Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

visitor survey virus [Closed] [Solved]

Started by daveidw , Sep 27 2012 06:44 AM

This topic is locked

#1
daveidw

Posted 27 September 2012 - 06:44 AM

New Member

Member
4 posts

Hi,
when browsing the internet I am redirected to a visitor survey site. Also when viewing webpages there are random words that are hyperlinked to advertising sites. I'm assuming these issues are a result of a virus or viruses. Can you tell me what I need to do to resolve the problem?

Thanks,
David

OTL logfile created on: 27/09/2012 8:15:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\e0382117\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.16 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 67.92% Memory free
7.75 Gb Paging File | 6.98 Gb Available in Paging File | 90.06% Paging File free
Paging file location(s): C:\pagefile.sys 4860 6480 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 190.49 Gb Free Space | 66.12% Space Free | Partition Type: NTFS

Computer Name: NB4T6RYX4R1 | User Name: e0382117 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/27 20:14:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\e0382117\My Documents\Downloads\OTL.exe
PRC - [2012/09/27 19:35:19 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/05/19 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/05/19 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/05/19 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2011/04/05 13:08:04 | 000,501,104 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2011/01/25 11:57:18 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/01/25 11:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010/12/09 18:27:44 | 002,151,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/12/09 18:27:44 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/11/09 22:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/10/22 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/10/22 20:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/22 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/10/22 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/10/22 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2010/08/31 04:00:15 | 000,481,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Novadigm\radtray.exe
PRC - [2010/08/31 03:59:45 | 000,333,544 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Novadigm\Radstgms.exe
PRC - [2010/08/31 03:59:14 | 000,194,280 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Novadigm\radsched.exe
PRC - [2010/08/31 03:56:29 | 000,300,776 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Novadigm\radexecd.exe
PRC - [2010/07/07 14:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/31 15:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/12 10:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/02/11 08:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
PRC - [2009/07/07 12:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\UPHClean\uphclean.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/27 19:35:15 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/03 16:38:15 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2011/05/19 16:05:00 | 000,070,976 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2010/12/09 18:27:54 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2010/12/09 18:27:52 | 000,075,112 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2010/10/22 20:07:00 | 000,148,800 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2009/11/13 15:40:06 | 000,140,856 | ---- | M] () -- C:\Program Files\Novadigm\expat.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/27 19:35:17 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/01/25 11:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010/10/22 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/10/22 20:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/22 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/10/22 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/08/31 03:59:45 | 000,333,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Novadigm\Radstgms.exe -- (Radstgms)
SRV - [2010/08/31 03:59:14 | 000,194,280 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Novadigm\radsched.exe -- (radsched)
SRV - [2010/08/31 03:56:29 | 000,300,776 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Novadigm\radexecd.exe -- (radexecd)
SRV - [2010/02/11 08:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\UPHClean\uphclean.exe -- (UPHClean)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1k5132.sys -- (e1kexpress)
DRV - File not found [Kernel | System | Stopped] -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- (DritekPortIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DKbFltr.sys -- (DKbFltr)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AGRSM.sys -- (AgereSoftModem)
DRV - [2011/07/22 12:28:26 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\accelern.sys -- (Acceler)
DRV - [2011/07/15 21:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2011/05/11 23:37:31 | 000,011,026 | ---- | M] (VMware, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)
DRV - [2011/04/05 15:27:26 | 000,295,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/03/24 04:51:56 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdjxp.sys -- (O2SDJRDR)
DRV - [2011/03/22 05:56:12 | 000,933,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/03/22 05:56:12 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2011/01/25 11:57:18 | 001,660,547 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2011/01/18 04:45:16 | 003,360,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/01/04 17:58:42 | 000,061,728 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdrxp.sys -- (O2MDRRDR)
DRV - [2010/10/22 20:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/22 20:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/22 20:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/22 20:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/22 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/10/22 20:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/15 18:29:16 | 000,260,864 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/10/14 06:39:04 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2010/08/25 06:46:00 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/09/16 16:07:42 | 000,144,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/09/10 23:20:20 | 000,029,072 | ---- | M] (Hewlett Packard) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radiamsi.sys -- (RadiaMsi)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/04/22 06:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/14 03:02:51 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/05/30 19:17:54 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/28 06:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/03/19 14:26:24 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/11/01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/26 13:19:24 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/17 10:12:00 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/04/03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2003/09/29 07:10:00 | 000,083,008 | ---- | M] (Network Associates, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.det.....wa.edu.au/owa/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{484CEF07-88C8-441E-B981-78DF0ECA4775}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.1.81.11:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.52
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - prefs.js..network.proxy.http: "10.1.81.11"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\e0382117\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/30 20:14:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/27 19:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/30 20:14:19 | 000,000,000 | ---D | M]

[2011/10/18 15:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Extensions
[2012/09/25 09:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions
[2012/09/18 21:19:07 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/09/25 09:46:51 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\[email protected]
[2011/10/31 17:49:09 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\[email protected]
[2012/09/25 09:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\[email protected]\chrome\content\extensionCode
[2011/10/18 15:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/27 19:35:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/17 21:35:48 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/27 19:35:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/17 21:35:48 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/17 21:35:48 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/27 19:35:11 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/17 21:35:48 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IDTSysTrayApp] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RUNRADTRAY] C:\Program Files\Novadigm\radtray.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [X3BPush] C:\WINDOWS\DELLXIMG\BPUSH.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetCrawling = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 3600
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\e0382117\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GLENFORRPS.internal
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C97F89EE-12AA-4D47-9DAB-EB2B55C836A9}: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\e0382117\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\e0382117\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/09 13:15:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{743f2c0a-78a3-11e1-9a92-60d81908e582}\Shell - "" = AutoRun
O33 - MountPoints2\{743f2c0a-78a3-11e1-9a92-60d81908e582}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{743f2c0a-78a3-11e1-9a92-60d81908e582}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{c6556184-2316-11e1-9a65-60d81908e582}\Shell\AutoRun\command - "" = E:\Samsung_Drive_Manager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/27 11:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RM Management Solutions
[2012/09/27 11:54:15 | 000,000,000 | ---D | C] -- C:\Keys
[2012/09/21 19:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e0382117\Local Settings\Application Data\Unity
[2012/09/21 19:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e0382117\Local Settings\Application Data\Deployment
[2012/09/11 12:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e0382117\Application Data\DVDVideoSoftIEHelpers
[2012/09/11 12:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2012/09/11 12:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012/09/11 12:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012/09/11 12:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e0382117\Application Data\DVDVideoSoft
[2012/09/04 09:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Hat
[2012/09/04 09:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\The Hat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/27 12:05:39 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\e0382117\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/09/27 11:55:07 | 000,001,420 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Integris.lnk
[2012/09/27 11:33:24 | 000,006,106 | RHS- | M] () -- C:\Documents and Settings\e0382117\ntuser.pol
[2012/09/27 11:33:24 | 000,004,580 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/09/27 11:32:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/27 11:32:03 | 3398,430,720 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/27 06:58:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/19 22:20:32 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\e0382117\Application Data\PhotobooksExpress.com.au Prefs
[2012/09/18 13:28:47 | 006,061,612 | ---- | M] () -- C:\Documents and Settings\e0382117\Desktop\habits[1].pdf
[2012/09/18 13:21:07 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\e0382117\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/17 10:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/12 12:14:56 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\e0382117\Desktop\Honour Certficate.pub
[2012/09/11 13:25:19 | 000,019,796 | ---- | M] () -- C:\Documents and Settings\e0382117\Desktop\Cat Scream-SoundBible.com-871191563.mp3
[2012/09/11 12:34:00 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\e0382117\Desktop\Free YouTube to MP3 Converter.lnk
[2012/09/04 09:42:54 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\e0382117\Desktop\The Hat.lnk
[2012/08/29 19:17:57 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/27 11:55:07 | 000,001,420 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Integris.lnk
[2012/09/18 13:28:47 | 006,061,612 | ---- | C] () -- C:\Documents and Settings\e0382117\Desktop\habits[1].pdf
[2012/09/18 13:21:10 | 769,060,462 | ---- | C] () -- C:\Documents and Settings\e0382117\Desktop\Holes_2003_DVDRip_ENG_Divx.avi
[2012/09/11 13:25:18 | 000,019,796 | ---- | C] () -- C:\Documents and Settings\e0382117\Desktop\Cat Scream-SoundBible.com-871191563.mp3
[2012/09/11 12:34:00 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\e0382117\Desktop\Free YouTube to MP3 Converter.lnk
[2012/09/04 09:42:54 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\e0382117\Desktop\The Hat.lnk
[2012/07/23 15:20:29 | 000,281,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-422797755-1635474717-270368766-1382-0.dat
[2012/07/23 15:20:28 | 000,281,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/15 08:29:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/01 19:05:45 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\e0382117\Application Data\PhotobooksExpress.com.au Prefs
[2012/01/01 21:17:11 | 000,057,312 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/30 20:38:46 | 000,000,703 | ---- | C] () -- C:\WINDOWS\hpomdl39.dat.temp
[2011/11/30 20:03:25 | 000,193,895 | ---- | C] () -- C:\WINDOWS\hpoins39.dat
[2011/11/30 20:03:25 | 000,000,703 | ---- | C] () -- C:\WINDOWS\hpomdl39.dat
[2011/11/04 12:25:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2011/10/20 21:45:31 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\e0382117\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/18 19:11:30 | 000,000,269 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/10/18 12:48:04 | 000,006,106 | RHS- | C] () -- C:\Documents and Settings\e0382117\ntuser.pol
[2011/10/18 12:44:03 | 000,004,580 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/07 06:14:01 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2011/10/07 06:14:00 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2011/10/07 06:14:00 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2011/10/06 15:33:55 | 000,017,776 | ---- | C] () -- C:\WINDOWS\EvtMessage.dll
[2011/08/30 21:03:41 | 000,000,395 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/01/13 17:13:28 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/12/09 18:27:54 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

========== ZeroAccess Check ==========

[2008/01/09 13:21:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#2
CompCav

Posted 27 September 2012 - 03:38 PM

Member 5k

Expert
12,454 posts

Hi, daveidw! :welcome:

My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
You must reply within four days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

You have a proxy set, 8080. Did you do that on purpose or not?

Step 2.

P2P Warning!:

IMPORTANT I have noticed that there are signs of uTorrent Toolbar and uTorrent P2P (Peer to Peer) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent Toolbar and uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.

Step 3.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.

Step 4.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select Scan All Users
Select Lop Check and Purity Check
Under Extra Registry select Use SafeList
Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

Step 5.

Please post:

Answer to question on proxy
aswMBR log
OTL.txt
Extras.txt

#3
CompCav

Posted 01 October 2012 - 06:38 AM

Member 5k

Expert
12,454 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#4
CompCav

Posted 13 October 2012 - 08:39 AM

Member 5k

Expert
12,454 posts

User returned.

#5
daveidw

Posted 13 October 2012 - 06:45 PM

New Member

Topic Starter
Member
4 posts

Hi CompCAv,
The port is set to 8080 because that how the computer was set up by my employer. I assume it has something to do with our network at work.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-13 19:08:10
-----------------------------
19:08:10.859 OS Version: Windows 5.1.2600 Service Pack 3
19:08:10.859 Number of processors: 4 586 0x2A07
19:08:10.875 ComputerName: NB4T6RYX4R1 UserName: E0382117
19:08:12.031 Initialize success
19:09:04.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:09:04.203 Disk 0 Vendor: ST320LT007-9ZV142 0003DEM1 Size: 305245MB BusType: 3
19:09:04.234 Disk 0 MBR read successfully
19:09:04.234 Disk 0 MBR scan
19:09:04.234 Disk 0 unknown MBR code
19:09:04.250 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
19:09:04.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295003 MB offset 20973568
19:09:04.265 Disk 0 scanning sectors +625139712
19:09:04.468 Disk 0 scanning C:\WINDOWS\system32\drivers
19:09:17.468 Service scanning
19:09:28.234 Modules scanning
19:09:34.671 Disk 0 trace - called modules:
19:09:34.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:09:34.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3ecab8]
19:09:35.031 3 CLASSPNP.SYS[b9918fd7] -> nt!IofCallDriver -> [0x8b375bf0]
19:09:35.031 5 stdcfltn.sys[b9ccd854] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b3ffb00]
19:09:35.046 Scan finished successfully
19:10:00.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\e0382117\Desktop\MBR.dat"
19:10:01.140 The log file has been saved successfully to "C:\Documents and Settings\e0382117\Desktop\aswMBR.txt"

OTL logfile created on: 13/10/2012 7:16:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\e0382117\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.16 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 73.13% Memory free
7.75 Gb Paging File | 7.13 Gb Available in Paging File | 91.97% Paging File free
Paging file location(s): C:\pagefile.sys 4860 6480 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 190.41 Gb Free Space | 66.09% Space Free | Partition Type: NTFS

Computer Name: NB4T6RYX4R1 | User Name: E0382117 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/27 20:14:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\e0382117\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/05/19 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/05/19 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/05/19 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2011/04/05 13:08:04 | 000,501,104 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2011/01/25 11:57:18 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/01/25 11:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010/12/09 18:27:44 | 002,151,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/12/09 18:27:44 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/11/09 22:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/10/22 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/10/22 20:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/22 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/10/22 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/10/22 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2010/08/31 04:00:15 | 000,481,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Novadigm\radtray.exe
PRC - [2010/08/31 03:59:45 | 000,333,544 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Novadigm\Radstgms.exe
PRC - [2010/08/31 03:59:14 | 000,194,280 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Novadigm\radsched.exe
PRC - [2010/08/31 03:56:29 | 000,300,776 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Novadigm\radexecd.exe
PRC - [2010/07/07 14:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/31 15:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/12 10:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/02/11 08:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
PRC - [2009/07/07 12:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\UPHClean\uphclean.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2011/05/19 16:05:00 | 000,070,976 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2010/12/09 18:27:54 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2010/12/09 18:27:52 | 000,075,112 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2010/10/22 20:07:00 | 000,148,800 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2009/11/13 15:40:06 | 000,140,856 | ---- | M] () -- C:\Program Files\Novadigm\expat.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/27 19:35:17 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/01/25 11:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010/10/22 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/10/22 20:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/22 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/10/22 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/08/31 03:59:45 | 000,333,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Novadigm\Radstgms.exe -- (Radstgms)
SRV - [2010/08/31 03:59:14 | 000,194,280 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Novadigm\radsched.exe -- (radsched)
SRV - [2010/08/31 03:56:29 | 000,300,776 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Novadigm\radexecd.exe -- (radexecd)
SRV - [2010/02/11 08:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\UPHClean\uphclean.exe -- (UPHClean)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1k5132.sys -- (e1kexpress)
DRV - File not found [Kernel | System | Stopped] -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- (DritekPortIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DKbFltr.sys -- (DKbFltr)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\e0382117\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AGRSM.sys -- (AgereSoftModem)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 12:28:26 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\accelern.sys -- (Acceler)
DRV - [2011/07/15 21:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2011/05/11 23:37:31 | 000,011,026 | ---- | M] (VMware, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)
DRV - [2011/04/05 15:27:26 | 000,295,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/03/24 04:51:56 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdjxp.sys -- (O2SDJRDR)
DRV - [2011/03/22 05:56:12 | 000,933,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/03/22 05:56:12 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2011/01/25 11:57:18 | 001,660,547 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2011/01/18 04:45:16 | 003,360,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/01/04 17:58:42 | 000,061,728 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdrxp.sys -- (O2MDRRDR)
DRV - [2010/10/22 20:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/22 20:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/22 20:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/22 20:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/22 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/10/22 20:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/15 18:29:16 | 000,260,864 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/10/14 06:39:04 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2010/08/25 06:46:00 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/09/16 16:07:42 | 000,144,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/09/10 23:20:20 | 000,029,072 | ---- | M] (Hewlett Packard) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radiamsi.sys -- (RadiaMsi)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/04/22 06:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/14 03:02:51 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/05/30 19:17:54 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/28 06:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/03/19 14:26:24 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/11/01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/26 13:19:24 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/17 10:12:00 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/04/03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2003/09/29 07:10:00 | 000,083,008 | ---- | M] (Network Associates, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.det.....wa.edu.au/owa/
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\..\SearchScopes\{484CEF07-88C8-441E-B981-78DF0ECA4775}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-422797755-1635474717-270368766-1382\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.1.81.11:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.52
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - prefs.js..network.proxy.http: "10.1.81.11"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\e0382117\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/30 20:14:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/27 19:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/30 20:14:19 | 000,000,000 | ---D | M]

[2011/10/18 15:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Extensions
[2012/10/13 10:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions
[2012/09/18 21:19:07 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/09/25 09:46:51 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\[email protected]
[2011/10/31 17:49:09 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\[email protected]
[2012/10/13 10:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\staged
[2012/09/25 09:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\[email protected]\chrome\content\extensionCode
[2012/10/13 10:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\staged\[email protected]\chrome\content\extensionCode
[2011/10/18 15:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/13 15:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/10/13 15:52:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/27 19:35:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/17 21:35:48 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/27 19:35:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/17 21:35:48 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/17 21:35:48 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/27 19:35:11 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/17 21:35:48 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKU\S-1-5-21-422797755-1635474717-270368766-1382\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IDTSysTrayApp] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RUNRADTRAY] C:\Program Files\Novadigm\radtray.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [X3BPush] C:\WINDOWS\DELLXIMG\BPUSH.EXE File not found
O4 - HKU\S-1-5-21-422797755-1635474717-270368766-1382..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetCrawling = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 3600
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-422797755-1635474717-270368766-1382\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-422797755-1635474717-270368766-1382\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-422797755-1635474717-270368766-1382\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-422797755-1635474717-270368766-1382\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-422797755-1635474717-270368766-1382\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-422797755-1635474717-270368766-1382\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-21-422797755-1635474717-270368766-1382\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-422797755-1635474717-270368766-1382\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\e0382117\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GLENFORRPS.internal
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C97F89EE-12AA-4D47-9DAB-EB2B55C836A9}: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\e0382117\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\e0382117\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/09 13:15:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{743f2c0a-78a3-11e1-9a92-60d81908e582}\Shell - "" = AutoRun
O33 - MountPoints2\{743f2c0a-78a3-11e1-9a92-60d81908e582}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{743f2c0a-78a3-11e1-9a92-60d81908e582}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{c6556184-2316-11e1-9a65-60d81908e582}\Shell\AutoRun\command - "" = D:\Samsung_Drive_Manager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/13 19:12:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\e0382117\Desktop\OTL.exe
[2012/10/02 22:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e0382117\Local Settings\Application Data\etax2012
[2012/10/02 22:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e0382117\Start Menu\Programs\e-tax 2012
[2012/10/02 22:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\etax2012
[2012/09/27 20:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e0382117\Application Data\Malwarebytes
[2012/09/27 20:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/27 20:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/27 20:52:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/27 20:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/27 11:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RM Management Solutions
[2012/09/27 11:54:15 | 000,000,000 | ---D | C] -- C:\Keys
[2012/09/21 19:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e0382117\Local Settings\Application Data\Unity
[2012/09/21 19:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e0382117\Local Settings\Application Data\Deployment
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/13 19:10:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\e0382117\Desktop\MBR.dat
[2012/10/13 10:53:39 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\e0382117\Application Data\PhotobooksExpress.com.au Prefs
[2012/10/13 10:53:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/10/03 21:21:13 | 000,103,392 | ---- | M] () -- C:\Documents and Settings\e0382117\My Documents\DAVID2012B.TAX
[2012/10/03 21:16:43 | 000,102,304 | ---- | M] () -- C:\Documents and Settings\e0382117\My Documents\DAVID2012B.BAK
[2012/10/03 20:33:53 | 000,102,672 | ---- | M] () -- C:\Documents and Settings\e0382117\My Documents\DAVID2012.TAX
[2012/10/03 20:33:12 | 000,102,608 | ---- | M] () -- C:\Documents and Settings\e0382117\My Documents\DAVID2012.BAK
[2012/10/03 16:06:07 | 000,117,504 | ---- | M] () -- C:\Documents and Settings\e0382117\My Documents\NICOLA2012.TAX
[2012/10/03 16:05:04 | 000,116,608 | ---- | M] () -- C:\Documents and Settings\e0382117\My Documents\NICOLA2012.BAK
[2012/10/03 07:57:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/03 07:57:13 | 3398,430,720 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/02 22:25:57 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\e0382117\Desktop\e-tax 2012.lnk
[2012/10/02 20:16:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/02 20:07:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/28 11:40:05 | 000,006,106 | RHS- | M] () -- C:\Documents and Settings\e0382117\ntuser.pol
[2012/09/28 11:40:05 | 000,004,580 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/09/27 20:52:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/27 20:14:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\e0382117\Desktop\OTL.exe
[2012/09/27 12:05:39 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\e0382117\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/09/27 11:55:07 | 000,001,420 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Integris.lnk
[2012/09/18 13:28:47 | 006,061,612 | ---- | M] () -- C:\Documents and Settings\e0382117\Desktop\habits[1].pdf
[2012/09/18 13:21:07 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\e0382117\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/13 19:10:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\e0382117\Desktop\MBR.dat
[2012/10/13 10:53:03 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/10/03 20:38:09 | 000,103,392 | ---- | C] () -- C:\Documents and Settings\e0382117\My Documents\DAVID2012B.TAX
[2012/10/03 20:38:09 | 000,102,304 | ---- | C] () -- C:\Documents and Settings\e0382117\My Documents\DAVID2012B.BAK
[2012/10/03 16:23:56 | 000,102,672 | ---- | C] () -- C:\Documents and Settings\e0382117\My Documents\DAVID2012.TAX
[2012/10/03 16:23:56 | 000,102,608 | ---- | C] () -- C:\Documents and Settings\e0382117\My Documents\DAVID2012.BAK
[2012/10/03 14:36:32 | 000,117,504 | ---- | C] () -- C:\Documents and Settings\e0382117\My Documents\NICOLA2012.TAX
[2012/10/03 14:36:32 | 000,116,608 | ---- | C] () -- C:\Documents and Settings\e0382117\My Documents\NICOLA2012.BAK
[2012/10/02 22:25:57 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\e0382117\Desktop\e-tax 2012.lnk
[2012/09/27 20:52:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/27 11:55:07 | 000,001,420 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Integris.lnk
[2012/09/18 13:28:47 | 006,061,612 | ---- | C] () -- C:\Documents and Settings\e0382117\Desktop\habits[1].pdf
[2012/09/18 13:21:10 | 769,060,462 | ---- | C] () -- C:\Documents and Settings\e0382117\Desktop\Holes_2003_DVDRip_ENG_Divx.avi
[2012/07/23 15:20:29 | 000,281,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-422797755-1635474717-270368766-1382-0.dat
[2012/07/23 15:20:28 | 000,281,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/15 08:29:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/01 19:05:45 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\e0382117\Application Data\PhotobooksExpress.com.au Prefs
[2012/01/01 21:17:11 | 000,057,312 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/30 20:38:46 | 000,000,703 | ---- | C] () -- C:\WINDOWS\hpomdl39.dat.temp
[2011/11/30 20:03:25 | 000,193,895 | ---- | C] () -- C:\WINDOWS\hpoins39.dat
[2011/11/30 20:03:25 | 000,000,703 | ---- | C] () -- C:\WINDOWS\hpomdl39.dat
[2011/11/04 12:25:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2011/10/20 21:45:31 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\e0382117\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/18 19:11:30 | 000,000,269 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/10/18 12:48:04 | 000,006,106 | RHS- | C] () -- C:\Documents and Settings\e0382117\ntuser.pol
[2011/10/18 12:44:03 | 000,004,580 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/07 06:14:01 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2011/10/07 06:14:00 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2011/10/07 06:14:00 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2011/10/06 15:33:55 | 000,017,776 | ---- | C] () -- C:\WINDOWS\EvtMessage.dll
[2011/08/30 21:03:41 | 000,000,395 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/01/13 17:13:28 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/12/09 18:27:54 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

========== ZeroAccess Check ==========

[2008/01/09 13:21:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/01/09 13:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2011/10/31 17:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/10/18 19:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/13 17:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e0382117\Application Data\Canon
[2012/09/11 12:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e0382117\Application Data\DVDVideoSoft
[2012/09/11 12:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e0382117\Application Data\DVDVideoSoftIEHelpers
[2011/10/31 21:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e0382117\Application Data\IkitMovie
[2011/10/31 17:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e0382117\Application Data\MonkeyJam
[2012/02/01 19:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e0382117\Application Data\PhotobooksExpress.com.au
[2012/08/23 12:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e0382117\Application Data\PriceGong
[2012/08/22 20:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e0382117\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 05:41:52 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 05:41:54 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 05:42:06 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 05:42:08 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 05:41:50 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/14 05:42:10 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SERVICES >
[2001/08/23 19:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2003/04/01 04:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\DET\i386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2008/04/14 13:42:36 | 000,049,959 | ---- | M] () MD5=EE4885163C0C0729A3C5F1416A6E5F48 -- C:\DET\i386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2008/01/09 13:16:05 | 000,001,602 | ---- | M] () MD5=F477989506F921A452E485C59DC6E3F1 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2003/04/01 04:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\DET\i386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2001/08/23 19:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

OTL Extras logfile created on: 13/10/2012 7:16:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\e0382117\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.16 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 73.13% Memory free
7.75 Gb Paging File | 7.13 Gb Available in Paging File | 91.97% Paging File free
Paging file location(s): C:\pagefile.sys 4860 6480 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 190.41 Gb Free Space | 66.09% Space Free | Partition Type: NTFS

Computer Name: NB4T6RYX4R1 | User Name: E0382117 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-422797755-1635474717-270368766-1382\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"R:\setup\hpznui01.exe" = R:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"R:\setup\hpznui01.exe" = R:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{134EE273-0F1C-4A5B-817D-13111DB75B14}" = B109n-z
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{155FBB0D-0EE9-42D1-9E41-15E08F691033}" = Microsoft Producer for Microsoft Office PowerPoint 2003
"{1610E1CE-F420-4B86-B1E6-4B13F256E434}" = Vic Modern Cursive Font
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{397F4DE2-3C5A-415C-9A36-1D8C2B30B92D}" = McAfee Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{722B4A13-F24D-43AE-8813-5DB82C0B23C2}" = HP Photosmart Wireless B109n-z All-In-One Driver Software 13.0 Rel .6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8466940C-84D8-484C-B1E3-C2E4D73FD5DD}" = PS_AIO_06_B109n-z_SW_Min
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9170AA71-2306-4E06-9745-241D8889F761}" = 104
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{AACD6698-ED22-4133-8233-429228F0392E}" = 092
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBDC1D3E-0700-4C20-B9C1-C3454C0FBF18}" = HP Client Automation Application Manager Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F48BE301-EC78-4686-B580-EE4934558798}" = WIDCOMM Bluetooth Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"audcle" = Plus! MP3 Audio Converter LE
"Dell Webcam Central" = Dell Webcam Central
"DPP" = Canon Utilities Digital Photo Professional 3.4
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"FrostWire 5" = FrostWire 5.3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.5.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.1 (Remove Only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"MonkeyJam_is1" = MonkeyJam 3_050529
"Mozilla Firefox 15.0.1 (x86 en-GB)" = Mozilla Firefox 15.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Shop for HP Supplies" = Shop for HP Supplies
"The Hat_is1" = The Hat 2.4
"uTorrent" = µTorrent
"Vid-Saver" = Vid-Saver
"VLC media player" = VLC media player 2.0.2
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-422797755-1635474717-270368766-1382\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotobooksExpress.com.au" = PhotobooksExpress.com.au
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2012 10:52:32 PM | Computer Name = NB4T6RYX4R1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 13/10/2012 12:54:19 AM | Computer Name = NB4T6RYX4R1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2640 (0xa50) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.1.0.567
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\HP\Digital
Imaging\bin\hpqusg.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 13/10/2012 12:54:20 AM | Computer Name = NB4T6RYX4R1 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 25 seconds;

Error - 13/10/2012 6:52:30 AM | Computer Name = NB4T6RYX4R1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 13/10/2012 7:19:43 AM | Computer Name = NB4T6RYX4R1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5184 (0x1440) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.1.0.567
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\HP\Digital
Imaging\bin\hpodio08.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 13/10/2012 7:19:43 AM | Computer Name = NB4T6RYX4R1 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 30 seconds;

Error - 13/10/2012 7:22:27 AM | Computer Name = NB4T6RYX4R1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5900 (0x170c) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.1.0.567
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 13/10/2012 7:22:28 AM | Computer Name = NB4T6RYX4R1 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 35 seconds;

Error - 13/10/2012 7:30:54 AM | Computer Name = NB4T6RYX4R1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5692 (0x163c) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.1.0.567
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\VideoLAN\VLC\vlc.exe

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 13/10/2012 7:30:54 AM | Computer Name = NB4T6RYX4R1 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 40 seconds;

[ System Events ]
Error - 13/10/2012 12:54:20 AM | Computer Name = NB4T6RYX4R1 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 5 time(s).

Error - 13/10/2012 12:55:01 AM | Computer Name = NB4T6RYX4R1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 13/10/2012 2:52:33 AM | Computer Name = NB4T6RYX4R1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GLENFORRPS due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 13/10/2012 2:55:02 AM | Computer Name = NB4T6RYX4R1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 13/10/2012 6:55:02 AM | Computer Name = NB4T6RYX4R1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 13/10/2012 7:07:33 AM | Computer Name = NB4T6RYX4R1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GLENFORRPS due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 13/10/2012 7:09:28 AM | Computer Name = NB4T6RYX4R1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 13/10/2012 7:19:43 AM | Computer Name = NB4T6RYX4R1 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 6 time(s).

Error - 13/10/2012 7:22:28 AM | Computer Name = NB4T6RYX4R1 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 7 time(s).

Error - 13/10/2012 7:30:54 AM | Computer Name = NB4T6RYX4R1 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 8 time(s).

< End of report >

Thanks, David

#6
CompCav

Posted 13 October 2012 - 07:28 PM

Member 5k

Expert
12,454 posts

Is this a business computer?
If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?
I ask for several reasons:

There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
Any infection could jump terminals in a computer network.
There may also be legal issues regarding any loss of business data that I do not wish to deal with.
Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for lawsuits.
Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

Why did you not remove uTorrent?

#7
daveidw

Posted 14 October 2012 - 01:32 AM

New Member

Topic Starter
Member
4 posts

I'm a school teacher, through my employer I have leased my notebook which allows me to connect to our school network. I have no confidential data on my computer. I will not be connected to the school network while I try to resolve this issue.
Sorry, missed the step about Utorrent. Done now!
Cheers,
David

#8
CompCav

Posted 14 October 2012 - 03:31 PM

Member 5k

Expert
12,454 posts

Step 1.

Download AdwCleaner from here to your desktop
Run AdwCleaner

Select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please post it

Step 2.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3.

Please post:

AdwCleaner log
TDSSKiller log(s)

Please give me an update on your computer's issues.

#9
daveidw

Posted 15 October 2012 - 03:33 AM

New Member

Topic Starter
Member
4 posts

Hi,
I have followed the steps you outlined. After installing adwcleaner, on the reboot it said thanks for installing Vidsaver.
I'm not sure if this has fixed the problem or not. There doesn't seem to be a pattern to the survey windows opening or which pages display the mouse over links to advertising.

# AdwCleaner v2.005 - Logfile created 10/15/2012 at 16:52:28
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : E0382117 - NB4T6RYX4R1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\e0382117\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\DOCUME~1\e0382117\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\e0382117\LOCALS~1\Temp\CT3072253
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\CT3072253
Folder Deleted : C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\e0382117\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\e0382117\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Yontoo Layers Runtime

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\prefs.js

C:\Documents and Settings\e0382117\Application Data\Mozilla\Firefox\Profiles\1nc1d3r.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Sun Jul 29 2012 20:53:50 GMT+0800");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "15-10-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Oct 13 2012 10:53:51 GMT+0800");
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.EnableClickToSearchBox", false);
Deleted : user_pref("CT3072253.EnableSearchHistory", false);
Deleted : user_pref("CT3072253.EnableSearchSuggest", false);
Deleted : user_pref("CT3072253.FirstServerDate", "25-6-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fftF6.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Mon Jun 25 2012 20:12:36 GMT+0800");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", false);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Mon Oct 15 2012 16:41:34 GMT+0800");
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Thu Jul 19 2012 11:31:21 GMT+0800");
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Thu Sep 13 2012 17:18:42 GMT+0800");
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Mon Oct 15 2012 16:41:34 GMT+0800");
Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipShow", false);
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT3072253.RadioShrinked", "shrinked");
Deleted : user_pref("CT3072253.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT3072253.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Mon Oct 15 2012 16:41:31 GMT+0800");
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Mon Oct 15 2012 16:41:32 GMT+0800");
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Mon Oct 15 2012 16:41:31 GMT+0800");
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1350221780");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Tue Oct 02 2012 20:23:33 GMT+0800");
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN80638944045657376");
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.approveUntrustedApps", true);
Deleted : user_pref("CT3072253.autoDisableScopes", 0);
Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "4155");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "4D6F6E204A756E20323520323031322032303A31323A34322[...]
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]
Deleted : user_pref("CT3072253.components.129573915102477663", false);
Deleted : user_pref("CT3072253.components.129593762370823811", false);
Deleted : user_pref("CT3072253.components.129749445881800338", false);
Deleted : user_pref("CT3072253.components.129805375651312503", false);
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sat Oct 13 2012 10:53:52 GMT+0800");
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
Deleted : user_pref("CT3072253.isFirstRadioInstallation", false);
Deleted : user_pref("CT3072253.isSearchProtectorNotifyChanges", false);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Mon Oct 15 2012 16:41:34 GMT+0800");
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Sat Oct 13 2012 10:53:51 GMT+0800");
Deleted : user_pref("CT3072253.usageEnabled", false);
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"df8[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\e0382117\\Applicat[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "49f17ec3-06ab-45e8-b978-bcce16a7002d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Oct 13 2012 10:53:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Oct 15 2012 16:41:34 GMT+0800");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "0e1d451a-669c-487b-8837-7075a9a0d9b8");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationTime", 1340626296);
Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.active", true);
Deleted : user_pref("extensions.crossriderapp3491.3491.addressbar", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.affid", "0");
Deleted : user_pref("extensions.crossriderapp3491.3491.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.backgroundver", 11);
Deleted : user_pref("extensions.crossriderapp3491.3491.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp3491.3491.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.value", "1340626296");
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.value", "1340626296");
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_country_code.expiration", "Sat Oct 20 2012 [...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_country_code.value", "%22AU%22");
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.value", "1350290488");
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.value", "1346281612382");
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.value", "%221140%22");
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.value", "%2249259%22");
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.value", "1346076834854");
Deleted : user_pref("extensions.crossriderapp3491.3491.description", "Vid-Saver allows you to download your fa[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.domain", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.emailsig", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.exposesites", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.group", 0);
Deleted : user_pref("extensions.crossriderapp3491.3491.homepage", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.iframe", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.value", "54");
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_nextCheck.expiration", "Mon Oct 15[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp3491.3491.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver");
Deleted : user_pref("extensions.crossriderapp3491.3491.newtab", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.opensearch", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.ver", 6);
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.ver", 3);
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Deleted : user_pref("extensions.crossriderapp3491.3491.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.pluginsversion", 15);
Deleted : user_pref("extensions.crossriderapp3491.3491.premium", true);
Deleted : user_pref("extensions.crossriderapp3491.3491.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp3491.3491.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp3491.3491.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.thankyou", "hxxp://vid-saver.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp3491.3491.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp3491.3491.ver", 54);
Deleted : user_pref("extensions.crossriderapp3491.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp3491.apps", "3491");
Deleted : user_pref("extensions.crossriderapp3491.bic", "138238edb0b9ed3e1b87328f8e44d9a2");
Deleted : user_pref("extensions.crossriderapp3491.cid", 3491);
Deleted : user_pref("extensions.crossriderapp3491.firstrun", false);
Deleted : user_pref("extensions.crossriderapp3491.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp3491.installationdate", 1340626361);
Deleted : user_pref("extensions.crossriderapp3491.lastcheck", 22504841);
Deleted : user_pref("extensions.crossriderapp3491.lastcheckitem", 22504841);
Deleted : user_pref("extensions.crossriderapp3491.misc.lastBgWorkerTimer", "1340712846091");
Deleted : user_pref("extensions.crossriderapp3491.misc.lastDomWorkerTimer", "1340712846059");
Deleted : user_pref("extensions.crossriderapp3491.modetype", "production");
Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.20.00,{687578b9-7132-4a7a-80e4-30ee31099e[...]

*************************

AdwCleaner[S2].txt - [28238 octets] - [15/10/2012 16:52:28]

########## EOF - C:\AdwCleaner[S2].txt - [28299 octets] ##########

17:15:49.0515 3588 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:15:50.0750 3588 ============================================================
17:15:50.0750 3588 Current date / time: 2012/10/15 17:15:50.0750
17:15:50.0750 3588 SystemInfo:
17:15:50.0750 3588
17:15:50.0750 3588 OS Version: 5.1.2600 ServicePack: 3.0
17:15:50.0750 3588 Product type: Workstation
17:15:50.0750 3588 ComputerName: NB4T6RYX4R1
17:15:50.0750 3588 UserName: E0382117
17:15:50.0750 3588 Windows directory: C:\WINDOWS
17:15:50.0750 3588 System windows directory: C:\WINDOWS
17:15:50.0750 3588 Processor architecture: Intel x86
17:15:50.0750 3588 Number of processors: 4
17:15:50.0750 3588 Page size: 0x1000
17:15:50.0750 3588 Boot type: Normal boot
17:15:50.0750 3588 ============================================================
17:15:52.0687 3588 BG loaded
17:15:53.0234 3588 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:15:53.0265 3588 ============================================================
17:15:53.0265 3588 \Device\Harddisk0\DR0:
17:15:53.0281 3588 MBR partitions:
17:15:53.0281 3588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x2402D800
17:15:53.0281 3588 ============================================================
17:15:53.0328 3588 C: <-> \Device\Harddisk0\DR0\Partition1
17:15:53.0328 3588 ============================================================
17:15:53.0328 3588 Initialize success
17:15:53.0328 3588 ============================================================
17:18:04.0515 3328 ============================================================
17:18:04.0515 3328 Scan started
17:18:04.0515 3328 Mode: Manual; SigCheck; TDLFS;
17:18:04.0515 3328 ============================================================
17:18:05.0406 3328 ================ Scan system memory ========================
17:18:05.0406 3328 System memory - ok
17:18:05.0406 3328 ================ Scan services =============================
17:18:05.0500 3328 Abiosdsk - ok
17:18:05.0500 3328 abp480n5 - ok
17:18:05.0531 3328 [ EDC50031D6AB9180B3B3BD1C547C7D0A ] Acceler C:\WINDOWS\system32\DRIVERS\accelern.sys
17:18:20.0812 3328 Acceler - ok
17:18:20.0843 3328 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:18:21.0578 3328 ACPI - ok
17:18:21.0609 3328 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:18:21.0671 3328 ACPIEC - ok
17:18:21.0671 3328 adpu160m - ok
17:18:21.0718 3328 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:18:21.0812 3328 aec - ok
17:18:21.0843 3328 [ 822D53766D57C90C437536232ECE9023 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
17:18:22.0000 3328 AESTAud - ok
17:18:22.0031 3328 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:18:22.0109 3328 AFD - ok
17:18:22.0109 3328 AgereSoftModem - ok
17:18:22.0125 3328 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:18:22.0218 3328 agp440 - ok
17:18:22.0218 3328 Aha154x - ok
17:18:22.0218 3328 aic78u2 - ok
17:18:22.0218 3328 aic78xx - ok
17:18:22.0250 3328 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:18:22.0343 3328 Alerter - ok
17:18:22.0343 3328 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:18:22.0421 3328 ALG - ok
17:18:22.0421 3328 AliIde - ok
17:18:22.0421 3328 amsint - ok
17:18:22.0468 3328 [ FBA85B0A76204FC5744532771FB0758C ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:18:22.0562 3328 ApfiltrService - ok
17:18:22.0656 3328 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:18:22.0734 3328 Apple Mobile Device - ok
17:18:22.0750 3328 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:18:22.0843 3328 AppMgmt - ok
17:18:22.0875 3328 [ 89873AEBBF0309393F0737E26D891209 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
17:18:22.0968 3328 AR5211 ( UnsignedFile.Multi.Generic ) - warning
17:18:22.0968 3328 AR5211 - detected UnsignedFile.Multi.Generic (1)
17:18:22.0984 3328 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:18:23.0062 3328 Arp1394 - ok
17:18:23.0062 3328 asc - ok
17:18:23.0062 3328 asc3350p - ok
17:18:23.0062 3328 asc3550 - ok
17:18:23.0156 3328 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:18:23.0281 3328 aspnet_state - ok
17:18:23.0312 3328 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:18:23.0390 3328 AsyncMac - ok
17:18:23.0421 3328 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:18:23.0500 3328 atapi - ok
17:18:23.0500 3328 Atdisk - ok
17:18:23.0515 3328 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:18:23.0578 3328 Atmarpc - ok
17:18:23.0609 3328 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:18:23.0671 3328 AudioSrv - ok
17:18:23.0703 3328 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:18:23.0781 3328 audstub - ok
17:18:23.0812 3328 [ 559DDDA2C88459478056174247706DEB ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:18:23.0812 3328 b57w2k ( UnsignedFile.Multi.Generic ) - warning
17:18:23.0812 3328 b57w2k - detected UnsignedFile.Multi.Generic (1)
17:18:23.0906 3328 [ 17BE40D3155319E608F049D40E819A32 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:18:24.0093 3328 BCM43XX - ok
17:18:24.0109 3328 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:18:24.0203 3328 Beep - ok
17:18:24.0234 3328 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:18:24.0359 3328 BITS - ok
17:18:24.0406 3328 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:18:24.0500 3328 Bonjour Service - ok
17:18:24.0531 3328 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
17:18:24.0593 3328 Browser - ok
17:18:24.0640 3328 [ 658548BDDA675AE2E36AA5604F8E9549 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:18:24.0765 3328 BTKRNL - ok
17:18:24.0843 3328 [ 4B9E1A7798A80D075F53D1049FD4DAB0 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
17:18:24.0968 3328 btwdins - ok
17:18:25.0000 3328 [ 083497B731AA32288A9A84B49757307C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
17:18:25.0140 3328 BTWUSB - ok
17:18:25.0171 3328 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:18:25.0296 3328 cbidf2k - ok
17:18:25.0328 3328 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:18:25.0421 3328 CCDECODE - ok
17:18:25.0437 3328 cd20xrnt - ok
17:18:25.0437 3328 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:18:25.0515 3328 Cdaudio - ok
17:18:25.0531 3328 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:18:25.0593 3328 Cdfs - ok
17:18:25.0593 3328 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:18:25.0656 3328 Cdrom - ok
17:18:25.0656 3328 Changer - ok
17:18:25.0687 3328 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:18:25.0781 3328 CiSvc - ok
17:18:25.0796 3328 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:18:25.0859 3328 ClipSrv - ok
17:18:25.0921 3328 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:18:26.0062 3328 clr_optimization_v2.0.50727_32 - ok
17:18:26.0093 3328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:18:26.0218 3328 clr_optimization_v4.0.30319_32 - ok
17:18:26.0234 3328 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:18:26.0281 3328 CmBatt - ok
17:18:26.0281 3328 CmdIde - ok
17:18:26.0296 3328 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:18:26.0359 3328 Compbatt - ok
17:18:26.0375 3328 COMSysApp - ok
17:18:26.0375 3328 Cpqarray - ok
17:18:26.0406 3328 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:18:26.0484 3328 CryptSvc - ok
17:18:26.0500 3328 [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv C:\WINDOWS\system32\Drivers\CtAudDrv.sys
17:18:26.0640 3328 CtAudDrv - ok
17:18:26.0671 3328 [ AA52C0B88C46D5037809D05DD826C61E ] CtClsFlt C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
17:18:26.0812 3328 CtClsFlt - ok
17:18:26.0843 3328 [ D1697063E2CDB6575AA46D668FFEE825 ] cvusbdrv C:\WINDOWS\system32\Drivers\cvusbdrv.sys
17:18:26.0906 3328 cvusbdrv - ok
17:18:26.0906 3328 dac2w2k - ok
17:18:26.0921 3328 dac960nt - ok
17:18:26.0968 3328 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:18:27.0046 3328 DcomLaunch - ok
17:18:27.0078 3328 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:18:27.0140 3328 Dhcp - ok
17:18:27.0156 3328 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:18:27.0218 3328 Disk - ok
17:18:27.0218 3328 DKbFltr - ok
17:18:27.0218 3328 dmadmin - ok
17:18:27.0250 3328 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:18:27.0375 3328 dmboot - ok
17:18:27.0390 3328 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:18:27.0500 3328 dmio - ok
17:18:27.0515 3328 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:18:27.0593 3328 dmload - ok
17:18:27.0609 3328 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:18:27.0671 3328 dmserver - ok
17:18:27.0671 3328 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:18:27.0781 3328 DMusic - ok
17:18:27.0796 3328 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:18:27.0875 3328 Dnscache - ok
17:18:27.0906 3328 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:18:28.0000 3328 Dot3svc - ok
17:18:28.0000 3328 dpti2o - ok
17:18:28.0000 3328 DritekPortIO - ok
17:18:28.0000 3328 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:18:28.0078 3328 drmkaud - ok
17:18:28.0125 3328 [ A316EA13C4B32F63CA8571BB26981A5A ] e1cexpress C:\WINDOWS\system32\DRIVERS\e1c5132.sys
17:18:28.0281 3328 e1cexpress - ok
17:18:28.0281 3328 e1kexpress - ok
17:18:28.0312 3328 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:18:28.0375 3328 EapHost - ok
17:18:28.0390 3328 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:18:28.0468 3328 ERSvc - ok
17:18:28.0500 3328 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe
17:18:28.0578 3328 Eventlog - ok
17:18:28.0578 3328 [ 19A799805B24990867B00C120D300C3A ] EventSystem C:\WINDOWS\system32\es.dll
17:18:28.0671 3328 EventSystem - ok
17:18:28.0703 3328 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:18:28.0781 3328 Fastfat - ok
17:18:28.0812 3328 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:18:28.0890 3328 FastUserSwitchingCompatibility - ok
17:18:28.0890 3328 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:18:28.0953 3328 Fdc - ok
17:18:28.0968 3328 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:18:29.0046 3328 Fips - ok
17:18:29.0046 3328 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:18:29.0125 3328 Flpydisk - ok
17:18:29.0125 3328 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:18:29.0187 3328 FltMgr - ok
17:18:29.0250 3328 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:18:29.0281 3328 FontCache3.0.0.0 - ok
17:18:29.0281 3328 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:18:29.0375 3328 Fs_Rec - ok
17:18:29.0375 3328 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:18:29.0453 3328 Ftdisk - ok
17:18:29.0484 3328 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:18:29.0609 3328 GEARAspiWDM - ok
17:18:29.0625 3328 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:18:29.0671 3328 Gpc - ok
17:18:29.0718 3328 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:18:29.0812 3328 gusvc - ok
17:18:29.0859 3328 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:18:29.0953 3328 HDAudBus - ok
17:18:30.0015 3328 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:18:30.0093 3328 helpsvc - ok
17:18:30.0093 3328 HidServ - ok
17:18:30.0125 3328 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:18:30.0187 3328 HidUsb - ok
17:18:30.0250 3328 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:18:30.0312 3328 hkmsvc - ok
17:18:30.0312 3328 hpn - ok
17:18:30.0406 3328 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:18:30.0421 3328 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:18:30.0421 3328 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:18:30.0421 3328 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:18:30.0531 3328 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:18:30.0531 3328 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:18:30.0546 3328 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:18:30.0562 3328 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:18:30.0562 3328 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:18:30.0609 3328 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:18:30.0750 3328 HPZid412 - ok
17:18:30.0765 3328 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:18:30.0859 3328 HPZipr12 - ok
17:18:30.0875 3328 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:18:30.0968 3328 HPZius12 - ok
17:18:31.0000 3328 [ 0AAEF566E6782957252FA79F566FBC0B ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:18:31.0093 3328 HSFHWAZL ( UnsignedFile.Multi.Generic ) - warning
17:18:31.0093 3328 HSFHWAZL - detected UnsignedFile.Multi.Generic (1)
17:18:31.0125 3328 [ E472E0CB4E716CC34C0E045F2C196221 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:18:31.0234 3328 HSF_DPV ( UnsignedFile.Multi.Generic ) - warning
17:18:31.0234 3328 HSF_DPV - detected UnsignedFile.Multi.Generic (1)
17:18:31.0281 3328 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:18:31.0343 3328 HTTP - ok
17:18:31.0375 3328 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:18:31.0437 3328 HTTPFilter - ok
17:18:31.0437 3328 i2omgmt - ok
17:18:31.0437 3328 i2omp - ok
17:18:31.0484 3328 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:18:31.0562 3328 i8042prt - ok
17:18:31.0640 3328 [ 14C665264EE51DFE6AE9DFDF9C5511F2 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:18:31.0843 3328 ialm - ok
17:18:31.0890 3328 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:18:32.0031 3328 idsvc - ok
17:18:32.0093 3328 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:18:32.0968 3328 Imapi - ok
17:18:33.0000 3328 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:18:33.0093 3328 ImapiService - ok
17:18:33.0093 3328 Impcd - ok
17:18:33.0093 3328 ini910u - ok
17:18:33.0140 3328 [ 34EE48D11C584EEDB59FD0D537AC2296 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
17:18:33.0328 3328 IntcDAud - ok
17:18:33.0390 3328 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:18:33.0437 3328 IntelIde - ok
17:18:33.0453 3328 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:18:33.0515 3328 intelppm - ok
17:18:33.0531 3328 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:18:33.0609 3328 Ip6Fw - ok
17:18:33.0640 3328 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:18:33.0734 3328 IpFilterDriver - ok
17:18:33.0750 3328 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:18:33.0843 3328 IpInIp - ok
17:18:33.0843 3328 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:18:33.0906 3328 IpNat - ok
17:18:33.0953 3328 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:18:34.0015 3328 iPod Service - ok
17:18:34.0015 3328 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:18:34.0156 3328 IPSec - ok
17:18:34.0187 3328 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
17:18:34.0250 3328 irda - ok
17:18:34.0250 3328 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:18:34.0328 3328 IRENUM - ok
17:18:34.0343 3328 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
17:18:34.0437 3328 Irmon - ok
17:18:34.0468 3328 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:18:34.0546 3328 isapnp - ok
17:18:34.0562 3328 [ FA4A5B32CAE6074205B26971191EFEE4 ] JMCR C:\WINDOWS\system32\DRIVERS\jmcr.sys
17:18:34.0656 3328 JMCR ( UnsignedFile.Multi.Generic ) - warning
17:18:34.0656 3328 JMCR - detected UnsignedFile.Multi.Generic (1)
17:18:34.0671 3328 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:18:34.0734 3328 Kbdclass - ok
17:18:34.0750 3328 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:18:34.0812 3328 kmixer - ok
17:18:34.0812 3328 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:18:34.0875 3328 KSecDD - ok
17:18:34.0875 3328 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:18:34.0953 3328 lanmanserver - ok
17:18:34.0953 3328 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:18:35.0031 3328 lanmanworkstation - ok
17:18:35.0031 3328 lbrtfdc - ok
17:18:35.0062 3328 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:18:35.0125 3328 LmHosts - ok
17:18:35.0140 3328 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:18:35.0281 3328 MBAMProtector - ok
17:18:35.0328 3328 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:18:35.0390 3328 MBAMScheduler - ok
17:18:35.0453 3328 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:18:35.0515 3328 MBAMService - ok
17:18:35.0546 3328 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:18:35.0609 3328 MBAMSwissArmy - ok
17:18:35.0656 3328 [ 02D0EFABB5B71005143C320DAF7A0515 ] McAfeeEngineService C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
17:18:35.0718 3328 McAfeeEngineService - ok
17:18:35.0734 3328 [ 5C46CADC89B1E9B01CE348842B0C2468 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
17:18:35.0796 3328 McAfeeFramework - ok
17:18:35.0828 3328 [ A88C0E2B549734349DC6152B4FE07397 ] McShield C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
17:18:35.0921 3328 McShield - ok
17:18:35.0937 3328 [ D4E92375308343358A50BFED5D800A76 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
17:18:36.0000 3328 McTaskManager - ok
17:18:36.0109 3328 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
17:18:36.0140 3328 MDM - ok
17:18:36.0156 3328 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:18:36.0171 3328 mdmxsdk ( UnsignedFile.Multi.Generic ) - warning
17:18:36.0171 3328 mdmxsdk - detected UnsignedFile.Multi.Generic (1)
17:18:36.0187 3328 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:18:36.0281 3328 Messenger - ok
17:18:36.0296 3328 [ A8D2C54C2F71F5CBA7CA2734341E57E6 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
17:18:36.0359 3328 mfeapfk - ok
17:18:36.0390 3328 [ 28BB783D85DF19E9E007E81DAF40ADCC ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
17:18:36.0453 3328 mfeavfk - ok
17:18:36.0453 3328 [ 8E43E242073E9DB5AA165EBE273FFD09 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
17:18:36.0546 3328 mfebopk - ok
17:18:36.0578 3328 [ E94D35A2A9B175B34B995AB37216C73E ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
17:18:36.0671 3328 mfehidk - ok
17:18:36.0703 3328 [ F68C9CDA15114B360727FE622E4AEC6F ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
17:18:36.0796 3328 mferkdet - ok
17:18:36.0812 3328 [ 78EFA6FD2A486C476045EAA1D2F218B7 ] mfetdik C:\WINDOWS\system32\drivers\mfetdik.sys
17:18:36.0890 3328 mfetdik - ok
17:18:36.0921 3328 [ 4A736798C76E6BB2CF8224DCE34AA480 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
17:18:37.0000 3328 mfevtp - ok
17:18:37.0031 3328 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:18:37.0109 3328 mnmdd - ok
17:18:37.0125 3328 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:18:37.0187 3328 mnmsrvc - ok
17:18:37.0218 3328 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:18:37.0312 3328 Modem - ok
17:18:37.0343 3328 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:18:37.0421 3328 Mouclass - ok
17:18:37.0437 3328 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:18:37.0531 3328 mouhid - ok
17:18:37.0546 3328 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:18:37.0609 3328 MountMgr - ok
17:18:37.0671 3328 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:18:37.0765 3328 MozillaMaintenance - ok
17:18:37.0765 3328 mraid35x - ok
17:18:37.0796 3328 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:18:37.0859 3328 MRxDAV - ok
17:18:37.0859 3328 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:18:37.0937 3328 MRxSmb - ok
17:18:37.0953 3328 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:18:38.0015 3328 MSDTC - ok
17:18:38.0046 3328 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:18:38.0109 3328 Msfs - ok
17:18:38.0109 3328 MSIServer - ok
17:18:38.0140 3328 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:18:38.0203 3328 MSKSSRV - ok
17:18:38.0218 3328 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:18:38.0296 3328 MSPCLOCK - ok
17:18:38.0312 3328 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:18:38.0406 3328 MSPQM - ok
17:18:38.0406 3328 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:18:38.0484 3328 mssmbios - ok
17:18:38.0500 3328 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:18:38.0562 3328 MSTEE - ok
17:18:38.0562 3328 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:18:38.0625 3328 Mup - ok
17:18:38.0640 3328 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:18:38.0703 3328 NABTSFEC - ok
17:18:38.0718 3328 [ 93941B922810F9DFA68DFFFC6AD67A77 ] NaiAvFilter1 C:\WINDOWS\system32\drivers\naiavf5x.sys
17:18:38.0796 3328 NaiAvFilter1 ( UnsignedFile.Multi.Generic ) - warning
17:18:38.0796 3328 NaiAvFilter1 - detected UnsignedFile.Multi.Generic (1)
17:18:38.0859 3328 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:18:38.0921 3328 napagent - ok
17:18:38.0937 3328 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:18:39.0000 3328 NDIS - ok
17:18:39.0046 3328 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:18:39.0125 3328 NdisIP - ok
17:18:39.0140 3328 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:18:39.0203 3328 NdisTapi - ok
17:18:39.0218 3328 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:18:39.0281 3328 Ndisuio - ok
17:18:39.0296 3328 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:18:39.0359 3328 NdisWan - ok
17:18:39.0359 3328 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:18:39.0453 3328 NDProxy - ok
17:18:39.0500 3328 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:18:39.0562 3328 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:18:39.0562 3328 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:18:39.0578 3328 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:18:39.0640 3328 NetBIOS - ok
17:18:39.0656 3328 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:18:40.0015 3328 NetBT - ok
17:18:40.0046 3328 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:18:40.0125 3328 NetDDE - ok
17:18:40.0125 3328 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:18:40.0203 3328 NetDDEdsdm - ok
17:18:40.0265 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:18:40.0343 3328 Netlogon - ok
17:18:40.0343 3328 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:18:40.0421 3328 Netman - ok
17:18:40.0453 3328 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:18:40.0468 3328 NetTcpPortSharing - ok
17:18:40.0546 3328 [ 0888844230083CE3B47395102BCA8207 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
17:18:40.0812 3328 NETw5x32 ( UnsignedFile.Multi.Generic ) - warning
17:18:40.0812 3328 NETw5x32 - detected UnsignedFile.Multi.Generic (1)
17:18:40.0828 3328 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:18:40.0906 3328 NIC1394 - ok
17:18:40.0921 3328 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla C:\WINDOWS\System32\mswsock.dll
17:18:41.0000 3328 Nla - ok
17:18:41.0078 3328 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe
17:18:41.0156 3328 NMSAccessU - ok
17:18:41.0171 3328 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:18:41.0234 3328 Npfs - ok
17:18:41.0265 3328 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
17:18:41.0328 3328 NSCIRDA - ok
17:18:41.0343 3328 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:18:41.0421 3328 Ntfs - ok
17:18:41.0437 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:18:41.0500 3328 NtLmSsp - ok
17:18:41.0531 3328 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:18:41.0593 3328 NtmsSvc - ok
17:18:41.0625 3328 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:18:41.0687 3328 Null - ok
17:18:41.0703 3328 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:18:41.0781 3328 NwlnkFlt - ok
17:18:41.0781 3328 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:18:41.0859 3328 NwlnkFwd - ok
17:18:41.0875 3328 [ 4E37455DB16AEC75862B1D0BC35B589E ] O2FLASH C:\WINDOWS\system32\DRIVERS\o2flash.exe
17:18:56.0937 3328 O2FLASH - ok
17:18:56.0968 3328 [ 36ED541FF0AD27D7F1C1E8F86F026309 ] O2MDRDR C:\WINDOWS\system32\DRIVERS\o2media.sys
17:18:57.0125 3328 O2MDRDR ( UnsignedFile.Multi.Generic ) - warning
17:18:57.0125 3328 O2MDRDR - detected UnsignedFile.Multi.Generic (1)
17:18:57.0171 3328 [ F24DC5D512FF86576F406E9C1427E8BB ] O2MDRRDR C:\WINDOWS\system32\DRIVERS\O2MDRxp.sys
17:18:57.0312 3328 O2MDRRDR - ok
17:18:57.0328 3328 [ 3083B3D0C74B59FACDE7F0CBBF25E659 ] O2SDJRDR C:\WINDOWS\system32\DRIVERS\o2sdjxp.sys
17:18:57.0468 3328 O2SDJRDR - ok
17:18:57.0484 3328 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:18:57.0546 3328 ohci1394 - ok
17:18:57.0578 3328 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:18:57.0609 3328 ose - ok
17:18:57.0625 3328 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:18:57.0703 3328 Parport - ok
17:18:57.0703 3328 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:18:57.0781 3328 PartMgr - ok
17:18:57.0812 3328 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:18:57.0890 3328 ParVdm - ok
17:18:57.0921 3328 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:18:58.0000 3328 PCI - ok
17:18:58.0000 3328 PCIDump - ok
17:18:58.0015 3328 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:18:58.0093 3328 PCIIde - ok
17:18:58.0093 3328 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:18:58.0187 3328 Pcmcia - ok
17:18:58.0187 3328 [ 7BC8027D56FAB153A987C56AE9835664 ] PCnet C:\WINDOWS\system32\DRIVERS\pcntpci5.sys
17:18:58.0265 3328 PCnet - ok
17:18:58.0265 3328 PDCOMP - ok
17:18:58.0265 3328 PDFRAME - ok
17:18:58.0265 3328 PDRELI - ok
17:18:58.0281 3328 PDRFRAME - ok
17:18:58.0281 3328 perc2 - ok
17:18:58.0281 3328 perc2hib - ok
17:18:58.0312 3328 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe
17:18:58.0359 3328 PlugPlay - ok
17:18:58.0375 3328 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:18:58.0421 3328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:18:58.0421 3328 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:18:58.0437 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:18:58.0500 3328 PolicyAgent - ok
17:18:58.0515 3328 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:18:58.0578 3328 PptpMiniport - ok
17:18:58.0578 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:18:58.0640 3328 ProtectedStorage - ok
17:18:58.0640 3328 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:18:58.0703 3328 PSched - ok
17:18:58.0703 3328 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:18:58.0796 3328 Ptilink - ok
17:18:58.0796 3328 ql1080 - ok
17:18:58.0796 3328 Ql10wnt - ok
17:18:58.0796 3328 ql12160 - ok
17:18:58.0796 3328 ql1240 - ok
17:18:58.0812 3328 ql1280 - ok
17:18:58.0859 3328 [ 1055E9413CB6E721A536339F6357BAE6 ] radexecd C:\Program Files\Novadigm\radexecd.exe
17:18:58.0875 3328 radexecd - ok
17:18:58.0890 3328 [ A6EF95345CB0D0F47ABDF53ED6B8AD3A ] RadiaMsi C:\WINDOWS\system32\DRIVERS\radiamsi.sys
17:18:58.0953 3328 RadiaMsi - ok
17:18:58.0984 3328 [ 1D98CF534C46021D3C2FFC2B5A23DEC3 ] radsched C:\Program Files\Novadigm\radsched.exe
17:18:58.0984 3328 radsched - ok
17:18:59.0000 3328 [ 8768AB626086EBBE99B38F1308C703A1 ] Radstgms C:\Program Files\Novadigm\Radstgms.exe
17:18:59.0015 3328 Radstgms - ok
17:18:59.0015 3328 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:18:59.0078 3328 RasAcd - ok
17:18:59.0093 3328 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:18:59.0187 3328 RasAuto - ok
17:18:59.0218 3328 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
17:18:59.0250 3328 Rasirda - ok
17:18:59.0265 3328 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:18:59.0328 3328 Rasl2tp - ok
17:18:59.0343 3328 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:18:59.0406 3328 RasMan - ok
17:18:59.0421 3328 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:18:59.0484 3328 RasPppoe - ok
17:18:59.0484 3328 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:18:59.0562 3328 Raspti - ok
17:18:59.0578 3328 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:18:59.0640 3328 Rdbss - ok
17:18:59.0640 3328 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:18:59.0718 3328 RDPCDD - ok
17:18:59.0734 3328 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:18:59.0796 3328 rdpdr - ok
17:18:59.0812 3328 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:18:59.0906 3328 RDPWD - ok
17:18:59.0921 3328 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:18:59.0984 3328 RDSessMgr - ok
17:19:00.0000 3328 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:19:00.0078 3328 redbook - ok
17:19:00.0093 3328 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:19:00.0171 3328 RemoteAccess - ok
17:19:00.0187 3328 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:19:00.0265 3328 RemoteRegistry - ok
17:19:00.0281 3328 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:19:00.0343 3328 RpcLocator - ok
17:19:00.0359 3328 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:19:00.0421 3328 RpcSs - ok
17:19:00.0453 3328 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:19:00.0531 3328 RSVP - ok
17:19:00.0546 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:19:00.0609 3328 SamSs - ok
17:19:00.0625 3328 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:19:00.0687 3328 SCardSvr - ok
17:19:00.0718 3328 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:19:00.0781 3328 Schedule - ok
17:19:00.0812 3328 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:19:00.0875 3328 sdbus - ok
17:19:00.0906 3328 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:19:00.0968 3328 Secdrv - ok
17:19:00.0968 3328 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:19:01.0031 3328 seclogon - ok
17:19:01.0031 3328 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:19:01.0125 3328 SENS - ok
17:19:01.0140 3328 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:19:01.0203 3328 Serial - ok
17:19:01.0250 3328 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:19:01.0312 3328 sffdisk - ok
17:19:01.0312 3328 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:19:01.0375 3328 sffp_sd - ok
17:19:01.0390 3328 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:19:01.0453 3328 Sfloppy - ok
17:19:01.0500 3328 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:19:01.0562 3328 SharedAccess - ok
17:19:01.0578 3328 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:19:01.0640 3328 ShellHWDetection - ok
17:19:01.0640 3328 Simbad - ok
17:19:01.0656 3328 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:19:01.0734 3328 SLIP - ok
17:19:01.0734 3328 Sparrow - ok
17:19:01.0765 3328 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:19:01.0828 3328 splitter - ok
17:19:01.0843 3328 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:19:01.0890 3328 Spooler - ok
17:19:01.0906 3328 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:19:01.0968 3328 sr - ok
17:19:01.0968 3328 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:19:02.0046 3328 srservice - ok
17:19:02.0062 3328 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:19:02.0140 3328 Srv - ok
17:19:02.0156 3328 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:19:02.0234 3328 SSDPSRV - ok
17:19:02.0265 3328 [ A97FCA92BE4E62BC589371058CBC769E ] STacSV C:\Program Files\IDT\WDM\stacsv.exe
17:19:02.0359 3328 STacSV - ok
17:19:02.0359 3328 [ D8FC8D47FBFCB3852E40F5D5058ABC6A ] stdcfltn C:\WINDOWS\system32\DRIVERS\stdcfltn.sys
17:19:02.0437 3328 stdcfltn - ok
17:19:02.0484 3328 [ A553C4DC4A0A2D3B8B11202115321ACE ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
17:19:02.0562 3328 STHDA - ok
17:19:02.0609 3328 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
17:19:02.0671 3328 StillCam - ok
17:19:02.0703 3328 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:19:02.0765 3328 stisvc - ok
17:19:02.0781 3328 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:19:02.0843 3328 streamip - ok
17:19:02.0859 3328 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:19:02.0906 3328 swenum - ok
17:19:02.0906 3328 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:19:02.0953 3328 swmidi - ok
17:19:02.0968 3328 SwPrv - ok
17:19:02.0968 3328 symc810 - ok
17:19:02.0968 3328 symc8xx - ok
17:19:02.0968 3328 sym_hi - ok
17:19:02.0968 3328 sym_u3 - ok
17:19:02.0984 3328 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:19:03.0031 3328 sysaudio - ok
17:19:03.0046 3328 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:19:03.0125 3328 SysmonLog - ok
17:19:03.0125 3328 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:19:03.0203 3328 TapiSrv - ok
17:19:03.0218 3328 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:19:03.0281 3328 Tcpip - ok
17:19:03.0296 3328 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:19:03.0375 3328 TDPIPE - ok
17:19:03.0390 3328 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:19:03.0468 3328 TDTCP - ok
17:19:03.0484 3328 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:19:03.0546 3328 TermDD - ok
17:19:03.0562 3328 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:19:03.0625 3328 TermService - ok
17:19:03.0640 3328 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:19:03.0703 3328 Themes - ok
17:19:03.0734 3328 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:19:03.0812 3328 TlntSvr - ok
17:19:03.0812 3328 TosIde - ok
17:19:03.0828 3328 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:19:03.0890 3328 TrkWks - ok
17:19:03.0906 3328 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:19:03.0953 3328 Udfs - ok
17:19:03.0968 3328 ultra - ok
17:19:04.0000 3328 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:19:04.0078 3328 Update - ok
17:19:04.0109 3328 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\WINDOWS\UPHClean\uphclean.exe
17:19:04.0218 3328 UPHClean ( UnsignedFile.Multi.Generic ) - warning
17:19:04.0218 3328 UPHClean - detected UnsignedFile.Multi.Generic (1)
17:19:04.0234 3328 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:19:04.0312 3328 upnphost - ok
17:19:04.0343 3328 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:19:04.0421 3328 UPS - ok
17:19:04.0453 3328 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:19:04.0625 3328 USBAAPL - ok
17:19:04.0656 3328 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:19:04.0750 3328 usbaudio - ok
17:19:04.0765 3328 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:19:04.0828 3328 usbccgp - ok
17:19:04.0843 3328 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID C:\WINDOWS\system32\DRIVERS\usbccid.sys
17:19:05.0031 3328 USBCCID - ok
17:19:05.0062 3328 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:19:05.0125 3328 usbehci - ok
17:19:05.0140 3328 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:19:05.0218 3328 usbhub - ok
17:19:05.0234 3328 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:19:05.0296 3328 usbohci - ok
17:19:05.0343 3328 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:19:05.0421 3328 usbprint - ok
17:19:05.0453 3328 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:19:05.0515 3328 usbscan - ok
17:19:05.0546 3328 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:19:05.0625 3328 USBSTOR - ok
17:19:05.0625 3328 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:19:05.0703 3328 usbuhci - ok
17:19:05.0718 3328 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
17:19:05.0781 3328 usbvideo - ok
17:19:05.0796 3328 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:19:05.0843 3328 VgaSave - ok
17:19:05.0843 3328 ViaIde - ok
17:19:05.0890 3328 [ F50010821E5904854757CA866B660F6D ] vmscsi C:\WINDOWS\system32\DRIVERS\vmscsi.sys
17:19:05.0890 3328 vmscsi ( UnsignedFile.Multi.Generic ) - warning
17:19:05.0890 3328 vmscsi - detected UnsignedFile.Multi.Generic (1)
17:19:05.0921 3328 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:19:05.0984 3328 VolSnap - ok
17:19:06.0015 3328 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:19:06.0093 3328 VSS - ok
17:19:06.0125 3328 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:19:06.0187 3328 W32Time - ok
17:19:06.0203 3328 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:19:06.0265 3328 Wanarp - ok
17:19:06.0296 3328 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
17:19:06.0453 3328 WDC_SAM ( UnsignedFile.Multi.Generic ) - warning
17:19:06.0453 3328 WDC_SAM - detected UnsignedFile.Multi.Generic (1)
17:19:06.0500 3328 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:19:06.0656 3328 Wdf01000 - ok
17:19:06.0656 3328 WDICA - ok
17:19:06.0671 3328 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:19:06.0734 3328 wdmaud - ok
17:19:06.0765 3328 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:19:06.0828 3328 WebClient - ok
17:19:06.0859 3328 [ 0E666AC2766F2FD860CC03F405A2ACE1 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:19:06.0953 3328 winachsf ( UnsignedFile.Multi.Generic ) - warning
17:19:06.0953 3328 winachsf - detected UnsignedFile.Multi.Generic (1)
17:19:07.0062 3328 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:19:07.0125 3328 winmgmt - ok
17:19:07.0156 3328 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:19:07.0203 3328 WmdmPmSN - ok
17:19:07.0234 3328 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:19:07.0312 3328 Wmi - ok
17:19:07.0343 3328 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:19:07.0406 3328 WmiAcpi - ok
17:19:07.0437 3328 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:19:07.0500 3328 WmiApSrv - ok
17:19:07.0546 3328 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:19:07.0703 3328 WPFFontCache_v0400 - ok
17:19:07.0750 3328 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:19:07.0812 3328 wscsvc - ok
17:19:07.0828 3328 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:19:07.0906 3328 WSTCODEC - ok
17:19:07.0921 3328 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:19:07.0984 3328 wuauserv - ok
17:19:08.0015 3328 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:19:08.0062 3328 WudfPf - ok
17:19:08.0078 3328 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:19:08.0109 3328 WudfRd - ok
17:19:08.0109 3328 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:19:08.0171 3328 WudfSvc - ok
17:19:08.0218 3328 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:19:08.0281 3328 WZCSVC - ok
17:19:08.0296 3328 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:19:08.0375 3328 xmlprov - ok
17:19:08.0406 3328 [ F20FC720F74A2533D70CEA1F4458F3C8 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
17:19:08.0484 3328 yukonwxp ( UnsignedFile.Multi.Generic ) - warning
17:19:08.0484 3328 yukonwxp - detected UnsignedFile.Multi.Generic (1)
17:19:08.0500 3328 ================ Scan global ===============================
17:19:08.0531 3328 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:19:08.0546 3328 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
17:19:08.0546 3328 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
17:19:08.0562 3328 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
17:19:08.0562 3328 [Global] - ok
17:19:08.0562 3328 ================ Scan MBR ==================================
17:19:08.0578 3328 [ 3064D6847BA14E2F6D6AD71D199A8952 ] \Device\Harddisk0\DR0
17:19:09.0031 3328 \Device\Harddisk0\DR0 - ok
17:19:09.0031 3328 ================ Scan VBR ==================================
17:19:09.0031 3328 [ BDA0770F48077DB1D8C1DAF606C6615F ] \Device\Harddisk0\DR0\Partition1
17:19:09.0031 3328 \Device\Harddisk0\DR0\Partition1 - ok
17:19:09.0031 3328 ================ Scan active images ========================
17:19:09.0031 3328 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
17:19:09.0031 3328 C:\WINDOWS\system32\drivers\videoprt.sys - ok
17:19:09.0046 3328 [ 14C665264EE51DFE6AE9DFDF9C5511F2 ] C:\WINDOWS\system32\drivers\igxpmp32.sys
17:19:09.0046 3328 C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
17:19:09.0046 3328 [ A316EA13C4B32F63CA8571BB26981A5A ] C:\WINDOWS\system32\drivers\e1c5132.sys
17:19:09.0046 3328 C:\WINDOWS\system32\drivers\e1c5132.sys - ok
17:19:09.0046 3328 [ E31363D186B3E1D7C4E9117884A6AEE5 ] C:\WINDOWS\system32\drivers\Hdaudbus.sys
17:19:09.0046 3328 C:\WINDOWS\system32\drivers\Hdaudbus.sys - ok
17:19:09.0046 3328 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
17:19:09.0046 3328 C:\WINDOWS\system32\drivers\usbehci.sys - ok
17:19:09.0062 3328 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
17:19:09.0062 3328 C:\WINDOWS\system32\drivers\usbport.sys - ok
17:19:09.0062 3328 [ 17BE40D3155319E608F049D40E819A32 ] C:\WINDOWS\system32\drivers\BCMWL5.SYS
17:19:09.0062 3328 C:\WINDOWS\system32\drivers\BCMWL5.SYS - ok
17:19:09.0062 3328 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
17:19:09.0062 3328 C:\WINDOWS\system32\drivers\nic1394.sys - ok
17:19:09.0078 3328 [ 3083B3D0C74B59FACDE7F0CBBF25E659 ] C:\WINDOWS\system32\drivers\o2sdjxp.sys
17:19:09.0078 3328 C:\WINDOWS\system32\drivers\o2sdjxp.sys - ok
17:19:09.0078 3328 [ FBA85B0A76204FC5744532771FB0758C ] C:\WINDOWS\system32\drivers\Apfiltr.sys
17:19:09.0078 3328 C:\WINDOWS\system32\drivers\Apfiltr.sys - ok
17:19:09.0078 3328 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
17:19:09.0078 3328 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
17:19:09.0078 3328 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
17:19:09.0078 3328 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
17:19:09.0093 3328 [ F24DC5D512FF86576F406E9C1427E8BB ] C:\WINDOWS\system32\drivers\o2mdrxp.sys
17:19:09.0093 3328 C:\WINDOWS\system32\drivers\o2mdrxp.sys - ok
17:19:09.0093 3328 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
17:19:09.0093 3328 C:\WINDOWS\system32\drivers\parport.sys - ok
17:19:09.0093 3328 [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
17:19:09.0093 3328 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
17:19:09.0109 3328 [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
17:19:09.0109 3328 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
17:19:09.0109 3328 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
17:19:09.0109 3328 C:\WINDOWS\system32\drivers\cdrom.sys - ok
17:19:09.0109 3328 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
17:19:09.0109 3328 C:\WINDOWS\system32\drivers\imapi.sys - ok
17:19:09.0109 3328 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
17:19:09.0109 3328 C:\WINDOWS\system32\drivers\mouclass.sys - ok
17:19:09.0125 3328 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
17:19:09.0125 3328 C:\WINDOWS\system32\drivers\ks.sys - ok
17:19:09.0125 3328 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
17:19:09.0125 3328 C:\WINDOWS\system32\drivers\redbook.sys - ok
17:19:09.0125 3328 [ EDC50031D6AB9180B3B3BD1C547C7D0A ] C:\WINDOWS\system32\drivers\accelern.sys
17:19:09.0125 3328 C:\WINDOWS\system32\drivers\accelern.sys - ok
17:19:09.0140 3328 [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\cmbatt.sys
17:19:09.0140 3328 C:\WINDOWS\system32\drivers\cmbatt.sys - ok
17:19:09.0140 3328 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
17:19:09.0140 3328 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
17:19:09.0140 3328 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
17:19:09.0140 3328 C:\WINDOWS\system32\drivers\intelppm.sys - ok
17:19:09.0140 3328 [ 658548BDDA675AE2E36AA5604F8E9549 ] C:\WINDOWS\system32\drivers\btkrnl.sys
17:19:09.0140 3328 C:\WINDOWS\system32\drivers\btkrnl.sys - ok
17:19:09.0140 3328 [ A9573045BAA16EAB9B1085205B82F1ED ] C:\WINDOWS\system32\drivers\serscan.sys
17:19:09.0140 3328 C:\WINDOWS\system32\drivers\serscan.sys - ok
17:19:09.0140 3328 [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
17:19:09.0140 3328 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
17:19:09.0140 3328 [ AA52C0B88C46D5037809D05DD826C61E ] C:\WINDOWS\system32\drivers\CtClsFlt.sys
17:19:09.0140 3328 C:\WINDOWS\system32\drivers\CtClsFlt.sys - ok
17:19:09.0140 3328 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
17:19:09.0140 3328 C:\WINDOWS\system32\drivers\audstub.sys - ok
17:19:09.0140 3328 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
17:19:09.0140 3328 C:\WINDOWS\system32\drivers\tdi.sys - ok
17:19:09.0140 3328 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] C:\WINDOWS\system32\drivers\ndistapi.sys
17:19:09.0140 3328 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
17:19:09.0156 3328 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
17:19:09.0156 3328 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
17:19:09.0156 3328 [ 0207D26DDF796A193CCD9F83047BB5FC ] C:\WINDOWS\system32\drivers\rasirda.sys
17:19:09.0156 3328 C:\WINDOWS\system32\drivers\rasirda.sys - ok
17:19:09.0156 3328 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
17:19:09.0156 3328 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
17:19:09.0156 3328 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
17:19:09.0156 3328 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
17:19:09.0156 3328 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
17:19:09.0156 3328 C:\WINDOWS\system32\drivers\msgpc.sys - ok
17:19:09.0156 3328 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
17:19:09.0156 3328 C:\WINDOWS\system32\drivers\psched.sys - ok
17:19:09.0156 3328 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
17:19:09.0156 3328 C:\WINDOWS\system32\drivers\ptilink.sys - ok
17:19:09.0156 3328 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
17:19:09.0156 3328 C:\WINDOWS\system32\drivers\raspptp.sys - ok
17:19:09.0156 3328 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
17:19:09.0156 3328 C:\WINDOWS\system32\drivers\raspti.sys - ok
17:19:09.0156 3328 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
17:19:09.0156 3328 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
17:19:09.0171 3328 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
17:19:09.0171 3328 C:\WINDOWS\system32\drivers\swenum.sys - ok
17:19:09.0171 3328 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
17:19:09.0171 3328 C:\WINDOWS\system32\drivers\termdd.sys - ok
17:19:09.0171 3328 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
17:19:09.0171 3328 C:\WINDOWS\system32\drivers\update.sys - ok
17:19:09.0171 3328 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
17:19:09.0171 3328 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
17:19:09.0187 3328 [ 6215023940CFD3702B46ABC304E1D45A ] C:\WINDOWS\system32\drivers\ndproxy.sys
17:19:09.0187 3328 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
17:19:09.0187 3328 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
17:19:09.0187 3328 C:\WINDOWS\system32\drivers\usbd.sys - ok
17:19:09.0187 3328 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
17:19:09.0187 3328 C:\WINDOWS\system32\drivers\usbhub.sys - ok
17:19:09.0203 3328 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
17:19:09.0203 3328 C:\WINDOWS\system32\drivers\drmk.sys - ok
17:19:09.0203 3328 [ BC6B2BC69C1E009443E8B1FE2DB96101 ] C:\WINDOWS\system32\drivers\portcls.sys
17:19:09.0203 3328 C:\WINDOWS\system32\drivers\portcls.sys - ok
17:19:09.0203 3328 [ A553C4DC4A0A2D3B8B11202115321ACE ] C:\WINDOWS\system32\drivers\sthda.sys
17:19:09.0203 3328 C:\WINDOWS\system32\drivers\sthda.sys - ok
17:19:09.0203 3328 [ 822D53766D57C90C437536232ECE9023 ] C:\WINDOWS\system32\drivers\AESTAud.sys
17:19:09.0203 3328 C:\WINDOWS\system32\drivers\AESTAud.sys - ok
17:19:09.0218 3328 [ 0F538DF1673E5216F3BAACB6911D9D0F ] C:\WINDOWS\system32\drivers\CtAudDrv.sys
17:19:09.0218 3328 C:\WINDOWS\system32\drivers\CtAudDrv.sys - ok
17:19:09.0218 3328 [ 34EE48D11C584EEDB59FD0D537AC2296 ] C:\WINDOWS\system32\drivers\IntcDAud.sys
17:19:09.0218 3328 C:\WINDOWS\system32\drivers\IntcDAud.sys - ok
17:19:09.0218 3328 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
17:19:09.0218 3328 C:\WINDOWS\system32\drivers\beep.sys - ok
17:19:09.0234 3328 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
17:19:09.0234 3328 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
17:19:09.0234 3328 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
17:19:09.0234 3328 C:\WINDOWS\system32\drivers\fdc.sys - ok
17:19:09.0234 3328 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
17:19:09.0234 3328 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
17:19:09.0234 3328 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
17:19:09.0234 3328 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
17:19:09.0234 3328 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
17:19:09.0234 3328 C:\WINDOWS\system32\drivers\null.sys - ok
17:19:09.0234 3328 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
17:19:09.0234 3328 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
17:19:09.0234 3328 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
17:19:09.0234 3328 C:\WINDOWS\system32\drivers\vga.sys - ok
17:19:09.0234 3328 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
17:19:09.0234 3328 C:\WINDOWS\system32\drivers\ipsec.sys - ok
17:19:09.0234 3328 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
17:19:09.0234 3328 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
17:19:09.0234 3328 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
17:19:09.0234 3328 C:\WINDOWS\system32\drivers\msfs.sys - ok
17:19:09.0250 3328 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
17:19:09.0250 3328 C:\WINDOWS\system32\drivers\npfs.sys - ok
17:19:09.0250 3328 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
17:19:09.0250 3328 C:\WINDOWS\system32\drivers\rasacd.sys - ok
17:19:09.0250 3328 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
17:19:09.0250 3328 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
17:19:09.0265 3328 [ 93EA8D04EC73A85DB02EB8805988F733 ] C:\WINDOWS\system32\drivers\tcpip.sys
17:19:09.0265 3328 C:\WINDOWS\system32\drivers\tcpip.sys - ok
17:19:09.0265 3328 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
17:19:09.0265 3328 C:\WINDOWS\system32\drivers\ipnat.sys - ok
17:19:09.0265 3328 [ 78EFA6FD2A486C476045EAA1D2F218B7 ] C:\WINDOWS\system32\drivers\mfetdik.sys
17:19:09.0265 3328 C:\WINDOWS\system32\drivers\mfetdik.sys - ok
17:19:09.0265 3328 [ 322D0E36693D6E24A2398BEE62A268CD ] C:\WINDOWS\system32\drivers\afd.sys
17:19:09.0265 3328 C:\WINDOWS\system32\drivers\afd.sys - ok
17:19:09.0265 3328 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
17:19:09.0265 3328 C:\WINDOWS\system32\drivers\arp1394.sys - ok
17:19:09.0265 3328 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
17:19:09.0265 3328 C:\WINDOWS\system32\drivers\netbios.sys - ok
17:19:09.0265 3328 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
17:19:09.0265 3328 C:\WINDOWS\system32\drivers\netbt.sys - ok
17:19:09.0265 3328 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
17:19:09.0265 3328 C:\WINDOWS\system32\drivers\wanarp.sys - ok
17:19:09.0265 3328 [ 68755F0FF16070178B54674FE5B847B0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
17:19:09.0265 3328 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
17:19:09.0265 3328 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
17:19:09.0265 3328 C:\WINDOWS\system32\drivers\rdbss.sys - ok
17:19:09.0281 3328 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
17:19:09.0281 3328 C:\WINDOWS\system32\drivers\fips.sys - ok
17:19:09.0281 3328 [ 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F ] C:\WINDOWS\system32\ntdll.dll
17:19:09.0281 3328 C:\WINDOWS\system32\ntdll.dll - ok
17:19:09.0281 3328 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
17:19:09.0281 3328 C:\WINDOWS\system32\smss.exe - ok
17:19:09.0281 3328 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
17:19:09.0281 3328 C:\WINDOWS\system32\autochk.exe - ok
17:19:09.0281 3328 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
17:19:09.0281 3328 C:\WINDOWS\system32\sfcfiles.dll - ok
17:19:09.0281 3328 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
17:19:09.0281 3328 C:\WINDOWS\system32\drivers\cdfs.sys - ok
17:19:09.0281 3328 [ 083497B731AA32288A9A84B49757307C ] C:\WINDOWS\system32\drivers\btwusb.sys
17:19:09.0281 3328 C:\WINDOWS\system32\drivers\btwusb.sys - ok
17:19:09.0281 3328 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
17:19:09.0281 3328 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
17:19:09.0281 3328 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] C:\WINDOWS\system32\drivers\usbvideo.sys
17:19:09.0281 3328 C:\WINDOWS\system32\drivers\usbvideo.sys - ok
17:19:09.0281 3328 [ D1697063E2CDB6575AA46D668FFEE825 ] C:\WINDOWS\system32\drivers\cvusbdrv.sys
17:19:09.0281 3328 C:\WINDOWS\system32\drivers\cvusbdrv.sys - ok
17:19:09.0296 3328 [ 017DAECF0ED3AA731313433601EC40FA ] C:\WINDOWS\system32\drivers\smclib.sys
17:19:09.0296 3328 C:\WINDOWS\system32\drivers\smclib.sys - ok
17:19:09.0296 3328 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] C:\WINDOWS\system32\drivers\usbccid.sys
17:19:09.0296 3328 C:\WINDOWS\system32\drivers\usbccid.sys - ok
17:19:09.0296 3328 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
17:19:09.0296 3328 C:\WINDOWS\system32\drivers\wmilib.sys - ok
17:19:09.0296 3328 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
17:19:09.0296 3328 C:\WINDOWS\system32\drivers\atapi.sys - ok
17:19:09.0296 3328 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
17:19:09.0296 3328 C:\WINDOWS\system32\drivers\dxapi.sys - ok
17:19:09.0296 3328 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
17:19:09.0296 3328 C:\WINDOWS\system32\watchdog.sys - ok
17:19:09.0296 3328 [ DE01D79A607C7B9AE7FF88E934D0FFB2 ] C:\WINDOWS\system32\win32k.sys
17:19:09.0296 3328 C:\WINDOWS\system32\win32k.sys - ok
17:19:09.0296 3328 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:19:09.0296 3328 C:\WINDOWS\system32\basesrv.dll - ok
17:19:09.0296 3328 [ 05B100F8DD7073BFD7B3E46D0E36AD0C ] C:\WINDOWS\system32\csrsrv.dll
17:19:09.0296 3328 C:\WINDOWS\system32\csrsrv.dll - ok
17:19:09.0312 3328 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
17:19:09.0312 3328 C:\WINDOWS\system32\csrss.exe - ok
17:19:09.0312 3328 [ B015B9134DAD7E29E7D2D6B5F5C8C2FC ] C:\WINDOWS\system32\gdi32.dll
17:19:09.0312 3328 C:\WINDOWS\system32\gdi32.dll - ok
17:19:09.0312 3328 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
17:19:09.0312 3328 C:\WINDOWS\system32\winsrv.dll - ok
17:19:09.0312 3328 [ C24B983D211C34DA8FCC1AC38477971D ] C:\WINDOWS\system32\kernel32.dll
17:19:09.0312 3328 C:\WINDOWS\system32\kernel32.dll - ok
17:19:09.0312 3328 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
17:19:09.0312 3328 C:\WINDOWS\system32\user32.dll - ok
17:19:09.0312 3328 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
17:19:09.0312 3328 C:\WINDOWS\system32\drivers\dxg.sys - ok
17:19:09.0312 3328 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
17:19:09.0312 3328 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
17:19:09.0312 3328 [ C6C5208EC0F013F29DD67B0BAE446A65 ] C:\WINDOWS\system32\igxpgd32.dll
17:19:09.0312 3328 C:\WINDOWS\system32\igxpgd32.dll - ok
17:19:09.0312 3328 [ 1DFF5022E83A934DA09E5ED34EB14783 ] C:\WINDOWS\system32\igxprd32.dll
17:19:09.0312 3328 C:\WINDOWS\system32\igxprd32.dll - ok
17:19:09.0312 3328 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
17:19:09.0312 3328 C:\WINDOWS\system32\vga.dll - ok
17:19:09.0312 3328 [ 3D2AFE947E67E123A7D9C438F4FAEA97 ] C:\WINDOWS\system32\igxpdv32.dll
17:19:09.0312 3328 C:\WINDOWS\system32\igxpdv32.dll - ok
17:19:09.0328 3328 [ 558E60EC036F495A86370530CB7208E5 ] C:\WINDOWS\system32\igxpdx32.dll
17:19:09.0328 3328 C:\WINDOWS\system32\igxpdx32.dll - ok
17:19:09.0328 3328 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] C:\WINDOWS\system32\advapi32.dll
17:19:09.0328 3328 C:\WINDOWS\system32\advapi32.dll - ok
17:19:09.0328 3328 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
17:19:09.0328 3328 C:\WINDOWS\system32\winlogon.exe - ok
17:19:09.0328 3328 [ B979D9D1C8073DA21A7F80345F306A1D ] C:\WINDOWS\system32\rpcrt4.dll
17:19:09.0328 3328 C:\WINDOWS\system32\rpcrt4.dll - ok
17:19:09.0343 3328 [ 7459C16CC3EF4651CAB7C9260E43FC58 ] C:\WINDOWS\system32\secur32.dll
17:19:09.0343 3328 C:\WINDOWS\system32\secur32.dll - ok
17:19:09.0343 3328 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
17:19:09.0343 3328 C:\WINDOWS\system32\authz.dll - ok
17:19:09.0343 3328 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
17:19:09.0343 3328 C:\WINDOWS\system32\msvcrt.dll - ok
17:19:09.0343 3328 [ BDAAF79DD63F194434D31A74B9BB8B77 ] C:\WINDOWS\system32\crypt32.dll
17:19:09.0343 3328 C:\WINDOWS\system32\crypt32.dll - ok
17:19:09.0359 3328 [ A11F1EA5346165347BF54C1F959C3FBC ] C:\WINDOWS\system32\msasn1.dll
17:19:09.0359 3328 C:\WINDOWS\system32\msasn1.dll - ok
17:19:09.0359 3328 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
17:19:09.0359 3328 C:\WINDOWS\system32\nddeapi.dll - ok
17:19:09.0359 3328 [ 318230E845919255EF3C5D5E1E863631 ] C:\WINDOWS\system32\netapi32.dll
17:19:09.0359 3328 C:\WINDOWS\system32\netapi32.dll - ok
17:19:09.0359 3328 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
17:19:09.0359 3328 C:\WINDOWS\system32\profmap.dll - ok
17:19:09.0359 3328 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
17:19:09.0359 3328 C:\WINDOWS\system32\userenv.dll - ok
17:19:09.0359 3328 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
17:19:09.0359 3328 C:\WINDOWS\system32\psapi.dll - ok
17:19:09.0359 3328 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
17:19:09.0359 3328 C:\WINDOWS\system32\regapi.dll - ok
17:19:09.0359 3328 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
17:19:09.0359 3328 C:\WINDOWS\system32\setupapi.dll - ok
17:19:09.0359 3328 [ CA648BD638245EB83F971FF71B031BEC ] C:\WINDOWS\system32\imagehlp.dll
17:19:09.0359 3328 C:\WINDOWS\system32\imagehlp.dll - ok
17:19:09.0375 3328 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
17:19:09.0375 3328 C:\WINDOWS\system32\version.dll - ok
17:19:09.0375 3328 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
17:19:09.0375 3328 C:\WINDOWS\system32\winsta.dll - ok
17:19:09.0375 3328 [ B25D14DCBBB6623C1A63CD07A97DF32B ] C:\WINDOWS\system32\wintrust.dll
17:19:09.0375 3328 C:\WINDOWS\system32\wintrust.dll - ok
17:19:09.0375 3328 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
17:19:09.0375 3328 C:\WINDOWS\system32\imm32.dll - ok
17:19:09.0375 3328 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
17:19:09.0375 3328 C:\WINDOWS\system32\kbdus.dll - ok
17:19:09.0375 3328 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
17:19:09.0375 3328 C:\WINDOWS\system32\ws2help.dll - ok
17:19:09.0375 3328 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
17:19:09.0375 3328 C:\WINDOWS\system32\ws2_32.dll - ok
17:19:09.0375 3328 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
17:19:09.0375 3328 C:\WINDOWS\system32\msgina.dll - ok
17:19:09.0375 3328 [ 06F247492BC786CE5C24A23E178C711A ] C:\WINDOWS\system32\comctl32.dll
17:19:09.0375 3328 C:\WINDOWS\system32\comctl32.dll - ok
17:19:09.0375 3328 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
17:19:09.0375 3328 C:\WINDOWS\system32\comdlg32.dll - ok
17:19:09.0390 3328 [ 52A5A388661FF3A889593185367B7226 ] C:\WINDOWS\system32\odbc32.dll
17:19:09.0390 3328 C:\WINDOWS\system32\odbc32.dll - ok
17:19:09.0390 3328 [ 0CF50B1F45DAB08430C1DBB79FE2CA5B ] C:\WINDOWS\system32\shell32.dll
17:19:09.0390 3328 C:\WINDOWS\system32\shell32.dll - ok
17:19:09.0390 3328 [ 72EDAE61E761C14714BFD0CB4BA3C0DB ] C:\WINDOWS\system32\shlwapi.dll
17:19:09.0390 3328 C:\WINDOWS\system32\shlwapi.dll - ok
17:19:09.0390 3328 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
17:19:09.0390 3328 C:\WINDOWS\system32\sxs.dll - ok
17:19:09.0390 3328 [ BD38D1EBE24A46BD3EDA059560AFBA12 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
17:19:09.0390 3328 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - ok
17:19:09.0390 3328 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
17:19:09.0390 3328 C:\WINDOWS\system32\odbcint.dll - ok
17:19:09.0390 3328 [ 1926899BF9FFE2602B63074971700412 ] C:\WINDOWS\system32\shsvcs.dll
17:19:09.0390 3328 C:\WINDOWS\system32\shsvcs.dll - ok
17:19:09.0390 3328 [ ECCE74BC6168375016450A86A164D976 ] C:\WINDOWS\system32\ole32.dll
17:19:09.0390 3328 C:\WINDOWS\system32\ole32.dll - ok
17:19:09.0390 3328 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
17:19:09.0390 3328 C:\WINDOWS\system32\sfc.dll - ok
17:19:09.0390 3328 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
17:19:09.0390 3328 C:\WINDOWS\system32\sfc_os.dll - ok
17:19:09.0406 3328 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
17:19:09.0406 3328 C:\WINDOWS\system32\apphelp.dll - ok
17:19:09.0406 3328 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
17:19:09.0406 3328 C:\WINDOWS\system32\services.exe - ok
17:19:09.0406 3328 [ EA9AAA0B9BBF9B24FD3CAECC7FD69A1E ] C:\WINDOWS\system32\lsasrv.dll
17:19:09.0406 3328 C:\WINDOWS\system32\lsasrv.dll - ok
17:19:09.0406 3328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
17:19:09.0406 3328 C:\WINDOWS\system32\lsass.exe - ok
17:19:09.0406 3328 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
17:19:09.0406 3328 C:\WINDOWS\system32\msvcp60.dll - ok
17:19:09.0406 3328 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
17:19:09.0406 3328 C:\WINDOWS\system32\ncobjapi.dll - ok
17:19:09.0406 3328 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
17:19:09.0406 3328 C:\WINDOWS\system32\scesrv.dll - ok
17:19:09.0406 3328 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
17:19:09.0406 3328 C:\WINDOWS\system32\mpr.dll - ok
17:19:09.0406 3328 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
17:19:09.0406 3328 C:\WINDOWS\system32\umpnpmgr.dll - ok
17:19:09.0406 3328 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
17:19:09.0406 3328 C:\WINDOWS\AppPatch\acadproc.dll - ok
17:19:09.0406 3328 [ 0A3325D38DB90792BBBE01334F273974 ] C:\WINDOWS\system32\dnsapi.dll
17:19:09.0406 3328 C:\WINDOWS\system32\dnsapi.dll - ok
17:19:09.0421 3328 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
17:19:09.0421 3328 C:\WINDOWS\system32\ntdsapi.dll - ok
17:19:09.0421 3328 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
17:19:09.0421 3328 C:\WINDOWS\system32\shimeng.dll - ok
17:19:09.0421 3328 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
17:19:09.0421 3328 C:\WINDOWS\system32\wldap32.dll - ok
17:19:09.0437 3328 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
17:19:09.0437 3328 C:\WINDOWS\system32\samlib.dll - ok
17:19:09.0437 3328 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
17:19:09.0437 3328 C:\WINDOWS\system32\samsrv.dll - ok
17:19:09.0437 3328 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
17:19:09.0437 3328 C:\WINDOWS\AppPatch\acgenral.dll - ok
17:19:09.0437 3328 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
17:19:09.0437 3328 C:\WINDOWS\system32\cryptdll.dll - ok
17:19:09.0453 3328 [ 387006CF9983000BAB76DD250D424045 ] C:\WINDOWS\system32\oleaut32.dll
17:19:09.0453 3328 C:\WINDOWS\system32\oleaut32.dll - ok
17:19:09.0453 3328 [ F1300D0B4C40754A01DF16F350F0EF60 ] C:\WINDOWS\system32\winmm.dll
17:19:09.0453 3328 C:\WINDOWS\system32\winmm.dll - ok
17:19:09.0453 3328 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
17:19:09.0453 3328 C:\WINDOWS\system32\msacm32.dll - ok
17:19:09.0468 3328 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
17:19:09.0468 3328 C:\WINDOWS\system32\uxtheme.dll - ok
17:19:09.0468 3328 [ C61E8ECFFDBF05FF71D079BBD35396B3 ] C:\WINDOWS\system32\schannel.dll
17:19:09.0468 3328 C:\WINDOWS\system32\schannel.dll - ok
17:19:09.0468 3328 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
17:19:09.0468 3328 C:\WINDOWS\system32\msctfime.ime - ok
17:19:09.0468 3328 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
17:19:09.0468 3328 C:\WINDOWS\system32\msprivs.dll - ok
17:19:09.0484 3328 [ B17DEFD576AE373E7A1A2C75665E4549 ] C:\WINDOWS\system32\kerberos.dll
17:19:09.0484 3328 C:\WINDOWS\system32\kerberos.dll - ok
17:19:09.0484 3328 [ 0F152F4E57FDF9E8E8BDFEA583A4926B ] C:\WINDOWS\system32\msv1_0.dll
17:19:09.0484 3328 C:\WINDOWS\system32\msv1_0.dll - ok
17:19:09.0484 3328 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
17:19:09.0484 3328 C:\WINDOWS\system32\iphlpapi.dll - ok
17:19:09.0500 3328 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
17:19:09.0500 3328 C:\WINDOWS\system32\netlogon.dll - ok
17:19:09.0500 3328 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
17:19:09.0500 3328 C:\WINDOWS\system32\w32time.dll - ok
17:19:09.0500 3328 [ CEFCC6A64983EB8119F3A07A0C1EDE30 ] C:\WINDOWS\system32\wdigest.dll
17:19:09.0500 3328 C:\WINDOWS\system32\wdigest.dll - ok
17:19:09.0500 3328 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
17:19:09.0500 3328 C:\WINDOWS\system32\rsaenh.dll - ok
17:19:09.0515 3328 [ 34EF4739A4D9D09A96069198F42B8D99 ] C:\WINDOWS\system32\atmfd.dll
17:19:09.0515 3328 C:\WINDOWS\system32\atmfd.dll - ok
17:19:09.0515 3328 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
17:19:09.0515 3328 C:\WINDOWS\system32\winscard.dll - ok
17:19:09.0515 3328 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
17:19:09.0515 3328 C:\WINDOWS\system32\wtsapi32.dll - ok
17:19:09.0515 3328 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
17:19:09.0515 3328 C:\WINDOWS\system32\scecli.dll - ok
17:19:09.0515 3328 [ 65E794E86468B61F2BC79ABC48BC4433 ] C:\WINDOWS\system32\drivers\mbam.sys
17:19:09.0515 3328 C:\WINDOWS\system32\drivers\mbam.sys - ok
17:19:09.0515 3328 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
17:19:09.0515 3328 C:\WINDOWS\system32\svchost.exe - ok
17:19:09.0515 3328 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
17:19:09.0515 3328 C:\WINDOWS\system32\ntmarta.dll - ok
17:19:09.0515 3328 [ 2589FE6015A316C0F5D5112B4DA7B509 ] C:\WINDOWS\system32\rpcss.dll
17:19:09.0515 3328 C:\WINDOWS\system32\rpcss.dll - ok
17:19:09.0515 3328 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
17:19:09.0515 3328 C:\WINDOWS\system32\xpsp2res.dll - ok
17:19:09.0515 3328 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
17:19:09.0515 3328 C:\WINDOWS\system32\eventlog.dll - ok
17:19:09.0531 3328 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
17:19:09.0531 3328 C:\WINDOWS\system32\hnetcfg.dll - ok
17:19:09.0531 3328 [ B4138E99236F0F57D4CF49BAE98A0746 ] C:\WINDOWS\system32\mswsock.dll
17:19:09.0531 3328 C:\WINDOWS\system32\mswsock.dll - ok
17:19:09.0531 3328 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
17:19:09.0531 3328 C:\WINDOWS\system32\winrnr.dll - ok
17:19:09.0531 3328 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
17:19:09.0531 3328 C:\WINDOWS\system32\wshtcpip.dll - ok
17:19:09.0531 3328 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
17:19:09.0531 3328 C:\Program Files\Bonjour\mdnsNSP.dll - ok
17:19:09.0531 3328 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
17:19:09.0531 3328 C:\WINDOWS\system32\rasadhlp.dll - ok
17:19:09.0531 3328 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
17:19:09.0531 3328 C:\WINDOWS\system32\dhcpcsvc.dll - ok
17:19:09.0531 3328 [ ACA5E7B54409F9CB5EED97ED0C81120E ] C:\WINDOWS\system32\drivers\irda.sys
17:19:09.0531 3328 C:\WINDOWS\system32\drivers\irda.sys - ok
17:19:09.0531 3328 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
17:19:09.0531 3328 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
17:19:09.0531 3328 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] C:\WINDOWS\system32\dnsrslvr.dll
17:19:09.0531 3328 C:\WINDOWS\system32\dnsrslvr.dll - ok
17:19:09.0546 3328 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
17:19:09.0546 3328 C:\WINDOWS\system32\lmhsvc.dll - ok
17:19:09.0546 3328 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
17:19:09.0546 3328 C:\WINDOWS\system32\termsrv.dll - ok
17:19:09.0546 3328 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
17:19:09.0546 3328 C:\WINDOWS\system32\wzcsvc.dll - ok
17:19:09.0546 3328 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
17:19:09.0546 3328 C:\WINDOWS\system32\icaapi.dll - ok
17:19:09.0562 3328 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
17:19:09.0562 3328 C:\WINDOWS\system32\mstlsapi.dll - ok
17:19:09.0562 3328 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
17:19:09.0562 3328 C:\WINDOWS\system32\activeds.dll - ok
17:19:09.0562 3328 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
17:19:09.0562 3328 C:\WINDOWS\system32\rtutils.dll - ok
17:19:09.0578 3328 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
17:19:09.0578 3328 C:\WINDOWS\system32\wmi.dll - ok
17:19:09.0578 3328 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
17:19:09.0578 3328 C:\WINDOWS\system32\adsldpc.dll - ok
17:19:09.0578 3328 [ 14EE0E012E7298FC1448A88E9FE53322 ] C:\WINDOWS\system32\atl.dll
17:19:09.0578 3328 C:\WINDOWS\system32\atl.dll - ok
17:19:09.0578 3328 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
17:19:09.0578 3328 C:\WINDOWS\system32\dot3api.dll - ok
17:19:09.0593 3328 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
17:19:09.0593 3328 C:\WINDOWS\system32\eapolqec.dll - ok
17:19:09.0593 3328 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
17:19:09.0593 3328 C:\WINDOWS\system32\qutil.dll - ok
17:19:09.0593 3328 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
17:19:09.0593 3328 C:\WINDOWS\system32\esent.dll - ok
17:19:09.0609 3328 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
17:19:09.0609 3328 C:\WINDOWS\system32\clbcatq.dll - ok
17:19:09.0609 3328 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
17:19:09.0609 3328 C:\WINDOWS\system32\comres.dll - ok
17:19:09.0609 3328 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] C:\WINDOWS\system32\irmon.dll
17:19:09.0609 3328 C:\WINDOWS\system32\irmon.dll - ok
17:19:09.0609 3328 [ 52778FCE46E510B60F513B8882A65CD6 ] C:\WINDOWS\system32\wshirda.dll
17:19:09.0609 3328 C:\WINDOWS\system32\wshirda.dll - ok
17:19:09.0609 3328 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
17:19:09.0609 3328 C:\WINDOWS\system32\cryptui.dll - ok
17:19:09.0609 3328 [ 036D3962F2086BF2A98E2873CE153828 ] C:\WINDOWS\system32\rastls.dll
17:19:09.0609 3328 C:\WINDOWS\system32\rastls.dll - ok
17:19:09.0609 3328 [ 6CE32F7778061CCC5814D5E0F282D369 ] C:\WINDOWS\system32\wininet.dll
17:19:09.0609 3328 C:\WINDOWS\system32\wininet.dll - ok
17:19:09.0609 3328 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
17:19:09.0609 3328 C:\WINDOWS\system32\normaliz.dll - ok
17:19:09.0609 3328 [ 05642AE6A7BDAA7541A7451F5A4C6512 ] C:\WINDOWS\system32\urlmon.dll
17:19:09.0609 3328 C:\WINDOWS\system32\urlmon.dll - ok
17:19:09.0609 3328 [ 58BD4689E1DCD40A903721D7EF45F2EC ] C:\WINDOWS\system32\iertutil.dll
17:19:09.0609 3328 C:\WINDOWS\system32\iertutil.dll - ok
17:19:09.0625 3328 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
17:19:09.0625 3328 C:\WINDOWS\system32\mprapi.dll - ok
17:19:09.0625 3328 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
17:19:09.0625 3328 C:\WINDOWS\system32\rasapi32.dll - ok
17:19:09.0625 3328 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
17:19:09.0625 3328 C:\WINDOWS\system32\rasman.dll - ok
17:19:09.0640 3328 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
17:19:09.0640 3328 C:\WINDOWS\system32\tapi32.dll - ok
17:19:09.0640 3328 [ ED43F00CD77E72483A8625AC4F32D8D8 ] C:\WINDOWS\system32\raschap.dll
17:19:09.0640 3328 C:\WINDOWS\system32\raschap.dll - ok
17:19:09.0640 3328 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
17:19:09.0640 3328 C:\WINDOWS\system32\riched20.dll - ok
17:19:09.0640 3328 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
17:19:09.0640 3328 C:\WINDOWS\system32\cscdll.dll - ok
17:19:09.0656 3328 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
17:19:09.0656 3328 C:\WINDOWS\system32\dimsntfy.dll - ok
17:19:09.0656 3328 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
17:19:09.0656 3328 C:\WINDOWS\system32\winspool.drv - ok
17:19:09.0656 3328 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
17:19:09.0656 3328 C:\WINDOWS\system32\wlnotify.dll - ok
17:19:09.0671 3328 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
17:19:09.0671 3328 C:\WINDOWS\system32\schedsvc.dll - ok
17:19:09.0671 3328 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
17:19:09.0671 3328 C:\WINDOWS\system32\msidle.dll - ok
17:19:09.0671 3328 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] C:\WINDOWS\system32\spoolsv.exe
17:19:09.0671 3328 C:\WINDOWS\system32\spoolsv.exe - ok
17:19:09.0671 3328 [ A97FCA92BE4E62BC589371058CBC769E ] C:\Program Files\IDT\WDM\stacsv.exe
17:19:09.0671 3328 C:\Program Files\IDT\WDM\stacsv.exe - ok
17:19:09.0687 3328 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
17:19:09.0687 3328 C:\WINDOWS\system32\audiosrv.dll - ok
17:19:09.0687 3328 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
17:19:09.0687 3328 C:\WINDOWS\system32\spoolss.dll - ok
17:19:09.0687 3328 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
17:19:09.0687 3328 C:\WINDOWS\system32\dsound.dll - ok
17:19:09.0703 3328 [ 999CA2702257A6DBA736589391AD9547 ] C:\WINDOWS\system32\stacapi.dll
17:19:09.0703 3328 C:\WINDOWS\system32\stacapi.dll - ok
17:19:09.0703 3328 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
17:19:09.0703 3328 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
17:19:09.0703 3328 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
17:19:09.0703 3328 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
17:19:09.0703 3328 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
17:19:09.0703 3328 C:\WINDOWS\system32\wdmaud.drv - ok
17:19:09.0718 3328 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
17:19:09.0718 3328 C:\WINDOWS\system32\drivers\splitter.sys - ok
17:19:09.0718 3328 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
17:19:09.0718 3328 C:\WINDOWS\system32\drivers\aec.sys - ok
17:19:09.0718 3328 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
17:19:09.0718 3328 C:\WINDOWS\system32\drivers\swmidi.sys - ok
17:19:09.0734 3328 [ 86D007E7A654B9A71D1D7D856B104353 ] C:\WINDOWS\system32\scardsvr.exe
17:19:09.0734 3328 C:\WINDOWS\system32\scardsvr.exe - ok
17:19:09.0734 3328 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
17:19:09.0734 3328 C:\WINDOWS\system32\drivers\dmusic.sys - ok
17:19:09.0734 3328 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
17:19:09.0734 3328 C:\WINDOWS\system32\drivers\kmixer.sys - ok
17:19:09.0734 3328 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
17:19:09.0734 3328 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
17:19:09.0734 3328 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] C:\WINDOWS\system32\wkssvc.dll
17:19:09.0734 3328 C:\WINDOWS\system32\wkssvc.dll - ok
17:19:09.0734 3328 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
17:19:09.0734 3328 C:\WINDOWS\system32\midimap.dll - ok
17:19:09.0734 3328 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
17:19:09.0734 3328 C:\WINDOWS\system32\msacm32.drv - ok
17:19:09.0734 3328 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
17:19:09.0734 3328 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
17:19:09.0734 3328 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
17:19:09.0734 3328 C:\WINDOWS\system32\webclnt.dll - ok
17:19:09.0734 3328 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
17:19:09.0734 3328 C:\WINDOWS\system32\mlang.dll - ok
17:19:09.0734 3328 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
17:19:09.0734 3328 C:\WINDOWS\system32\wzcsapi.dll - ok
17:19:09.0734 3328 [ 566382CA5F2C41FEAEEEFAC908F1EB92 ] C:\WINDOWS\system32\xmlprovi.dll
17:19:09.0734 3328 C:\WINDOWS\system32\xmlprovi.dll - ok
17:19:09.0750 3328 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
17:19:09.0750 3328 C:\WINDOWS\system32\drivers\serial.sys - ok
17:19:09.0750 3328 [ F401929EE0CC92BFE7F15161CA535383 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:19:09.0750 3328 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
17:19:09.0750 3328 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
17:19:09.0750 3328 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
17:19:09.0750 3328 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
17:19:09.0750 3328 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
17:19:09.0750 3328 [ 92DA9EDE07390B4352B29DD82079E398 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
17:19:09.0750 3328 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
17:19:09.0750 3328 [ 67B539D844F804EBAC7A1E3828FDE709 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
17:19:09.0750 3328 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
17:19:09.0750 3328 [ 53A6FFB9FFF5C3E64B64E9B68C31D4E5 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
17:19:09.0750 3328 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
17:19:09.0750 3328 [ 32D78DCABFB942275E01363D5232C77D ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
17:19:09.0750 3328 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
17:19:09.0750 3328 [ 638C7596B493F5F77DB9EF6BAD8FE46C ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
17:19:09.0750 3328 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
17:19:09.0750 3328 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
17:19:09.0750 3328 C:\WINDOWS\system32\wsock32.dll - ok
17:19:09.0750 3328 [ 3BDE52411DF2FE4252C9289F51CB0F7E ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
17:19:09.0750 3328 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
17:19:09.0765 3328 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
17:19:09.0765 3328 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
17:19:09.0765 3328 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
17:19:09.0765 3328 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
17:19:09.0765 3328 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
17:19:09.0765 3328 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
17:19:09.0765 3328 [ BA02F01BE7ED88E8974C798ACB3075F5 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
17:19:09.0765 3328 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
17:19:09.0765 3328 [ 3B7D8EAE5E44CBDA4CD772720594F116 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
17:19:09.0765 3328 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
17:19:09.0765 3328 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\WINDOWS\system32\dnssd.dll
17:19:09.0765 3328 C:\WINDOWS\system32\dnssd.dll - ok
17:19:09.0765 3328 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
17:19:09.0765 3328 C:\Program Files\Bonjour\mDNSResponder.exe - ok
17:19:09.0765 3328 [ B0BF87F9E247BB0621BCE59EB8CD113F ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
17:19:09.0765 3328 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
17:19:09.0765 3328 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:19:09.0765 3328 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
17:19:09.0765 3328 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
17:19:09.0765 3328 C:\WINDOWS\system32\powrprof.dll - ok
17:19:09.0765 3328 [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
17:19:09.0765 3328 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
17:19:09.0765 3328 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
17:19:09.0765 3328 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
17:19:09.0781 3328 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
17:19:09.0781 3328 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
17:19:09.0781 3328 [ B04DB1F0B2652FCBCCC5FD0C46579F0F ] C:\WINDOWS\system32\mscoree.dll
17:19:09.0781 3328 C:\WINDOWS\system32\mscoree.dll - ok
17:19:09.0781 3328 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
17:19:09.0781 3328 C:\WINDOWS\system32\cryptsvc.dll - ok
17:19:09.0781 3328 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
17:19:09.0781 3328 C:\WINDOWS\system32\certcli.dll - ok
17:19:09.0781 3328 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
17:19:09.0781 3328 C:\WINDOWS\system32\dmserver.dll - ok
17:19:09.0781 3328 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
17:19:09.0781 3328 C:\WINDOWS\system32\ersvc.dll - ok
17:19:09.0781 3328 [ 19A799805B24990867B00C120D300C3A ] C:\WINDOWS\system32\es.dll
17:19:09.0781 3328 C:\WINDOWS\system32\es.dll - ok
17:19:09.0781 3328 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
17:19:09.0781 3328 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
17:19:09.0781 3328 [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
17:19:09.0781 3328 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
17:19:09.0781 3328 [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
17:19:09.0781 3328 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
17:19:09.0781 3328 [ F3F72A2A86C22610BCA5439FA789DD52 ] C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:19:09.0781 3328 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll - ok
17:19:09.0781 3328 [ 7E53957E73BFB209D49932A9DDEBEDE4 ] C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
17:19:09.0781 3328 C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll - ok
17:19:09.0796 3328 [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
17:19:09.0796 3328 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - ok
17:19:09.0796 3328 [ 568E44F6DCFA173F3670172B69379891 ] C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:19:09.0796 3328 C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL - ok
17:19:09.0796 3328 [ 0DCF16B1449811EFA47AB52CAC84093C ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:19:09.0796 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
17:19:09.0796 3328 [ F385F4B02C535BFFE1D70CAB80838123 ] C:\WINDOWS\system32\srvsvc.dll
17:19:09.0796 3328 C:\WINDOWS\system32\srvsvc.dll - ok
17:19:09.0796 3328 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
17:19:09.0796 3328 C:\WINDOWS\system32\netmsg.dll - ok
17:19:09.0796 3328 [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
17:19:09.0796 3328 C:\WINDOWS\system32\oleacc.dll - ok
17:19:09.0796 3328 [ 923BB61D913C37EAB1570F236CCDCE41 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
17:19:09.0796 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
17:19:09.0796 3328 [ 5252605079810904E31C332E241CD59B ] C:\WINDOWS\system32\drivers\srv.sys
17:19:09.0796 3328 C:\WINDOWS\system32\drivers\srv.sys - ok
17:19:09.0796 3328 [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
17:19:09.0796 3328 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll - ok
17:19:09.0796 3328 [ AEBDB652D9273AD61E10C5D8F51C86FB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
17:19:09.0796 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
17:19:09.0796 3328 [ D8AD3D7F927C686B8C233221513DA628 ] C:\WINDOWS\system32\localspl.dll
17:19:09.0796 3328 C:\WINDOWS\system32\localspl.dll - ok
17:19:09.0812 3328 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
17:19:09.0812 3328 C:\WINDOWS\system32\msi.dll - ok
17:19:09.0812 3328 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
17:19:09.0812 3328 C:\WINDOWS\system32\cnbjmon.dll - ok
17:19:09.0812 3328 [ 558F0DFFD81FD4EBCE2E28A63AE6D076 ] C:\WINDOWS\system32\bthcrp.dll
17:19:09.0812 3328 C:\WINDOWS\system32\bthcrp.dll - ok
17:19:09.0812 3328 [ 9B25DAF8F5104130582ED2037A23C6EE ] C:\WINDOWS\system32\WidcommSdk.dll
17:19:09.0812 3328 C:\WINDOWS\system32\WidcommSdk.dll - ok
17:19:09.0812 3328 [ A5030E7E41E6F6346EFC42ACDFDE5546 ] C:\WINDOWS\system32\hpf3l70w.dll
17:19:09.0812 3328 C:\WINDOWS\system32\hpf3l70w.dll - ok
17:19:09.0812 3328 [ 6807B4DD2CCF60745C1333D6C17DE173 ] C:\WINDOWS\system32\mfc42.dll
17:19:09.0812 3328 C:\WINDOWS\system32\mfc42.dll - ok
17:19:09.0812 3328 [ 8432A8217A75A2857FFB10F9AA5E1415 ] C:\WINDOWS\system32\wbtapi.dll
17:19:09.0812 3328 C:\WINDOWS\system32\wbtapi.dll - ok
17:19:09.0812 3328 [ 15A9294B81D0FF0E4AC75276C13FD04B ] C:\WINDOWS\system32\mdimon.dll
17:19:09.0812 3328 C:\WINDOWS\system32\mdimon.dll - ok
17:19:09.0812 3328 [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll
17:19:09.0812 3328 C:\WINDOWS\system32\mgmtapi.dll - ok
17:19:09.0812 3328 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
17:19:09.0812 3328 C:\WINDOWS\system32\pjlmon.dll - ok
17:19:09.0812 3328 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
17:19:09.0812 3328 C:\WINDOWS\system32\snmpapi.dll - ok
17:19:09.0812 3328 [ 8357809E111E09393633039769D96281 ] C:\WINDOWS\system32\tcpmib.dll
17:19:09.0812 3328 C:\WINDOWS\system32\tcpmib.dll - ok
17:19:09.0812 3328 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
17:19:09.0812 3328 C:\WINDOWS\system32\tcpmon.dll - ok
17:19:09.0828 3328 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
17:19:09.0828 3328 C:\WINDOWS\system32\usbmon.dll - ok
17:19:09.0828 3328 [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
17:19:09.0828 3328 C:\WINDOWS\system32\wsnmp32.dll - ok
17:19:09.0828 3328 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
17:19:09.0828 3328 C:\WINDOWS\system32\inetpp.dll - ok
17:19:09.0828 3328 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
17:19:09.0828 3328 C:\WINDOWS\system32\netrap.dll - ok
17:19:09.0828 3328 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
17:19:09.0828 3328 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
17:19:09.0828 3328 [ 04B5BCB246DAEDF5CED6D16315113AF6 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70w.dll
17:19:09.0828 3328 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70w.dll - ok
17:19:09.0828 3328 [ 063457262374B224226710D8DB74C37C ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
17:19:09.0828 3328 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
17:19:09.0828 3328 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
17:19:09.0828 3328 C:\WINDOWS\system32\win32spl.dll - ok
17:19:09.0828 3328 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
17:19:09.0828 3328 C:\WINDOWS\system32\netman.dll - ok
17:19:09.0828 3328 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
17:19:09.0828 3328 C:\WINDOWS\system32\credui.dll - ok
17:19:09.0828 3328 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
17:19:09.0828 3328 C:\WINDOWS\system32\netshell.dll - ok
17:19:09.0828 3328 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
17:19:09.0828 3328 C:\WINDOWS\system32\dot3dlg.dll - ok
17:19:09.0843 3328 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
17:19:09.0843 3328 C:\WINDOWS\system32\eappcfg.dll - ok
17:19:09.0843 3328 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
17:19:09.0843 3328 C:\WINDOWS\system32\eappprxy.dll - ok
17:19:09.0843 3328 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
17:19:09.0843 3328 C:\WINDOWS\system32\onex.dll - ok
17:19:09.0843 3328 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:19:09.0843 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
17:19:09.0843 3328 [ 420E9BF21339F51B31DF4194D5A0E12E ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
17:19:09.0843 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
17:19:09.0843 3328 [ 02D0EFABB5B71005143C320DAF7A0515 ] C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
17:19:09.0843 3328 C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe - ok
17:19:09.0843 3328 [ E92D56DBA921D175945FB7E701183C8D ] C:\Program Files\McAfee\VirusScan Enterprise\lockdown.dll
17:19:09.0843 3328 C:\Program Files\McAfee\VirusScan Enterprise\lockdown.dll - ok
17:19:09.0843 3328 [ 1B6B616737B001C78EF1F7CC3B368E4A ] C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_server.dll
17:19:09.0843 3328 C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_server.dll - ok
17:19:09.0843 3328 [ 30271E2F3FD48072B319CEEB9674AB9B ] C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll
17:19:09.0843 3328 C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll - ok
17:19:09.0843 3328 [ 13667343140F86850B592279D9267EF7 ] C:\Program Files\McAfee\VirusScan Enterprise\Res0900\McShield.DLL
17:19:09.0843 3328 C:\Program Files\McAfee\VirusScan Enterprise\Res0900\McShield.DLL - ok
17:19:09.0843 3328 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
17:19:09.0843 3328 C:\WINDOWS\system32\shfolder.dll - ok
17:19:09.0859 3328 [ 5C46CADC89B1E9B01CE348842B0C2468 ] C:\Program Files\McAfee\Common Framework\FrameworkService.exe
17:19:09.0859 3328 C:\Program Files\McAfee\Common Framework\FrameworkService.exe - ok
17:19:09.0859 3328 [ FD0F348682F65D676C84C28D9CBE8D7D ] C:\Program Files\McAfee\Common Framework\nailog3.dll
17:19:09.0859 3328 C:\Program Files\McAfee\Common Framework\nailog3.dll - ok
17:19:09.0859 3328 [ 4DBA09D9A18C18B48490BF685E8D6138 ] C:\Program Files\McAfee\Common Framework\naxml3_71.dll
17:19:09.0859 3328 C:\Program Files\McAfee\Common Framework\naxml3_71.dll - ok
17:19:09.0859 3328 [ FAC426F30216B976FA4CDA6016EE0D20 ] C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll
17:19:09.0859 3328 C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll - ok
17:19:09.0859 3328 [ 6B4BC4F41954C5FE518E4773F2920E5A ] C:\Program Files\McAfee\Common Framework\AppLib.dll
17:19:09.0859 3328 C:\Program Files\McAfee\Common Framework\AppLib.dll - ok
17:19:09.0859 3328 [ AA27BC80D81D7078A6E650C55B685D4A ] C:\Program Files\McAfee\Common Framework\rsamanager.dll
17:19:09.0859 3328 C:\Program Files\McAfee\Common Framework\rsamanager.dll - ok
17:19:09.0859 3328 [ E75E05B939A8F350E063F2E11992850C ] C:\Program Files\McAfee\Common Framework\cryptocme2.dll
17:19:09.0859 3328 C:\Program Files\McAfee\Common Framework\cryptocme2.dll - ok
17:19:09.0859 3328 [ B59226741551434E8B8A89A97FF339C4 ] C:\Program Files\McAfee\Common Framework\ccme_base.dll
17:19:09.0859 3328 C:\Program Files\McAfee\Common Framework\ccme_base.dll - ok
17:19:09.0859 3328 [ 78F9A14ED09712EB0A34CBCD8BF3993C ] C:\Program Files\McAfee\Common Framework\0409\AgentRes.Dll
17:19:09.0859 3328 C:\Program Files\McAfee\Common Framework\0409\AgentRes.Dll - ok
17:19:09.0859 3328 [ 1F9A0C8918E8A80D2BD3B1C30C97B43D ] C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll
17:19:09.0859 3328 C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll - ok
17:19:09.0859 3328 [ D4E92375308343358A50BFED5D800A76 ] C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
17:19:09.0859 3328 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe - ok
17:19:09.0859 3328 [ F2A4A8B251AF3B2FC5AE8FFB12702BE7 ] C:\Program Files\McAfee\VirusScan Enterprise\condl.dll
17:19:09.0859 3328 C:\Program Files\McAfee\VirusScan Enterprise\condl.dll - ok
17:19:09.0875 3328 [ 6592ECE1C09DC5DC4715C94898E28493 ] C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll
17:19:09.0875 3328 C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll - ok
17:19:09.0875 3328 [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
17:19:09.0875 3328 C:\WINDOWS\system32\lz32.dll - ok
17:19:09.0875 3328 [ DFEE9C72216BB21428419B953B3C923D ] C:\Program Files\McAfee\Common Framework\Logging.dll
17:19:09.0875 3328 C:\Program Files\McAfee\Common Framework\Logging.dll - ok
17:19:09.0875 3328 [ 11F714F85530A2BD134074DC30E99FCA ] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
17:19:09.0875 3328 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE - ok
17:19:09.0875 3328 [ F2CE5D3DC93C794A4368391B43C445CC ] C:\Program Files\McAfee\Common Framework\UserSpace.Dll
17:19:09.0875 3328 C:\Program Files\McAfee\Common Framework\UserSpace.Dll - ok
17:19:09.0875 3328 [ 53A0055A00821AEC2D918DF4B66AE64F ] C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll
17:19:09.0875 3328 C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll - ok
17:19:09.0875 3328 [ C61A8670316330FE9D8FCF117E1D2FD1 ] C:\Program Files\McAfee\Common Framework\Management.dll
17:19:09.0875 3328 C:\Program Files\McAfee\Common Framework\Management.dll - ok
17:19:09.0875 3328 [ A2D5B4FC21F6DC15771447C0BA1B1A2B ] C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
17:19:09.0875 3328 C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll - ok
17:19:09.0875 3328 [ 8B218A80270094AD6CA9873DF63F7736 ] C:\Program Files\McAfee\Common Framework\mfeCmnLib71.dll
17:19:09.0875 3328 C:\Program Files\McAfee\Common Framework\mfeCmnLib71.dll - ok
17:19:09.0875 3328 [ 893EE4C18B182E5208086380862393E1 ] C:\Program Files\McAfee\Common Framework\mfelpc.dll
17:19:09.0875 3328 C:\Program Files\McAfee\Common Framework\mfelpc.dll - ok
17:19:09.0875 3328 [ 72C332F0150AB60B0220A71B7A7A3763 ] C:\Program Files\McAfee\Common Framework\naPolicyManager.dll
17:19:09.0875 3328 C:\Program Files\McAfee\Common Framework\naPolicyManager.dll - ok
17:19:09.0890 3328 [ 0F0EA8E919F2F0023735E5CF045F3002 ] C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
17:19:09.0890 3328 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe - ok
17:19:09.0890 3328 [ ED45B4F6643C6DAC950455B76B312DA8 ] C:\Program Files\McAfee\Common Framework\UpdateSubSys.Dll
17:19:09.0890 3328 C:\Program Files\McAfee\Common Framework\UpdateSubSys.Dll - ok
17:19:09.0890 3328 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
17:19:09.0890 3328 C:\WINDOWS\system32\comsvcs.dll - ok
17:19:09.0890 3328 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
17:19:09.0890 3328 C:\WINDOWS\system32\cscui.dll - ok
17:19:09.0890 3328 [ 8C51D8B39436B8EB6134A3137D39F5EF ] C:\Program Files\McAfee\Common Framework\updater.Dll
17:19:09.0890 3328 C:\Program Files\McAfee\Common Framework\updater.Dll - ok
17:19:09.0890 3328 [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
17:19:09.0890 3328 C:\WINDOWS\system32\dpcdll.dll - ok
17:19:09.0890 3328 [ E0D2F6BF46E6053193FAA3E294D657FF ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
17:19:09.0890 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
17:19:09.0890 3328 [ 38803B69C807A3202F9BBDA5D763EF3C ] C:\Program Files\McAfee\Common Framework\ipcchannel.dll
17:19:09.0890 3328 C:\Program Files\McAfee\Common Framework\ipcchannel.dll - ok
17:19:09.0890 3328 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
17:19:09.0890 3328 C:\WINDOWS\system32\rundll32.exe - ok
17:19:09.0890 3328 [ D605C6B7D06DCA4FAC892B0D9FDBDDD7 ] C:\Program Files\McAfee\Common Framework\Nainet.dll
17:19:09.0890 3328 C:\Program Files\McAfee\Common Framework\Nainet.dll - ok
17:19:09.0890 3328 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
17:19:09.0890 3328 C:\WINDOWS\system32\davclnt.dll - ok
17:19:09.0890 3328 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
17:19:09.0890 3328 C:\WINDOWS\system32\drprov.dll - ok
17:19:09.0906 3328 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
17:19:09.0906 3328 C:\WINDOWS\system32\netui0.dll - ok
17:19:09.0906 3328 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
17:19:09.0906 3328 C:\WINDOWS\system32\netui1.dll - ok
17:19:09.0906 3328 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
17:19:09.0906 3328 C:\WINDOWS\system32\ntlanman.dll - ok
17:19:09.0906 3328 [ E91B02C91709BED4E73B8AC245ECE75B ] C:\Program Files\McAfee\Common Framework\mfecurl.dll
17:19:09.0906 3328 C:\Program Files\McAfee\Common Framework\mfecurl.dll - ok
17:19:09.0906 3328 [ 78162C9532421E6FACDF2EF493E52C0B ] C:\Program Files\McAfee\Common Framework\mfezlib.dll
17:19:09.0906 3328 C:\Program Files\McAfee\Common Framework\mfezlib.dll - ok
17:19:09.0906 3328 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
17:19:09.0906 3328 C:\WINDOWS\system32\colbact.dll - ok
17:19:09.0906 3328 [ 72CD04A8789BEFAB99F06658A41D10C9 ] C:\WINDOWS\system32\mtxclu.dll
17:19:09.0906 3328 C:\WINDOWS\system32\mtxclu.dll - ok
17:19:09.0906 3328 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
17:19:09.0906 3328 C:\WINDOWS\system32\clusapi.dll - ok
17:19:09.0906 3328 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
17:19:09.0906 3328 C:\WINDOWS\system32\resutils.dll - ok
17:19:09.0906 3328 [ 74422FCE2D6EEBD8645E77436FDF8DD8 ] C:\Program Files\McAfee\Common Framework\Scheduler.dll
17:19:09.0906 3328 C:\Program Files\McAfee\Common Framework\Scheduler.dll - ok
17:19:09.0906 3328 [ A0A9E37B369B9BEE3031183C532E157A ] C:\Program Files\McAfee\Common Framework\AgentPlugin.dll
17:19:09.0906 3328 C:\Program Files\McAfee\Common Framework\AgentPlugin.dll - ok
17:19:09.0921 3328 [ C73AF898D15241305C60CCBFC8C6BCC0 ] C:\Program Files\McAfee\VirusScan Enterprise\vsplugin.dll
17:19:09.0921 3328 C:\Program Files\McAfee\VirusScan Enterprise\vsplugin.dll - ok
17:19:09.0921 3328 [ 4A0C58E1866FE109C945641A350396BD ] C:\Program Files\McAfee\Common Framework\Agent.dll
17:19:09.0921 3328 C:\Program Files\McAfee\Common Framework\Agent.dll - ok
17:19:09.0921 3328 [ 59FBB191B90DF214E6981082781E55DE ] C:\Program Files\McAfee\Common Framework\CMALib.dll
17:19:09.0921 3328 C:\Program Files\McAfee\Common Framework\CMALib.dll - ok
17:19:09.0921 3328 [ 7F50F6094EBCC520A0C5695B4313A473 ] C:\Program Files\McAfee\Common Framework\inetmgr.dll
17:19:09.0921 3328 C:\Program Files\McAfee\Common Framework\inetmgr.dll - ok
17:19:09.0921 3328 [ B2CE1CDA1A0D4BCD038958DA0080AA44 ] C:\Program Files\McAfee\Common Framework\naSPIPE.dll
17:19:09.0921 3328 C:\Program Files\McAfee\Common Framework\naSPIPE.dll - ok
17:19:09.0921 3328 [ E59B6C60D92F689E5ECA4EDA10BB3132 ] C:\Program Files\McAfee\Common Framework\ListenServer.dll
17:19:09.0921 3328 C:\Program Files\McAfee\Common Framework\ListenServer.dll - ok
17:19:09.0921 3328 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
17:19:09.0921 3328 C:\WINDOWS\system32\userinit.exe - ok
17:19:09.0921 3328 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
17:19:09.0921 3328 C:\WINDOWS\explorer.exe - ok
17:19:09.0921 3328 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
17:19:09.0921 3328 C:\WINDOWS\system32\browseui.dll - ok
17:19:09.0921 3328 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
17:19:09.0921 3328 C:\WINDOWS\system32\shdocvw.dll - ok
17:19:09.0921 3328 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
17:19:09.0921 3328 C:\WINDOWS\system32\desk.cpl - ok
17:19:09.0921 3328 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
17:19:09.0921 3328 C:\WINDOWS\system32\msimg32.dll - ok
17:19:09.0937 3328 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
17:19:09.0937 3328 C:\WINDOWS\system32\themeui.dll - ok
17:19:09.0937 3328 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
17:19:09.0937 3328 C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
17:19:09.0937 3328 [ 4A736798C76E6BB2CF8224DCE34AA480 ] C:\WINDOWS\system32\mfevtps.exe
17:19:09.0937 3328 C:\WINDOWS\system32\mfevtps.exe - ok
17:19:09.0937 3328 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
17:19:09.0937 3328 C:\WINDOWS\system32\actxprxy.dll - ok
17:19:09.0937 3328 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
17:19:09.0937 3328 C:\WINDOWS\system32\cmd.exe - ok
17:19:09.0937 3328 [ 729DA5D23A9AD20A6AA353156A126420 ] C:\WINDOWS\system32\ieframe.dll
17:19:09.0937 3328 C:\WINDOWS\system32\ieframe.dll - ok
17:19:09.0937 3328 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
17:19:09.0937 3328 C:\WINDOWS\system32\cryptnet.dll - ok
17:19:09.0937 3328 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
17:19:09.0937 3328 C:\WINDOWS\system32\sensapi.dll - ok
17:19:09.0937 3328 [ D29F2889BAA10E19AD9FF70C8D5ECF50 ] C:\WINDOWS\system32\winhttp.dll
17:19:09.0937 3328 C:\WINDOWS\system32\winhttp.dll - ok
17:19:09.0937 3328 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
17:19:09.0937 3328 C:\WINDOWS\system32\cabinet.dll - ok
17:19:09.0937 3328 [ B0487A197931381DD593D82083B1E88B ] C:\Program Files\McAfee\VirusScan Enterprise\midutil.dll
17:19:09.0937 3328 C:\Program Files\McAfee\VirusScan Enterprise\midutil.dll - ok
17:19:09.0937 3328 [ 8BA14F5BE0EE55CB56D2DF924AF2EBB3 ] C:\Program Files\McAfee\VirusScan Enterprise\nailite.dll
17:19:09.0937 3328 C:\Program Files\McAfee\VirusScan Enterprise\nailite.dll - ok
17:19:09.0953 3328 [ FD306FBCCE7ADB1077B709742E7148E9 ] C:\Program Files\CDBurnerXP\NMSAccessU.exe
17:19:09.0953 3328 C:\Program Files\CDBurnerXP\NMSAccessU.exe - ok
17:19:09.0953 3328 [ 510C138564486FF926A3F773205C63D1 ] C:\WINDOWS\system32\HPZinw12.dll
17:19:09.0953 3328 C:\WINDOWS\system32\HPZinw12.dll - ok
17:19:09.0953 3328 [ 4E37455DB16AEC75862B1D0BC35B589E ] C:\WINDOWS\system32\drivers\o2flash.exe
17:19:09.0953 3328 C:\WINDOWS\system32\drivers\o2flash.exe - ok
17:19:09.0953 3328 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] C:\WINDOWS\system32\HPZipm12.dll
17:19:09.0953 3328 C:\WINDOWS\system32\HPZipm12.dll - ok
17:19:09.0953 3328 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
17:19:09.0953 3328 C:\WINDOWS\system32\ipsecsvc.dll - ok
17:19:09.0953 3328 [ 1055E9413CB6E721A536339F6357BAE6 ] C:\Program Files\Novadigm\radexecd.exe
17:19:09.0953 3328 C:\Program Files\Novadigm\radexecd.exe - ok
17:19:09.0953 3328 [ EF536C06631C43FF31B66400138914CC ] C:\Program Files\Novadigm\zsys.dll
17:19:09.0953 3328 C:\Program Files\Novadigm\zsys.dll - ok
17:19:09.0953 3328 [ 33CEB89B62589E8B12AEE9E2D523DADE ] C:\WINDOWS\system32\oakley.dll
17:19:09.0953 3328 C:\WINDOWS\system32\oakley.dll - ok
17:19:09.0953 3328 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
17:19:09.0953 3328 C:\WINDOWS\system32\pstorsvc.dll - ok
17:19:09.0953 3328 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
17:19:09.0953 3328 C:\WINDOWS\system32\winipsec.dll - ok
17:19:09.0953 3328 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
17:19:09.0953 3328 C:\WINDOWS\system32\dssenh.dll - ok
17:19:09.0953 3328 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
17:19:09.0953 3328 C:\WINDOWS\system32\psbase.dll - ok
17:19:09.0968 3328 [ 1D98CF534C46021D3C2FFC2B5A23DEC3 ] C:\Program Files\Novadigm\radsched.exe
17:19:09.0968 3328 C:\Program Files\Novadigm\radsched.exe - ok
17:19:09.0968 3328 [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
17:19:09.0968 3328 C:\WINDOWS\system32\icmp.dll - ok
17:19:09.0968 3328 [ E0C67428565E72614046FFF5D53F8F97 ] C:\Program Files\Novadigm\vars.dll
17:19:09.0968 3328 C:\Program Files\Novadigm\vars.dll - ok
17:19:09.0968 3328 [ 8768AB626086EBBE99B38F1308C703A1 ] C:\Program Files\Novadigm\Radstgms.exe
17:19:09.0968 3328 C:\Program Files\Novadigm\Radstgms.exe - ok
17:19:09.0968 3328 [ 1BF4254B914CD6F3911672D38299A3FA ] C:\Program Files\Novadigm\expat.dll
17:19:09.0968 3328 C:\Program Files\Novadigm\expat.dll - ok
17:19:09.0968 3328 [ CB859270EF0D8E6DD1CAC0F3572A7CA8 ] C:\Program Files\Novadigm\nvdcmpex.dll
17:19:09.0968 3328 C:\Program Files\Novadigm\nvdcmpex.dll - ok
17:19:09.0968 3328 [ 4906CCDB570FEFAFFD0ACA4BBA6341BA ] C:\Program Files\Novadigm\Radical.dll
17:19:09.0968 3328 C:\Program Files\Novadigm\Radical.dll - ok
17:19:09.0968 3328 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
17:19:09.0968 3328 C:\WINDOWS\system32\regsvc.dll - ok
17:19:09.0968 3328 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
17:19:09.0968 3328 C:\WINDOWS\system32\seclogon.dll - ok
17:19:09.0968 3328 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
17:19:09.0968 3328 C:\WINDOWS\system32\sens.dll - ok
17:19:09.0968 3328 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
17:19:09.0968 3328 C:\WINDOWS\system32\srsvc.dll - ok
17:19:09.0984 3328 [ 3F9A3232E5F942874488981F3242C989 ] C:\WINDOWS\UPHClean\uphclean.exe
17:19:09.0984 3328 C:\WINDOWS\UPHClean\uphclean.exe - ok
17:19:09.0984 3328 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
17:19:09.0984 3328 C:\WINDOWS\system32\tapisrv.dll - ok
17:19:09.0984 3328 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
17:19:09.0984 3328 C:\WINDOWS\system32\wiaservc.dll - ok
17:19:09.0984 3328 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
17:19:09.0984 3328 C:\WINDOWS\system32\cfgmgr32.dll - ok
17:19:09.0984 3328 [ 9333DBAEDD617899C3562E937949D068 ] C:\WINDOWS\system32\mscms.dll
17:19:09.0984 3328 C:\WINDOWS\system32\mscms.dll - ok
17:19:09.0984 3328 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
17:19:09.0984 3328 C:\WINDOWS\system32\trkwks.dll - ok
17:19:09.0984 3328 [ ED85C080DE4AA4C90FFF941CFD839D4C ] C:\WINDOWS\system32\drivers\uphcleanhlp.sys
17:19:09.0984 3328 C:\WINDOWS\system32\drivers\uphcleanhlp.sys - ok
17:19:09.0984 3328 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
17:19:09.0984 3328 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
17:19:09.0984 3328 [ A88C0E2B549734349DC6152B4FE07397 ] C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
17:19:09.0984 3328 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe - ok
17:19:09.0984 3328 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
17:19:09.0984 3328 C:\WINDOWS\system32\vssapi.dll - ok
17:19:09.0984 3328 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
17:19:09.0984 3328 C:\WINDOWS\system32\wuauserv.dll - ok
17:19:10.0000 3328 [ D2F77E5DC1800BBC2CFFB5E76586B293 ] C:\WINDOWS\system32\wuaueng.dll
17:19:10.0000 3328 C:\WINDOWS\system32\wuaueng.dll - ok
17:19:10.0000 3328 [ 8FED1E0A491D4990853D23F21C59C730 ] C:\WINDOWS\system32\advpack.dll
17:19:10.0000 3328 C:\WINDOWS\system32\advpack.dll - ok
17:19:10.0000 3328 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
17:19:10.0000 3328 C:\WINDOWS\system32\mspatcha.dll - ok
17:19:10.0000 3328 [ A06CE3399D16DB864F55FAEB1F1927A9 ] C:\WINDOWS\system32\browser.dll
17:19:10.0000 3328 C:\WINDOWS\system32\browser.dll - ok
17:19:10.0000 3328 [ 1B328AC82718850510881289BF8533FD ] C:\WINDOWS\system32\msxml3.dll
17:19:10.0000 3328 C:\WINDOWS\system32\msxml3.dll - ok
17:19:10.0000 3328 [ 83434FD795494A2831ED78F2A9552AF0 ] C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll
17:19:10.0000 3328 C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll - ok
17:19:10.0000 3328 [ 6676F5328F9FE9EBE560AE93213CF737 ] C:\Program Files\McAfee\VirusScan Enterprise\ftl.dll
17:19:10.0000 3328 C:\Program Files\McAfee\VirusScan Enterprise\ftl.dll - ok
17:19:10.0000 3328 [ C45B875DBE2C06A274BB2CB1A40E9E51 ] C:\WINDOWS\system32\hposwia_p02f.dll
17:19:10.0000 3328 C:\WINDOWS\system32\hposwia_p02f.dll - ok
17:19:10.0000 3328 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
17:19:10.0000 3328 C:\WINDOWS\system32\rasmans.dll - ok
17:19:10.0000 3328 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
17:19:10.0000 3328 C:\WINDOWS\system32\netcfgx.dll - ok
17:19:10.0015 3328 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
17:19:10.0015 3328 C:\WINDOWS\system32\ipnathlp.dll - ok
17:19:10.0015 3328 [ 96862DAD7D5906A0C98B172F9EF0140B ] C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
17:19:10.0015 3328 C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe - ok
17:19:10.0015 3328 [ 39DD0C97932CDFDCF006569E1A942728 ] C:\WINDOWS\system32\wiavusd.dll
17:19:10.0015 3328 C:\WINDOWS\system32\wiavusd.dll - ok
17:19:10.0015 3328 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
17:19:10.0015 3328 C:\WINDOWS\system32\wscsvc.dll - ok
17:19:10.0015 3328 [ B5625560CDA13A81D367B32E6F9FC4AC ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
17:19:10.0015 3328 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll - ok
17:19:10.0015 3328 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
17:19:10.0015 3328 C:\WINDOWS\system32\rastapi.dll - ok
17:19:10.0015 3328 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
17:19:10.0015 3328 C:\WINDOWS\system32\unimdm.tsp - ok
17:19:10.0015 3328 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
17:19:10.0015 3328 C:\WINDOWS\system32\uniplat.dll - ok
17:19:10.0015 3328 [ BBE4141566B62081C23E5DFF126770C0 ] C:\Program Files\McAfee\VirusScan Enterprise\naiann.dll
17:19:10.0015 3328 C:\Program Files\McAfee\VirusScan Enterprise\naiann.dll - ok
17:19:10.0031 3328 [ 3639F8097221C5B40B8378F8E3DD75F4 ] C:\Program Files\McAfee\VirusScan Enterprise\NaEvent.Dll
17:19:10.0031 3328 C:\Program Files\McAfee\VirusScan Enterprise\NaEvent.Dll - ok
17:19:10.0031 3328 [ 5E22088E52568ABE7F0C7B727B68C51D ] C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
17:19:10.0031 3328 C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL - ok
17:19:10.0031 3328 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
17:19:10.0031 3328 C:\WINDOWS\system32\kmddsp.tsp - ok
17:19:10.0031 3328 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
17:19:10.0031 3328 C:\WINDOWS\system32\h323.tsp - ok
17:19:10.0031 3328 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
17:19:10.0031 3328 C:\WINDOWS\system32\ipconf.tsp - ok
17:19:10.0031 3328 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
17:19:10.0031 3328 C:\WINDOWS\system32\ndptsp.tsp - ok
17:19:10.0031 3328 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
17:19:10.0031 3328 C:\WINDOWS\system32\hidphone.tsp - ok
17:19:10.0031 3328 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
17:19:10.0031 3328 C:\WINDOWS\system32\hid.dll - ok
17:19:10.0046 3328 [ 7428D3F4E3A966C5CACA3204E8499489 ] C:\Program Files\McAfee\Common Framework\Genevtinf3.dll
17:19:10.0046 3328 C:\Program Files\McAfee\Common Framework\Genevtinf3.dll - ok
17:19:10.0046 3328 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
17:19:10.0046 3328 C:\WINDOWS\system32\ntlsapi.dll - ok
17:19:10.0046 3328 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
17:19:10.0046 3328 C:\WINDOWS\system32\rasppp.dll - ok
17:19:10.0046 3328 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
17:19:10.0046 3328 C:\WINDOWS\system32\rasqec.dll - ok
17:19:10.0046 3328 [ 4B9E1A7798A80D075F53D1049FD4DAB0 ] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
17:19:10.0046 3328 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe - ok
17:19:10.0046 3328 [ 1957C5C463BCDC21F374523FD32A3115 ] C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll
17:19:10.0046 3328 C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll - ok
17:19:10.0046 3328 [ 103662F70D7954F2CAC72591E64F3FBA ] C:\WINDOWS\system32\btins.dll
17:19:10.0046 3328 C:\WINDOWS\system32\btins.dll - ok
17:19:10.0046 3328 [ 991812326ECB8129E23E1066D5DE6DA7 ] C:\WINDOWS\system32\bt2k_ins.dll
17:19:10.0046 3328 C:\WINDOWS\system32\bt2k_ins.dll - ok
17:19:10.0046 3328 [ A025FAC874A8CE4CD9B5BD04ECF136EF ] C:\Program Files\McAfee\VirusScan Enterprise\mfeapfa.dll
17:19:10.0046 3328 C:\Program Files\McAfee\VirusScan Enterprise\mfeapfa.dll - ok
17:19:10.0062 3328 [ 80EA3A5593EFC45B9AC0C573FFFCB8EE ] C:\Program Files\McAfee\VirusScan Enterprise\mfehida.dll
17:19:10.0062 3328 C:\Program Files\McAfee\VirusScan Enterprise\mfehida.dll - ok
17:19:10.0062 3328 [ A8D2C54C2F71F5CBA7CA2734341E57E6 ] C:\WINDOWS\system32\drivers\mfeapfk.sys
17:19:10.0062 3328 C:\WINDOWS\system32\drivers\mfeapfk.sys - ok
17:19:10.0062 3328 [ 54B6A9EBD4071DB7B026BCE92924D438 ] C:\Program Files\McAfee\VirusScan Enterprise\mfebopa.dll
17:19:10.0062 3328 C:\Program Files\McAfee\VirusScan Enterprise\mfebopa.dll - ok
17:19:10.0062 3328 [ 8E43E242073E9DB5AA165EBE273FFD09 ] C:\WINDOWS\system32\drivers\mfebopk.sys
17:19:10.0062 3328 C:\WINDOWS\system32\drivers\mfebopk.sys - ok
17:19:10.0062 3328 [ 6C24AEEB55DD68AF3DA5F15F5005BB96 ] C:\Program Files\McAfee\VirusScan Enterprise\mfeavfa.dll
17:19:10.0062 3328 C:\Program Files\McAfee\VirusScan Enterprise\mfeavfa.dll - ok
17:19:10.0062 3328 [ 28BB783D85DF19E9E007E81DAF40ADCC ] C:\WINDOWS\system32\drivers\mfeavfk.sys
17:19:10.0062 3328 C:\WINDOWS\system32\drivers\mfeavfk.sys - ok
17:19:10.0062 3328 [ A6EF95345CB0D0F47ABDF53ED6B8AD3A ] C:\WINDOWS\system32\drivers\radiamsi.sys
17:19:10.0062 3328 C:\WINDOWS\system32\drivers\radiamsi.sys - ok
17:19:10.0062 3328 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:19:10.0062 3328 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll - ok
17:19:10.0078 3328 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
17:19:10.0078 3328 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
17:19:10.0078 3328 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
17:19:10.0078 3328 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
17:19:10.0078 3328 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
17:19:10.0078 3328 C:\WINDOWS\system32\wbem\esscli.dll - ok
17:19:10.0078 3328 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
17:19:10.0078 3328 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
17:19:10.0078 3328 [ 60027BEA3E76D7DD8D96C02432BFDE82 ] C:\WINDOWS\system32\wbem\fastprox.dll
17:19:10.0078 3328 C:\WINDOWS\system32\wbem\fastprox.dll - ok
17:19:10.0078 3328 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
17:19:10.0078 3328 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
17:19:10.0078 3328 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
17:19:10.0078 3328 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
17:19:10.0078 3328 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
17:19:10.0078 3328 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
17:19:10.0078 3328 [ C2A4FDBD76953411000A01EB047DDC12 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
17:19:10.0093 3328 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
17:19:10.0093 3328 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
17:19:10.0093 3328 C:\WINDOWS\system32\wbem\wbemess.dll - ok
17:19:10.0093 3328 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
17:19:10.0093 3328 C:\WINDOWS\system32\alg.exe - ok
17:19:10.0093 3328 [ 0DFA4D5E8205614EDA53394E637812E4 ] C:\WINDOWS\system32\vdmdbg.dll
17:19:10.0093 3328 C:\WINDOWS\system32\vdmdbg.dll - ok
17:19:10.0093 3328 [ 1CAD39337202BA05BA929A44CA585A6A ] C:\WINDOWS\system32\pautoenr.dll
17:19:10.0093 3328 C:\WINDOWS\system32\pautoenr.dll - ok
17:19:10.0093 3328 [ ED7262E52C31CF1625B65039102BC16C ] C:\WINDOWS\system32\wuauclt.exe
17:19:10.0093 3328 C:\WINDOWS\system32\wuauclt.exe - ok
17:19:10.0093 3328 [ B3AFD779E404C8CAE092BA875782A55C ] C:\WINDOWS\system32\wuaucpl.cpl
17:19:10.0093 3328 C:\WINDOWS\system32\wuaucpl.cpl - ok
17:19:10.0093 3328 [ 7A7A6853855986ADFFC484DFB54FD9AD ] C:\WINDOWS\system32\wups.dll
17:19:10.0093 3328 C:\WINDOWS\system32\wups.dll - ok
17:19:10.0093 3328 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
17:19:10.0093 3328 C:\WINDOWS\system32\wbem\ncprov.dll - ok
17:19:10.0093 3328 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
17:19:10.0093 3328 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
17:19:10.0093 3328 [ 37166580DC59534EAC8E6DB8857AFFA7 ] C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
17:19:10.0093 3328 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe - ok
17:19:10.0093 3328 [ DA1D99E628D5F3B9BEFB4047C9DE93A0 ] C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll
17:19:10.0093 3328 C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll - ok
17:19:10.0109 3328 [ 4B0E889234030BB6F4B281F95248F217 ] C:\Program Files\McAfee\VirusScan Enterprise\graphics.dll
17:19:10.0109 3328 C:\Program Files\McAfee\VirusScan Enterprise\graphics.dll - ok
17:19:10.0109 3328 [ D2033210D4DA9E9CE7670DFF45D7101B ] C:\DOCUME~1\e0382117\LOCALS~1\Temp\3A13C067-1A6E-495C-8AC0-B9A5AF41D154.exe
17:19:10.0109 3328 C:\DOCUME~1\e0382117\LOCALS~1\Temp\3A13C067-1A6E-495C-8AC0-B9A5AF41D154.exe - ok
17:19:10.0109 3328 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
17:19:10.0109 3328 C:\WINDOWS\system32\linkinfo.dll - ok
17:19:10.0109 3328 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
17:19:10.0109 3328 C:\WINDOWS\system32\ntshrui.dll - ok
17:19:10.0109 3328 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\40219880.sys
17:19:10.0109 3328 C:\WINDOWS\system32\drivers\40219880.sys - ok
17:19:10.0109 3328 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
17:19:10.0109 3328 C:\WINDOWS\system32\verclsid.exe - ok
17:19:10.0109 3328 [ 12C864E55D5ED1A4061FA18BCCD80AC5 ] C:\Program Files\IDT\WDM\sttray.exe
17:19:10.0109 3328 C:\Program Files\IDT\WDM\sttray.exe - ok
17:19:10.0109 3328 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
17:19:10.0109 3328 C:\WINDOWS\system32\upnp.dll - ok
17:19:10.0109 3328 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
17:19:10.0109 3328 C:\WINDOWS\system32\ssdpapi.dll - ok
17:19:10.0109 3328 [ 2EE2B4BD9407C19C8E3794F2A1B4A0D0 ] C:\WINDOWS\system32\AESTFltr.exe
17:19:10.0109 3328 C:\WINDOWS\system32\AESTFltr.exe - ok
17:19:10.0125 3328 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] C:\WINDOWS\system32\drivers\http.sys
17:19:10.0125 3328 C:\WINDOWS\system32\drivers\http.sys - ok
17:19:10.0125 3328 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
17:19:10.0125 3328 C:\WINDOWS\system32\ssdpsrv.dll - ok
17:19:10.0125 3328 [ 42CD48A9133E37673A640424389DEC50 ] C:\WINDOWS\system32\igfxtray.exe
17:19:10.0125 3328 C:\WINDOWS\system32\igfxtray.exe - ok
17:19:10.0125 3328 [ 42F9BFD8A7D24A615B8E9A067899C516 ] C:\WINDOWS\system32\hkcmd.exe
17:19:10.0125 3328 C:\WINDOWS\system32\hkcmd.exe - ok
17:19:10.0125 3328 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
17:19:10.0125 3328 C:\WINDOWS\system32\webcheck.dll - ok
17:19:10.0125 3328 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
17:19:10.0125 3328 C:\WINDOWS\system32\batmeter.dll - ok
17:19:10.0125 3328 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
17:19:10.0125 3328 C:\WINDOWS\system32\stobject.dll - ok
17:19:10.0125 3328 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
17:19:10.0125 3328 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
17:19:10.0125 3328 [ 64D363EA01673CC1DA656D933717E6E6 ] C:\WINDOWS\system32\igfxpers.exe
17:19:10.0125 3328 C:\WINDOWS\system32\igfxpers.exe - ok
17:19:10.0140 3328 [ F26231EA482B1E8481EA171E96D9B2E6 ] C:\Program Files\IDT\WDM\stlang.dll
17:19:10.0140 3328 C:\Program Files\IDT\WDM\stlang.dll - ok
17:19:10.0140 3328 [ E748D0B8F4060F4F7A7ABB705E289890 ] C:\WINDOWS\system32\mfc42u.dll
17:19:10.0140 3328 C:\WINDOWS\system32\mfc42u.dll - ok
17:19:10.0140 3328 [ 5C4ADB808B54126C1ED2FBA0EAE06C63 ] C:\WINDOWS\system32\upnpui.dll
17:19:10.0140 3328 C:\WINDOWS\system32\upnpui.dll - ok
17:19:10.0140 3328 [ 2AA08D8DE386444502F4AFA0C4B934B1 ] C:\WINDOWS\system32\hccutils.dll
17:19:10.0140 3328 C:\WINDOWS\system32\hccutils.dll - ok
17:19:10.0140 3328 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
17:19:10.0140 3328 C:\WINDOWS\system32\imapi.exe - ok
17:19:10.0140 3328 [ FCEE79EA3B5676F391542EFC4F724421 ] C:\WINDOWS\system32\BTNCopy.dll
17:19:10.0140 3328 C:\WINDOWS\system32\BTNCopy.dll - ok
17:19:10.0140 3328 [ 97A75DF03B123AFA47A2F9D1C520FDD3 ] C:\WINDOWS\system32\igfxsrvc.exe
17:19:10.0140 3328 C:\WINDOWS\system32\igfxsrvc.exe - ok
17:19:10.0140 3328 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
17:19:10.0140 3328 C:\WINDOWS\system32\mydocs.dll - ok
17:19:10.0156 3328 [ A0EDCF34A355729CD4A38648A6142FE6 ] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
17:19:10.0156 3328 C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe - ok
17:19:10.0156 3328 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
17:19:10.0156 3328 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
17:19:10.0156 3328 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
17:19:10.0156 3328 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
17:19:10.0156 3328 [ A78211598E5DD764FE77812348F967A0 ] C:\WINDOWS\system32\igfxsrvc.dll
17:19:10.0156 3328 C:\WINDOWS\system32\igfxsrvc.dll - ok
17:19:10.0156 3328 [ 041DE090F9C89393B7BEADEDC9068F40 ] C:\WINDOWS\system32\igfxdev.dll
17:19:10.0156 3328 C:\WINDOWS\system32\igfxdev.dll - ok
17:19:10.0156 3328 [ B7425EE9FABDB3CBBD32B6631939923D ] C:\WINDOWS\system32\igfxrenu.lrc
17:19:10.0156 3328 C:\WINDOWS\system32\igfxrenu.lrc - ok
17:19:10.0156 3328 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
17:19:10.0156 3328 C:\WINDOWS\system32\rasdlg.dll - ok
17:19:10.0156 3328 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
17:19:10.0156 3328 C:\WINDOWS\system32\oledlg.dll - ok
17:19:10.0156 3328 [ 9C6FAD6E9B51770F473C5BFD1CBEF69E ] C:\Program Files\DellTPad\Apoint.exe
17:19:10.0156 3328 C:\Program Files\DellTPad\Apoint.exe - ok
17:19:10.0171 3328 [ FF9C60DAE6E2B16557387C75206408BE ] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
17:19:10.0171 3328 C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe - ok
17:19:10.0171 3328 [ 0FFAE66E6D5B1C87CBD22D1F3B6079FD ] C:\WINDOWS\system32\wbem\wmiprvse.exe
17:19:10.0171 3328 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
17:19:10.0171 3328 [ D9B6441E7DD31F3AD5E93127593DE59F ] C:\WINDOWS\system32\igfxress.dll
17:19:10.0171 3328 C:\WINDOWS\system32\igfxress.dll - ok
17:19:10.0171 3328 [ CAF03357DE72F8F19FA099581A685C1A ] C:\Program Files\QuickTime\qttask.exe
17:19:10.0171 3328 C:\Program Files\QuickTime\qttask.exe - ok
17:19:10.0171 3328 [ F5A4DA57F9CEC4ECBA44D25D79545594 ] C:\PROGRA~1\Novadigm\radtray.exe
17:19:10.0171 3328 C:\PROGRA~1\Novadigm\radtray.exe - ok
17:19:10.0171 3328 [ A0A42BB19E085F4B3367F5057307C194 ] C:\Program Files\Dell Webcam\Dell Webcam Central\CTLoadRs.dll
17:19:10.0171 3328 C:\Program Files\Dell Webcam\Dell Webcam Central\CTLoadRs.dll - ok
17:19:10.0171 3328 [ E748D0B8F4060F4F7A7ABB705E289890 ] C:\Program Files\Dell Webcam\Dell Webcam Central\mfc42u.dll
17:19:10.0171 3328 C:\Program Files\Dell Webcam\Dell Webcam Central\mfc42u.dll - ok
17:19:10.0171 3328 [ E5244A5462FA1F0267D8923538530AF4 ] C:\WINDOWS\system32\nlsdl.dll
17:19:10.0171 3328 C:\WINDOWS\system32\nlsdl.dll - ok
17:19:10.0171 3328 [ 960F6D3CD9A1BA6435D7AADD102B297F ] C:\WINDOWS\system32\wbem\wmiprov.dll
17:19:10.0171 3328 C:\WINDOWS\system32\wbem\wmiprov.dll - ok
17:19:10.0171 3328 [ 4932E305B5064A78BCE8AE1631D54DCD ] C:\PROGRA~1\Novadigm\radagent.dll
17:19:10.0171 3328 C:\PROGRA~1\Novadigm\radagent.dll - ok
17:19:10.0171 3328 [ 29903D89239467951E21BC60659EEFAA ] C:\PROGRA~1\Novadigm\radl10n.dll
17:19:10.0171 3328 C:\PROGRA~1\Novadigm\radl10n.dll - ok
17:19:10.0187 3328 [ B45F2C4076ACFD9714037B7C69D90167 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:19:10.0187 3328 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
17:19:10.0187 3328 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
17:19:10.0187 3328 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
17:19:10.0187 3328 [ 21293443961A4E2597453EE7A9347F22 ] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
17:19:10.0187 3328 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe - ok
17:19:10.0187 3328 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
17:19:10.0187 3328 C:\WINDOWS\system32\wbem\framedyn.dll - ok
17:19:10.0187 3328 [ F5D44C53BB4F75D84B6A8549226ED914 ] C:\Program Files\McAfee\Common Framework\UdaterUI.exe
17:19:10.0187 3328 C:\Program Files\McAfee\Common Framework\UdaterUI.exe - ok
17:19:10.0187 3328 [ 34086F1DBB4065047EA3671CB70505CC ] C:\Program Files\iTunes\iTunesHelper.exe
17:19:10.0187 3328 C:\Program Files\iTunes\iTunesHelper.exe - ok
17:19:10.0187 3328 [ 1B82E986CE40DAC4C59588D73B463791 ] C:\Program Files\DellTPad\Apoint.dll
17:19:10.0187 3328 C:\Program Files\DellTPad\Apoint.dll - ok
17:19:10.0187 3328 [ 9074D82B3F508BCE6792365302F6F5F5 ] C:\Program Files\DellTPad\EzAuto.dll
17:19:10.0187 3328 C:\Program Files\DellTPad\EzAuto.dll - ok
17:19:10.0187 3328 [ E6EF34D1373AD24A43425061CBD5A599 ] C:\WINDOWS\system32\Vxdif.dll
17:19:10.0187 3328 C:\WINDOWS\system32\Vxdif.dll - ok
17:19:10.0187 3328 [ F108D6DD4FF65B362FAC52FE3ACA8BEE ] C:\Program Files\DellTPad\ApMsgFwd.exe
17:19:10.0187 3328 C:\Program Files\DellTPad\ApMsgFwd.exe - ok
17:19:10.0203 3328 [ 3E930C641079443D4DE036167A69CAA2 ] C:\Program Files\Messenger\msmsgs.exe
17:19:10.0203 3328 C:\Program Files\Messenger\msmsgs.exe - ok
17:19:10.0203 3328 [ DFC8186972EB21F75E5B532194AF4C3A ] C:\Program Files\DellTPad\ApntEx.exe
17:19:10.0203 3328 C:\Program Files\DellTPad\ApntEx.exe - ok
17:19:10.0203 3328 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
17:19:10.0203 3328 C:\WINDOWS\system32\ctfmon.exe - ok
17:19:10.0203 3328 [ 7A42A8E161DC32C5A40C5813ED64DF03 ] C:\Program Files\DellTPad\hidfind.exe
17:19:10.0203 3328 C:\Program Files\DellTPad\hidfind.exe - ok
17:19:10.0203 3328 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
17:19:10.0203 3328 C:\WINDOWS\system32\msisip.dll - ok
17:19:10.0203 3328 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
17:19:10.0203 3328 C:\WINDOWS\system32\msctf.dll - ok
17:19:10.0203 3328 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
17:19:10.0203 3328 C:\WINDOWS\system32\msutb.dll - ok
17:19:10.0203 3328 [ 40425118B4ADCE4134322DBA99071DB9 ] C:\WINDOWS\system32\wshext.dll
17:19:10.0203 3328 C:\WINDOWS\system32\wshext.dll - ok
17:19:10.0203 3328 [ 7FACB452456EF5C053AF3EE4B228FE0D ] C:\WINDOWS\system32\xpob2res.dll
17:19:10.0203 3328 C:\WINDOWS\system32\xpob2res.dll - ok
17:19:10.0203 3328 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
17:19:10.0203 3328 C:\WINDOWS\ime\sptip.dll - ok
17:19:10.0218 3328 [ 89A5DDD8729DE5F0416042C8A0E65C6A ] C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
17:19:10.0218 3328 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL - ok
17:19:10.0218 3328 [ C2FF17734176CD15221C10044EF0BA1A ] C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
17:19:10.0218 3328 C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - ok
17:19:10.0218 3328 [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll
17:19:10.0218 3328 C:\WINDOWS\system32\devenum.dll - ok
17:19:10.0218 3328 [ 01CFA88F8DEE91EC9F8E0988F49D106E ] C:\WINDOWS\system32\avicap32.dll
17:19:10.0218 3328 C:\WINDOWS\system32\avicap32.dll - ok
17:19:10.0218 3328 [ 3CAEAE7608F1BD7BA873A3B02895B106 ] C:\WINDOWS\system32\sti.dll
17:19:10.0218 3328 C:\WINDOWS\system32\sti.dll - ok
17:19:10.0218 3328 [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
17:19:10.0218 3328 C:\WINDOWS\system32\msvfw32.dll - ok
17:19:10.0218 3328 [ 870BFF60FC15B2B02FBC5276982293C8 ] C:\Program Files\Dell Webcam\Dell Webcam Central\CtPinMgr.dll
17:19:10.0218 3328 C:\Program Files\Dell Webcam\Dell Webcam Central\CtPinMgr.dll - ok
17:19:10.0218 3328 [ 8322C90A26E08EDED69D8B974CEDA52A ] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
17:19:10.0218 3328 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - ok
17:19:10.0218 3328 [ 2763D61D132BB47028BA7A6D67E54998 ] C:\Program Files\Dell Webcam\Dell Webcam Central\CTPControl.dll
17:19:10.0218 3328 C:\Program Files\Dell Webcam\Dell Webcam Central\CTPControl.dll - ok
17:19:10.0218 3328 [ B1CA4AA760FF0DDFA1C38E95D19CFEFB ] C:\Program Files\iTunes\iTunesHelper.dll
17:19:10.0218 3328 C:\Program Files\iTunes\iTunesHelper.dll - ok
17:19:10.0234 3328 [ F1941197A42F9F373CC70042FC82C950 ] C:\WINDOWS\system32\ksproxy.ax
17:19:10.0234 3328 C:\WINDOWS\system32\ksproxy.ax - ok
17:19:10.0234 3328 [ E7FE89F69C3CC65CAD3D1ADC5D6A9F41 ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
17:19:10.0234 3328 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
17:19:10.0234 3328 [ 0654195051D1024C005E7BE135A6FEE7 ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
17:19:10.0234 3328 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
17:19:10.0234 3328 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
17:19:10.0234 3328 C:\WINDOWS\system32\ksuser.dll - ok
17:19:10.0234 3328 [ ECF45E3FC8C63E44ED45D38A8672E7F1 ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
17:19:10.0234 3328 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - ok
17:19:10.0234 3328 [ E0CD5872CA4552056C4C705361A6BB5A ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
17:19:10.0234 3328 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
17:19:10.0234 3328 [ 0B1379FA08DF73FECBE373BCE00E4E10 ] C:\Program Files\McAfee\Common Framework\0409\UpdRes.Dll
17:19:10.0234 3328 C:\Program Files\McAfee\Common Framework\0409\UpdRes.Dll - ok
17:19:10.0234 3328 [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
17:19:10.0234 3328 C:\WINDOWS\system32\msdmo.dll - ok
17:19:10.0234 3328 [ 94BA90C6AF5C50FF5F7A6392514C4642 ] C:\WINDOWS\system32\vidcap.ax
17:19:10.0234 3328 C:\WINDOWS\system32\vidcap.ax - ok
17:19:10.0234 3328 [ ABC78FC6C170ABA9C66B0106F5394017 ] C:\Program Files\McAfee\Common Framework\McTray.exe
17:19:10.0234 3328 C:\Program Files\McAfee\Common Framework\McTray.exe - ok
17:19:10.0250 3328 [ C9EF69B25DFA1C0E7932CB02FB8A7E91 ] C:\WINDOWS\system32\kswdmcap.ax
17:19:10.0250 3328 C:\WINDOWS\system32\kswdmcap.ax - ok
17:19:10.0250 3328 [ C0E1D09C01019F27F2B06BBA152CDB07 ] C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
17:19:10.0250 3328 C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll - ok
17:19:10.0250 3328 [ 794918BA6D0EEB27C9132F5B90A39C0C ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
17:19:10.0250 3328 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc - ok
17:19:10.0250 3328 [ DD1173E82083162858D1D4EAF43EC69B ] C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
17:19:10.0250 3328 C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll - ok
17:19:10.0250 3328 [ D5369247B6C11EAE2C0650D8303E23B4 ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
17:19:10.0250 3328 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
17:19:10.0250 3328 [ 69A3E615E68D988F791644B713A3C368 ] C:\Program Files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
17:19:10.0250 3328 C:\Program Files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll - ok
17:19:10.0250 3328 [ 5371528C504C8641D74CECA2BBD5B521 ] C:\Program Files\McAfee\Common Framework\McTrayInterfaceLib.dll
17:19:10.0250 3328 C:\Program Files\McAfee\Common Framework\McTrayInterfaceLib.dll - ok
17:19:10.0250 3328 [ CC21B362149E80D8FCE85D3B35A4C256 ] C:\WINDOWS\system32\btosif.dll
17:19:10.0250 3328 C:\WINDOWS\system32\btosif.dll - ok
17:19:10.0250 3328 [ 0E270C1D650D087027B54D1AA093F727 ] C:\WINDOWS\system32\btwhidcs.dll
17:19:10.0250 3328 C:\WINDOWS\system32\btwhidcs.dll - ok
17:19:10.0250 3328 [ EAF4E898E55BD9B20633CF0696CB7D37 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
17:19:10.0250 3328 C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll - ok
17:19:10.0265 3328 [ 798563C5CB086A56506F873C3B4A7ECA ] C:\WINDOWS\system32\btrez.dll
17:19:10.0265 3328 C:\WINDOWS\system32\btrez.dll - ok
17:19:10.0265 3328 [ 5654090D45151BD2141134721B996885 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll
17:19:10.0265 3328 C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll - ok
17:19:10.0265 3328 [ B3A6AAE959C4730ACAD83C35625E3298 ] C:\WINDOWS\system32\btwicons.dll
17:19:10.0265 3328 C:\WINDOWS\system32\btwicons.dll - ok
17:19:10.0265 3328 [ 80AA4214C5BC0A355151BD115017313F ] C:\WINDOWS\system32\bthprops.cpl
17:19:10.0265 3328 C:\WINDOWS\system32\bthprops.cpl - ok
17:19:10.0265 3328 [ B1762156256B0238C21BAA4C06CEF727 ] C:\WINDOWS\system32\devmgr.dll
17:19:10.0265 3328 C:\WINDOWS\system32\devmgr.dll - ok
17:19:10.0265 3328 [ E6BE7A41A28D8F2DB174957454D32448 ] C:\Program Files\iPod\bin\iPodService.exe
17:19:10.0265 3328 C:\Program Files\iPod\bin\iPodService.exe - ok
17:19:10.0265 3328 [ FEA52FF41BDC064DEE85AB989EA1B51A ] C:\Program Files\McAfee\Common Framework\mfevtpa.dll
17:19:10.0265 3328 C:\Program Files\McAfee\Common Framework\mfevtpa.dll - ok
17:19:10.0265 3328 [ 15D0A80A0DA5CBABE9AF91049F767F68 ] C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
17:19:10.0265 3328 C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll - ok
17:19:10.0265 3328 [ 9BB43C3C0E6BDCC42ED3AE66AB7CE438 ] C:\WINDOWS\system32\BtMmHook.dll
17:19:10.0265 3328 C:\WINDOWS\system32\BtMmHook.dll - ok
17:19:10.0265 3328 [ 9FF48A52735F7129B367FC9D877C571F ] C:\Program Files\McAfee\Common Framework\McTrayErrorLoggingPlugin.dll
17:19:10.0265 3328 C:\Program Files\McAfee\Common Framework\McTrayErrorLoggingPlugin.dll - ok
17:19:10.0265 3328 [ F8B5FCED1A12CE91D8CAA2807A8013F9 ] C:\Program Files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
17:19:10.0265 3328 C:\Program Files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll - ok
17:19:10.0281 3328 [ 3D75B47FB365A2F0456F63972A311F48 ] C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
17:19:10.0281 3328 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE - ok
17:19:10.0281 3328 [ FA62355631F73F4A97C99E73EB5D8BD1 ] C:\Program Files\McAfee\VirusScan Enterprise\shstat.dll
17:19:10.0281 3328 C:\Program Files\McAfee\VirusScan Enterprise\shstat.dll - ok
17:19:10.0281 3328 [ CE4B444BD0CDCD45D57D17C206159BED ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
17:19:10.0281 3328 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
17:19:10.0281 3328 [ EDC992A51A19205C619C48261DD53655 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
17:19:10.0281 3328 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
17:19:10.0281 3328 [ 974370FF6C1284ADC7FFCE9AFA401616 ] C:\WINDOWS\system32\BtAudioHelper.dll
17:19:10.0281 3328 C:\WINDOWS\system32\BtAudioHelper.dll - ok
17:19:10.0281 3328 [ 603A541AD3BEECC905229E25C8BA8F3F ] C:\WINDOWS\system32\btosif_notes.dll
17:19:10.0281 3328 C:\WINDOWS\system32\btosif_notes.dll - ok
17:19:10.0281 3328 [ CC7CBBB81D52C2B1BB776ADA316BE614 ] C:\WINDOWS\system32\btosif_ol.dll
17:19:10.0281 3328 C:\WINDOWS\system32\btosif_ol.dll - ok
17:19:10.0281 3328 [ 53BDDFDB5255F0ECA9CC0A4E43EF1E29 ] C:\WINDOWS\system32\btosif_olx.dll
17:19:10.0281 3328 C:\WINDOWS\system32\btosif_olx.dll - ok
17:19:10.0281 3328 [ E81BBE78A8EF85ACD490B3E64EF63A7C ] C:\WINDOWS\system32\mapi32.dll
17:19:10.0281 3328 C:\WINDOWS\system32\mapi32.dll - ok
17:19:10.0281 3328 [ 31E00F8725D57184FC199AB7F3D4A547 ] C:\WINDOWS\system32\btdev.dll
17:19:10.0281 3328 C:\WINDOWS\system32\btdev.dll - ok
17:19:10.0281 3328 [ FBDB9D0935B9907B809B381FDDF1627F ] C:\WINDOWS\system32\regsvr32.exe
17:19:10.0281 3328 C:\WINDOWS\system32\regsvr32.exe - ok
17:19:10.0296 3328 [ 80D3EBE48F550B84BC7EA67DA5830419 ] C:\WINDOWS\system32\BtWizard.dll
17:19:10.0296 3328 C:\WINDOWS\system32\BtWizard.dll - ok
17:19:10.0296 3328 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
17:19:10.0296 3328 C:\WINDOWS\system32\olepro32.dll - ok
17:19:10.0296 3328 [ 0F6C6CD496925E89A71803F34B157EF2 ] C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
17:19:10.0296 3328 C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll - ok
17:19:10.0296 3328 [ 862CC528BD5FB39E42F53A5666D9469C ] C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
17:19:10.0296 3328 C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll - ok
17:19:10.0296 3328 [ 570EE775B54604D9F7F35856E1D91C00 ] C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
17:19:10.0296 3328 C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc - ok
17:19:10.0296 3328 [ 3C69CE161C7007E9AD53A325492D446A ] C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
17:19:10.0296 3328 C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll - ok
17:19:10.0296 3328 [ B0A41262968DD6FCE3933527892D4A24 ] C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
17:19:10.0296 3328 C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll - ok
17:19:10.0296 3328 [ 01EC36227B1845CA2040104595A53BE5 ] C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
17:19:10.0296 3328 C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll - ok
17:19:10.0296 3328 [ 98E53CA00D3C0A2E9FAA4E59C101AEBA ] C:\WINDOWS\system32\mslbui.dll
17:19:10.0296 3328 C:\WINDOWS\system32\mslbui.dll - ok
17:19:10.0296 3328 [ 954E880CAE31925C3FF6CA478B30A388 ] C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
17:19:10.0296 3328 C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll - ok
17:19:10.0312 3328 [ 673491376C56E810176F241F221389A9 ] C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
17:19:10.0312 3328 C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll - ok
17:19:10.0312 3328 [ D0D99257DDDCDDBE998AF7CA14E85BD0 ] C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
17:19:10.0312 3328 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe - ok
17:19:10.0312 3328 [ 64ECA1F64E4A988A6C5C93F3E5D66236 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
17:19:10.0312 3328 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll - ok
17:19:10.0312 3328 [ 9843F58DF3E2908D1FED4DF4B8747E51 ] C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
17:19:10.0312 3328 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe - ok
17:19:10.0312 3328 [ F0842CF3C0B33C07B2CA1692900F21B4 ] C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
17:19:10.0312 3328 C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll - ok
17:19:10.0312 3328 [ B1C979C02FE013B2B9C0717C26AE1485 ] C:\WINDOWS\system32\HPZipr12.dll
17:19:10.0312 3328 C:\WINDOWS\system32\HPZipr12.dll - ok
17:19:10.0312 3328 [ 9F6258F4166AB24B4B681EB1ED44534C ] C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
17:19:10.0312 3328 C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll - ok
17:19:10.0312 3328 [ 347A39B69AC03B8F56D8807B989F5CA8 ] C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll
17:19:10.0312 3328 C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll - ok
17:19:10.0328 3328 [ 883008A9B5BFF94A153D99DBA54CB5C1 ] C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
17:19:10.0328 3328 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe - ok
17:19:10.0328 3328 [ B9030D821E099C79DE1C9125B790E2DA ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
17:19:10.0328 3328 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll - ok
17:19:10.0328 3328 [ 2229324CE0374811CA64A19EE62F130B ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
17:19:10.0328 3328 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll - ok
17:19:10.0328 3328 [ 0EE03D901B5DCD3941686B95FCC98C89 ] C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
17:19:10.0328 3328 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll - ok
17:19:10.0328 3328 [ 640FA356E88422165D95C1F94E943745 ] C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc
17:19:10.0328 3328 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc - ok
17:19:10.0328 3328 [ 9E438543222120696C04A39BFAC56FB6 ] C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll
17:19:10.0328 3328 C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll - ok
17:19:10.0328 3328 [ 9751ABBE2BB9A9090F14117BE691FA85 ] C:\WINDOWS\system32\hpzipt12.dll
17:19:10.0328 3328 C:\WINDOWS\system32\hpzipt12.dll - ok
17:19:10.0328 3328 [ 12155030825F723A4898A97B4E92127D ] C:\WINDOWS\system32\hpzisn12.dll
17:19:10.0328 3328 C:\WINDOWS\system32\hpzisn12.dll - ok
17:19:10.0343 3328 [ CBBAF06C2AC8882D239C8DC5BFA197FD ] C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
17:19:10.0343 3328 C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll - ok
17:19:10.0343 3328 [ E6BEE998F3555266459ABC69E2DD83DD ] C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll
17:19:10.0343 3328 C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll - ok
17:19:10.0343 3328 [ 03211597018F96769F7F731039F692E1 ] C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll
17:19:10.0343 3328 C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll - ok
17:19:10.0343 3328 [ 4AD76DBBE1F1361EBAEC935D9D3F6A79 ] C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
17:19:10.0343 3328 C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc - ok
17:19:10.0343 3328 [ 55CF0A197DC8972AC829B30ACAE00E5E ] C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll
17:19:10.0343 3328 C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll - ok
17:19:10.0343 3328 [ 7469B9D06F0299273769C3E5365F5469 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
17:19:10.0343 3328 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL - ok
17:19:10.0343 3328 [ B4FEBBAC47297242F04EF7F14FE6DF99 ] C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
17:19:10.0343 3328 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll - ok
17:19:10.0343 3328 [ CC190B07E357BCD40C2AFB57B9A67B7F ] C:\Program Files\HP\Digital Imaging\bin\hpqgpreh.dll
17:19:10.0343 3328 C:\Program Files\HP\Digital Imaging\bin\hpqgpreh.dll - ok
17:19:10.0343 3328 ============================================================
17:19:10.0343 3328 Scan finished
17:19:10.0343 3328 ============================================================
17:19:10.0453 1692 Detected object count: 19
17:19:10.0453 1692 Actual detected object count: 19
17:19:43.0171 1692 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0171 1692 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0171 1692 b57w2k ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0171 1692 b57w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0171 1692 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0171 1692 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0171 1692 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0171 1692 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0171 1692 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0171 1692 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0171 1692 HSFHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0171 1692 HSFHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0171 1692 HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0171 1692 HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0171 1692 JMCR ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0171 1692 JMCR ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0171 1692 mdmxsdk ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0171 1692 mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0171 1692 NaiAvFilter1 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0171 1692 NaiAvFilter1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0187 1692 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0187 1692 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0187 1692 NETw5x32 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0187 1692 NETw5x32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0187 1692 O2MDRDR ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0187 1692 O2MDRDR ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0187 1692 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0187 1692 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0187 1692 UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0187 1692 UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0187 1692 vmscsi ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0187 1692 vmscsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0187 1692 WDC_SAM ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0187 1692 WDC_SAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0187 1692 winachsf ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0187 1692 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:43.0187 1692 yukonwxp ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:43.0187 1692 yukonwxp ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:17.0265 3356 Deinitialize success

#10
CompCav

Posted 17 October 2012 - 06:58 AM

Member 5k

Expert
12,454 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Your logs now appears clean :thumbsup:

The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programs we have used plus itself.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

#11
CompCav

Posted 17 October 2012 - 08:39 AM

Member 5k

Expert
12,454 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.