll

08:10:31.0279 1444 C:\Windows\System32\wbem\WmiDcPrv.dll - ok

08:10:31.0285 1444 [ 06A7422224D9865A5613710A089987DF ] C:\Windows\System32\provsvc.dll

08:10:31.0285 1444 C:\Windows\System32\provsvc.dll - ok

08:10:31.0289 1444 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll

08:10:31.0289 1444 C:\Windows\System32\wbem\fastprox.dll - ok

08:10:31.0295 1444 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] C:\Windows\System32\nlasvc.dll

08:10:31.0295 1444 C:\Windows\System32\nlasvc.dll - ok

08:10:31.0301 1444 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll

08:10:31.0301 1444 C:\Windows\System32\sstpsvc.dll - ok

08:10:31.0307 1444 [ 107F279517E2A04DB4AC1B1FAF1D573B ] C:\Windows\System32\ncsi.dll

08:10:31.0307 1444 C:\Windows\System32\ncsi.dll - ok

08:10:31.0313 1444 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll

08:10:31.0313 1444 C:\Windows\System32\ntdsapi.dll - ok

08:10:31.0319 1444 [ 0BF0C2A72F2CB0BA4382C392D3E331AF ] C:\Windows\System32\winhttp.dll

08:10:31.0319 1444 C:\Windows\System32\winhttp.dll - ok

08:10:31.0341 1444 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll

08:10:31.0341 1444 C:\Windows\System32\wbem\WinMgmtR.dll - ok

08:10:31.0347 1444 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll

08:10:31.0347 1444 C:\Windows\System32\wbem\wbemprox.dll - ok

08:10:31.0353 1444 [ A261AD1FDC6D6A658A82B81AF81B215F ] C:\Windows\System32\vssapi.dll

08:10:31.0353 1444 C:\Windows\System32\vssapi.dll - ok

08:10:31.0359 1444 [ 2196CDBFA4B99BEEDAE300FA21DFE718 ] C:\Windows\System32\webio.dll

08:10:31.0359 1444 C:\Windows\System32\webio.dll - ok

08:10:31.0365 1444 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll

08:10:31.0365 1444 C:\Windows\System32\ssdpapi.dll - ok

08:10:31.0371 1444 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll

08:10:31.0371 1444 C:\Windows\System32\vsstrace.dll - ok

08:10:31.0377 1444 [ 3B9665D4B8C587A6014B9B8DFF5974A0 ] C:\Windows\System32\wbem\wbemcore.dll

08:10:31.0377 1444 C:\Windows\System32\wbem\wbemcore.dll - ok

08:10:31.0415 1444 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll

08:10:31.0415 1444 C:\Windows\System32\wbem\esscli.dll - ok

08:10:31.0421 1444 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll

08:10:31.0421 1444 C:\Windows\System32\wbem\wbemsvc.dll - ok

08:10:31.0427 1444 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll

08:10:31.0427 1444 C:\Windows\System32\wbem\wmiutils.dll - ok

08:10:31.0433 1444 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll

08:10:31.0433 1444 C:\Windows\System32\wbem\repdrvfs.dll - ok

08:10:31.0438 1444 [ 82BC97E5793DEF69691AAD5AB953A200 ] C:\Windows\System32\wbem\WmiPrvSD.dll

08:10:31.0439 1444 C:\Windows\System32\wbem\WmiPrvSD.dll - ok

08:10:31.0445 1444 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll

08:10:31.0445 1444 C:\Windows\System32\ncobjapi.dll - ok

08:10:31.0450 1444 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll

08:10:31.0450 1444 C:\Windows\System32\wbem\wbemess.dll - ok

08:10:31.0472 1444 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe

08:10:31.0473 1444 C:\Windows\System32\dllhost.exe - ok

08:10:31.0478 1444 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll

08:10:31.0478 1444 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll - ok

08:10:31.0484 1444 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll

08:10:31.0484 1444 C:\Windows\System32\IDStore.dll - ok

08:10:31.0491 1444 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe

08:10:31.0491 1444 C:\Windows\System32\AtBroker.exe - ok

08:10:31.0496 1444 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll

08:10:31.0496 1444 C:\Windows\System32\mpr.dll - ok

08:10:31.0502 1444 [ 6F8F1376A13114CC10C0E69274F5A4DE ] C:\Windows\System32\userinit.exe

08:10:31.0502 1444 C:\Windows\System32\userinit.exe - ok

08:10:31.0508 1444 [ 0862495E0C825893DB75EF44FAEA8E93 ] C:\Windows\explorer.exe

08:10:31.0508 1444 C:\Windows\explorer.exe - ok

08:10:31.0514 1444 [ 1C27E145EC99F20BC1B13FD98165A83F ] C:\Windows\System32\ExplorerFrame.dll

08:10:31.0514 1444 C:\Windows\System32\ExplorerFrame.dll - ok

08:10:31.0535 1444 [ 01A465AC251BCCF6037DF2EF28AA4292 ] C:\Windows\System32\apphelp.dll

08:10:31.0535 1444 C:\Windows\System32\apphelp.dll - ok

08:10:31.0540 1444 [ 17FA66AEA302D5725EECF0699CBBA0F3 ] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

08:10:31.0540 1444 C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll - ok

08:10:31.0544 1444 [ AF28348ED585539C4A33A4341FF23696 ] C:\Windows\System32\oleacc.dll

08:10:31.0544 1444 C:\Windows\System32\oleacc.dll - ok

08:10:31.0550 1444 [ 02CDEB5D8B3DD5F6770DEFFBBC0CFAD0 ] C:\Windows\System32\winspool.drv

08:10:31.0550 1444 C:\Windows\System32\winspool.drv - ok

08:10:31.0556 1444 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll

08:10:31.0556 1444 C:\Windows\System32\EhStorShell.dll - ok

08:10:31.0593 1444 [ 5F917AEEEA363B8A5DC8624795CB1D60 ] C:\Windows\System32\ntshrui.dll

08:10:31.0593 1444 C:\Windows\System32\ntshrui.dll - ok

08:10:31.0598 1444 [ BFEBE1E4B301F44CEA7C1B4021BD0264 ] C:\Windows\System32\cscapi.dll

08:10:31.0598 1444 C:\Windows\System32\cscapi.dll - ok

08:10:31.0604 1444 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll

08:10:31.0604 1444 C:\Windows\System32\IconCodecService.dll - ok

08:10:31.0610 1444 [ 6AB6D4DF10EC784CF4A66CBFAF417A11 ] C:\Windows\System32\runonce.exe

08:10:31.0610 1444 C:\Windows\System32\runonce.exe - ok

08:10:31.0616 1444 [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\SysWOW64\runonce.exe

08:10:31.0616 1444 C:\Windows\SysWOW64\runonce.exe - ok

08:10:31.0622 1444 [ DB6DD54A93522CA3572D04B56C5DB890 ] C:\Windows\SysWOW64\ntdll.dll

08:10:31.0622 1444 C:\Windows\SysWOW64\ntdll.dll - ok

08:10:31.0628 1444 [ C823A6F302D12FFE5DA305041F5213C7 ] C:\Windows\System32\wow64.dll

08:10:31.0628 1444 C:\Windows\System32\wow64.dll - ok

08:10:31.0634 1444 [ CA6CEE750AFE37BF90044774B7FE8DAD ] C:\Windows\System32\wow64win.dll

08:10:31.0634 1444 C:\Windows\System32\wow64win.dll - ok

08:10:31.0656 1444 [ 4E89D6A7571545F09F1234E7F6618099 ] C:\Windows\System32\wow64cpu.dll

08:10:31.0656 1444 C:\Windows\System32\wow64cpu.dll - ok

08:10:31.0662 1444 [ 33616DACC75C9E105DAE944120DB4274 ] C:\Windows\SysWOW64\kernel32.dll

08:10:31.0662 1444 C:\Windows\SysWOW64\kernel32.dll - ok

08:10:31.0668 1444 [ 0223642C49CF1B7BBF0B2CCC6FEA707C ] C:\Windows\SysWOW64\KernelBase.dll

08:10:31.0668 1444 C:\Windows\SysWOW64\KernelBase.dll - ok

08:10:31.0674 1444 [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\SysWOW64\advapi32.dll

08:10:31.0674 1444 C:\Windows\SysWOW64\advapi32.dll - ok

08:10:31.0680 1444 [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\SysWOW64\msvcrt.dll

08:10:31.0680 1444 C:\Windows\SysWOW64\msvcrt.dll - ok

08:10:31.0686 1444 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll

08:10:31.0686 1444 C:\Windows\SysWOW64\sechost.dll - ok

08:10:31.0692 1444 [ 90385551B6B3793E949DF310A11D64E7 ] C:\Windows\SysWOW64\rpcrt4.dll

08:10:31.0692 1444 C:\Windows\SysWOW64\rpcrt4.dll - ok

08:10:31.0698 1444 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll

08:10:31.0698 1444 C:\Windows\SysWOW64\cryptbase.dll - ok

08:10:31.0720 1444 [ 351F62085F1D007533B4BB159C9EFDE3 ] C:\Windows\SysWOW64\sspicli.dll

08:10:31.0720 1444 C:\Windows\SysWOW64\sspicli.dll - ok

08:10:31.0725 1444 [ FBE1E0B9EF53B5BB7C36763AA6A685CF ] C:\Windows\SysWOW64\gdi32.dll

08:10:31.0725 1444 C:\Windows\SysWOW64\gdi32.dll - ok

08:10:31.0731 1444 [ E8B0FFC209E504CB7E79FC24E6C085F0 ] C:\Windows\SysWOW64\user32.dll

08:10:31.0731 1444 C:\Windows\SysWOW64\user32.dll - ok

08:10:31.0737 1444 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll

08:10:31.0737 1444 C:\Windows\SysWOW64\lpk.dll - ok

08:10:31.0772 1444 [ 0BA19F3198C40AC4E8CC66EE02EDA6C6 ] C:\Windows\SysWOW64\usp10.dll

08:10:31.0772 1444 C:\Windows\SysWOW64\usp10.dll - ok

08:10:31.0806 1444 [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\SysWOW64\shlwapi.dll

08:10:31.0806 1444 C:\Windows\SysWOW64\shlwapi.dll - ok

08:10:31.0813 1444 [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\SysWOW64\ole32.dll

08:10:31.0813 1444 C:\Windows\SysWOW64\ole32.dll - ok

08:10:31.0819 1444 [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

08:10:31.0819 1444 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok

08:10:31.0841 1444 [ 2CBC35E872BA9B46474890135B56DD66 ] C:\Windows\SysWOW64\shell32.dll

08:10:31.0841 1444 C:\Windows\SysWOW64\shell32.dll - ok

08:10:31.0847 1444 [ 0DE3069D6E09BA262856EF31C941BEFE ] C:\Windows\SysWOW64\imm32.dll

08:10:31.0847 1444 C:\Windows\SysWOW64\imm32.dll - ok

08:10:31.0853 1444 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll

08:10:31.0853 1444 C:\Windows\SysWOW64\msctf.dll - ok

08:10:31.0859 1444 [ 8F6D9A20F1FB06F0602A7D5A82840DBF ] C:\Windows\System32\netcfgx.dll

08:10:31.0859 1444 C:\Windows\System32\netcfgx.dll - ok

08:10:31.0865 1444 [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\SysWOW64\ws2_32.dll

08:10:31.0865 1444 C:\Windows\SysWOW64\ws2_32.dll - ok

08:10:31.0870 1444 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll

08:10:31.0871 1444 C:\Windows\SysWOW64\nsi.dll - ok

08:10:31.0876 1444 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll

08:10:31.0876 1444 C:\Windows\SysWOW64\atl.dll - ok

08:10:31.0882 1444 [ 5553611E2F9EA6F613079177F1233068 ] C:\Windows\SysWOW64\wininet.dll

08:10:31.0882 1444 C:\Windows\SysWOW64\wininet.dll - ok

08:10:31.0888 1444 [ EB8A00E8E9931A7EC04F920B09D880D8 ] C:\Windows\SysWOW64\iertutil.dll

08:10:31.0888 1444 C:\Windows\SysWOW64\iertutil.dll - ok

08:10:31.0910 1444 [ 9FAC0F6D5F3D922DB294E30CD3F62369 ] C:\Windows\SysWOW64\urlmon.dll

08:10:31.0910 1444 C:\Windows\SysWOW64\urlmon.dll - ok

08:10:31.0915 1444 [ 705C210EFC5564BE49EB026BD7AFF27A ] C:\Windows\SysWOW64\oleaut32.dll

08:10:31.0915 1444 C:\Windows\SysWOW64\oleaut32.dll - ok

08:10:31.0921 1444 [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\SysWOW64\winmm.dll

08:10:31.0921 1444 C:\Windows\SysWOW64\winmm.dll - ok

08:10:31.0927 1444 [ 42B6A94DD747DF2B5F628A2752E62A98 ] C:\Windows\System32\ctfmon.exe

08:10:31.0927 1444 C:\Windows\System32\ctfmon.exe - ok

08:10:31.0933 1444 [ 18245DC72B65D488A8B2D75A8FE088EA ] C:\Windows\System32\timedate.cpl

08:10:31.0933 1444 C:\Windows\System32\timedate.cpl - ok

08:10:31.0938 1444 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll

08:10:31.0938 1444 C:\Windows\System32\MsCtfMonitor.dll - ok

08:10:31.0944 1444 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll

08:10:31.0944 1444 C:\Windows\System32\msutb.dll - ok

08:10:31.0950 1444 [ 732E668096B1A37B7BFD4B9021E69A8E ] C:\Windows\System32\oleres.dll

08:10:31.0950 1444 C:\Windows\System32\oleres.dll - ok

08:10:31.0955 1444 [ FBE8EBF528DC49B3DEB186CA9545D97E ] C:\Windows\System32\shdocvw.dll

08:10:31.0955 1444 C:\Windows\System32\shdocvw.dll - ok

08:10:32.0008 1444 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll

08:10:32.0008 1444 C:\Windows\System32\linkinfo.dll - ok

08:10:32.0014 1444 [ 46EDD0A6B42BA5D2044FA0909BE4BE95 ] C:\Windows\System32\msftedit.dll

08:10:32.0014 1444 C:\Windows\System32\msftedit.dll - ok

08:10:32.0020 1444 [ FA752544EE1EE59E8AD938CBB43CAC93 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll

08:10:32.0020 1444 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok

08:10:32.0043 1444 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll

08:10:32.0043 1444 C:\Windows\System32\msls31.dll - ok

08:10:32.0048 1444 [ DD76912E8D165C68659D9875256710A3 ] C:\Windows\System32\DeviceCenter.dll

08:10:32.0048 1444 C:\Windows\System32\DeviceCenter.dll - ok

08:10:32.0054 1444 [ 14F5C0DB4B2C47874D6C937A5A1B367C ] C:\Windows\System32\gameux.dll

08:10:32.0054 1444 C:\Windows\System32\gameux.dll - ok

08:10:32.0057 1444 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll

08:10:32.0057 1444 C:\Windows\System32\wer.dll - ok

08:10:32.0063 1444 [ 4ECE12D296ED94CA2C7DD6C383A5AB66 ] C:\Windows\System32\ieframe.dll

08:10:32.0064 1444 C:\Windows\System32\ieframe.dll - ok

08:10:32.0070 1444 [ F468C806267D46B68DB7EB32FBF0A103 ] C:\Windows\System32\thumbcache.dll

08:10:32.0070 1444 C:\Windows\System32\thumbcache.dll - ok

08:10:32.0076 1444 [ 8BC7AE7E16458355508ECF5EC3A04E72 ] C:\Windows\System32\networkexplorer.dll

08:10:32.0076 1444 C:\Windows\System32\networkexplorer.dll - ok

08:10:32.0081 1444 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] C:\Windows\System32\IPSECSVC.DLL

08:10:32.0081 1444 C:\Windows\System32\IPSECSVC.DLL - ok

08:10:32.0087 1444 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll

08:10:32.0087 1444 C:\Windows\System32\FwRemoteSvr.dll - ok

08:10:32.0108 1444 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll

08:10:32.0108 1444 C:\Windows\System32\msiltcfg.dll - ok

08:10:32.0114 1444 [ 599EBE6C7EA52B5FF9603F203E8EC080 ] C:\Windows\System32\msi.dll

08:10:32.0114 1444 C:\Windows\System32\msi.dll - ok

08:10:32.0118 1444 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll

08:10:32.0118 1444 C:\Windows\System32\winmm.dll - ok

08:10:32.0122 1444 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll

08:10:32.0122 1444 C:\Windows\System32\ksuser.dll - ok

08:10:32.0127 1444 [ 30F9BACA07F8251D7DD1805A9E919CE0 ] C:\Windows\System32\wdmaud.drv

08:10:32.0127 1444 C:\Windows\System32\wdmaud.drv - ok

08:10:32.0133 1444 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll

08:10:32.0133 1444 C:\Windows\System32\avrt.dll - ok

08:10:32.0139 1444 [ B22CB67919EBAD88B0E8BB9CDA446010 ] C:\Windows\System32\StikyNot.exe

08:10:32.0139 1444 C:\Windows\System32\StikyNot.exe - ok

08:10:32.0145 1444 [ 6DEC79D51F08EB735728D428D17AAA85 ] C:\Program Files\Windows NT\Accessories\wordpad.exe

08:10:32.0145 1444 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok

08:10:32.0150 1444 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll

08:10:32.0151 1444 C:\Windows\System32\mlang.dll - ok

08:10:32.0172 1444 [ E0F0D738B5FA3F8FD42D30B8C3B44EEE ] C:\Windows\Installer\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}\iTunesIco.exe

08:10:32.0172 1444 C:\Windows\Installer\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}\iTunesIco.exe - ok

08:10:32.0209 1444 [ 60CC15392FF14DCB9C29C69B3233741B ] C:\Windows\System32\stobject.dll

08:10:32.0209 1444 C:\Windows\System32\stobject.dll - ok

08:10:32.0215 1444 [ 86B6AC0FD2881B3D20B80F51C7152AE0 ] C:\Windows\System32\batmeter.dll

08:10:32.0215 1444 C:\Windows\System32\batmeter.dll - ok

08:10:32.0236 1444 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll

08:10:32.0237 1444 C:\Windows\System32\es.dll - ok

08:10:32.0242 1444 [ 651F169718CC46C8A9264880C538D5FF ] C:\Windows\System32\prnfldr.dll

08:10:32.0242 1444 C:\Windows\System32\prnfldr.dll - ok

08:10:32.0248 1444 [ 458F4590F80563EB2A0A72709BFC2BD9 ] C:\Windows\System32\mspaint.exe

08:10:32.0248 1444 C:\Windows\System32\mspaint.exe - ok

08:10:32.0254 1444 [ 913C2E4A03201644FC986EDEB5F8A390 ] C:\Windows\System32\DXP.dll

08:10:32.0254 1444 C:\Windows\System32\DXP.dll - ok

08:10:32.0259 1444 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll

08:10:32.0259 1444 C:\Windows\System32\Syncreg.dll - ok

08:10:32.0265 1444 [ 2D53C5F71653EF94E7829846405D4ED2 ] C:\Program Files\Internet Explorer\iexplore.exe

08:10:32.0265 1444 C:\Program Files\Internet Explorer\iexplore.exe - ok

08:10:32.0271 1444 [ DB70FE36AC8F594E9E69479C076BADB8 ] C:\Windows\System32\HelpPaneProxy.dll

08:10:32.0271 1444 C:\Windows\System32\HelpPaneProxy.dll - ok

08:10:32.0277 1444 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll

08:10:32.0277 1444 C:\Windows\System32\AltTab.dll - ok

08:10:32.0299 1444 [ FD4F95ABDE5603478C929B6CB0BDCFFF ] C:\Windows\System32\pnidui.dll

08:10:32.0299 1444 C:\Windows\System32\pnidui.dll - ok

08:10:32.0305 1444 [ CD47548A52B02D254BF6D7F7A5F2BFD3 ] C:\Windows\HelpPane.exe

08:10:32.0305 1444 C:\Windows\HelpPane.exe - ok

08:10:32.0308 1444 [ BD03C64C4B1F34D1F330BF6C4AC8113D ] C:\Windows\System32\QUTIL.DLL

08:10:32.0308 1444 C:\Windows\System32\QUTIL.DLL - ok

08:10:32.0315 1444 [ 86F1F949DD51FB5A044F1BD34CBE4AA8 ] C:\Windows\System32\apds.dll

08:10:32.0315 1444 C:\Windows\System32\apds.dll - ok

08:10:32.0321 1444 [ F2C7BB8ACC97F92E987A2D4087D021B1 ] C:\Windows\System32\notepad.exe

08:10:32.0321 1444 C:\Windows\System32\notepad.exe - ok

08:10:32.0326 1444 [ 8BC00C736E67A75D936E5B440917359B ] C:\Windows\System32\ActionCenter.dll

08:10:32.0326 1444 C:\Windows\System32\ActionCenter.dll - ok

08:10:32.0330 1444 [ 92AAF75C3EB344A098DC026BC9DDF42A ] C:\Windows\System32\bthprops.cpl

08:10:32.0330 1444 C:\Windows\System32\bthprops.cpl - ok

08:10:32.0334 1444 [ 10E4A1D2132CCB5C6759F038CDB6F3C9 ] C:\Windows\System32\calc.exe

08:10:32.0334 1444 C:\Windows\System32\calc.exe - ok

08:10:32.0372 1444 [ CE07AF86AA72F4AE964239DE0DABE738 ] C:\Windows\System32\msxml3.dll

08:10:32.0372 1444 C:\Windows\System32\msxml3.dll - ok

08:10:32.0377 1444 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll

08:10:32.0377 1444 C:\Windows\System32\netman.dll - ok

08:10:32.0382 1444 [ 66920354B984D4A3848A84B4E66745EA ] C:\Windows\System32\netshell.dll

08:10:32.0382 1444 C:\Windows\System32\netshell.dll - ok

08:10:32.0389 1444 [ 5257ACFEE02F737CA351938AD50660EB ] C:\Users\Isabel\Desktop\ListParts64.exe

08:10:32.0389 1444 C:\Users\Isabel\Desktop\ListParts64.exe - ok

08:10:32.0394 1444 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll

08:10:32.0394 1444 C:\Windows\System32\rasapi32.dll - ok

08:10:32.0400 1444 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll

08:10:32.0400 1444 C:\Windows\System32\rasman.dll - ok

08:10:32.0421 1444 [ F5A61F0A0030C80DF319B0C14A4C8885 ] C:\Windows\System32\rtutils.dll

08:10:32.0421 1444 C:\Windows\System32\rtutils.dll - ok

08:10:32.0426 1444 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll

08:10:32.0426 1444 C:\Windows\System32\UIAnimation.dll - ok

08:10:32.0431 1444 [ F244DA6DD2C365ABAFD076222C22C2BE ] C:\Windows\System32\mshtml.dll

08:10:32.0431 1444 C:\Windows\System32\mshtml.dll - ok

08:10:32.0437 1444 [ 86E3822A34D454032D8E88C72AE8CF2D ] C:\Windows\System32\nlaapi.dll

08:10:32.0437 1444 C:\Windows\System32\nlaapi.dll - ok

08:10:32.0442 1444 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll

08:10:32.0442 1444 C:\Windows\System32\npmproxy.dll - ok

08:10:32.0447 1444 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll

08:10:32.0447 1444 C:\Windows\System32\rasdlg.dll - ok

08:10:32.0452 1444 [ 114429A77D935053E13A9BF98A8B8CA1 ] C:\Windows\System32\mprapi.dll

08:10:32.0452 1444 C:\Windows\System32\mprapi.dll - ok

08:10:32.0457 1444 [ BB68579E181956E37EB11F9083C01CF3 ] C:\Windows\System32\dot3api.dll

08:10:32.0458 1444 C:\Windows\System32\dot3api.dll - ok

08:10:32.0464 1444 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll

08:10:32.0464 1444 C:\Windows\System32\wlanhlp.dll - ok

08:10:32.0486 1444 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll

08:10:32.0486 1444 C:\Windows\System32\wlanapi.dll - ok

08:10:32.0491 1444 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll

08:10:32.0491 1444 C:\Windows\System32\hnetcfg.dll - ok

08:10:32.0495 1444 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll

08:10:32.0495 1444 C:\Windows\System32\WWanAPI.dll - ok

08:10:32.0499 1444 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll

08:10:32.0499 1444 C:\Windows\System32\wwapi.dll - ok

08:10:32.0503 1444 [ 0B9F7D42D745038437FAE70D97F9AD5A ] C:\Windows\System32\QAGENT.DLL

08:10:32.0503 1444 C:\Windows\System32\QAGENT.DLL - ok

08:10:32.0538 1444 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll

08:10:32.0539 1444 C:\Windows\System32\FXSST.dll - ok

08:10:32.0542 1444 [ 34E6D8C67E7FD7C917BECFECA326B168 ] C:\Windows\System32\FXSAPI.dll

08:10:32.0543 1444 C:\Windows\System32\FXSAPI.dll - ok

08:10:32.0548 1444 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe

08:10:32.0548 1444 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok

08:10:32.0554 1444 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll

08:10:32.0554 1444 C:\Windows\System32\FXSRESM.dll - ok

08:10:32.0561 1444 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll

08:10:32.0561 1444 C:\Program Files\Windows Media Player\wmpnssci.dll - ok

08:10:32.0565 1444 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] C:\Windows\System32\FXSSVC.exe

08:10:32.0565 1444 C:\Windows\System32\FXSSVC.exe - ok

08:10:32.0569 1444 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll

08:10:32.0569 1444 C:\Windows\System32\rasadhlp.dll - ok

08:10:32.0573 1444 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll

08:10:32.0573 1444 C:\Windows\ehome\ehSSO.dll - ok

08:10:32.0579 1444 [ AB01C36BCC34CCFE5B0BB5FFB2605135 ] C:\Windows\System32\WPDShServiceObj.dll

08:10:32.0579 1444 C:\Windows\System32\WPDShServiceObj.dll - ok

08:10:32.0584 1444 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll

08:10:32.0584 1444 C:\Windows\System32\PortableDeviceTypes.dll - ok

08:10:32.0605 1444 [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

08:10:32.0605 1444 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok

08:10:32.0611 1444 [ 5DA7D8934F7AB0884A6A8FC02E8B2AA7 ] C:\Windows\System32\PortableDeviceApi.dll

08:10:32.0611 1444 C:\Windows\System32\PortableDeviceApi.dll - ok

08:10:32.0617 1444 [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll

08:10:32.0617 1444 C:\Program Files\Bonjour\mdnsNSP.dll - ok

08:10:32.0622 1444 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll

08:10:32.0623 1444 C:\Windows\System32\winrnr.dll - ok

08:10:32.0628 1444 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll

08:10:32.0628 1444 C:\Windows\System32\NapiNSP.dll - ok

08:10:32.0634 1444 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll

08:10:32.0634 1444 C:\Windows\System32\pnrpnsp.dll - ok

08:10:32.0640 1444 [ 2C5B8A680A90E96B1EC0D6DA0505E685 ] C:\Windows\System32\srchadmin.dll

08:10:32.0640 1444 C:\Windows\System32\srchadmin.dll - ok

08:10:32.0647 1444 [ E3E2E9A96E6BA95D0CF0F026C7B18654 ] C:\Windows\System32\wshbth.dll

08:10:32.0647 1444 C:\Windows\System32\wshbth.dll - ok

08:10:32.0653 1444 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll

08:10:32.0653 1444 C:\Windows\System32\webcheck.dll - ok

08:10:32.0674 1444 [ E6F66F31422C44EDC00D9C9329E7DF60 ] C:\Windows\System32\SyncCenter.dll

08:10:32.0674 1444 C:\Windows\System32\SyncCenter.dll - ok

08:10:32.0711 1444 [ 6660051944ADD0EF38CB867B7C713F36 ] C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll

08:10:32.0711 1444 C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll - ok

08:10:32.0733 1444 [ 8B886A0AC14EAA8599142887991A5A2E ] C:\Windows\System32\imapi2.dll

08:10:32.0733 1444 C:\Windows\System32\imapi2.dll - ok

08:10:32.0738 1444 [ 7FA5CA36B613A000F3A37E6B5170A195 ] C:\Windows\System32\d2d1.dll

08:10:32.0738 1444 C:\Windows\System32\d2d1.dll - ok

08:10:32.0744 1444 [ E9FD4DA5188391ECD30E6C29213EABF0 ] C:\Windows\System32\DWrite.dll

08:10:32.0744 1444 C:\Windows\System32\DWrite.dll - ok

08:10:32.0750 1444 [ DC57BAF15064ECB79F6D2CCF352E1D88 ] C:\Windows\System32\taskschd.dll

08:10:32.0750 1444 C:\Windows\System32\taskschd.dll - ok

08:10:32.0755 1444 [ F66A12ACF2B2DB8C73A2C180F562E3EC ] C:\Windows\System32\mstask.dll

08:10:32.0756 1444 C:\Windows\System32\mstask.dll - ok

08:10:32.0760 1444 [ D95DB5C915C001F78709C17285109BDC ] C:\Windows\System32\dxgi.dll

08:10:32.0760 1444 C:\Windows\System32\dxgi.dll - ok

08:10:32.0766 1444 [ 58A0C212ED2ABE462B3A9626F5B96261 ] C:\Windows\System32\d3d10_1.dll

08:10:32.0766 1444 C:\Windows\System32\d3d10_1.dll - ok

08:10:32.0772 1444 [ AFBBC34687FA48A4928B99AF097C1EC0 ] C:\Windows\System32\d3d10_1core.dll

08:10:32.0772 1444 C:\Windows\System32\d3d10_1core.dll - ok

08:10:32.0777 1444 [ F0AAB2A76A7AF04C70A818E96BAF3E64 ] C:\Windows\System32\hgcpl.dll

08:10:32.0777 1444 C:\Windows\System32\hgcpl.dll - ok

08:10:32.0799 1444 [ 0CCA9F023E7DC078D7CFBF024655AB7F ] C:\Windows\System32\d3d10warp.dll

08:10:32.0799 1444 C:\Windows\System32\d3d10warp.dll - ok

08:10:32.0805 1444 [ 1E4BDDBD5A63059A97063339B4F8986F ] C:\Windows\System32\actxprxy.dll

08:10:32.0805 1444 C:\Windows\System32\actxprxy.dll - ok

08:10:32.0810 1444 [ B3CE0951E3C1EA3C733573C472EE85F9 ] C:\Windows\System32\msimtf.dll

08:10:32.0810 1444 C:\Windows\System32\msimtf.dll - ok

08:10:32.0814 1444 [ 2CEFF13ACE25A40BD8D97654944297CD ] C:\Windows\svchost.exe

08:10:32.0814 1444 C:\Windows\svchost.exe - ok

08:10:32.0820 1444 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll

08:10:32.0820 1444 C:\Windows\SysWOW64\ntmarta.dll - ok

08:10:32.0826 1444 [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\SysWOW64\Wldap32.dll

08:10:32.0826 1444 C:\Windows\SysWOW64\Wldap32.dll - ok

08:10:32.0831 1444 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll

08:10:32.0831 1444 C:\Windows\SysWOW64\dsound.dll - ok

08:10:32.0837 1444 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll

08:10:32.0837 1444 C:\Windows\SysWOW64\powrprof.dll - ok

08:10:32.0843 1444 [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\SysWOW64\setupapi.dll

08:10:32.0843 1444 C:\Windows\SysWOW64\setupapi.dll - ok

08:10:32.0865 1444 [ E702ED19C332C1F12C1403D100E2F4F3 ] C:\Windows\SysWOW64\cfgmgr32.dll

08:10:32.0865 1444 C:\Windows\SysWOW64\cfgmgr32.dll - ok

08:10:32.0901 1444 [ 6C9C05D5344B9AB80E9180FC859BC45A ] C:\Windows\SysWOW64\devobj.dll

08:10:32.0902 1444 C:\Windows\SysWOW64\devobj.dll - ok

08:10:32.0907 1444 [ 6CC10D9FD128069DBFE476222F097616 ] C:\Windows\SysWOW64\secur32.dll

08:10:32.0908 1444 C:\Windows\SysWOW64\secur32.dll - ok

08:10:32.0913 1444 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll

08:10:32.0913 1444 C:\Windows\SysWOW64\profapi.dll - ok

08:10:32.0919 1444 [ 5F1F35F2F995FA8615438AB922B0BA7B ] C:\Program Files\Internet Explorer\ieproxy.dll

08:10:32.0919 1444 C:\Program Files\Internet Explorer\ieproxy.dll - ok

08:10:32.0925 1444 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll

08:10:32.0925 1444 C:\Windows\System32\SensApi.dll - ok

08:10:32.0931 1444 [ B4E2C7F58BF8E9E62CDC430C90C85C53 ] C:\Windows\System32\wmp.dll

08:10:32.0931 1444 C:\Windows\System32\wmp.dll - ok

08:10:32.0936 1444 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll

08:10:32.0936 1444 C:\Windows\System32\sfc.dll - ok

08:10:32.0942 1444 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll

08:10:32.0942 1444 C:\Windows\System32\sfc_os.dll - ok

08:10:32.0948 1444 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Isabel\Desktop\tdsskiller.exe

08:10:32.0948 1444 C:\Users\Isabel\Desktop\tdsskiller.exe - ok

08:10:32.0954 1444 [ 423DEB0EE3A9B4F4509BA42AF85F0354 ] C:\Windows\System32\wmploc.DLL

08:10:32.0954 1444 C:\Windows\System32\wmploc.DLL - ok

08:10:32.0959 1444 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll

08:10:32.0959 1444 C:\Windows\SysWOW64\clbcatq.dll - ok

08:10:32.0981 1444 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll

08:10:32.0981 1444 C:\Windows\SysWOW64\cryptsp.dll - ok

08:10:32.0987 1444 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll

08:10:32.0987 1444 C:\Windows\SysWOW64\rsaenh.dll - ok

08:10:32.0993 1444 [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\SysWOW64\RpcRtRemote.dll

08:10:32.0993 1444 C:\Windows\SysWOW64\RpcRtRemote.dll - ok

08:10:32.0999 1444 [ 7DA089C75B1E92032D0CBE4ADE7C32BC ] C:\Windows\SysWOW64\crypt32.dll

08:10:32.0999 1444 C:\Windows\SysWOW64\crypt32.dll - ok

08:10:33.0004 1444 [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\SysWOW64\msasn1.dll

08:10:33.0004 1444 C:\Windows\SysWOW64\msasn1.dll - ok

08:10:33.0010 1444 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll

08:10:33.0010 1444 C:\Windows\SysWOW64\version.dll - ok

08:10:33.0016 1444 [ CC9BBCFC715FBEDF7AE476106FE653E9 ] C:\Windows\SysWOW64\winhttp.dll

08:10:33.0016 1444 C:\Windows\SysWOW64\winhttp.dll - ok

08:10:33.0022 1444 [ A86A1C5DF1C662D1C75815BF4794F16D ] C:\Windows\SysWOW64\webio.dll

08:10:33.0022 1444 C:\Windows\SysWOW64\webio.dll - ok

08:10:33.0027 1444 [ 334A663962618F7A136FA1F80F773C5F ] C:\Windows\SysWOW64\wintrust.dll

08:10:33.0027 1444 C:\Windows\SysWOW64\wintrust.dll - ok

08:10:33.0049 1444 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll

08:10:33.0049 1444 C:\Windows\SysWOW64\uxtheme.dll - ok

08:10:33.0055 1444 [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\SysWOW64\credssp.dll

08:10:33.0055 1444 C:\Windows\SysWOW64\credssp.dll - ok

08:10:33.0060 1444 [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\SysWOW64\mswsock.dll

08:10:33.0060 1444 C:\Windows\SysWOW64\mswsock.dll - ok

08:10:33.0064 1444 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL

08:10:33.0064 1444 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok

08:10:33.0069 1444 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll

08:10:33.0070 1444 C:\Windows\SysWOW64\wship6.dll - ok

08:10:33.0075 1444 [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\SysWOW64\dnsapi.dll

08:10:33.0075 1444 C:\Windows\SysWOW64\dnsapi.dll - ok

08:10:33.0081 1444 [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL

08:10:33.0081 1444 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok

08:10:33.0087 1444 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll

08:10:33.0087 1444 C:\Windows\SysWOW64\psapi.dll - ok

08:10:33.0093 1444 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll

08:10:33.0093 1444 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok

08:10:33.0115 1444 [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\SysWOW64\IPHLPAPI.DLL

08:10:33.0115 1444 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok

08:10:33.0121 1444 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll

08:10:33.0121 1444 C:\Windows\SysWOW64\winnsi.dll - ok

08:10:33.0127 1444 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll

08:10:33.0127 1444 C:\Windows\SysWOW64\rasadhlp.dll - ok

08:10:33.0133 1444 [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\SysWOW64\FWPUCLNT.DLL

08:10:33.0133 1444 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok

08:10:33.0137 1444 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\01933746.sys

08:10:33.0137 1444 C:\Windows\System32\drivers\01933746.sys - ok

08:10:33.0141 1444 [ F1317678AC2FBA9F640279290B2E2988 ] C:\Windows\SysWOW64\msi.dll

08:10:33.0141 1444 C:\Windows\SysWOW64\msi.dll - ok

08:10:33.0146 1444 [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\SysWOW64\userenv.dll

08:10:33.0146 1444 C:\Windows\SysWOW64\userenv.dll - ok

08:10:33.0150 1444 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\SysWOW64\riched20.dll

08:10:33.0150 1444 C:\Windows\SysWOW64\riched20.dll - ok

08:10:33.0155 1444 [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\SysWOW64\ExplorerFrame.dll

08:10:33.0155 1444 C:\Windows\SysWOW64\ExplorerFrame.dll - ok

08:10:33.0161 1444 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll

08:10:33.0161 1444 C:\Windows\SysWOW64\duser.dll - ok

08:10:33.0183 1444 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll

08:10:33.0183 1444 C:\Windows\SysWOW64\dui70.dll - ok

08:10:33.0205 1444 [ 0BA3F31E2B4D8D99DF8DD19E81155374 ] C:\Windows\SysWOW64\ieframe.dll

08:10:33.0205 1444 C:\Windows\SysWOW64\ieframe.dll - ok

08:10:33.0210 1444 [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\SysWOW64\oleacc.dll

08:10:33.0210 1444 C:\Windows\SysWOW64\oleacc.dll - ok

08:10:33.0233 1444 [ ACCBA604D34842844133A731F8045B32 ] C:\Windows\SysWOW64\sxs.dll

08:10:33.0233 1444 C:\Windows\SysWOW64\sxs.dll - ok

08:10:33.0238 1444 [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\SysWOW64\propsys.dll

08:10:33.0238 1444 C:\Windows\SysWOW64\propsys.dll - ok

08:10:33.0244 1444 [ C02E3CE20E7776C922B5C8938350B5F1 ] C:\Windows\SysWOW64\apphelp.dll

08:10:33.0244 1444 C:\Windows\SysWOW64\apphelp.dll - ok

08:10:33.0250 1444 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll

08:10:33.0250 1444 C:\Windows\SysWOW64\rasapi32.dll - ok

08:10:33.0255 1444 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll

08:10:33.0255 1444 C:\Windows\SysWOW64\rasman.dll - ok

08:10:33.0261 1444 [ 406F7B9C71B99872670EE9A8D52E2FE5 ] C:\Windows\SysWOW64\rtutils.dll

08:10:33.0261 1444 C:\Windows\SysWOW64\rtutils.dll - ok

08:10:33.0267 1444 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll

08:10:33.0268 1444 C:\Windows\SysWOW64\netprofm.dll - ok

08:10:33.0273 1444 [ 045DB4EAB4FBD23210E85ECC3F464A2E ] C:\Windows\SysWOW64\nlaapi.dll

08:10:33.0273 1444 C:\Windows\SysWOW64\nlaapi.dll - ok

08:10:33.0295 1444 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll

08:10:33.0295 1444 C:\Windows\SysWOW64\npmproxy.dll - ok

08:10:33.0300 1444 [ BB197F54A8F69EEA8356B7F70E6D3A20 ] C:\Windows\SysWOW64\mshtml.dll

08:10:33.0300 1444 C:\Windows\SysWOW64\mshtml.dll - ok

08:10:33.0306 1444 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll

08:10:33.0306 1444 C:\Windows\SysWOW64\mlang.dll - ok

08:10:33.0311 1444 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\SysWOW64\msimtf.dll

08:10:33.0311 1444 C:\Windows\SysWOW64\msimtf.dll - ok

08:10:33.0315 1444 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll

08:10:33.0315 1444 C:\Windows\SysWOW64\msls31.dll - ok

08:10:33.0321 1444 [ 394373142655ACCF49D64AAD466C86FF ] C:\Windows\SysWOW64\jscript9.dll

08:10:33.0321 1444 C:\Windows\SysWOW64\jscript9.dll - ok

08:10:33.0326 1444 [ 9FDF43178419CB0D4B50373C50396BDF ] C:\Windows\SysWOW64\d2d1.dll

08:10:33.0326 1444 C:\Windows\SysWOW64\d2d1.dll - ok

08:10:33.0331 1444 [ 9F9B0AD8804ECFF8CBD279992DCF7210 ] C:\Windows\SysWOW64\DWrite.dll

08:10:33.0331 1444 C:\Windows\SysWOW64\DWrite.dll - ok

08:10:33.0335 1444 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll

08:10:33.0335 1444 C:\Windows\SysWOW64\dwmapi.dll - ok

08:10:33.0357 1444 [ DD76301614636306414EFA94A9AC5A03 ] C:\Windows\SysWOW64\dxgi.dll

08:10:33.0357 1444 C:\Windows\SysWOW64\dxgi.dll - ok

08:10:33.0395 1444 [ AD8F6914F7A9AC28047389BE7AF56EBF ] C:\Windows\SysWOW64\d3d10_1.dll

08:10:33.0395 1444 C:\Windows\SysWOW64\d3d10_1.dll - ok

08:10:33.0417 1444 [ 9103E020906FC7A166F380EF2D2516B2 ] C:\Windows\SysWOW64\d3d10_1core.dll

08:10:33.0417 1444 C:\Windows\SysWOW64\d3d10_1core.dll - ok

08:10:33.0423 1444 [ BEADABADC909D2C7F59CD3DEA77EE67E ] C:\Windows\SysWOW64\d3d10warp.dll

08:10:33.0423 1444 C:\Windows\SysWOW64\d3d10warp.dll - ok

08:10:33.0429 1444 [ 00D1F89836927C0F2E37321E6B441FCE ] C:\Windows\SysWOW64\msxml3.dll

08:10:33.0429 1444 C:\Windows\SysWOW64\msxml3.dll - ok

08:10:33.0435 1444 [ DBBBE5B64E2FE1AF8BE76CCAA2B54DFC ] C:\Windows\SysWOW64\vbscript.dll

08:10:33.0435 1444 C:\Windows\SysWOW64\vbscript.dll - ok

08:10:33.0438 1444 ============================================================

08:10:33.0438 1444 Scan finished

08:10:33.0438 1444 ============================================================

08:10:33.0449 1424 Detected object count: 4

08:10:33.0449 1424 Actual detected object count: 4

08:11:37.0809 1424 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

08:11:37.0809 1424 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:11:37.0809 1424 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

08:11:37.0810 1424 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:11:39.0306 1424 \Device\Harddisk0\DR0\# - copied to quarantine

08:11:39.0307 1424 \Device\Harddisk0\DR0 - copied to quarantine

08:11:39.0334 1424 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

08:11:39.0336 1424 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

08:11:39.0344 1424 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

08:11:39.0349 1424 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

08:11:39.0350 1424 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

08:11:39.0351 1424 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

08:11:39.0352 1424 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

08:11:39.0353 1424 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

08:11:39.0355 1424 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

08:11:39.0355 1424 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

08:11:39.0356 1424 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

08:11:39.0382 1424 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

08:11:39.0389 1424 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

08:11:39.0432 1424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

08:11:39.0472 1424 \Device\Harddisk0\DR0 - ok

08:11:40.0861 1424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

08:11:40.0861 1424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:11:40.0861 1424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

08:11:52.0058 1976 Deinitialize success

Link to post
Share on other sites

Run TDSSKiller again and choose Delete for this one only: (no need to check the Loaded Modules" box or post the log)

08:11:40.0861 1424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:11:40.0861 1424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~~~~~

Then.............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I had been doing all of the steps so far in Safe Mode (it was the only way that I could). Before I got your last reply, I had to restart the computer and it came up in normal mode...it was trying to do Windows updates, which I stopped. When I ran TDSSkiller to delete the file as you directed, it didn't find any problems. So, I restarted the computer in safe mode and it found it and I deleted it. Hope the restart didn't mess anything up. Anyway, after deleting the file in TDSSKiller, I ran ComboFix (in safe mode). Here's the log:

ComboFix 12-11-03.02 - Isabel 11/03/2012 10:13:04.1.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.3161 [GMT -4:00]

Running from: c:\users\Isabel\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ReadOnlyInstaller.msi

c:\programdata\uninstaller.exe

c:\users\Isabel's GGuest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2434F6CE-E7D3-451E-B5A5-1593B476297C}.xps

c:\users\Isabel's GGuest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9579D7F5-249A-487C-B000-C05B52A713DB}.xps

c:\users\Isabel's GGuest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9CE3BF2C-ED79-43D1-9F3A-CC05CC27DE67}.xps

c:\users\Isabel's GGuest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA1C4121-BAFE-4720-A07B-BF86EE0CA640}.xps

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))

.

.

2012-11-03 14:21 . 2012-11-03 14:21 -------- d-----w- c:\users\Isabel's GGuest\AppData\Local\temp

2012-11-03 14:21 . 2012-11-03 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-03 14:02 . 2012-11-03 14:06 -------- d-----w- c:\program files (x86)\7-zip

2012-11-03 12:11 . 2012-11-03 13:55 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-16 00:56 . 2012-10-16 00:56 -------- d-----w- c:\programdata\EA Core

2012-10-14 00:51 . 2012-10-14 00:51 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-14 00:50 . 2012-10-14 00:49 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-10-13 22:15 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll

2012-10-13 22:15 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-13 22:15 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-13 22:15 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-13 22:15 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-13 22:15 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-13 15:36 . 2012-10-13 15:36 -------- d-----w- c:\programdata\McAfee

2012-10-13 15:10 . 2012-08-18 15:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-14 00:49 . 2011-01-09 10:04 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-13 22:10 . 2012-06-03 21:39 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-13 22:10 . 2011-07-20 23:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-29 23:54 . 2011-12-27 03:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-24 11:15 . 2012-09-22 07:01 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-22 07:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-22 07:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-22 07:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-22 07:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-22 07:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-22 07:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-22 07:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-22 07:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-22 07:01 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-22 07:01 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-22 07:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-22 07:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-22 07:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-22 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-22 07:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-22 07:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-22 07:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-22 07:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 07:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 07:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-22 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-18 11:19 . 2012-10-13 15:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-16 39408]

"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-08-20 27040888]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-09-05 3341464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-07-23 111640]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"096B5A81-EB7E-45A6-A450-3B8015C6E722"="start" [X]

.

c:\users\Isabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart

.

R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]

R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-04 92216]

R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\DRIVERS\bthprint.sys [2009-07-14 67072]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-12-08 158976]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-12-08 317440]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-17 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 59680254

*NewlyCreated* - 80544000

*Deregistered* - 59680254

*Deregistered* - 80544000

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 22:10]

.

2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 12:41]

.

2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 12:41]

.

2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-116168338-2914196081-1075461520-1001Core.job

- c:\users\Isabel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-14 18:53]

.

2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-116168338-2914196081-1075461520-1001UA.job

- c:\users\Isabel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-14 18:53]

.

2012-09-29 c:\windows\Tasks\HPCeeScheduleForISABEL-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-08 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-08 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-08 417304]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - (no file)

URLSearchHooks-{192a6019-26d2-4611-aead-07cd7733b146} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-55485300.sys

SafeBoot-59680254.sys

SafeBoot-63790324.sys

SafeBoot-66755451.sys

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)

WebBrowser-{192A6019-26D2-4611-AEAD-07CD7733B146} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{192A6019-26D2-4611-AEAD-07CD7733B146}"=hex:51,66,7a,6c,4c,1d,38,12,77,63,39,

1d,e0,68,7f,03,d1,bb,44,8d,72,6d,f5,52

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,

dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a2,d8,74,07,a8,a9,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-03 10:24:11

ComboFix-quarantined-files.txt 2012-11-03 14:24

.

Pre-Run: 397,463,519,232 bytes free

Post-Run: 405,130,182,656 bytes free

.

- - End Of File - - F2E91A885593CBB903DE5ED95B660872

Link to post
Share on other sites

Thank you so very, very much!!!! I think it's all clear. When I ran MalwareBytes, it found PUP.BundleOffers.IIQ from a zip application that I accidentally downloaded when I was trying to download ComboFix. I then ran MalwareBytes again and it didn't find anything. Here's the log when it found PUP.BundleOffers.IIQ

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.03.01

Windows 7 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Isabel :: ISABEL-HP [administrator]

11/3/2012 10:57:21 AM

mbam-log-2012-11-03 (10-57-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 243059

Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Isabel\Desktop\7zip_installer_d162802.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

OK, lets check for any adware and we also have some clean up to do>>>>>

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

Here's the Adware log file:

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 11:45:13

# Updated 30/10/2012 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Isabel - ISABEL-HP

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Isabel\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Found : C:\Users\Isabel\AppData\Local\Temp\Uninstall.exe

Folder Found : C:\Program Files (x86)\Ask.com

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\ProgramData\WeCareReminder

Folder Found : C:\Users\Isabel\AppData\Local\Conduit

Folder Found : C:\Users\Isabel\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Isabel\AppData\LocalLow\Conduit

Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\AppDataLow\Software

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\wecarereminder

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\Software\APN

Key Found : HKLM\Software\AskToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder

Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2260173

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2836015

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461137}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461137}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKU\S-1-5-21-116168338-2914196081-1075461520-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6397 octets] - [03/11/2012 11:45:13]

########## EOF - C:\AdwCleaner[R1].txt - [6457 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

Here's the Adware log after deleting:

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 11:49:17

# Updated 30/10/2012 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Isabel - ISABEL-HP

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Isabel\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\Users\Isabel\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\ProgramData\WeCareReminder

Folder Deleted : C:\Users\Isabel\AppData\Local\Conduit

Folder Deleted : C:\Users\Isabel\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Isabel\AppData\LocalLow\Conduit

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\wecarereminder

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder

Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2836015

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461137}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461137}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6514 octets] - [03/11/2012 11:45:13]

AdwCleaner[s1].txt - [6137 octets] - [03/11/2012 11:49:17]

########## EOF - C:\AdwCleaner[s1].txt - [6197 octets] ##########

Link to post
Share on other sites

Great thumbsup.gif

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Link to post
Share on other sites

Here's the Security Check log:

Results of screen317's Security Check version 0.99.54

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2011

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 37

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.94

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 4%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.54

Windows 7 x64 (UAC is enabled)

Out of date service pack!! <----check for update

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2011

Antivirus up to date! (On Access scanning disabled!) <---please enable

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java™ 6 Update 37 <-------uninstall from add/remove programs

Java version out of Date! <----download and install the latest version from Here

Adobe Reader 9 Adobe Reader out of Date! <----please check for an update

~~~~~~~~~~~~~~~~~~~~~~~~~~~

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.