Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows XP slows down to an unusable speed intermittent [Solved]


  • This topic is locked This topic is locked

#1
LisaMc

LisaMc

    Member

  • Member
  • PipPip
  • 11 posts
This started a couple of weeks ago with Internet Explorer redirecting any pages entered into it.
The problem will seem to be fixed for a while, but then will happen again.
Shutdown in normal mode hangs so I need to press the power key to shut it down.

In internet explorer I went into manage add ons and gotten rid of anything I didn't know (in safe mode I believe) and also reset it to standard internet explorer settings.

I have run Spybot search and destroy repeatedly,system mechanic malware tool, malwarebytes anti-malware, installed and run Windows Defender microsoft malware removal tool (all of these the latest versions and run in safe mode and not in safe mode if possible).

I have uninstalled Internet explorer and installed the latest version.

I have deleted any programs I didn't think I used.

Today I looked at the "advanced system Information - error log" and noticed there were a lot of repeat errors "DCOM got error "%1084"attempting to start the service CarboniteService with arguments "" in order to run the server: (36471C67-6A93-4434-0 2CC-4C614CD06666)" so I googled the error and it led me to this forum...

I installed and ran GMER but the log hardly had anything it so I don't think I did it correctly.

I also have noticed that system shield was not able to install several updates (found by running BelarcAdvisor).

I have copied the otl and extras.txt files from the ?infected computer to another computer that lets me be online without slowing down the computer. I will attach both these files.

Thanks for any help[

OTL logfile created on: 2/5/2013 3:05:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Lisa\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 83.55% Memory free
3.10 Gb Paging File | 2.92 Gb Available in Paging File | 94.28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 14.94 Gb Free Space | 16.04% Space Free | Partition Type: NTFS
Drive E: | 3.82 Gb Total Space | 2.88 Gb Free Space | 75.48% Space Free | Partition Type: FAT32

Computer Name: NX9420 | User Name: Lisa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/05 14:51:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/10 11:13:37 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/10 11:13:00 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
MOD - [2013/01/10 11:11:40 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 11:11:21 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/10 11:09:47 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 11:09:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/10 11:08:42 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013/01/10 11:08:33 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MOD - [2013/01/10 11:08:32 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/01/10 14:09:45 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/06 23:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/10/23 17:58:52 | 000,120,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/09/07 21:36:46 | 000,087,992 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2012/07/26 10:03:58 | 004,637,768 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/12 11:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Lisa\LOCALS~1\Temp\kxtdqpob.sys -- (kxtdqpob)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2012/08/24 15:30:50 | 000,137,568 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amp.sys -- (AMP)
DRV - [2012/08/24 15:30:44 | 001,210,208 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ampse.sys -- (AMPSE)
DRV - [2012/08/02 10:21:22 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/01/06 19:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/01/06 19:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/07/12 16:16:33 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/07/12 16:16:13 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2010/07/12 16:16:12 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2010/06/29 17:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2010/02/24 23:02:56 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/11/17 06:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/01/22 16:38:04 | 002,845,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/16 06:29:00 | 000,989,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/10/16 06:28:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/16 06:28:16 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/09/26 12:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/08/28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/08/27 10:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/07/24 07:21:46 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/06/18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2003/12/08 14:55:58 | 000,025,072 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://powerschool....2.nh.us/public/
IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\SearchScopes,DefaultScope = {DEDCF27B-3157-4674-920E-726F2A9C3CA8}
IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\SearchScopes\{DEDCF27B-3157-4674-920E-726F2A9C3CA8}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://powerschool.....nh.us/public/"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/31 12:09:55 | 000,000,000 | ---D | M]

[2010/09/15 19:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Extensions
[2013/01/05 12:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\sjl8imbn.default\extensions
[2004/08/04 07:00:00 | 000,004,815 | ---- | M] () (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\sjl8imbn.default\extensions\[email protected]
[2012/11/06 20:48:54 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\sjl8imbn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/12/28 17:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/25 16:59:29 | 000,445,309 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15296 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - No CLSID value found.
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Google] C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Google] C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [ApplicationHistory] rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\Deployment\ApplicationHistory\qwocwqxhe.dll",DllRegisterServerW File not found
O4 - HKU\S-1-5-19..\Run: [Google] C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [ApplicationHistory] rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\Deployment\ApplicationHistory\qwocwqxhe.dll",DllRegisterServerW File not found
O4 - HKU\S-1-5-20..\Run: [Google] C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004..\Run: [DW6] File not found
O4 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004..\Run: [Google] C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O15 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1278983986453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1360087072390 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab (EZTwainX by Dosadi)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphot.../HPSWUpdate.ocx (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ive.snhmc.or...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0E437B4-5809-4718-8D30-3919F634EC64}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\rebinfo - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Lisa/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/12 17:28:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{445a62d6-30f6-11e1-b857-0019d2d31fdf}\Shell - "" = AutoRun
O33 - MountPoints2\{445a62d6-30f6-11e1-b857-0019d2d31fdf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{445a62d6-30f6-11e1-b857-0019d2d31fdf}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{46e41942-36e8-11e0-b7c7-0019d2d31fdf}\Shell\AutoRun\command - "" = E:\Installer.exe
O33 - MountPoints2\{959d795d-405e-11e0-b7cd-0019d2d31fdf}\Shell\AutoRun\command - "" = E:\Menu_PC.exe
O33 - MountPoints2\{b0de9092-2245-11e2-b895-0019d2d31fdf}\Shell - "" = AutoRun
O33 - MountPoints2\{b0de9092-2245-11e2-b895-0019d2d31fdf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0de9092-2245-11e2-b895-0019d2d31fdf}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{d74e1163-7a14-11e1-b86c-0019d2d31fdf}\Shell - "" = AutoRun
O33 - MountPoints2\{d74e1163-7a14-11e1-b86c-0019d2d31fdf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d74e1163-7a14-11e1-b86c-0019d2d31fdf}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (ጘ㓠Â䯠ҳ䚰É仸ጳ述ҳ)
O34 - HKLM BootExecute: (䚰É仸ጳ还ҳ)
O34 - HKLM BootExecute: (䚰É仸ጳ谰ҳ)
O34 - HKLM BootExecute: (䚰É仸ጳ豈ҳ)
O34 - HKLM BootExecute: (䚰É仸ጳ貐ҳ)
O34 - HKLM BootExecute: ("䚰É")
O34 - HKLM BootExecute: ("")
O34 - HKLM BootExecute: ("䭐ҳ䚰É ")
O34 - HKLM BootExecute: ("䚰É ")
O34 - HKLM BootExecute: ("䚰É ")
O34 - HKLM BootExecute: ("䚰É ")
O34 - HKLM BootExecute: (䚰É)
O34 - HKLM BootExecute: (Î)
O34 - HKLM BootExecute: ("ҳ䚰É")
O34 - HKLM BootExecute: ("")
O34 - HKLM BootExecute: ("䫰ҳ䚰É")
O34 - HKLM BootExecute: ("")
O34 - HKLM BootExecute: ("䫘ҳ䚰É ")
O34 - HKLM BootExecute: ("䚰É ")
O34 - HKLM BootExecute: ("䚰É ")
O34 - HKLM BootExecute: ("䚰É ")
O34 - HKLM BootExecute: ("䚰É ")
O34 - HKLM BootExecute: ("䚰É ")
O34 - HKLM BootExecute: (䚰É赬፨䵠ҳ)
O34 - HKLM BootExecute: ("䚰É ")
O34 - HKLM BootExecute: (ጳ掀ҳ)
O34 - HKLM BootExecute: (䚰É᪰ጵ)
O34 - HKLM BootExecute: (ions.)
O34 - HKLM BootExecute: (r翀׍瘈ፒ꾼ፍ畐ә)
O34 - HKLM BootExecute: (f)
O34 - HKLM BootExecute: (y.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AMP - C:\WINDOWS\system32\drivers\amp.sys (Commtouch, Inc.)
SafeBootMin: AMPSE - C:\WINDOWS\system32\drivers\ampse.sys (Commtouch, Inc.)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: ioloSystemService - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: vseamps - Service
SafeBootMin: vsedsps - Service
SafeBootMin: vseqrts - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AMP - C:\WINDOWS\system32\drivers\amp.sys (Commtouch, Inc.)
SafeBootNet: AMPSE - C:\WINDOWS\system32\drivers\ampse.sys (Commtouch, Inc.)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: ioloSystemService - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vseamps - Service
SafeBootNet: vsedsps - Service
SafeBootNet: vseqrts - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2013/02/05 14:57:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2013/02/05 12:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/02/05 11:57:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/04 20:20:43 | 000,232,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/02/04 12:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2013/02/03 16:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Carbonite
[2013/02/03 12:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\RK_Quarantine
[2013/01/31 23:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/01/25 17:04:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/01/23 17:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/01/23 17:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/01/23 17:15:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lisa\Application Data\2CE4E61C
[2013/01/18 17:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\Rootics2013
[2013/01/16 15:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\upload
[2013/01/08 17:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\.morena
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/05 14:51:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2013/02/05 14:28:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/02/05 14:27:26 | 000,365,568 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\7yt45e4j.exe
[2013/02/05 14:25:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/05 14:24:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/05 14:11:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/05 14:06:28 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/05 14:05:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1005UA.job
[2013/02/05 12:49:01 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\MotoCast Update.job
[2013/02/05 12:48:39 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/02/05 12:48:39 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2013/02/05 12:45:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/05 12:14:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/05 12:08:11 | 000,505,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/05 12:08:11 | 000,089,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/05 12:06:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/05 11:36:23 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/04 20:24:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1003UA.job
[2013/02/04 20:24:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1003Core.job
[2013/02/04 16:19:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1005Core.job
[2013/02/04 15:06:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Motorola Device Manager Engine.job
[2013/02/03 16:47:07 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite InfoCenter.lnk
[2013/02/03 16:37:11 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2013/01/31 23:12:17 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/01/25 16:59:29 | 000,445,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/19 14:05:52 | 000,445,309 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130125-165929.backup
[2013/01/17 16:54:40 | 000,445,309 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130119-140552.backup
[2013/01/17 16:54:13 | 000,445,309 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130117-165440.backup
[2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/01/16 08:14:32 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/10 15:11:52 | 000,445,005 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130117-165413.backup
[2013/01/10 15:11:43 | 000,445,005 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130110-151152.backup
[2013/01/10 14:09:44 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/10 14:09:44 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/10 13:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/08 14:33:01 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130110-151143.backup
[2013/01/08 14:32:27 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130108-143301.backup
[2013/01/08 14:31:46 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130108-143227.backup
[2013/01/08 13:11:42 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130108-143146.backup
[2013/01/08 13:11:32 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130108-131142.backup
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/05 14:29:11 | 000,365,568 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\7yt45e4j.exe
[2013/02/05 12:48:39 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2013/02/05 12:06:33 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Lisa\Start Menu\Programs\Internet Explorer.lnk
[2013/02/04 12:23:09 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/02/04 12:19:59 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2013/02/03 11:53:21 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2013/01/25 22:37:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/18 17:11:07 | 000,038,305 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\suicidehotlinenumbers.pdf
[2013/01/10 11:24:57 | 000,151,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/01 11:49:19 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat
[2012/06/27 11:15:12 | 000,259,574 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/16 14:10:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/10 16:12:11 | 000,000,107 | -H-- | C] () -- C:\Documents and Settings\Lisa\.picasa.ini
[2011/12/30 14:37:30 | 000,038,461 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\Comma Separated Values (DOS).ADR
[2011/12/30 14:32:40 | 000,038,450 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft Excel.ADR
[2011/12/22 09:32:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2011/05/02 17:30:50 | 001,144,147 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2011/05/02 17:27:54 | 003,935,545 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/05/02 15:23:46 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/05/02 15:19:34 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/05/02 15:19:20 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/03/18 16:32:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/03/18 16:29:56 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/03/18 16:28:30 | 001,557,504 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/03/18 16:27:08 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/03/18 16:26:44 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/03/18 16:25:38 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/03/18 16:25:24 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/03/03 06:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 06:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/03/03 06:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/03/03 06:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/03/03 06:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/03/03 06:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 06:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/03/03 06:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/03/03 06:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/03/03 06:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/02/27 12:41:00 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\fusioncache.dat
[2011/02/22 14:39:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/22 14:37:30 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/12 09:27:26 | 000,059,360 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/28 08:32:19 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 19:57:41 | 000,030,311 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\Tab Separated Values (Windows).ADR
[2010/09/16 19:37:56 | 000,030,331 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\Comma Separated Values (Windows).ADR
[2010/09/16 18:25:06 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\$_hpcst$.hpc
[2010/09/04 23:17:27 | 000,417,576 | ---- | C] () -- C:\Documents and Settings\Lisa\medrecform.jpg
[2010/09/04 23:17:27 | 000,389,685 | ---- | C] () -- C:\Documents and Settings\Lisa\med_rec1_5_07.jpg
[2010/09/04 23:17:27 | 000,389,685 | ---- | C] () -- C:\Documents and Settings\Lisa\med_rec1_5_07 - Copy.jpg
[2010/09/04 23:17:27 | 000,364,979 | ---- | C] () -- C:\Documents and Settings\Lisa\med_rec2_5_07.jpg
[2010/09/04 23:17:27 | 000,364,979 | ---- | C] () -- C:\Documents and Settings\Lisa\med_rec2_5_07 - Copy.jpg
[2010/09/04 23:17:27 | 000,359,829 | ---- | C] () -- C:\Documents and Settings\Lisa\nsgasspt1.jpg
[2010/09/04 23:17:27 | 000,359,829 | ---- | C] () -- C:\Documents and Settings\Lisa\nsgasspt1 - Copy.jpg
[2010/09/04 23:17:27 | 000,254,339 | ---- | C] () -- C:\Documents and Settings\Lisa\nsgasspt2.jpg
[2010/09/04 23:17:27 | 000,254,339 | ---- | C] () -- C:\Documents and Settings\Lisa\nsgasspt2 - Copy.jpg
[2010/09/04 23:17:26 | 000,558,903 | ---- | C] () -- C:\Documents and Settings\Lisa\map1.jpg
[2010/09/04 23:17:26 | 000,558,903 | ---- | C] () -- C:\Documents and Settings\Lisa\map1 - Copy.jpg
[2010/09/04 23:17:26 | 000,558,708 | ---- | C] () -- C:\Documents and Settings\Lisa\map2.jpg
[2010/09/04 23:17:26 | 000,558,708 | ---- | C] () -- C:\Documents and Settings\Lisa\map2 - Copy.jpg
[2010/09/04 23:17:26 | 000,498,057 | ---- | C] () -- C:\Documents and Settings\Lisa\map3.jpg
[2010/09/04 23:17:26 | 000,498,057 | ---- | C] () -- C:\Documents and Settings\Lisa\map3 - Copy.jpg
[2010/09/04 23:17:26 | 000,319,231 | ---- | C] () -- C:\Documents and Settings\Lisa\keviniep 001.jpg
[2010/09/04 23:17:26 | 000,308,796 | ---- | C] () -- C:\Documents and Settings\Lisa\M&C.jpg
[2010/09/04 23:17:26 | 000,093,727 | ---- | C] () -- C:\Documents and Settings\Lisa\kevprogressreportoctober90.jpg
[2010/09/04 23:17:26 | 000,024,282 | ---- | C] () -- C:\Documents and Settings\Lisa\lisasdickiewatch.jpg
[2010/09/04 23:17:26 | 000,014,550 | ---- | C] () -- C:\Documents and Settings\Lisa\lisastimeteachingwatch.jpg
[2010/09/04 23:17:25 | 000,628,219 | ---- | C] () -- C:\Documents and Settings\Lisa\flownote.jpg
[2010/09/04 23:17:25 | 000,616,206 | ---- | C] () -- C:\Documents and Settings\Lisa\ibhsconsentfortx.jpg
[2010/09/04 23:17:25 | 000,378,298 | ---- | C] () -- C:\Documents and Settings\Lisa\graphic1.jpg
[2010/09/04 23:17:25 | 000,378,298 | ---- | C] () -- C:\Documents and Settings\Lisa\graphic1 - Copy.jpg
[2010/09/04 23:17:25 | 000,374,363 | ---- | C] () -- C:\Documents and Settings\Lisa\graphic2.jpg
[2010/09/04 23:17:25 | 000,374,363 | ---- | C] () -- C:\Documents and Settings\Lisa\graphic2 - Copy.jpg
[2010/09/04 23:17:25 | 000,335,685 | ---- | C] () -- C:\Documents and Settings\Lisa\keviniep3 001.jpg
[2010/09/04 23:17:25 | 000,323,111 | ---- | C] () -- C:\Documents and Settings\Lisa\keviniep4 001.jpg
[2010/09/04 23:17:25 | 000,283,487 | ---- | C] () -- C:\Documents and Settings\Lisa\goalsettingsheet.jpg
[2010/09/04 23:17:25 | 000,184,576 | ---- | C] () -- C:\Documents and Settings\Lisa\hcra_items.bmp
[2010/09/04 23:17:25 | 000,140,079 | ---- | C] () -- C:\Documents and Settings\Lisa\finalexam1.jpg
[2010/09/04 23:17:25 | 000,136,879 | ---- | C] () -- C:\Documents and Settings\Lisa\finalexam2.jpg
[2010/09/04 23:17:25 | 000,080,152 | ---- | C] () -- C:\Documents and Settings\Lisa\keviepq2pg1.jpg
[2010/09/04 23:17:25 | 000,040,445 | ---- | C] () -- C:\Documents and Settings\Lisa\johnsswissarmywatch.jpg
[2010/09/04 23:17:25 | 000,037,586 | ---- | C] () -- C:\Documents and Settings\Lisa\FSA_card.jpg
[2010/09/04 23:17:25 | 000,006,673 | ---- | C] () -- C:\Documents and Settings\Lisa\exercise_log.htm
[2010/09/04 23:17:24 | 000,322,614 | ---- | C] () -- C:\Documents and Settings\Lisa\diagram.bmp
[2010/09/04 23:17:24 | 000,050,256 | ---- | C] () -- C:\Documents and Settings\Lisa\courtschoolpic1.jpg
[2010/09/04 23:17:24 | 000,028,853 | ---- | C] () -- C:\Documents and Settings\Lisa\courtschoolpic.jpg
[2010/09/04 23:17:23 | 026,053,892 | ---- | C] () -- C:\Documents and Settings\Lisa\courtney_pizza_ad.wmv
[2010/09/04 23:17:23 | 002,305,921 | ---- | C] () -- C:\Documents and Settings\Lisa\courtney_ad.mp4
[2010/09/04 23:17:23 | 000,229,628 | ---- | C] () -- C:\Documents and Settings\Lisa\courtnecap3.jpg
[2010/09/04 23:17:23 | 000,213,833 | ---- | C] () -- C:\Documents and Settings\Lisa\courtnecap4.jpg
[2010/09/04 23:17:23 | 000,152,815 | ---- | C] () -- C:\Documents and Settings\Lisa\courtnecap1.jpg
[2010/09/04 23:17:23 | 000,143,284 | ---- | C] () -- C:\Documents and Settings\Lisa\courtnecap2.jpg
[2010/09/04 23:17:22 | 000,352,715 | ---- | C] () -- C:\Documents and Settings\Lisa\cesd.jpg
[2010/09/04 23:17:22 | 000,352,715 | ---- | C] () -- C:\Documents and Settings\Lisa\cesd - Copy.jpg
[2010/09/04 23:17:22 | 000,318,647 | ---- | C] () -- C:\Documents and Settings\Lisa\control_drug_log.jpg
[2010/09/04 23:17:22 | 000,318,647 | ---- | C] () -- C:\Documents and Settings\Lisa\control_drug_log - Copy.jpg
[2010/09/04 23:17:22 | 000,305,226 | ---- | C] () -- C:\Documents and Settings\Lisa\cesd_3_10.jpg
[2010/09/04 23:17:22 | 000,305,226 | ---- | C] () -- C:\Documents and Settings\Lisa\cesd_3_10 - Copy.jpg
[2010/09/04 23:17:22 | 000,274,386 | ---- | C] () -- C:\Documents and Settings\Lisa\bookjacket.jpg
[2010/09/04 23:17:22 | 000,173,755 | ---- | C] () -- C:\Documents and Settings\Lisa\1.jpg
[2010/09/04 23:17:22 | 000,169,820 | ---- | C] () -- C:\Documents and Settings\Lisa\2.jpg
[2010/09/04 23:17:22 | 000,152,319 | ---- | C] () -- C:\Documents and Settings\Lisa\4.jpg
[2010/09/04 23:17:22 | 000,146,402 | ---- | C] () -- C:\Documents and Settings\Lisa\andymelamedorderseen10th.jpg
[2010/09/04 23:17:22 | 000,126,796 | ---- | C] () -- C:\Documents and Settings\Lisa\big.bmp
[2010/09/04 23:17:22 | 000,098,258 | ---- | C] () -- C:\Documents and Settings\Lisa\3.jpg
[2010/09/04 23:17:22 | 000,080,411 | ---- | C] () -- C:\Documents and Settings\Lisa\andycogentinorderchanged8th.jpg
[2010/09/04 23:17:22 | 000,079,117 | ---- | C] () -- C:\Documents and Settings\Lisa\5.jpg
[2010/09/04 23:17:22 | 000,073,653 | ---- | C] () -- C:\Documents and Settings\Lisa\andylachydrinorder10th.jpg
[2010/09/04 23:17:22 | 000,073,595 | ---- | C] () -- C:\Documents and Settings\Lisa\andycogentindcd8thpriororder.jpg
[2010/09/04 23:17:22 | 000,068,508 | ---- | C] () -- C:\Documents and Settings\Lisa\andymedsheetwithpriorcogentinorderdcd.jpg
[2010/09/04 23:17:22 | 000,059,311 | ---- | C] () -- C:\Documents and Settings\Lisa\chopshop166pic.jpg
[2010/09/04 23:17:22 | 000,053,603 | ---- | C] () -- C:\Documents and Settings\Lisa\andymedconsultorder4th.jpg
[2010/09/04 23:17:22 | 000,047,374 | ---- | C] () -- C:\Documents and Settings\Lisa\andystartedneworderaftererrordiscovered.jpg
[2010/09/04 23:17:22 | 000,019,508 | ---- | C] () -- C:\Documents and Settings\Lisa\chopshopteam166.htm
[2010/09/04 23:17:22 | 000,014,646 | ---- | C] () -- C:\Documents and Settings\Lisa\a1c.html
[2010/09/04 16:26:07 | 000,008,413 | ---- | C] () -- C:\Documents and Settings\Lisa\Cube.png
[2010/09/04 16:26:07 | 000,004,911 | ---- | C] () -- C:\Documents and Settings\Lisa\Triangle 3D thing.jpg

========== ZeroAccess Check ==========

[2010/07/13 06:17:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/04 01:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium
[2010/09/16 18:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/09/25 18:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2013/01/04 01:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012/06/27 11:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2010/09/26 17:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/17 18:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/30 14:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Inbox Toolbar
[2011/08/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\iolo
[2013/01/25 16:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Motorola Mobility
[2011/12/26 15:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\.minecraft
[2013/01/24 21:41:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa\Application Data\2CE4E61C
[2010/11/28 14:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Amazon
[2011/02/02 17:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\BatteryBar
[2011/08/23 17:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Garmin
[2011/02/27 12:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GCPublishers
[2010/09/15 19:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Inbox Toolbar
[2012/01/03 14:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iolo
[2010/09/29 19:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Juniper Networks
[2013/02/05 14:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MotoCast
[2012/11/06 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\motorola
[2012/11/06 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Motorola Mobility
[2010/09/17 21:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\RebateInformer
[2011/12/27 15:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\TS3Client
[2013/01/04 15:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\WindowsSession
[2010/09/16 18:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2013/01/04 01:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo

========== Purity Check ==========



========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >
[2012/10/31 21:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/17 18:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/11/17 18:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/01/04 01:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium
[2010/09/16 18:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/09/25 18:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/09/09 19:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/09/09 19:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/09/09 19:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/09/09 19:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2013/01/04 01:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/02 11:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/01/02 11:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2013/02/04 12:19:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/06/27 11:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2012/11/21 12:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/09/16 13:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/12/22 10:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/26 17:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/09 19:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/07/13 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/11/17 18:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2012/12/03 02:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\15056\AcrobatUpdater.exe
[2012/12/03 02:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\15056\AdobeARM.exe
[2012/12/03 02:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\15056\AdobeARMHelper.exe
[2012/12/03 02:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\15056\ReaderUpdater.exe
[2012/01/03 12:44:25 | 000,342,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\setup.exe
[2011/06/26 17:14:45 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.3.1.55\SetupAdmin.exe
[2011/07/21 13:35:56 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.4.0.80\SetupAdmin.exe
[2011/10/19 15:20:00 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.5.0.142\SetupAdmin.exe
[2012/03/05 18:43:26 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.5.3.3\SetupAdmin.exe
[2012/05/31 12:10:12 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.6.1.7\SetupAdmin.exe
[2011/02/10 15:22:55 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.19.4\SetupAdmin.exe
[2011/03/11 09:50:07 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.20.27\SetupAdmin.exe
[2011/06/26 15:31:17 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.21.1\SetupAdmin.exe
[2011/07/21 13:42:41 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.34.50.0\SetupAdmin.exe
[2012/03/05 18:18:45 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.34.52.7\SetupAdmin.exe
[2010/09/03 23:27:18 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgemc.exe
[2012/12/06 23:41:14 | 000,674,120 | ---- | M] (iolo technologies, LLC) -- C:\Documents and Settings\All Users\Application Data\iolo\IRestartStub.exe
[2010/09/07 08:37:44 | 041,957,480 | ---- | M] (iolo technologies, LLC ) -- C:\Documents and Settings\All Users\Application Data\iolo\System Shield\smsysshieldinstaller.exe
[2012/12/07 00:51:04 | 012,663,376 | ---- | M] (iolo technologies, LLC ) -- C:\Documents and Settings\All Users\Application Data\iolo\System Shield\SSEngineUpd.exe
[2013/01/04 08:55:46 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2009/09/23 10:01:06 | 000,214,320 | ---- | M] (Nero AG) -- C:\Documents and Settings\All Users\Application Data\Nero\OnlineServices\NOS_CAExe.exe

< %APPDATA%\*. >
[2011/12/26 15:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\.minecraft
[2013/01/24 21:41:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa\Application Data\2CE4E61C
[2012/03/01 19:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Adobe
[2010/11/28 14:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Amazon
[2012/11/04 22:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Apple Computer
[2011/02/02 17:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\BatteryBar
[2010/11/10 21:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\CyberLink
[2012/05/01 13:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\DivX
[2011/08/23 17:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Garmin
[2011/02/27 12:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GCPublishers
[2012/03/13 09:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\HpUpdate
[2010/09/04 17:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Identities
[2010/09/15 19:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Inbox Toolbar
[2011/12/30 14:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\InstallShield
[2010/07/13 17:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Intel
[2012/01/03 14:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iolo
[2010/09/29 19:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Juniper Networks
[2010/09/05 16:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Macromedia
[2010/09/05 17:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Malwarebytes
[2012/10/23 15:39:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Lisa\Application Data\Microsoft
[2013/02/05 14:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MotoCast
[2012/11/06 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\motorola
[2012/11/06 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Motorola Mobility
[2011/12/27 16:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Mozilla
[2010/11/25 12:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Real
[2010/09/17 21:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\RebateInformer
[2011/12/22 10:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Sun
[2011/12/27 15:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\TS3Client
[2011/04/23 22:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\U3
[2013/01/04 15:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\WindowsSession

< %APPDATA%\*.exe /s >
[2010/07/06 14:11:44 | 000,492,208 | ---- | M] (iolo technologies, LLC) -- C:\Documents and Settings\Lisa\Application Data\iolo\IRestartStub.exe
[2010/09/09 19:25:42 | 002,826,192 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Lisa\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2011/12/22 14:53:02 | 000,045,126 | R--- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_00A2B159EC25728DD0F170.exe
[2011/12/22 14:53:02 | 000,045,126 | R--- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_0F16B68AE7780754B68FFC.exe
[2011/12/22 14:53:02 | 000,045,126 | R--- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_6FEFF9B68218417F98F549.exe
[2006/04/05 18:38:10 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\U3\temp\cleanup.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2010/07/12 16:14:16 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\NLDRV\007\iastor.sys
[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
[2010/07/12 16:14:16 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys
[2005/10/12 11:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/07/12 13:14:55 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/07/12 13:14:55 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/07/12 13:14:55 | 000,929,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lisa\My Documents\PCLECHAL.INI:KAVICHS

< End of report >

OTL Extras logfile created on: 2/5/2013 3:05:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Lisa\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 83.55% Memory free
3.10 Gb Paging File | 2.92 Gb Available in Paging File | 94.28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 14.94 Gb Free Space | 16.04% Space Free | Partition Type: NTFS
Drive E: | 3.82 Gb Total Space | 2.88 Gb Free Space | 75.48% Space Free | Partition Type: FAT32

Computer Name: NX9420 | User Name: Lisa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Motorola Media Link\Lite\MML.exe" = C:\Program Files\Motorola Media Link\Lite\MML.exe:*:Enabled:MotoCast_USB -- (Nero AG)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\iolo\System Mechanic Professional\SysMech.exe" = C:\Program Files\iolo\System Mechanic Professional\SysMech.exe:*:Enabled:iolo System Shield® -- (iolo technologies, LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Motorola Media Link\Lite\MML.exe" = C:\Program Files\Motorola Media Link\Lite\MML.exe:*:Enabled:MotoCast_USB -- (Nero AG)
"C:\Program Files\Motorola Mobility\MotoCast\motocast.exe" = C:\Program Files\Motorola Mobility\MotoCast\motocast.exe:*:Enabled:MotoCast -- (Motorola Mobility Inc.)
"C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe" = C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe:*:Enabled:MotoCast-thumbnailer -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E5E7177-5156-4541-B8D5-B0C7E9064329}" = System Mechanic 11 Professional
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55251924-B51C-4E66-8199-5258672518C5}" = Epocrates Essentials for Pocket PC
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F35D5A5E-7739-49DB-8A0E-23E2E8F99D1A}" = Motorola Mobile Drivers Installation 5.9.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Batch XLSX to XLS Converter" = Batch XLSX to XLS Converter
"BatteryBar" = BatteryBar (remove only)
"Belarc Advisor" = Belarc Advisor 8.3
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Elecard MPEG-2 PlugIn for WMP 4.0.90626" = Elecard MPEG-2 PlugIn for WMP
"File Recover_is1" = File Recover 7.5
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"HTC_WModemDriver" = WModem Driver Installer
"ie8" = Windows Internet Explorer 8
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Media Player - Codec Pack" = Media Player Codec Pack 4.0.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MRW!UninstallKey" = InCD EasyWrite Reader
"MSNINST" = MSN
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"Recuva" = Recuva
"Rhapsody" = Rhapsody
"SequoiaView" = SequoiaView
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.81
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.9

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2013 2:32:17 PM | Computer Name = NX9420 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/2/2013 2:58:07 PM | Computer Name = NX9420 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/3/2013 1:47:13 AM | Computer Name = NX9420 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/3/2013 11:46:04 AM | Computer Name = NX9420 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/3/2013 12:14:17 PM | Computer Name = NX9420 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/3/2013 5:37:45 PM | Computer Name = NX9420 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/5/2013 12:37:43 PM | Computer Name = NX9420 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/5/2013 12:37:43 PM | Computer Name = NX9420 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/5/2013 12:37:54 PM | Computer Name = NX9420 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/5/2013 12:37:54 PM | Computer Name = NX9420 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ iolo Applications Events ]
Error - 11/27/2010 12:04:33 AM | Computer Name = NX9420 | Source = System Shield | ID = 11
Description =

Error - 7/1/2011 12:22:06 AM | Computer Name = NX9420 | Source = System Shield | ID = 11
Description =

Error - 1/25/2013 5:31:03 PM | Computer Name = NX9420 | Source = System Shield | ID = 12
Description =

Error - 1/25/2013 6:04:43 PM | Computer Name = NX9420 | Source = System Shield | ID = 12
Description =

Error - 1/25/2013 7:07:21 PM | Computer Name = NX9420 | Source = System Shield | ID = 12
Description =

Error - 1/25/2013 8:33:29 PM | Computer Name = NX9420 | Source = System Shield | ID = 12
Description =

Error - 1/25/2013 8:57:18 PM | Computer Name = NX9420 | Source = System Shield | ID = 12
Description =

Error - 1/26/2013 7:39:58 AM | Computer Name = NX9420 | Source = System Shield | ID = 12
Description =

Error - 1/29/2013 5:41:56 PM | Computer Name = NX9420 | Source = System Shield | ID = 12
Description =

Error - 1/29/2013 7:34:11 PM | Computer Name = NX9420 | Source = System Shield | ID = 12
Description =

[ System Events ]
Error - 2/3/2013 5:41:50 PM | Computer Name = NX9420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 2/3/2013 5:41:50 PM | Computer Name = NX9420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 2/3/2013 5:41:50 PM | Computer Name = NX9420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 2/3/2013 5:41:50 PM | Computer Name = NX9420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 2/3/2013 5:41:50 PM | Computer Name = NX9420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 2/3/2013 5:41:50 PM | Computer Name = NX9420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 2/3/2013 5:41:50 PM | Computer Name = NX9420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 2/3/2013 5:42:13 PM | Computer Name = NX9420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/4/2013 12:29:47 AM | Computer Name = NX9420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2/4/2013 4:11:00 PM | Computer Name = NX9420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}


< End of report >

Attached Files


  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings Lisa and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
LisaMc

LisaMc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Gringo

Thanks so much for your help!! I ran the programs in safe mode which I hope was OK. I will cut and paste the files below.

checkup.txt:

Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
System Shield
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Windows Defender
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Wise Disk Cleaner 5.81
Wise Registry Cleaner 5.8.9
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````





Adwcleaner.txt:

# AdwCleaner v2.111 - Logfile created 02/05/2013 at 23:37:49
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Lisa - NX9420
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Lisa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\RebateInformer
Folder Deleted : C:\Documents and Settings\John\Application Data\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Lisa\AppData\LocalLow\Conduit
Folder Deleted : C:\Documents and Settings\Lisa\Application Data\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Lisa\Application Data\RebateInformer
Folder Deleted : C:\Program Files\Inbox Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com

-\\ Mozilla Firefox v9.0.1 (en-US)

File : C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\sjl8imbn.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5118 octets] - [05/02/2013 23:37:49]

########## EOF - C:\AdwCleaner[S1].txt - [5178 octets] ##########






RKreport.txt:

RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Lisa [Admin rights]
Mode : Remove -- Date : 02/05/2013 23:50:45
| ARK || MBR |

§§§ Bad processes : 1 §§§
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll -> KILLED [TermProc]

§§§ Registry Entries : 14 §§§
[RUN][SUSP PATH] HKCU\[...]\Run : Google (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : Google (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : ApplicationHistory (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\Deployment\ApplicationHistory\qwocwqxhe.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : Google (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : ApplicationHistory (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\Deployment\ApplicationHistory\qwocwqxhe.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : Google (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : ApplicationHistory (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\Deployment\ApplicationHistory\qwocwqxhe.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : Google (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : ApplicationHistory (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\Deployment\ApplicationHistory\qwocwqxhe.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : Google (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1417001333-527237240-2147181963-1004_Classes[...]\Run : ApplicationHistory (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\Deployment\ApplicationHistory\qwocwqxhe.dll",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1417001333-527237240-2147181963-1004_Classes[...]\Run : Google (rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll",DllRegisterServerW) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

§§§ Particular Files / Folders: §§§

§§§ Driver : [LOADED] §§§

§§§ HOSTS File: §§§
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


§§§ MBR Check: §§§

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a9b506bbf10f26d9dcf20b98a0c9b6f5
[BSP] 8b9e3a396a1597ef34e23f278d8c2cce : Standard MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95393 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 1c0a76cffbd69eab8f1a950ed94b57fe
[BSP] 8b9e3a396a1597ef34e23f278d8c2cce : Standard MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95393 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 1c0a76cffbd69eab8f1a950ed94b57fe
[BSP] 8b9e3a396a1597ef34e23f278d8c2cce : Standard MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95393 Mo

Finished : << RKreport[2]_D_02052013_02d2350.txt >>
RKreport[1]_S_02052013_02d2350.txt ; RKreport[2]_D_02052013_02d2350.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
LisaMc

LisaMc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks again for your time Gringo.

When I tried to run Combofix by double clicking on the icon nothing would happen, so I rebooted in safe mode (not connected to internet) and let it run what it could without the internet connection.

I rebooted into regular mode and ran Combofix and this is the resulting log file is below. I rebooted again and tried running internet explorer carbonite info center and system mechanic from the program file directories and they didn't start up.





ComboFix 13-02-06.01 - Lisa 02/06/2013 20:03:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1907 [GMT -5:00]
Running from: c:\documents and settings\Lisa\Desktop\ComboFix.exe
AV: System Shield *Disabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-07 to 2013-02-07 )))))))))))))))))))))))))))))))
.
.
2013-02-05 17:59 . 2013-01-18 17:17 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1819E4EC-D1F1-401D-9A28-3A6CBD2C30B7}\mpengine.dll
2013-02-05 16:57 . 2013-02-05 16:58 -------- dc-h--w- c:\windows\ie8
2013-02-05 01:20 . 2013-01-18 17:17 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-05 01:20 . 2013-01-17 06:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-04 17:19 . 2013-02-04 17:19 -------- d-----w- c:\program files\Windows Defender
2013-01-25 21:11 . 2013-01-25 21:11 -------- d-----w- c:\program files\GUM7.tmp
2013-01-25 21:01 . 2013-01-25 21:01 -------- d-----w- c:\documents and settings\John\Application Data\Motorola Mobility
2013-01-23 22:15 . 2013-01-25 02:41 -------- d--h--w- c:\documents and settings\Lisa\Application Data\2CE4E61C
2013-01-08 22:55 . 2013-01-08 22:55 -------- d-----w- c:\documents and settings\Lisa\.morena
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 19:09 . 2012-04-02 18:18 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-10 19:09 . 2011-06-13 15:41 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2008-04-14 09:39 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2010-07-13 18:11 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 04:57 . 2010-09-16 23:52 41176 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-12-07 04:57 . 2010-09-16 23:52 23128 ----a-w- c:\windows\system32\smrgdf.exe
2012-12-07 04:42 . 2011-07-12 15:36 2097032 ----a-w- c:\windows\system32\Incinerator32.dll
2012-11-13 01:25 . 2008-04-14 05:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2011-12-21 07:24 . 2011-12-28 22:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-11-21 1704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-07-26 1061960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ??¬???…????\0?…????\0?…????\0?…????\0?…????\0?…
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\SysMech.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Motorola Media Link\\Lite\\MML.exe"=
"c:\\Program Files\\Motorola Mobility\\MotoCast\\motocast.exe"=
"c:\\Program Files\\Motorola Mobility\\MotoCast\\bin\\MotoCast-thumbnailer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [5/25/2012 11:48 AM 137568]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [10/1/2012 12:00 PM 68464]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [7/12/2010 4:16 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/24/2007 7:21 AM 41216]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [5/25/2012 11:48 AM 1210208]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/16/2010 6:52 PM 1053184]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S4 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [9/7/2012 9:36 PM 87992]
S4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [10/23/2012 5:58 PM 120728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 04:11 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 19:09]
.
2013-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 02:01]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 02:01]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1005Core.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-05 22:02]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1005UA.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-05 22:02]
.
2013-02-05 c:\windows\Tasks\MotoCast Update.job
- c:\program files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-11-07 22:09]
.
2013-02-04 c:\windows\Tasks\Motorola Device Manager Engine.job
- c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23 22:58]
.
2012-12-21 c:\windows\Tasks\Motorola Device Manager Update.job
- c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23 22:58]
.
2013-02-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://powerschool....2.nh.us/public/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
LSP: c:\windows\system32\iavlsp.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Lisa\Application Data\Mozilla\Firefox\Profiles\sjl8imbn.default\
FF - prefs.js: browser.startup.homepage - hxxps://powerschool.merrimack.k12.nh.us/public/
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-06 20:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\iavlsp.dll
.
- - - - - - - > 'explorer.exe'(2608)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\program files\BatteryBar\BatteryBar.dll
c:\program files\BatteryBar\BatteryBar.Utilities.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\iavlsp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2013-02-06 20:15:33
ComboFix-quarantined-files.txt 2013-02-07 01:15
ComboFix2.txt 2013-02-07 00:47
.
Pre-Run: 13,666,242,560 bytes free
Post-Run: 13,647,949,824 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E9CAACCE9BF73FC387E82F9AE281FDEE
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
LisaMc

LisaMc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I copied both programs to my jump drive on my other laptop and when I put it in the laptop with the problem and it wouldn't read it. I tried with another jump drive and the same thing. I tried to shutdown normally and it wouldn't work so I held the power button until it did and started it up in safe mode and was able to copy them to the desktop and run them. TDSSKiller rebooted like you said it would so I let it boot normally. The AVscan appears to have a dropdown where quickscan was picked, so I left it that way. Hope that was OK. There were 3 different TDSSKiller .txt files. The good news is it looks like windows shut down ok and installed some updates before shutting down. I won't have time to checkout how it is running until tomorrow evening. Thanks again for all your help!!



23:54:41.0296 1648 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:54:41.0312 1648 ============================================================
23:54:41.0312 1648 Current date / time: 2013/02/06 23:54:41.0312
23:54:41.0312 1648 SystemInfo:
23:54:41.0312 1648
23:54:41.0312 1648 OS Version: 5.1.2600 ServicePack: 3.0
23:54:41.0312 1648 Product type: Workstation
23:54:41.0312 1648 ComputerName: NX9420
23:54:41.0312 1648 UserName: Lisa
23:54:41.0312 1648 Windows directory: C:\WINDOWS
23:54:41.0312 1648 System windows directory: C:\WINDOWS
23:54:41.0312 1648 Processor architecture: Intel x86
23:54:41.0312 1648 Number of processors: 2
23:54:41.0312 1648 Page size: 0x1000
23:54:41.0312 1648 Boot type: Safe boot with network
23:54:41.0312 1648 ============================================================
23:54:43.0218 1648 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
23:54:43.0218 1648 Drive \Device\Harddisk1\DR2 - Size: 0xF5000000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:54:43.0218 1648 ============================================================
23:54:43.0218 1648 \Device\Harddisk0\DR0:
23:54:43.0218 1648 MBR partitions:
23:54:43.0218 1648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50A51
23:54:43.0218 1648 \Device\Harddisk1\DR2:
23:54:43.0218 1648 MBR partitions:
23:54:43.0218 1648 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7A7FE0
23:54:43.0218 1648 ============================================================
23:54:43.0265 1648 C: <-> \Device\Harddisk0\DR0\Partition1
23:54:43.0281 1648 ============================================================
23:54:43.0281 1648 Initialize success
23:54:43.0281 1648 ============================================================
23:55:42.0562 1640 Deinitialize success



23:57:55.0453 2676 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:57:55.0562 2676 ============================================================
23:57:55.0562 2676 Current date / time: 2013/02/06 23:57:55.0562
23:57:55.0562 2676 SystemInfo:
23:57:55.0562 2676
23:57:55.0562 2676 OS Version: 5.1.2600 ServicePack: 3.0
23:57:55.0562 2676 Product type: Workstation
23:57:55.0562 2676 ComputerName: NX9420
23:57:55.0562 2676 UserName: Lisa
23:57:55.0562 2676 Windows directory: C:\WINDOWS
23:57:55.0562 2676 System windows directory: C:\WINDOWS
23:57:55.0562 2676 Processor architecture: Intel x86
23:57:55.0562 2676 Number of processors: 2
23:57:55.0562 2676 Page size: 0x1000
23:57:55.0562 2676 Boot type: Normal boot
23:57:55.0562 2676 ============================================================
23:58:09.0296 2676 BG loaded
23:58:09.0593 2676 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
23:58:09.0625 2676 ============================================================
23:58:09.0625 2676 \Device\Harddisk0\DR0:
23:58:09.0625 2676 MBR partitions:
23:58:09.0625 2676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50A51
23:58:09.0625 2676 ============================================================
23:58:09.0734 2676 C: <-> \Device\Harddisk0\DR0\Partition1
23:58:09.0765 2676 ============================================================
23:58:09.0765 2676 Initialize success
23:58:09.0765 2676 ============================================================
00:00:05.0609 2388 ============================================================
00:00:05.0609 2388 Scan started
00:00:05.0609 2388 Mode: Manual; SigCheck; TDLFS;
00:00:05.0609 2388 ============================================================
00:00:06.0000 2388 ================ Scan system memory ========================
00:00:06.0000 2388 System memory - ok
00:00:06.0000 2388 ================ Scan services =============================
00:00:06.0437 2388 Abiosdsk - ok
00:00:06.0453 2388 abp480n5 - ok
00:00:06.0500 2388 [ 8356DD18DA15D9C42A8584E1841844FE ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
00:00:06.0625 2388 Accelerometer - ok
00:00:06.0687 2388 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:00:09.0015 2388 ACPI - ok
00:00:09.0046 2388 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:00:09.0250 2388 ACPIEC - ok
00:00:09.0343 2388 [ 7356EFF52AD50B8946D346002118CE62 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
00:00:09.0421 2388 ADIHdAudAddService - ok
00:00:09.0531 2388 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:00:09.0593 2388 AdobeFlashPlayerUpdateSvc - ok
00:00:09.0593 2388 adpu160m - ok
00:00:09.0640 2388 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
00:00:09.0703 2388 AEAudio - ok
00:00:09.0734 2388 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:00:09.0921 2388 aec - ok
00:00:09.0968 2388 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:00:10.0000 2388 AegisP - ok
00:00:10.0031 2388 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:00:10.0093 2388 AFD - ok
00:00:10.0093 2388 Aha154x - ok
00:00:10.0109 2388 aic78u2 - ok
00:00:10.0109 2388 aic78xx - ok
00:00:10.0156 2388 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:00:10.0312 2388 Alerter - ok
00:00:10.0328 2388 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
00:00:10.0406 2388 ALG - ok
00:00:10.0406 2388 AliIde - ok
00:00:10.0437 2388 [ 92B01ED9D7AF833A35C59AFC0258EBA5 ] AMP C:\WINDOWS\system32\Drivers\amp.sys
00:00:10.0640 2388 AMP - ok
00:00:10.0906 2388 [ 7909577B7FDE2C2BC6F0840D29F5D583 ] AMPSE C:\WINDOWS\system32\Drivers\ampse.sys
00:00:11.0031 2388 AMPSE - ok
00:00:11.0046 2388 amsint - ok
00:00:11.0250 2388 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:00:11.0281 2388 Apple Mobile Device - ok
00:00:11.0375 2388 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:00:11.0500 2388 AppMgmt - ok
00:00:11.0515 2388 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:00:11.0750 2388 Arp1394 - ok
00:00:11.0750 2388 asc - ok
00:00:11.0765 2388 asc3350p - ok
00:00:11.0765 2388 asc3550 - ok
00:00:11.0953 2388 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:00:11.0984 2388 aspnet_state - ok
00:00:12.0046 2388 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:00:12.0156 2388 AsyncMac - ok
00:00:12.0234 2388 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:00:12.0375 2388 atapi - ok
00:00:12.0390 2388 Atdisk - ok
00:00:12.0484 2388 [ 870D480C911A7EE9A98B3CB190D95D22 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
00:00:12.0593 2388 Ati HotKey Poller - ok
00:00:13.0046 2388 [ 7554246A1F39CEFD6C42B80016BDCCA8 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:00:13.0296 2388 ati2mtag - ok
00:00:13.0359 2388 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:00:13.0500 2388 Atmarpc - ok
00:00:13.0578 2388 [ 69E65A2CE11619F0C868967CA9540B80 ] ATSWPDRV C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
00:00:13.0593 2388 ATSWPDRV - ok
00:00:13.0609 2388 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:00:13.0703 2388 AudioSrv - ok
00:00:13.0750 2388 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:00:13.0875 2388 audstub - ok
00:00:13.0921 2388 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:00:13.0984 2388 b57w2k - ok
00:00:14.0015 2388 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
00:00:14.0062 2388 BANTExt ( UnsignedFile.Multi.Generic ) - warning
00:00:14.0062 2388 BANTExt - detected UnsignedFile.Multi.Generic (1)
00:00:14.0109 2388 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:00:14.0234 2388 Beep - ok
00:00:14.0296 2388 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
00:00:14.0406 2388 BITS - ok
00:00:14.0562 2388 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:00:14.0640 2388 Bonjour Service - ok
00:00:14.0687 2388 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
00:00:14.0796 2388 Browser - ok
00:00:14.0796 2388 BTCFilterService - ok
00:00:15.0500 2388 [ 442745BF42053A779AB514C5746DF11B ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
00:00:15.0921 2388 CarboniteService - ok
00:00:16.0109 2388 catchme - ok
00:00:16.0187 2388 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:00:16.0312 2388 cbidf2k - ok
00:00:16.0312 2388 cd20xrnt - ok
00:00:16.0328 2388 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:00:16.0437 2388 Cdaudio - ok
00:00:16.0500 2388 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:00:16.0640 2388 Cdfs - ok
00:00:16.0656 2388 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:00:16.0796 2388 Cdrom - ok
00:00:16.0796 2388 Changer - ok
00:00:16.0828 2388 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:00:16.0953 2388 CiSvc - ok
00:00:17.0015 2388 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:00:17.0156 2388 ClipSrv - ok
00:00:17.0265 2388 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:00:17.0296 2388 clr_optimization_v2.0.50727_32 - ok
00:00:17.0343 2388 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:00:17.0484 2388 clr_optimization_v4.0.30319_32 - ok
00:00:17.0531 2388 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:00:17.0703 2388 CmBatt - ok
00:00:17.0703 2388 CmdIde - ok
00:00:17.0734 2388 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:00:17.0875 2388 Compbatt - ok
00:00:17.0875 2388 COMSysApp - ok
00:00:17.0890 2388 Cpqarray - ok
00:00:17.0921 2388 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:00:18.0046 2388 CryptSvc - ok
00:00:18.0046 2388 dac2w2k - ok
00:00:18.0062 2388 dac960nt - ok
00:00:18.0125 2388 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:00:18.0203 2388 DcomLaunch - ok
00:00:18.0421 2388 [ 59D90B6A7FBC4CC712DD7C5868618480 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
00:00:18.0484 2388 DeviceMonitorService - ok
00:00:18.0515 2388 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:00:18.0625 2388 Dhcp - ok
00:00:18.0656 2388 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:00:18.0843 2388 Disk - ok
00:00:18.0843 2388 dmadmin - ok
00:00:19.0046 2388 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:00:19.0328 2388 dmboot - ok
00:00:19.0375 2388 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:00:19.0578 2388 dmio - ok
00:00:19.0609 2388 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:00:19.0765 2388 dmload - ok
00:00:19.0843 2388 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:00:20.0046 2388 dmserver - ok
00:00:20.0093 2388 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:00:20.0218 2388 DMusic - ok
00:00:20.0265 2388 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:00:20.0421 2388 Dnscache - ok
00:00:20.0500 2388 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:00:20.0640 2388 Dot3svc - ok
00:00:20.0640 2388 dpti2o - ok
00:00:20.0671 2388 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:00:20.0765 2388 drmkaud - ok
00:00:20.0828 2388 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:00:21.0031 2388 EapHost - ok
00:00:21.0046 2388 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:00:21.0156 2388 ERSvc - ok
00:00:21.0187 2388 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
00:00:21.0218 2388 Eventlog - ok
00:00:21.0250 2388 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
00:00:21.0265 2388 EventSystem - ok
00:00:21.0500 2388 [ E2D3E74C02ABE0FB2169A541CE976AAC ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
00:00:21.0562 2388 EvtEng ( UnsignedFile.Multi.Generic ) - warning
00:00:21.0562 2388 EvtEng - detected UnsignedFile.Multi.Generic (1)
00:00:21.0609 2388 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:00:21.0750 2388 Fastfat - ok
00:00:21.0796 2388 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:00:21.0828 2388 FastUserSwitchingCompatibility - ok
00:00:21.0906 2388 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
00:00:22.0031 2388 Fdc - ok
00:00:22.0109 2388 [ 0694585D54BF46379CE41AEE2B6864AA ] FileDisk C:\WINDOWS\system32\drivers\FileDisk.sys
00:00:22.0171 2388 FileDisk ( UnsignedFile.Multi.Generic ) - warning
00:00:22.0171 2388 FileDisk - detected UnsignedFile.Multi.Generic (1)
00:00:22.0218 2388 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:00:22.0343 2388 Fips - ok
00:00:22.0375 2388 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
00:00:22.0515 2388 Flpydisk - ok
00:00:22.0546 2388 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:00:22.0703 2388 FltMgr - ok
00:00:22.0875 2388 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:00:22.0906 2388 FontCache3.0.0.0 - ok
00:00:22.0968 2388 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:00:23.0109 2388 Fs_Rec - ok
00:00:23.0125 2388 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:00:23.0312 2388 Ftdisk - ok
00:00:23.0359 2388 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:00:23.0406 2388 GEARAspiWDM - ok
00:00:23.0437 2388 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:00:23.0593 2388 Gpc - ok
00:00:23.0671 2388 [ F3C9F09AA3EDA29A1C841877E7E39158 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
00:00:23.0750 2388 GTIPCI21 - ok
00:00:23.0875 2388 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:00:23.0890 2388 gupdate - ok
00:00:23.0906 2388 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:00:23.0937 2388 gupdatem - ok
00:00:23.0984 2388 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:00:24.0046 2388 gusvc - ok
00:00:24.0093 2388 [ CEF316DBBD1B3845A6D53ED620EB1AEB ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
00:00:24.0109 2388 HBtnKey - ok
00:00:24.0140 2388 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:00:24.0296 2388 HDAudBus - ok
00:00:24.0359 2388 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:00:24.0453 2388 helpsvc - ok
00:00:24.0468 2388 HidServ - ok
00:00:24.0531 2388 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:00:24.0671 2388 HidUsb - ok
00:00:24.0703 2388 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:00:24.0843 2388 hkmsvc - ok
00:00:24.0906 2388 [ C1AE4BC866AAF10D8BBB182B35C14986 ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
00:00:24.0921 2388 hpdskflt - ok
00:00:24.0937 2388 hpn - ok
00:00:25.0203 2388 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:00:25.0250 2388 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
00:00:25.0250 2388 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
00:00:25.0312 2388 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:00:25.0390 2388 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
00:00:25.0406 2388 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
00:00:25.0437 2388 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
00:00:25.0484 2388 HpqKbFiltr - ok
00:00:25.0531 2388 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
00:00:25.0578 2388 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
00:00:25.0578 2388 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
00:00:25.0625 2388 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:00:25.0796 2388 HPZid412 - ok
00:00:25.0843 2388 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:00:25.0890 2388 HPZipr12 - ok
00:00:25.0937 2388 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:00:26.0000 2388 HPZius12 - ok
00:00:26.0093 2388 [ 3C01C18B866488FB6CC4E7D5472986A0 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
00:00:26.0187 2388 HSFHWAZL - ok
00:00:26.0281 2388 [ 0D7D34441E37E4A41B61CFF0CBCA1E3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
00:00:26.0343 2388 HSF_DPV - ok
00:00:26.0406 2388 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:00:26.0468 2388 HTTP - ok
00:00:26.0500 2388 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:00:26.0671 2388 HTTPFilter - ok
00:00:26.0671 2388 i2omgmt - ok
00:00:26.0687 2388 i2omp - ok
00:00:26.0750 2388 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:00:26.0875 2388 i8042prt - ok
00:00:26.0968 2388 [ 0B66A9A2137213075F753579E7D573A5 ] IAANTMon C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
00:00:27.0000 2388 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
00:00:27.0000 2388 IAANTMon - detected UnsignedFile.Multi.Generic (1)
00:00:27.0203 2388 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
00:00:27.0656 2388 iaStor - ok
00:00:27.0875 2388 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:00:28.0046 2388 idsvc - ok
00:00:28.0078 2388 [ 667CFDB801DF771F47B7C39373C2D850 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
00:00:28.0171 2388 IFXTPM - ok
00:00:28.0218 2388 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:00:28.0484 2388 Imapi - ok
00:00:28.0500 2388 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
00:00:28.0718 2388 ImapiService - ok
00:00:28.0734 2388 [ 242B1EDC880D892A0A6C5940D38654FC ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys
00:00:28.0750 2388 incdrm ( UnsignedFile.Multi.Generic ) - warning
00:00:28.0750 2388 incdrm - detected UnsignedFile.Multi.Generic (1)
00:00:28.0750 2388 ini910u - ok
00:00:28.0796 2388 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:00:28.0906 2388 IntelIde - ok
00:00:28.0953 2388 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:00:29.0031 2388 intelppm - ok
00:00:29.0296 2388 [ 4C279F23F88E0854CE94731E55BF6E77 ] ioloSystemService C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
00:00:29.0375 2388 ioloSystemService - ok
00:00:29.0421 2388 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:00:29.0640 2388 Ip6Fw - ok
00:00:29.0671 2388 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:00:29.0828 2388 IpFilterDriver - ok
00:00:29.0875 2388 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:00:30.0031 2388 IpInIp - ok
00:00:30.0062 2388 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:00:30.0171 2388 IpNat - ok
00:00:30.0437 2388 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:00:30.0546 2388 iPod Service - ok
00:00:30.0593 2388 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:00:30.0687 2388 IPSec - ok
00:00:30.0718 2388 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:00:30.0796 2388 IRENUM - ok
00:00:30.0828 2388 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:00:30.0968 2388 isapnp - ok
00:00:31.0062 2388 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
00:00:31.0093 2388 JavaQuickStarterService - ok
00:00:31.0125 2388 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:00:31.0296 2388 Kbdclass - ok
00:00:31.0359 2388 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:00:31.0468 2388 kbdhid - ok
00:00:31.0515 2388 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:00:31.0703 2388 kmixer - ok
00:00:31.0750 2388 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:00:31.0875 2388 KSecDD - ok
00:00:31.0921 2388 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
00:00:32.0015 2388 LanmanServer - ok
00:00:32.0109 2388 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:00:32.0234 2388 lanmanworkstation - ok
00:00:32.0250 2388 lbrtfdc - ok
00:00:32.0296 2388 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:00:32.0406 2388 LmHosts - ok
00:00:32.0437 2388 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:00:32.0515 2388 mdmxsdk - ok
00:00:32.0531 2388 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:00:32.0671 2388 Messenger - ok
00:00:32.0703 2388 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:00:32.0828 2388 mnmdd - ok
00:00:32.0859 2388 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:00:33.0015 2388 mnmsrvc - ok
00:00:33.0062 2388 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:00:33.0234 2388 Modem - ok
00:00:33.0250 2388 motccgp - ok
00:00:33.0250 2388 motccgpfl - ok
00:00:33.0250 2388 motmodem - ok
00:00:33.0375 2388 [ AC9D6E3629E4388A9EA9B4172493AAEE ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
00:00:33.0468 2388 Motorola Device Manager - ok
00:00:33.0468 2388 MotoSwitchService - ok
00:00:33.0468 2388 Motousbnet - ok
00:00:33.0484 2388 motusbdevice - ok
00:00:33.0515 2388 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:00:33.0703 2388 Mouclass - ok
00:00:33.0718 2388 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:00:33.0875 2388 mouhid - ok
00:00:33.0937 2388 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:00:34.0125 2388 MountMgr - ok
00:00:34.0125 2388 mraid35x - ok
00:00:34.0171 2388 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:00:34.0312 2388 MRxDAV - ok
00:00:34.0468 2388 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:00:34.0578 2388 MRxSmb - ok
00:00:34.0656 2388 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:00:34.0828 2388 MSDTC - ok
00:00:34.0859 2388 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:00:34.0968 2388 Msfs - ok
00:00:34.0968 2388 MSIServer - ok
00:00:35.0031 2388 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:00:35.0171 2388 MSKSSRV - ok
00:00:35.0187 2388 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:00:35.0296 2388 MSPCLOCK - ok
00:00:35.0312 2388 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:00:35.0390 2388 MSPQM - ok
00:00:35.0453 2388 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:00:35.0562 2388 mssmbios - ok
00:00:35.0625 2388 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:00:35.0703 2388 Mup - ok
00:00:35.0734 2388 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:00:35.0937 2388 napagent - ok
00:00:36.0000 2388 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:00:36.0125 2388 NDIS - ok
00:00:36.0171 2388 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:00:36.0296 2388 NdisTapi - ok
00:00:36.0375 2388 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:00:36.0500 2388 Ndisuio - ok
00:00:36.0531 2388 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:00:36.0625 2388 NdisWan - ok
00:00:36.0671 2388 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:00:36.0734 2388 NDProxy - ok
00:00:36.0796 2388 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
00:00:36.0812 2388 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:00:36.0812 2388 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:00:36.0843 2388 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:00:36.0937 2388 NetBIOS - ok
00:00:36.0968 2388 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:00:37.0109 2388 NetBT - ok
00:00:37.0125 2388 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
00:00:37.0250 2388 NetDDE - ok
00:00:37.0281 2388 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:00:37.0406 2388 NetDDEdsdm - ok
00:00:37.0453 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:00:37.0593 2388 Netlogon - ok
00:00:37.0656 2388 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
00:00:37.0796 2388 Netman - ok
00:00:37.0828 2388 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:00:37.0953 2388 NetTcpPortSharing - ok
00:00:38.0031 2388 [ 88100EBDD10309FBD445EF8E42452EAE ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
00:00:38.0656 2388 NETw4x32 - ok
00:00:39.0203 2388 [ 05743FFFC2BC88CC8E426321BC6A762E ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
00:00:40.0343 2388 NETw5x32 ( UnsignedFile.Multi.Generic ) - warning
00:00:40.0343 2388 NETw5x32 - detected UnsignedFile.Multi.Generic (1)
00:00:40.0406 2388 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:00:40.0640 2388 NIC1394 - ok
00:00:40.0718 2388 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
00:00:40.0781 2388 Nla - ok
00:00:40.0843 2388 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:00:41.0062 2388 Npfs - ok
00:00:41.0156 2388 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:00:41.0390 2388 Ntfs - ok
00:00:41.0421 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:00:41.0609 2388 NtLmSsp - ok
00:00:41.0750 2388 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:00:41.0906 2388 NtmsSvc - ok
00:00:41.0953 2388 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:00:42.0156 2388 Null - ok
00:00:42.0171 2388 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:00:42.0312 2388 NwlnkFlt - ok
00:00:42.0328 2388 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:00:42.0453 2388 NwlnkFwd - ok
00:00:42.0484 2388 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:00:42.0593 2388 ohci1394 - ok
00:00:42.0671 2388 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:00:42.0703 2388 ose - ok
00:00:42.0750 2388 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:00:42.0859 2388 Parport - ok
00:00:42.0890 2388 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:00:43.0062 2388 PartMgr - ok
00:00:43.0093 2388 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:00:43.0234 2388 ParVdm - ok
00:00:43.0281 2388 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:00:43.0468 2388 PCI - ok
00:00:43.0468 2388 PCIDump - ok
00:00:43.0500 2388 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
00:00:43.0593 2388 PCIIde - ok
00:00:43.0609 2388 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:00:43.0718 2388 Pcmcia - ok
00:00:43.0718 2388 PDCOMP - ok
00:00:43.0718 2388 PDFRAME - ok
00:00:43.0781 2388 [ 40C611622882C3FCAFEB845C1E12A10F ] PDFsFilter C:\WINDOWS\system32\DRIVERS\PDFsFilter.sys
00:00:43.0796 2388 PDFsFilter - ok
00:00:43.0796 2388 PDRELI - ok
00:00:43.0796 2388 PDRFRAME - ok
00:00:43.0796 2388 perc2 - ok
00:00:43.0812 2388 perc2hib - ok
00:00:43.0828 2388 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
00:00:43.0875 2388 PlugPlay - ok
00:00:43.0921 2388 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
00:00:43.0984 2388 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:00:43.0984 2388 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:00:44.0015 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:00:44.0187 2388 PolicyAgent - ok
00:00:44.0265 2388 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:00:44.0390 2388 PptpMiniport - ok
00:00:44.0421 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:00:44.0562 2388 ProtectedStorage - ok
00:00:44.0609 2388 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:00:44.0765 2388 PSched - ok
00:00:44.0812 2388 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:00:44.0968 2388 Ptilink - ok
00:00:44.0968 2388 ql1080 - ok
00:00:44.0984 2388 Ql10wnt - ok
00:00:44.0984 2388 ql12160 - ok
00:00:44.0984 2388 ql1240 - ok
00:00:44.0984 2388 ql1280 - ok
00:00:45.0031 2388 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:00:45.0156 2388 RasAcd - ok
00:00:45.0218 2388 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:00:45.0375 2388 RasAuto - ok
00:00:45.0390 2388 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:00:45.0546 2388 Rasl2tp - ok
00:00:45.0578 2388 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:00:45.0718 2388 RasMan - ok
00:00:45.0750 2388 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:00:45.0875 2388 RasPppoe - ok
00:00:45.0953 2388 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:00:46.0093 2388 Raspti - ok
00:00:46.0140 2388 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:00:46.0250 2388 Rdbss - ok
00:00:46.0281 2388 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:00:46.0437 2388 RDPCDD - ok
00:00:46.0500 2388 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:00:46.0640 2388 rdpdr - ok
00:00:46.0687 2388 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:00:46.0843 2388 RDPWD - ok
00:00:46.0937 2388 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:00:47.0062 2388 RDSessMgr - ok
00:00:47.0125 2388 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:00:47.0203 2388 redbook - ok
00:00:47.0296 2388 [ 098BA55EF5F540DBA0D578C5A2AE3E01 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
00:00:47.0328 2388 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
00:00:47.0328 2388 RegSrvc - detected UnsignedFile.Multi.Generic (1)
00:00:47.0390 2388 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:00:47.0515 2388 RemoteAccess - ok
00:00:47.0562 2388 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:00:47.0718 2388 RemoteRegistry - ok
00:00:47.0781 2388 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
00:00:48.0015 2388 RpcLocator - ok
00:00:48.0078 2388 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
00:00:48.0171 2388 RpcSs - ok
00:00:48.0250 2388 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:00:48.0546 2388 RSVP - ok
00:00:48.0875 2388 [ 6344C0A1F7AEF8AA1EC1F37B77437494 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
00:00:49.0046 2388 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
00:00:49.0046 2388 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
00:00:49.0109 2388 [ C26A053E4DB47F6CDD8653C83AAF22EE ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
00:00:49.0218 2388 s24trans - ok
00:00:49.0250 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
00:00:49.0515 2388 SamSs - ok
00:00:49.0562 2388 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:00:49.0734 2388 SCardSvr - ok
00:00:49.0796 2388 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:00:49.0984 2388 Schedule - ok
00:00:50.0031 2388 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:00:50.0296 2388 sdbus - ok
00:00:50.0343 2388 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:00:50.0421 2388 Secdrv - ok
00:00:50.0468 2388 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:00:50.0687 2388 seclogon - ok
00:00:50.0703 2388 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
00:00:50.0921 2388 SENS - ok
00:00:51.0234 2388 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
00:00:51.0437 2388 Serial - ok
00:00:51.0484 2388 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:00:51.0640 2388 Sfloppy - ok
00:00:51.0750 2388 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:00:51.0890 2388 SharedAccess - ok
00:00:51.0968 2388 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:00:52.0062 2388 ShellHWDetection - ok
00:00:52.0062 2388 Simbad - ok
00:00:52.0078 2388 Sparrow - ok
00:00:52.0140 2388 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:00:52.0296 2388 splitter - ok
00:00:52.0343 2388 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:00:52.0468 2388 Spooler - ok
00:00:52.0500 2388 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:00:52.0656 2388 sr - ok
00:00:52.0718 2388 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
00:00:52.0843 2388 srservice - ok
00:00:52.0953 2388 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:00:53.0093 2388 Srv - ok
00:00:53.0125 2388 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:00:53.0265 2388 SSDPSRV - ok
00:00:53.0265 2388 StarOpen - ok
00:00:53.0375 2388 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:00:53.0562 2388 stisvc - ok
00:00:53.0578 2388 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:00:53.0750 2388 swenum - ok
00:00:53.0781 2388 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:00:53.0921 2388 swmidi - ok
00:00:53.0921 2388 SwPrv - ok
00:00:53.0937 2388 symc810 - ok
00:00:53.0937 2388 symc8xx - ok
00:00:53.0937 2388 sym_hi - ok
00:00:53.0953 2388 sym_u3 - ok
00:00:53.0984 2388 [ 0F332C0BA9B968EBC8CBB906416F8597 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:00:54.0109 2388 SynTP - ok
00:00:54.0140 2388 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:00:54.0390 2388 sysaudio - ok
00:00:54.0468 2388 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:00:54.0640 2388 SysmonLog - ok
00:00:54.0750 2388 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:00:54.0906 2388 TapiSrv - ok
00:00:55.0093 2388 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:00:55.0187 2388 Tcpip - ok
00:00:55.0250 2388 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:00:55.0453 2388 TDPIPE - ok
00:00:55.0468 2388 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:00:55.0609 2388 TDTCP - ok
00:00:55.0656 2388 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:00:55.0765 2388 TermDD - ok
00:00:55.0859 2388 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
00:00:56.0000 2388 TermService - ok
00:00:56.0046 2388 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
00:00:56.0093 2388 Themes - ok
00:00:56.0187 2388 [ E4C85C291DDB3DC5E4A2F227CA465BA6 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
00:00:56.0281 2388 tifm21 - ok
00:00:56.0343 2388 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
00:00:56.0484 2388 TlntSvr - ok
00:00:56.0484 2388 TosIde - ok
00:00:56.0515 2388 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:00:56.0718 2388 TrkWks - ok
00:00:56.0781 2388 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:00:56.0953 2388 Udfs - ok
00:00:56.0953 2388 ultra - ok
00:00:57.0093 2388 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:00:57.0296 2388 Update - ok
00:00:57.0375 2388 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:00:57.0484 2388 upnphost - ok
00:00:57.0515 2388 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
00:00:57.0687 2388 UPS - ok
00:00:57.0718 2388 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
00:00:57.0781 2388 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
00:00:57.0781 2388 USBAAPL - detected UnsignedFile.Multi.Generic (1)
00:00:57.0828 2388 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:00:57.0953 2388 usbccgp - ok
00:00:57.0984 2388 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:00:58.0140 2388 usbehci - ok
00:00:58.0171 2388 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:00:58.0312 2388 usbhub - ok
00:00:58.0359 2388 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:00:58.0500 2388 usbprint - ok
00:00:58.0546 2388 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:00:58.0718 2388 usbscan - ok
00:00:58.0781 2388 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:00:58.0906 2388 USBSTOR - ok
00:00:58.0937 2388 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:00:59.0109 2388 usbuhci - ok
00:00:59.0171 2388 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
00:00:59.0359 2388 usb_rndisx - ok
00:00:59.0406 2388 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:00:59.0593 2388 VgaSave - ok
00:00:59.0609 2388 ViaIde - ok
00:00:59.0625 2388 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:00:59.0750 2388 VolSnap - ok
00:00:59.0828 2388 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
00:00:59.0921 2388 VSS - ok
00:00:59.0984 2388 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
00:01:00.0156 2388 W32Time - ok
00:01:00.0218 2388 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:01:00.0421 2388 Wanarp - ok
00:01:00.0562 2388 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:01:00.0640 2388 Wdf01000 - ok
00:01:00.0640 2388 WDICA - ok
00:01:00.0671 2388 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:01:00.0843 2388 wdmaud - ok
00:01:00.0937 2388 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:01:01.0046 2388 WebClient - ok
00:01:01.0171 2388 [ BB62E6FADCFE4096151103AC4B07F1ED ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:01:01.0265 2388 winachsf - ok
00:01:01.0406 2388 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
00:01:01.0453 2388 WinDefend - ok
00:01:01.0593 2388 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:01:01.0718 2388 winmgmt - ok
00:01:02.0140 2388 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:01:02.0640 2388 wlidsvc - ok
00:01:02.0687 2388 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:01:02.0765 2388 WmdmPmSN - ok
00:01:02.0953 2388 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:01:03.0093 2388 Wmi - ok
00:01:03.0109 2388 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:01:03.0218 2388 WmiAcpi - ok
00:01:03.0281 2388 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:01:03.0421 2388 WmiApSrv - ok
00:01:03.0671 2388 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
00:01:03.0968 2388 WMPNetworkSvc - ok
00:01:04.0015 2388 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:01:04.0093 2388 WpdUsb - ok
00:01:04.0312 2388 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:01:04.0500 2388 WPFFontCache_v0400 - ok
00:01:04.0578 2388 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:01:04.0765 2388 WS2IFSL - ok
00:01:04.0859 2388 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:01:05.0046 2388 wscsvc - ok
00:01:05.0093 2388 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:01:05.0250 2388 wuauserv - ok
00:01:05.0296 2388 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:01:05.0453 2388 WudfPf - ok
00:01:05.0500 2388 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:01:05.0578 2388 WudfRd - ok
00:01:05.0609 2388 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:01:05.0640 2388 WudfSvc - ok
00:01:05.0843 2388 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:01:06.0078 2388 WZCSVC - ok
00:01:06.0109 2388 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:01:06.0203 2388 xmlprov - ok
00:01:06.0218 2388 ================ Scan global ===============================
00:01:06.0281 2388 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:01:06.0359 2388 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:01:06.0406 2388 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:01:06.0437 2388 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:01:06.0437 2388 [Global] - ok
00:01:06.0437 2388 ================ Scan MBR ==================================
00:01:06.0468 2388 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk0\DR0
00:01:06.0468 2388 Suspicious mbr (Forged): \Device\Harddisk0\DR0
00:01:06.0531 2388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
00:01:06.0546 2388 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
00:01:06.0812 2388 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:01:06.0812 2388 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:01:06.0812 2388 ================ Scan VBR ==================================
00:01:06.0812 2388 [ 6E99E66BD25CE68528A2E0BC9F568BEA ] \Device\Harddisk0\DR0\Partition1
00:01:06.0812 2388 \Device\Harddisk0\DR0\Partition1 - ok
00:01:06.0812 2388 ================ Scan active images ========================
00:01:06.0828 2388 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
00:01:06.0828 2388 C:\WINDOWS\system32\drivers\intelppm.sys - ok
00:01:06.0828 2388 [ 7554246A1F39CEFD6C42B80016BDCCA8 ] C:\WINDOWS\system32\drivers\ati2mtag.sys
00:01:06.0828 2388 C:\WINDOWS\system32\drivers\ati2mtag.sys - ok
00:01:06.0843 2388 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
00:01:06.0843 2388 C:\WINDOWS\system32\drivers\videoprt.sys - ok
00:01:06.0843 2388 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
00:01:06.0843 2388 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
00:01:06.0859 2388 [ 88100EBDD10309FBD445EF8E42452EAE ] C:\WINDOWS\system32\drivers\NETw4x32.sys
00:01:06.0859 2388 C:\WINDOWS\system32\drivers\NETw4x32.sys - ok
00:01:06.0859 2388 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
00:01:06.0859 2388 C:\WINDOWS\system32\drivers\usbport.sys - ok
00:01:06.0875 2388 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
00:01:06.0875 2388 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
00:01:06.0875 2388 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
00:01:06.0875 2388 C:\WINDOWS\system32\drivers\nic1394.sys - ok
00:01:06.0890 2388 [ E4C85C291DDB3DC5E4A2F227CA465BA6 ] C:\WINDOWS\system32\drivers\tifm21.sys
00:01:06.0890 2388 C:\WINDOWS\system32\drivers\tifm21.sys - ok
00:01:06.0890 2388 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
00:01:06.0890 2388 C:\WINDOWS\system32\drivers\usbehci.sys - ok
00:01:06.0906 2388 [ F3C9F09AA3EDA29A1C841877E7E39158 ] C:\WINDOWS\system32\drivers\gtipci21.sys
00:01:06.0906 2388 C:\WINDOWS\system32\drivers\gtipci21.sys - ok
00:01:06.0906 2388 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] C:\WINDOWS\system32\drivers\sdbus.sys
00:01:06.0906 2388 C:\WINDOWS\system32\drivers\sdbus.sys - ok
00:01:06.0906 2388 [ 017DAECF0ED3AA731313433601EC40FA ] C:\WINDOWS\system32\drivers\smclib.sys
00:01:06.0906 2388 C:\WINDOWS\system32\drivers\smclib.sys - ok
00:01:06.0921 2388 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
00:01:06.0921 2388 C:\WINDOWS\system32\drivers\parport.sys - ok
00:01:06.0921 2388 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
00:01:06.0921 2388 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
00:01:06.0937 2388 [ 667CFDB801DF771F47B7C39373C2D850 ] C:\WINDOWS\system32\drivers\ifxtpm.sys
00:01:06.0937 2388 C:\WINDOWS\system32\drivers\ifxtpm.sys - ok
00:01:06.0937 2388 [ 35956140E686D53BF676CF0C778880FC ] C:\WINDOWS\system32\drivers\HpqKbFiltr.sys
00:01:06.0937 2388 C:\WINDOWS\system32\drivers\HpqKbFiltr.sys - ok
00:01:06.0953 2388 [ 6AA8BB224B30A20A5D07A2734568D6D7 ] C:\WINDOWS\system32\drivers\wdfldr.sys
00:01:06.0953 2388 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
00:01:06.0953 2388 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] C:\WINDOWS\system32\drivers\wdf01000.sys
00:01:06.0953 2388 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
00:01:06.0953 2388 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
00:01:06.0953 2388 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
00:01:06.0953 2388 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
00:01:06.0953 2388 C:\WINDOWS\system32\drivers\mouclass.sys - ok
00:01:06.0968 2388 [ 0F332C0BA9B968EBC8CBB906416F8597 ] C:\WINDOWS\system32\drivers\SynTP.sys
00:01:06.0968 2388 C:\WINDOWS\system32\drivers\SynTP.sys - ok
00:01:06.0968 2388 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
00:01:06.0968 2388 C:\WINDOWS\system32\drivers\usbd.sys - ok
00:01:06.0968 2388 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
00:01:06.0968 2388 C:\WINDOWS\system32\drivers\cdrom.sys - ok
00:01:06.0968 2388 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
00:01:06.0968 2388 C:\WINDOWS\system32\drivers\imapi.sys - ok
00:01:06.0984 2388 [ 242B1EDC880D892A0A6C5940D38654FC ] C:\WINDOWS\system32\drivers\incdrm.sys
00:01:06.0984 2388 C:\WINDOWS\system32\drivers\incdrm.sys - ok
00:01:06.0984 2388 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
00:01:06.0984 2388 C:\WINDOWS\system32\drivers\ks.sys - ok
00:01:06.0984 2388 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
00:01:06.0984 2388 C:\WINDOWS\system32\drivers\redbook.sys - ok
00:01:06.0984 2388 [ 8356DD18DA15D9C42A8584E1841844FE ] C:\WINDOWS\system32\drivers\Accelerometer.sys
00:01:06.0984 2388 C:\WINDOWS\system32\drivers\Accelerometer.sys - ok
00:01:07.0000 2388 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
00:01:07.0000 2388 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
00:01:07.0000 2388 [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\CmBatt.sys
00:01:07.0000 2388 C:\WINDOWS\system32\drivers\CmBatt.sys - ok
00:01:07.0000 2388 [ CEF316DBBD1B3845A6D53ED620EB1AEB ] C:\WINDOWS\system32\drivers\CPQBttn.sys
00:01:07.0000 2388 C:\WINDOWS\system32\drivers\CPQBttn.sys - ok
00:01:07.0000 2388 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
00:01:07.0000 2388 C:\WINDOWS\system32\drivers\hidclass.sys - ok
00:01:07.0015 2388 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
00:01:07.0015 2388 C:\WINDOWS\system32\drivers\hidparse.sys - ok
00:01:07.0015 2388 [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
00:01:07.0015 2388 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
00:01:07.0015 2388 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
00:01:07.0015 2388 C:\WINDOWS\system32\drivers\audstub.sys - ok
00:01:07.0015 2388 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
00:01:07.0015 2388 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
00:01:07.0031 2388 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
00:01:07.0031 2388 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
00:01:07.0031 2388 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
00:01:07.0031 2388 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
00:01:07.0031 2388 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
00:01:07.0031 2388 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
00:01:07.0031 2388 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
00:01:07.0031 2388 C:\WINDOWS\system32\drivers\raspptp.sys - ok
00:01:07.0046 2388 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
00:01:07.0046 2388 C:\WINDOWS\system32\drivers\tdi.sys - ok
00:01:07.0046 2388 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
00:01:07.0046 2388 C:\WINDOWS\system32\drivers\msgpc.sys - ok
00:01:07.0046 2388 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
00:01:07.0046 2388 C:\WINDOWS\system32\drivers\psched.sys - ok
00:01:07.0046 2388 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
00:01:07.0046 2388 C:\WINDOWS\system32\drivers\ptilink.sys - ok
00:01:07.0062 2388 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
00:01:07.0062 2388 C:\WINDOWS\system32\drivers\raspti.sys - ok
00:01:07.0062 2388 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
00:01:07.0062 2388 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
00:01:07.0062 2388 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
00:01:07.0062 2388 C:\WINDOWS\system32\drivers\swenum.sys - ok
00:01:07.0062 2388 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
00:01:07.0062 2388 C:\WINDOWS\system32\drivers\termdd.sys - ok
00:01:07.0078 2388 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
00:01:07.0078 2388 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
00:01:07.0078 2388 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
00:01:07.0078 2388 C:\WINDOWS\system32\drivers\update.sys - ok
00:01:07.0078 2388 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
00:01:07.0078 2388 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
00:01:07.0078 2388 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
00:01:07.0078 2388 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
00:01:07.0093 2388 [ 7356EFF52AD50B8946D346002118CE62 ] C:\WINDOWS\system32\drivers\ADIHdAud.sys
00:01:07.0093 2388 C:\WINDOWS\system32\drivers\ADIHdAud.sys - ok
00:01:07.0093 2388 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] C:\WINDOWS\system32\drivers\aeaudio.sys
00:01:07.0093 2388 C:\WINDOWS\system32\drivers\aeaudio.sys - ok
00:01:07.0093 2388 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
00:01:07.0093 2388 C:\WINDOWS\system32\drivers\drmk.sys - ok
00:01:07.0109 2388 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
00:01:07.0109 2388 C:\WINDOWS\system32\drivers\portcls.sys - ok
00:01:07.0109 2388 [ 3C01C18B866488FB6CC4E7D5472986A0 ] C:\WINDOWS\system32\drivers\HSFHWAZL.sys
00:01:07.0109 2388 C:\WINDOWS\system32\drivers\HSFHWAZL.sys - ok
00:01:07.0109 2388 [ 0D7D34441E37E4A41B61CFF0CBCA1E3D ] C:\WINDOWS\system32\drivers\HSF_DPV.sys
00:01:07.0109 2388 C:\WINDOWS\system32\drivers\HSF_DPV.sys - ok
00:01:07.0109 2388 [ BB62E6FADCFE4096151103AC4B07F1ED ] C:\WINDOWS\system32\drivers\HSF_CNXT.sys
00:01:07.0109 2388 C:\WINDOWS\system32\drivers\HSF_CNXT.sys - ok
00:01:07.0125 2388 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
00:01:07.0125 2388 C:\WINDOWS\system32\drivers\modem.sys - ok
00:01:07.0125 2388 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
00:01:07.0125 2388 C:\WINDOWS\system32\drivers\usbhub.sys - ok
00:01:07.0125 2388 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
00:01:07.0125 2388 C:\WINDOWS\system32\drivers\fdc.sys - ok
00:01:07.0125 2388 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
00:01:07.0125 2388 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
00:01:07.0140 2388 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
00:01:07.0140 2388 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
00:01:07.0140 2388 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
00:01:07.0140 2388 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
00:01:07.0140 2388 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
00:01:07.0140 2388 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
00:01:07.0140 2388 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
00:01:07.0140 2388 C:\WINDOWS\system32\drivers\beep.sys - ok
00:01:07.0156 2388 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
00:01:07.0156 2388 C:\WINDOWS\system32\drivers\null.sys - ok
00:01:07.0156 2388 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
00:01:07.0156 2388 C:\WINDOWS\system32\drivers\vga.sys - ok
00:01:07.0156 2388 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
00:01:07.0156 2388 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
00:01:07.0156 2388 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
00:01:07.0156 2388 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
00:01:07.0156 2388 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
00:01:07.0156 2388 C:\WINDOWS\system32\drivers\msfs.sys - ok
00:01:07.0171 2388 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
00:01:07.0171 2388 C:\WINDOWS\system32\drivers\ipsec.sys - ok
00:01:07.0171 2388 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
00:01:07.0171 2388 C:\WINDOWS\system32\drivers\npfs.sys - ok
00:01:07.0171 2388 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
00:01:07.0171 2388 C:\WINDOWS\system32\drivers\rasacd.sys - ok
00:01:07.0171 2388 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
00:01:07.0171 2388 C:\WINDOWS\system32\drivers\tcpip.sys - ok
00:01:07.0187 2388 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
00:01:07.0187 2388 C:\WINDOWS\system32\drivers\ipnat.sys - ok
00:01:07.0187 2388 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
00:01:07.0187 2388 C:\WINDOWS\system32\drivers\netbt.sys - ok
00:01:07.0187 2388 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
00:01:07.0187 2388 C:\WINDOWS\system32\drivers\wanarp.sys - ok
00:01:07.0203 2388 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
00:01:07.0203 2388 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
00:01:07.0203 2388 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
00:01:07.0203 2388 C:\WINDOWS\system32\drivers\afd.sys - ok
00:01:07.0203 2388 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
00:01:07.0203 2388 C:\WINDOWS\system32\drivers\arp1394.sys - ok
00:01:07.0203 2388 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
00:01:07.0203 2388 C:\WINDOWS\system32\drivers\netbios.sys - ok
00:01:07.0218 2388 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
00:01:07.0218 2388 C:\WINDOWS\system32\drivers\rdbss.sys - ok
00:01:07.0218 2388 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
00:01:07.0218 2388 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
00:01:07.0218 2388 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
00:01:07.0218 2388 C:\WINDOWS\system32\drivers\fips.sys - ok
00:01:07.0218 2388 [ 0694585D54BF46379CE41AEE2B6864AA ] C:\WINDOWS\system32\drivers\filedisk.sys
00:01:07.0218 2388 C:\WINDOWS\system32\drivers\filedisk.sys - ok
00:01:07.0234 2388 [ 69E65A2CE11619F0C868967CA9540B80 ] C:\WINDOWS\system32\drivers\atswpdrv.sys
00:01:07.0234 2388 C:\WINDOWS\system32\drivers\atswpdrv.sys - ok
00:01:07.0234 2388 [ 5D7BE7B19E827125E016325334E58FF1 ] C:\WINDOWS\system32\drivers\BANTExt.sys
00:01:07.0234 2388 C:\WINDOWS\system32\drivers\BANTExt.sys - ok
00:01:07.0234 2388 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
00:01:07.0234 2388 C:\WINDOWS\system32\ntdll.dll - ok
00:01:07.0234 2388 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
00:01:07.0234 2388 C:\WINDOWS\system32\smss.exe - ok
00:01:07.0234 2388 [ 362BC5AF8EAF712832C58CC13AE05750 ] C:\WINDOWS\system32\sfcfiles.dll
00:01:07.0234 2388 C:\WINDOWS\system32\sfcfiles.dll - ok
00:01:07.0250 2388 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
00:01:07.0250 2388 C:\WINDOWS\system32\drivers\cdfs.sys - ok
00:01:07.0250 2388 [ 309C4D86D989FB1FCF64BD30DC81C51B ] C:\WINDOWS\system32\drivers\iaStor.sys
00:01:07.0250 2388 C:\WINDOWS\system32\drivers\iaStor.sys - ok
00:01:07.0250 2388 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
00:01:07.0250 2388 C:\WINDOWS\system32\drivers\dxapi.sys - ok
00:01:07.0250 2388 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
00:01:07.0250 2388 C:\WINDOWS\system32\watchdog.sys - ok
00:01:07.0265 2388 [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys
00:01:07.0265 2388 C:\WINDOWS\system32\win32k.sys - ok
00:01:07.0265 2388 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
00:01:07.0265 2388 C:\WINDOWS\system32\csrsrv.dll - ok
00:01:07.0265 2388 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
00:01:07.0265 2388 C:\WINDOWS\system32\csrss.exe - ok
00:01:07.0265 2388 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:01:07.0265 2388 C:\WINDOWS\system32\basesrv.dll - ok
00:01:07.0281 2388 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:01:07.0281 2388 C:\WINDOWS\system32\winsrv.dll - ok
00:01:07.0281 2388 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
00:01:07.0281 2388 C:\WINDOWS\system32\gdi32.dll - ok
00:01:07.0281 2388 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
00:01:07.0281 2388 C:\WINDOWS\system32\kernel32.dll - ok
00:01:07.0281 2388 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
00:01:07.0281 2388 C:\WINDOWS\system32\user32.dll - ok
00:01:07.0296 2388 [ 012DF358CEBAA23ACB26D82077820817 ] C:\WINDOWS\system32\lpk.dll
00:01:07.0296 2388 C:\WINDOWS\system32\lpk.dll - ok
00:01:07.0296 2388 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
00:01:07.0296 2388 C:\WINDOWS\system32\usp10.dll - ok
00:01:07.0296 2388 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
00:01:07.0296 2388 C:\WINDOWS\system32\advapi32.dll - ok
00:01:07.0296 2388 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
00:01:07.0296 2388 C:\WINDOWS\system32\rpcrt4.dll - ok
00:01:07.0312 2388 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
00:01:07.0312 2388 C:\WINDOWS\system32\secur32.dll - ok
00:01:07.0312 2388 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
00:01:07.0312 2388 C:\WINDOWS\system32\drivers\dxg.sys - ok
00:01:07.0312 2388 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
00:01:07.0312 2388 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
00:01:07.0312 2388 [ 0B1ECFC4A9FEEBB1CAE68CD46826A7AF ] C:\WINDOWS\system32\ati2cqag.dll
00:01:07.0312 2388 C:\WINDOWS\system32\ati2cqag.dll - ok
00:01:07.0328 2388 [ BEB24B1C7348B02DC2109C1658E6190B ] C:\WINDOWS\system32\ati2dvag.dll
00:01:07.0328 2388 C:\WINDOWS\system32\ati2dvag.dll - ok
00:01:07.0328 2388 [ 340EB468EE52AC59B06ABFCFDA89D7B2 ] C:\WINDOWS\system32\atikvmag.dll
00:01:07.0328 2388 C:\WINDOWS\system32\atikvmag.dll - ok
00:01:07.0328 2388 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
00:01:07.0328 2388 C:\WINDOWS\system32\vga.dll - ok
00:01:07.0328 2388 [ 80D6F657F972FD1CEF0C40A578C0F3B3 ] C:\WINDOWS\system32\atiok3x2.dll
00:01:07.0328 2388 C:\WINDOWS\system32\atiok3x2.dll - ok
00:01:07.0343 2388 [ 6EFFAD5843252B25E831BACF4FA3CDB7 ] C:\WINDOWS\system32\ati3duag.dll
00:01:07.0343 2388 C:\WINDOWS\system32\ati3duag.dll - ok
00:01:07.0343 2388 [ E08BF7C4EA094E0B4B110B75614D565B ] C:\WINDOWS\system32\ativvaxx.dll
00:01:07.0343 2388 C:\WINDOWS\system32\ativvaxx.dll - ok
00:01:07.0343 2388 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
00:01:07.0343 2388 C:\WINDOWS\system32\winlogon.exe - ok
00:01:07.0343 2388 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
00:01:07.0343 2388 C:\WINDOWS\system32\authz.dll - ok
00:01:07.0359 2388 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
00:01:07.0359 2388 C:\WINDOWS\system32\msvcrt.dll - ok
00:01:07.0359 2388 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
00:01:07.0359 2388 C:\WINDOWS\system32\crypt32.dll - ok
00:01:07.0359 2388 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
00:01:07.0359 2388 C:\WINDOWS\system32\msasn1.dll - ok
00:01:07.0359 2388 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
00:01:07.0359 2388 C:\WINDOWS\system32\nddeapi.dll - ok
00:01:07.0359 2388 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
00:01:07.0359 2388 C:\WINDOWS\system32\profmap.dll - ok
00:01:07.0375 2388 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
00:01:07.0375 2388 C:\WINDOWS\system32\netapi32.dll - ok
00:01:07.0375 2388 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
00:01:07.0375 2388 C:\WINDOWS\system32\userenv.dll - ok
00:01:07.0375 2388 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
00:01:07.0375 2388 C:\WINDOWS\system32\psapi.dll - ok
00:01:07.0375 2388 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
00:01:07.0375 2388 C:\WINDOWS\system32\regapi.dll - ok
00:01:07.0390 2388 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
00:01:07.0390 2388 C:\WINDOWS\system32\setupapi.dll - ok
00:01:07.0390 2388 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
00:01:07.0390 2388 C:\WINDOWS\system32\version.dll - ok
00:01:07.0390 2388 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
00:01:07.0390 2388 C:\WINDOWS\system32\winsta.dll - ok
00:01:07.0390 2388 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
00:01:07.0390 2388 C:\WINDOWS\system32\wintrust.dll - ok
00:01:07.0406 2388 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
00:01:07.0406 2388 C:\WINDOWS\system32\imagehlp.dll - ok
00:01:07.0406 2388 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
00:01:07.0406 2388 C:\WINDOWS\system32\ws2help.dll - ok
00:01:07.0406 2388 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
00:01:07.0406 2388 C:\WINDOWS\system32\ws2_32.dll - ok
00:01:07.0406 2388 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
00:01:07.0406 2388 C:\WINDOWS\system32\imm32.dll - ok
00:01:07.0421 2388 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
00:01:07.0421 2388 C:\WINDOWS\system32\shlwapi.dll - ok
00:01:07.0421 2388 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
00:01:07.0421 2388 C:\WINDOWS\system32\atl.dll - ok
00:01:07.0421 2388 [ 6CE32F7778061CCC5814D5E0F282D369 ] C:\WINDOWS\system32\wininet.dll
00:01:07.0421 2388 C:\WINDOWS\system32\wininet.dll - ok
00:01:07.0421 2388 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
00:01:07.0421 2388 C:\WINDOWS\system32\normaliz.dll - ok
00:01:07.0437 2388 [ 05642AE6A7BDAA7541A7451F5A4C6512 ] C:\WINDOWS\system32\urlmon.dll
00:01:07.0437 2388 C:\WINDOWS\system32\urlmon.dll - ok
00:01:07.0437 2388 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
00:01:07.0437 2388 C:\WINDOWS\system32\ole32.dll - ok
00:01:07.0437 2388 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
00:01:07.0437 2388 C:\WINDOWS\system32\oleaut32.dll - ok
00:01:07.0437 2388 [ 58BD4689E1DCD40A903721D7EF45F2EC ] C:\WINDOWS\system32\iertutil.dll
00:01:07.0437 2388 C:\WINDOWS\system32\iertutil.dll - ok
00:01:07.0453 2388 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
00:01:07.0453 2388 C:\WINDOWS\system32\sxs.dll - ok
00:01:07.0453 2388 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
00:01:07.0453 2388 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
00:01:07.0453 2388 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
00:01:07.0453 2388 C:\WINDOWS\system32\winmm.dll - ok
00:01:07.0453 2388 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
00:01:07.0453 2388 C:\WINDOWS\system32\shell32.dll - ok
00:01:07.0468 2388 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
00:01:07.0468 2388 C:\WINDOWS\system32\comctl32.dll - ok
00:01:07.0468 2388 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
00:01:07.0468 2388 C:\WINDOWS\system32\kbdus.dll - ok
00:01:07.0468 2388 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
00:01:07.0468 2388 C:\WINDOWS\system32\msgina.dll - ok
00:01:07.0468 2388 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
00:01:07.0468 2388 C:\WINDOWS\system32\odbc32.dll - ok
00:01:07.0484 2388 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
00:01:07.0484 2388 C:\WINDOWS\system32\comdlg32.dll - ok
00:01:07.0484 2388 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
00:01:07.0484 2388 C:\WINDOWS\system32\odbcint.dll - ok
00:01:07.0484 2388 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
00:01:07.0484 2388 C:\WINDOWS\system32\shsvcs.dll - ok
00:01:07.0484 2388 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
00:01:07.0484 2388 C:\WINDOWS\system32\sfc.dll - ok
00:01:07.0484 2388 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
00:01:07.0484 2388 C:\WINDOWS\system32\sfc_os.dll - ok
00:01:07.0500 2388 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
00:01:07.0500 2388 C:\WINDOWS\system32\apphelp.dll - ok
00:01:07.0500 2388 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:01:07.0500 2388 C:\WINDOWS\system32\services.exe - ok
00:01:07.0500 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
00:01:07.0500 2388 C:\WINDOWS\system32\lsass.exe - ok
00:01:07.0500 2388 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
00:01:07.0500 2388 C:\WINDOWS\system32\lsasrv.dll - ok
00:01:07.0515 2388 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
00:01:07.0515 2388 C:\WINDOWS\system32\ncobjapi.dll - ok
00:01:07.0515 2388 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
00:01:07.0515 2388 C:\WINDOWS\system32\msvcp60.dll - ok
00:01:07.0515 2388 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
00:01:07.0515 2388 C:\WINDOWS\system32\mpr.dll - ok
00:01:07.0515 2388 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
00:01:07.0515 2388 C:\WINDOWS\system32\scesrv.dll - ok
00:01:07.0531 2388 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
00:01:07.0531 2388 C:\WINDOWS\system32\dnsapi.dll - ok
00:01:07.0531 2388 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
00:01:07.0531 2388 C:\WINDOWS\system32\ntdsapi.dll - ok
00:01:07.0531 2388 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
00:01:07.0531 2388 C:\WINDOWS\system32\umpnpmgr.dll - ok
00:01:07.0531 2388 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
00:01:07.0531 2388 C:\WINDOWS\system32\shimeng.dll - ok
00:01:07.0546 2388 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
00:01:07.0546 2388 C:\WINDOWS\system32\wldap32.dll - ok
00:01:07.0546 2388 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
00:01:07.0546 2388 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
00:01:07.0546 2388 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
00:01:07.0546 2388 C:\WINDOWS\system32\samlib.dll - ok
00:01:07.0546 2388 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
00:01:07.0546 2388 C:\WINDOWS\system32\samsrv.dll - ok
00:01:07.0562 2388 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
00:01:07.0562 2388 C:\WINDOWS\system32\cryptdll.dll - ok
00:01:07.0562 2388 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
00:01:07.0562 2388 C:\WINDOWS\AppPatch\AcGenral.dll - ok
00:01:07.0562 2388 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
00:01:07.0562 2388 C:\WINDOWS\system32\msacm32.dll - ok
00:01:07.0562 2388 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
00:01:07.0562 2388 C:\WINDOWS\system32\uxtheme.dll - ok
00:01:07.0578 2388 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
00:01:07.0578 2388 C:\WINDOWS\system32\msapsspc.dll - ok
00:01:07.0578 2388 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
00:01:07.0578 2388 C:\WINDOWS\system32\msvcrt40.dll - ok
00:01:07.0578 2388 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
00:01:07.0578 2388 C:\WINDOWS\system32\digest.dll - ok
00:01:07.0578 2388 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
00:01:07.0578 2388 C:\WINDOWS\system32\schannel.dll - ok
00:01:07.0578 2388 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
00:01:07.0578 2388 C:\WINDOWS\system32\msnsspc.dll - ok
00:01:07.0593 2388 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\MSCTFIME.IME
00:01:07.0593 2388 C:\WINDOWS\system32\MSCTFIME.IME - ok
00:01:07.0593 2388 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
00:01:07.0593 2388 C:\WINDOWS\system32\msprivs.dll - ok
00:01:07.0593 2388 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
00:01:07.0593 2388 C:\WINDOWS\system32\kerberos.dll - ok
00:01:07.0593 2388 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
00:01:07.0593 2388 C:\WINDOWS\system32\atmfd.dll - ok
00:01:07.0609 2388 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
00:01:07.0609 2388 C:\WINDOWS\system32\msv1_0.dll - ok
00:01:07.0609 2388 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
00:01:07.0609 2388 C:\WINDOWS\system32\iphlpapi.dll - ok
00:01:07.0609 2388 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
00:01:07.0609 2388 C:\WINDOWS\system32\netlogon.dll - ok
00:01:07.0609 2388 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
00:01:07.0609 2388 C:\WINDOWS\system32\w32time.dll - ok
00:01:07.0625 2388 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
00:01:07.0625 2388 C:\WINDOWS\system32\wdigest.dll - ok
00:01:07.0625 2388 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
00:01:07.0625 2388 C:\WINDOWS\system32\rsaenh.dll - ok
00:01:07.0625 2388 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
00:01:07.0625 2388 C:\WINDOWS\system32\winscard.dll - ok
00:01:07.0625 2388 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
00:01:07.0625 2388 C:\WINDOWS\system32\wtsapi32.dll - ok
00:01:07.0640 2388 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
00:01:07.0640 2388 C:\WINDOWS\system32\scecli.dll - ok
00:01:07.0640 2388 [ 92B01ED9D7AF833A35C59AFC0258EBA5 ] C:\WINDOWS\system32\drivers\amp.sys
00:01:07.0640 2388 C:\WINDOWS\system32\drivers\amp.sys - ok
00:01:07.0640 2388 [ 40C611622882C3FCAFEB845C1E12A10F ] C:\WINDOWS\system32\drivers\PDFsFilter.sys
00:01:07.0640 2388 C:\WINDOWS\system32\drivers\PDFsFilter.sys - ok
00:01:07.0640 2388 [ 870D480C911A7EE9A98B3CB190D95D22 ] C:\WINDOWS\system32\ati2evxx.exe
00:01:07.0640 2388 C:\WINDOWS\system32\ati2evxx.exe - ok
00:01:07.0656 2388 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
00:01:07.0656 2388 C:\WINDOWS\system32\cfgmgr32.dll - ok
00:01:07.0656 2388 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
00:01:07.0656 2388 C:\WINDOWS\system32\powrprof.dll - ok
00:01:07.0656 2388 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
00:01:07.0656 2388 C:\WINDOWS\system32\svchost.exe - ok
00:01:07.0656 2388 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
00:01:07.0656 2388 C:\WINDOWS\system32\ntmarta.dll - ok
00:01:07.0656 2388 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
00:01:07.0671 2388 C:\WINDOWS\system32\rpcss.dll - ok
00:01:07.0671 2388 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
00:01:07.0671 2388 C:\WINDOWS\system32\xpsp2res.dll - ok
00:01:07.0671 2388 [ 36765A744E6A515F709FEC514725643B ] C:\WINDOWS\system32\ati2edxx.dll
00:01:07.0671 2388 C:\WINDOWS\system32\ati2edxx.dll - ok
00:01:07.0671 2388 [ 55492F99E43B11EAF8B297494A5C420E ] C:\WINDOWS\system32\atipdlxx.dll
00:01:07.0671 2388 C:\WINDOWS\system32\atipdlxx.dll - ok
00:01:07.0671 2388 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
00:01:07.0687 2388 C:\WINDOWS\system32\eventlog.dll - ok
00:01:07.0687 2388 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
00:01:07.0687 2388 C:\WINDOWS\system32\logonui.exe - ok
00:01:07.0687 2388 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
00:01:07.0687 2388 C:\WINDOWS\system32\duser.dll - ok
00:01:07.0687 2388 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
00:01:07.0687 2388 C:\WINDOWS\system32\msimg32.dll - ok
00:01:07.0687 2388 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
00:01:07.0687 2388 C:\WINDOWS\system32\oleacc.dll - ok
00:01:07.0703 2388 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
00:01:07.0703 2388 C:\WINDOWS\system32\mswsock.dll - ok
00:01:07.0703 2388 [ A881D47C9FE45D96A2F091C7A0486B7B ] C:\WINDOWS\system32\iavlsp.dll
00:01:07.0703 2388 C:\WINDOWS\system32\iavlsp.dll - ok
00:01:07.0703 2388 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
00:01:07.0703 2388 C:\WINDOWS\system32\hnetcfg.dll - ok
00:01:07.0703 2388 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
00:01:07.0703 2388 C:\Program Files\Bonjour\mdnsNSP.dll - ok
00:01:07.0718 2388 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
00:01:07.0718 2388 C:\WINDOWS\system32\clbcatq.dll - ok
00:01:07.0718 2388 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
00:01:07.0718 2388 C:\WINDOWS\system32\winrnr.dll - ok
00:01:07.0718 2388 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
00:01:07.0718 2388 C:\WINDOWS\system32\wshtcpip.dll - ok
00:01:07.0718 2388 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
00:01:07.0718 2388 C:\WINDOWS\system32\rasadhlp.dll - ok
00:01:07.0734 2388 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
00:01:07.0734 2388 C:\WINDOWS\system32\comres.dll - ok
00:01:07.0734 2388 [ F45DD1E1365D857DD08BC23563370D0E ] C:\Program Files\Windows Defender\MsMpEng.exe
00:01:07.0734 2388 C:\Program Files\Windows Defender\MsMpEng.exe - ok
00:01:07.0734 2388 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
00:01:07.0734 2388 C:\WINDOWS\system32\shgina.dll - ok
00:01:07.0734 2388 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
00:01:07.0734 2388 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
00:01:07.0750 2388 [ 64898BEA32C12BADDA4218BE88DBD595 ] C:\Program Files\Windows Defender\MpSvc.dll
00:01:07.0750 2388 C:\Program Files\Windows Defender\MpSvc.dll - ok
00:01:07.0750 2388 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
00:01:07.0750 2388 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
00:01:07.0750 2388 [ 6F44DD636C791B70ADE78FE974BE0A1D ] C:\Program Files\Windows Defender\MpClient.dll
00:01:07.0750 2388 C:\Program Files\Windows Defender\MpClient.dll - ok
00:01:07.0765 2388 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
00:01:07.0765 2388 C:\WINDOWS\system32\dsound.dll - ok
00:01:07.0765 2388 [ 5F4B4BD17FA4C8D03A4D1B5D9FF96641 ] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1819E4EC-D1F1-401D-9A28-3A6CBD2C30B7}\mpengine.dll
00:01:07.0765 2388 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1819E4EC-D1F1-401D-9A28-3A6CBD2C30B7}\mpengine.dll - ok
00:01:07.0765 2388 [ 84C07D29912726032A583AEA2FF29B7D ] C:\Program Files\Windows Defender\MpRtPlug.dll
00:01:07.0765 2388 C:\Program Files\Windows Defender\MpRtPlug.dll - ok
00:01:07.0781 2388 [ 98D1420DF23A0ADBDE3AA52683876D31 ] C:\WINDOWS\system32\ati2evxx.dll
00:01:07.0781 2388 C:\WINDOWS\system32\ati2evxx.dll - ok
00:01:07.0781 2388 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
00:01:07.0781 2388 C:\WINDOWS\system32\cscdll.dll - ok
00:01:07.0781 2388 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
00:01:07.0781 2388 C:\WINDOWS\system32\dimsntfy.dll - ok
00:01:07.0781 2388 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
00:01:07.0781 2388 C:\WINDOWS\system32\wlnotify.dll - ok
00:01:07.0796 2388 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
00:01:07.0796 2388 C:\WINDOWS\system32\winspool.drv - ok
00:01:07.0796 2388 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
00:01:07.0796 2388 C:\WINDOWS\system32\WgaLogon.dll - ok
00:01:07.0796 2388 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
00:01:07.0796 2388 C:\WINDOWS\system32\msxml3.dll - ok
00:01:07.0796 2388 [ 05231C04253C5BC30B26CBAAE680ED89 ] C:\WINDOWS\system32\WudfSvc.dll
00:01:07.0796 2388 C:\WINDOWS\system32\WudfSvc.dll - ok
00:01:07.0812 2388 [ 5CAF91E865FE0C85048A233E594544D2 ] C:\WINDOWS\system32\WudfPlatform.dll
00:01:07.0812 2388 C:\WINDOWS\system32\WudfPlatform.dll - ok
00:01:07.0812 2388 [ 023867B6606FBABCDD52E089C4A507DA ] C:\WINDOWS\system32\drivers\AegisP.sys
00:01:07.0812 2388 C:\WINDOWS\system32\drivers\AegisP.sys - ok
00:01:07.0812 2388 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
00:01:07.0812 2388 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
00:01:07.0812 2388 [ 6344C0A1F7AEF8AA1EC1F37B77437494 ] C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
00:01:07.0812 2388 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - ok
00:01:07.0828 2388 [ C26A053E4DB47F6CDD8653C83AAF22EE ] C:\WINDOWS\system32\drivers\s24trans.sys
00:01:07.0828 2388 C:\WINDOWS\system32\drivers\s24trans.sys - ok
00:01:07.0828 2388 [ 04A428CAC21489F4B214E145DB25AA3B ] C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll
00:01:07.0828 2388 C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll - ok
00:01:07.0828 2388 [ 7FECEF7A579DDE63DB31245E1EEED35D ] C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
00:01:07.0828 2388 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll - ok
00:01:07.0843 2388 [ 11ADD8816D61A6025844EB5123EC92D3 ] C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
00:01:07.0843 2388 C:\Program Files\Intel\Wireless\Bin\Libeay32.dll - ok
00:01:07.0843 2388 [ F827FD8A87A92F9117FF399D71DE7CE7 ] C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
00:01:07.0843 2388 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll - ok
00:01:07.0843 2388 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
00:01:07.0843 2388 C:\WINDOWS\system32\wsock32.dll - ok
00:01:07.0843 2388 [ 2F5D76A9FE171464B06F9C4D0FE2E1A8 ] C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
00:01:07.0843 2388 C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll - ok
00:01:07.0859 2388 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
00:01:07.0859 2388 C:\WINDOWS\system32\netcfgx.dll - ok
00:01:07.0859 2388 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
00:01:07.0859 2388 C:\WINDOWS\system32\clusapi.dll - ok
00:01:07.0859 2388 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
00:01:07.0859 2388 C:\WINDOWS\system32\dhcpcsvc.dll - ok
00:01:07.0859 2388 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
00:01:07.0859 2388 C:\WINDOWS\system32\dnsrslvr.dll - ok
00:01:07.0875 2388 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
00:01:07.0875 2388 C:\WINDOWS\system32\lmhsvc.dll - ok
00:01:07.0875 2388 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
00:01:07.0875 2388 C:\WINDOWS\system32\wzcsvc.dll - ok
00:01:07.0875 2388 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
00:01:07.0875 2388 C:\WINDOWS\system32\rtutils.dll - ok
00:01:07.0875 2388 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
00:01:07.0875 2388 C:\WINDOWS\system32\wmi.dll - ok
00:01:07.0875 2388 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
00:01:07.0875 2388 C:\WINDOWS\system32\eapolqec.dll - ok
00:01:07.0890 2388 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
00:01:07.0890 2388 C:\WINDOWS\system32\qutil.dll - ok
00:01:07.0890 2388 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
00:01:07.0890 2388 C:\WINDOWS\system32\dot3api.dll - ok
00:01:07.0890 2388 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
00:01:07.0890 2388 C:\WINDOWS\system32\esent.dll - ok
00:01:07.0890 2388 [ 2133B82CD52F1B62CDEA633769819A60 ] C:\Program Files\Common Files\System\ado\msado15.dll
00:01:07.0890 2388 C:\Program Files\Common Files\System\ado\msado15.dll - ok
00:01:07.0906 2388 [ 01F0CBEB457CAE7EF0CA52C7CCA5B0E8 ] C:\WINDOWS\system32\msdart.dll
00:01:07.0906 2388 C:\WINDOWS\system32\msdart.dll - ok
00:01:07.0906 2388 [ DC095DB6D468CB5B653E05F865487E57 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
00:01:07.0906 2388 C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok
00:01:07.0906 2388 [ F86A2C7C279C746D5C5E06941ED4C337 ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
00:01:07.0906 2388 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok
00:01:07.0906 2388 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
00:01:07.0906 2388 C:\WINDOWS\system32\rastls.dll - ok
00:01:07.0921 2388 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
00:01:07.0921 2388 C:\WINDOWS\system32\cryptui.dll - ok
00:01:07.0921 2388 [ 1ED4C96EC76C3DDFCABD7644DA23F4B6 ] C:\Program Files\Common Files\System\Ole DB\msdasql.dll
00:01:07.0921 2388 C:\Program Files\Common Files\System\Ole DB\msdasql.dll - ok
00:01:07.0921 2388 [ 73BAFFA0B02320690CDC606241078CE4 ] C:\Program Files\Common Files\System\Ole DB\msdatl3.dll
00:01:07.0921 2388 C:\Program Files\Common Files\System\Ole DB\msdatl3.dll - ok
00:01:07.0921 2388 [ 8985FCECE06A74017E23DDD093E34D4E ] C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll
00:01:07.0921 2388 C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll - ok
00:01:07.0937 2388 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
00:01:07.0937 2388 C:\WINDOWS\system32\comsvcs.dll - ok
00:01:07.0937 2388 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
00:01:07.0937 2388 C:\WINDOWS\system32\mprapi.dll - ok
00:01:07.0937 2388 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
00:01:07.0937 2388 C:\WINDOWS\system32\activeds.dll - ok
00:01:07.0937 2388 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
00:01:07.0937 2388 C:\WINDOWS\system32\adsldpc.dll - ok
00:01:07.0953 2388 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
00:01:07.0953 2388 C:\WINDOWS\system32\colbact.dll - ok
00:01:07.0953 2388 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
00:01:07.0953 2388 C:\WINDOWS\system32\rasapi32.dll - ok
00:01:07.0953 2388 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
00:01:07.0953 2388 C:\WINDOWS\system32\mtxclu.dll - ok
00:01:07.0953 2388 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
00:01:07.0953 2388 C:\WINDOWS\system32\rasman.dll - ok
00:01:07.0968 2388 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
00:01:07.0968 2388 C:\WINDOWS\system32\resutils.dll - ok
00:01:07.0968 2388 [ 1B05DCC75FBB903A17E3E0DDAEA8D508 ] C:\WINDOWS\system32\odbcjt32.dll
00:01:07.0968 2388 C:\WINDOWS\system32\odbcjt32.dll - ok
00:01:07.0968 2388 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
00:01:07.0968 2388 C:\WINDOWS\system32\tapi32.dll - ok
00:01:07.0968 2388 [ 9E70016C950B1F8FDEAA6F067E2E25A8 ] C:\WINDOWS\system32\msjet40.dll
00:01:07.0968 2388 C:\WINDOWS\system32\msjet40.dll - ok
00:01:07.0984 2388 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
00:01:07.0984 2388 C:\WINDOWS\system32\riched20.dll - ok
00:01:07.0984 2388 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
00:01:07.0984 2388 C:\WINDOWS\system32\mlang.dll - ok
00:01:07.0984 2388 [ AFDC647D16B285B9AE6140335B3B3255 ] C:\WINDOWS\system32\mswstr10.dll
00:01:07.0984 2388 C:\WINDOWS\system32\mswstr10.dll - ok
00:01:07.0984 2388 [ 5CE275CDC5FFB77B1EC29DBDFE4B6689 ] C:\WINDOWS\system32\odbcji32.dll
00:01:07.0984 2388 C:\WINDOWS\system32\odbcji32.dll - ok
00:01:08.0000 2388 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
00:01:08.0000 2388 C:\WINDOWS\system32\raschap.dll - ok
00:01:08.0000 2388 [ 7E2B58CE8C4013287371667880B1080D ] C:\WINDOWS\system32\msjint40.dll
00:01:08.0000 2388 C:\WINDOWS\system32\msjint40.dll - ok
00:01:08.0000 2388 [ 0D14F07B29FBF0D750AA2495DD72B968 ] C:\WINDOWS\system32\msjter40.dll
00:01:08.0000 2388 C:\WINDOWS\system32\msjter40.dll - ok
00:01:08.0000 2388 [ 566382CA5F2C41FEAEEEFAC908F1EB92 ] C:\WINDOWS\system32\xmlprovi.dll
00:01:08.0000 2388 C:\WINDOWS\system32\xmlprovi.dll - ok
00:01:08.0000 2388 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
00:01:08.0000 2388 C:\WINDOWS\system32\wzcsapi.dll - ok
00:01:08.0015 2388 [ 2C288AA87E4723AC9FF4D76A192EC3F8 ] C:\WINDOWS\system32\odbccp32.dll
00:01:08.0015 2388 C:\WINDOWS\system32\odbccp32.dll - ok
00:01:08.0015 2388 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
00:01:08.0015 2388 C:\WINDOWS\system32\schedsvc.dll - ok
00:01:08.0015 2388 [ 142CEDECAE89E372EE347681C3FBB257 ] C:\Program Files\Common Files\System\msadc\msadce.dll
00:01:08.0015 2388 C:\Program Files\Common Files\System\msadc\msadce.dll - ok
00:01:08.0015 2388 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
00:01:08.0015 2388 C:\WINDOWS\system32\msidle.dll - ok
00:01:08.0031 2388 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
00:01:08.0031 2388 C:\WINDOWS\system32\spoolsv.exe - ok
00:01:08.0031 2388 [ 81E9041DAC0983AACE5C8920AF73D64E ] C:\Program Files\Common Files\System\msadc\msadcer.dll
00:01:08.0031 2388 C:\Program Files\Common Files\System\msadc\msadcer.dll - ok
00:01:08.0031 2388 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
00:01:08.0031 2388 C:\WINDOWS\system32\audiosrv.dll - ok
00:01:08.0031 2388 [ 86D007E7A654B9A71D1D7D856B104353 ] C:\WINDOWS\system32\scardsvr.exe
00:01:08.0031 2388 C:\WINDOWS\system32\scardsvr.exe - ok
00:01:08.0046 2388 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
00:01:08.0046 2388 C:\WINDOWS\system32\wkssvc.dll - ok
00:01:08.0046 2388 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
00:01:08.0046 2388 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
00:01:08.0046 2388 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
00:01:08.0046 2388 C:\WINDOWS\system32\webclnt.dll - ok
00:01:08.0046 2388 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
00:01:08.0046 2388 C:\WINDOWS\system32\drivers\parvdm.sys - ok
00:01:08.0062 2388 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
00:01:08.0062 2388 C:\WINDOWS\system32\drivers\serial.sys - ok
00:01:08.0062 2388 [ A9A3DAA780CA6C9671A19D52456705B4 ] C:\WINDOWS\system32\alrsvc.dll
00:01:08.0062 2388 C:\WINDOWS\system32\alrsvc.dll - ok
00:01:08.0062 2388 [ 7909577B7FDE2C2BC6F0840D29F5D583 ] C:\WINDOWS\system32\drivers\ampse.sys
00:01:08.0062 2388 C:\WINDOWS\system32\drivers\ampse.sys - ok
00:01:08.0062 2388 [ 442745BF42053A779AB514C5746DF11B ] C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
00:01:08.0062 2388 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe - ok
00:01:08.0078 2388 [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
00:01:08.0078 2388 C:\WINDOWS\system32\qmgr.dll - ok
00:01:08.0078 2388 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
00:01:08.0078 2388 C:\WINDOWS\system32\shfolder.dll - ok
00:01:08.0078 2388 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
00:01:08.0078 2388 C:\WINDOWS\system32\winhttp.dll - ok
00:01:08.0078 2388 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
00:01:08.0078 2388 C:\WINDOWS\system32\netman.dll - ok
00:01:08.0093 2388 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
00:01:08.0093 2388 C:\WINDOWS\system32\netshell.dll - ok
00:01:08.0093 2388 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
00:01:08.0093 2388 C:\WINDOWS\system32\credui.dll - ok
00:01:08.0093 2388 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
00:01:08.0093 2388 C:\WINDOWS\system32\dot3dlg.dll - ok
00:01:08.0093 2388 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
00:01:08.0093 2388 C:\WINDOWS\system32\eappcfg.dll - ok
00:01:08.0109 2388 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
00:01:08.0109 2388 C:\WINDOWS\system32\onex.dll - ok
00:01:08.0109 2388 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
00:01:08.0109 2388 C:\WINDOWS\system32\eappprxy.dll - ok
00:01:08.0109 2388 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
00:01:08.0109 2388 C:\WINDOWS\system32\dbghelp.dll - ok
00:01:08.0109 2388 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
00:01:08.0109 2388 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
00:01:08.0125 2388 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
00:01:08.0125 2388 C:\WINDOWS\system32\msi.dll - ok
00:01:08.0125 2388 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
00:01:08.0125 2388 C:\WINDOWS\system32\vssapi.dll - ok
00:01:08.0125 2388 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
00:01:08.0125 2388 C:\WINDOWS\system32\pdh.dll - ok
00:01:08.0125 2388 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
00:01:08.0125 2388 C:\WINDOWS\system32\odbcbcp.dll - ok
00:01:08.0140 2388 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
00:01:08.0140 2388 C:\WINDOWS\system32\perfdisk.dll - ok
00:01:08.0140 2388 [ 1793CC660605F63B14FB96C7707F75BA ] C:\WINDOWS\system32\perfproc.dll
00:01:08.0140 2388 C:\WINDOWS\system32\perfproc.dll - ok
00:01:08.0140 2388 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:01:08.0140 2388 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
00:01:08.0140 2388 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
00:01:08.0140 2388 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
00:01:08.0156 2388 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
00:01:08.0156 2388 C:\WINDOWS\system32\mscoree.dll - ok
00:01:08.0156 2388 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
00:01:08.0156 2388 C:\WINDOWS\system32\cryptsvc.dll - ok
00:01:08.0156 2388 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
00:01:08.0156 2388 C:\WINDOWS\system32\certcli.dll - ok
00:01:08.0156 2388 [ E2D3E74C02ABE0FB2169A541CE976AAC ] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
00:01:08.0156 2388 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - ok
00:01:08.0171 2388 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
00:01:08.0171 2388 C:\WINDOWS\system32\es.dll - ok
00:01:08.0171 2388 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
00:01:08.0171 2388 C:\WINDOWS\system32\dmserver.dll - ok
00:01:08.0171 2388 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
00:01:08.0171 2388 C:\WINDOWS\system32\ersvc.dll - ok
00:01:08.0171 2388 [ E25DAADD9766F59BC46A83D5A3626D9F ] C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll
00:01:08.0171 2388 C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll - ok
00:01:08.0187 2388 [ 94C5E62604CCD1EA08A31A7401D47B36 ] C:\Program Files\Intel\Wireless\Bin\DbEngine.dll
00:01:08.0187 2388 C:\Program Files\Intel\Wireless\Bin\DbEngine.dll - ok
00:01:08.0187 2388 [ 5038F4164AB33C6D67E18B7991ECC466 ] C:\Program Files\Intel\Wireless\Bin\MurocApi.dll
00:01:08.0187 2388 C:\Program Files\Intel\Wireless\Bin\MurocApi.dll - ok
00:01:08.0187 2388 [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
00:01:08.0187 2388 C:\WINDOWS\system32\icmp.dll - ok
00:01:08.0187 2388 [ C2B3E153A1DBDB6261B37963966F3DEA ] C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll
00:01:08.0187 2388 C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll - ok
00:01:08.0203 2388 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:01:08.0203 2388 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - ok
00:01:08.0203 2388 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
00:01:08.0203 2388 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
00:01:08.0203 2388 [ FB53A700132D9A97D1E10E9F80BD6174 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
00:01:08.0203 2388 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
00:01:08.0218 2388 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
00:01:08.0218 2388 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
00:01:08.0218 2388 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
00:01:08.0218 2388 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
00:01:08.0218 2388 [ 729DA5D23A9AD20A6AA353156A126420 ] C:\WINDOWS\system32\ieframe.dll
00:01:08.0218 2388 C:\WINDOWS\system32\ieframe.dll - ok
00:01:08.0218 2388 [ 09523AFBC5937D7CC786FC9C74D2D516 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
00:01:08.0218 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll - ok
00:01:08.0234 2388 [ 4B3685AA700084E4ED6635FC1EFD9CC2 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
00:01:08.0234 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll - ok
00:01:08.0234 2388 [ B9153B3A2F653DED6560FB8AAD38AE08 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\0f410e5729f64f2acc084505f01f863f\PresentationFontCache.ni.exe
00:01:08.0234 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\0f410e5729f64f2acc084505f01f863f\PresentationFontCache.ni.exe - ok
00:01:08.0250 2388 [ 741BDBA1E61DA6C56DD1C13BDDF1A7EE ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll
00:01:08.0250 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll - ok
00:01:08.0250 2388 [ C87FED0BF3CA6E9A5D7EA4B1B947AC89 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll
00:01:08.0250 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll - ok
00:01:08.0250 2388 [ 17170EF2E1B181CBF056A894362A4B69 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll
00:01:08.0250 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll - ok
00:01:08.0265 2388 [ 15F5D3FC818E98A14C22D80B0606F825 ] C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
00:01:08.0265 2388 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - ok
00:01:08.0265 2388 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
00:01:08.0265 2388 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
00:01:08.0265 2388 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
00:01:08.0265 2388 C:\WINDOWS\system32\shdocvw.dll - ok
00:01:08.0265 2388 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
00:01:08.0265 2388 C:\WINDOWS\system32\mydocs.dll - ok
00:01:08.0281 2388 [ EE4C7A4CF2316701FFDE90F404520265 ] C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:01:08.0281 2388 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll - ok
00:01:08.0281 2388 [ 0B66A9A2137213075F753579E7D573A5 ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
00:01:08.0281 2388 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe - ok
00:01:08.0281 2388 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
00:01:08.0281 2388 C:\WINDOWS\system32\ntshrui.dll - ok
00:01:08.0281 2388 [ CFB58C9A53B56892817C3519E32C4502 ] C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
00:01:08.0296 2388 C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll - ok
00:01:08.0296 2388 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
00:01:08.0296 2388 C:\WINDOWS\system32\spoolss.dll - ok
00:01:08.0296 2388 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
00:01:08.0296 2388 C:\WINDOWS\system32\localspl.dll - ok
00:01:08.0296 2388 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
00:01:08.0296 2388 C:\WINDOWS\system32\cnbjmon.dll - ok
00:01:08.0296 2388 [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\WINDOWS\system32\mdimon.dll
00:01:08.0296 2388 C:\WINDOWS\system32\mdimon.dll - ok
00:01:08.0312 2388 [ 9558DAA1DB859250A677CCE97B048151 ] C:\WINDOWS\system32\hpz3l5ha.dll
00:01:08.0312 2388 C:\WINDOWS\system32\hpz3l5ha.dll - ok
00:01:08.0312 2388 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
00:01:08.0312 2388 C:\WINDOWS\system32\pjlmon.dll - ok
00:01:08.0312 2388 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
00:01:08.0312 2388 C:\WINDOWS\system32\tcpmon.dll - ok
00:01:08.0312 2388 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
00:01:08.0312 2388 C:\WINDOWS\system32\usbmon.dll - ok
00:01:08.0328 2388 [ D0E39177C896D2F8191A9C96636276DF ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
00:01:08.0328 2388 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll - ok
00:01:08.0328 2388 [ EA8647A21BCB56C5F15712D4B7407501 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
00:01:08.0328 2388 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
00:01:08.0328 2388 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
00:01:08.0328 2388 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
00:01:08.0343 2388 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
00:01:08.0343 2388 C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
00:01:08.0343 2388 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
00:01:08.0343 2388 C:\WINDOWS\system32\srvsvc.dll - ok
00:01:08.0343 2388 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
00:01:08.0343 2388 C:\WINDOWS\system32\win32spl.dll - ok
00:01:08.0343 2388 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
00:01:08.0343 2388 C:\WINDOWS\system32\netrap.dll - ok
00:01:08.0359 2388 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
00:01:08.0359 2388 C:\WINDOWS\system32\netmsg.dll - ok
00:01:08.0359 2388 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
00:01:08.0359 2388 C:\WINDOWS\system32\inetpp.dll - ok
00:01:08.0359 2388 [ A081CB6FB9A12668F233EB5414BE3A0E ] C:\WINDOWS\system32\HPZinw12.dll
00:01:08.0359 2388 C:\WINDOWS\system32\HPZinw12.dll - ok
00:01:08.0359 2388 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
00:01:08.0359 2388 C:\WINDOWS\system32\drivers\srv.sys - ok
00:01:08.0375 2388 [ 098BA55EF5F540DBA0D578C5A2AE3E01 ] C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
00:01:08.0375 2388 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - ok
00:01:08.0375 2388 [ 65BC271F337637731D3C71455AE1F476 ] C:\WINDOWS\system32\HPZipm12.dll
00:01:08.0375 2388 C:\WINDOWS\system32\HPZipm12.dll - ok
00:01:08.0375 2388 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
00:01:08.0375 2388 C:\WINDOWS\system32\ipsecsvc.dll - ok
00:01:08.0375 2388 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
00:01:08.0375 2388 C:\WINDOWS\system32\oakley.dll - ok
00:01:08.0390 2388 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
00:01:08.0390 2388 C:\WINDOWS\system32\pstorsvc.dll - ok
00:01:08.0390 2388 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
00:01:08.0390 2388 C:\WINDOWS\system32\winipsec.dll - ok
00:01:08.0390 2388 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
00:01:08.0390 2388 C:\WINDOWS\system32\psbase.dll - ok
00:01:08.0390 2388 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
00:01:08.0390 2388 C:\WINDOWS\system32\dssenh.dll - ok
00:01:08.0390 2388 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
00:01:08.0390 2388 C:\WINDOWS\system32\seclogon.dll - ok
00:01:08.0406 2388 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
00:01:08.0406 2388 C:\WINDOWS\system32\srsvc.dll - ok
00:01:08.0406 2388 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
00:01:08.0406 2388 C:\WINDOWS\system32\wiaservc.dll - ok
00:01:08.0406 2388 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
00:01:08.0406 2388 C:\WINDOWS\system32\mscms.dll - ok
00:01:08.0406 2388 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
00:01:08.0406 2388 C:\WINDOWS\system32\sens.dll - ok
00:01:08.0421 2388 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
00:01:08.0421 2388 C:\WINDOWS\system32\actxprxy.dll - ok
00:01:08.0421 2388 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
00:01:08.0421 2388 C:\WINDOWS\system32\browser.dll - ok
00:01:08.0421 2388 [ CFBEDBABB54894D9AF4696B10B710F98 ] C:\WINDOWS\system32\NetProvCredMan.dll
00:01:08.0421 2388 C:\WINDOWS\system32\NetProvCredMan.dll - ok
00:01:08.0421 2388 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
00:01:08.0421 2388 C:\WINDOWS\system32\wuauserv.dll - ok
00:01:08.0437 2388 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
00:01:08.0437 2388 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
00:01:08.0437 2388 [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
00:01:08.0437 2388 C:\WINDOWS\system32\mpnotify.exe - ok
00:01:08.0437 2388 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
00:01:08.0437 2388 C:\WINDOWS\system32\wuaueng.dll - ok
00:01:08.0437 2388 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
00:01:08.0437 2388 C:\WINDOWS\system32\cabinet.dll - ok
00:01:08.0453 2388 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
00:01:08.0453 2388 C:\WINDOWS\system32\mspatcha.dll - ok
00:01:08.0453 2388 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
00:01:08.0453 2388 C:\WINDOWS\system32\trkwks.dll - ok
00:01:08.0453 2388 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
00:01:08.0453 2388 C:\WINDOWS\system32\wscsvc.dll - ok
00:01:08.0453 2388 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
00:01:08.0453 2388 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
00:01:08.0468 2388 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
00:01:08.0468 2388 C:\WINDOWS\system32\wbem\esscli.dll - ok
00:01:08.0468 2388 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
00:01:08.0468 2388 C:\WINDOWS\system32\wbem\fastprox.dll - ok
00:01:08.0468 2388 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
00:01:08.0468 2388 C:\WINDOWS\system32\cscui.dll - ok
00:01:08.0468 2388 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
00:01:08.0468 2388 C:\WINDOWS\system32\ipnathlp.dll - ok
00:01:08.0468 2388 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
00:01:08.0468 2388 C:\WINDOWS\system32\dpcdll.dll - ok
00:01:08.0484 2388 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
00:01:08.0484 2388 C:\WINDOWS\system32\wdmaud.drv - ok
00:01:08.0484 2388 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
00:01:08.0484 2388 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
00:01:08.0484 2388 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
00:01:08.0484 2388 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
00:01:08.0484 2388 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
00:01:08.0484 2388 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
00:01:08.0500 2388 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
00:01:08.0500 2388 C:\WINDOWS\system32\drivers\splitter.sys - ok
00:01:08.0500 2388 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
00:01:08.0500 2388 C:\WINDOWS\system32\wups.dll - ok
00:01:08.0500 2388 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
00:01:08.0500 2388 C:\WINDOWS\system32\drivers\aec.sys - ok
00:01:08.0500 2388 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
00:01:08.0500 2388 C:\WINDOWS\system32\userinit.exe - ok
00:01:08.0515 2388 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
00:01:08.0515 2388 C:\WINDOWS\system32\WgaTray.exe - ok
00:01:08.0515 2388 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
00:01:08.0515 2388 C:\WINDOWS\system32\wups2.dll - ok
00:01:08.0515 2388 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
00:01:08.0515 2388 C:\WINDOWS\system32\drivers\swmidi.sys - ok
00:01:08.0515 2388 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
00:01:08.0515 2388 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
00:01:08.0531 2388 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
00:01:08.0531 2388 C:\WINDOWS\system32\drivers\DMusic.sys - ok
00:01:08.0531 2388 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
00:01:08.0531 2388 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
00:01:08.0531 2388 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
00:01:08.0531 2388 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
00:01:08.0531 2388 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
00:01:08.0531 2388 C:\WINDOWS\system32\drivers\kmixer.sys - ok
00:01:08.0546 2388 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
00:01:08.0546 2388 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
00:01:08.0546 2388 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
00:01:08.0546 2388 C:\WINDOWS\system32\msacm32.drv - ok
00:01:08.0546 2388 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
00:01:08.0546 2388 C:\WINDOWS\system32\midimap.dll - ok
00:01:08.0546 2388 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
00:01:08.0546 2388 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
00:01:08.0562 2388 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
00:01:08.0562 2388 C:\WINDOWS\system32\wuauclt.exe - ok
00:01:08.0562 2388 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
00:01:08.0562 2388 C:\WINDOWS\system32\wbem\wbemess.dll - ok
00:01:08.0562 2388 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
00:01:08.0562 2388 C:\WINDOWS\system32\wuapi.dll - ok
00:01:08.0562 2388 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
00:01:08.0562 2388 C:\WINDOWS\system32\wbem\ncprov.dll - ok
00:01:08.0578 2388 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
00:01:08.0578 2388 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
00:01:08.0578 2388 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
00:01:08.0578 2388 C:\WINDOWS\explorer.exe - ok
00:01:08.0578 2388 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
00:01:08.0578 2388 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
00:01:08.0578 2388 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
00:01:08.0578 2388 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
00:01:08.0593 2388 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
00:01:08.0593 2388 C:\WINDOWS\system32\mstask.dll - ok
00:01:08.0593 2388 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
00:01:08.0593 2388 C:\WINDOWS\system32\browseui.dll - ok
00:01:08.0593 2388 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
00:01:08.0593 2388 C:\WINDOWS\system32\cryptnet.dll - ok
00:01:08.0593 2388 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
00:01:08.0593 2388 C:\WINDOWS\system32\sensapi.dll - ok
00:01:08.0609 2388 [ 3307A07B81206F354F0D4BEFEE922437 ] C:\WINDOWS\system32\LegitCheckControl.DLL
00:01:08.0609 2388 C:\WINDOWS\system32\LegitCheckControl.DLL - ok
00:01:08.0609 2388 [ 28406A359487238E704E458C7029172D ] C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
00:01:08.0609 2388 C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll - ok
00:01:08.0609 2388 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
00:01:08.0609 2388 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
00:01:08.0609 2388 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
00:01:08.0609 2388 C:\WINDOWS\system32\desk.cpl - ok
00:01:08.0625 2388 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
00:01:08.0625 2388 C:\WINDOWS\system32\themeui.dll - ok
00:01:08.0625 2388 [ F9D82B82F1B7C0B2D2606A987073F58C ] C:\PROGRA~1\WIFD1F~1\MpShHook.dll
00:01:08.0625 2388 C:\PROGRA~1\WIFD1F~1\MpShHook.dll - ok
00:01:08.0625 2388 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
00:01:08.0625 2388 C:\WINDOWS\system32\licwmi.dll - ok
00:01:08.0625 2388 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
00:01:08.0625 2388 C:\WINDOWS\system32\wbem\framedyn.dll - ok
00:01:08.0640 2388 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
00:01:08.0640 2388 C:\WINDOWS\system32\licdll.dll - ok
00:01:08.0640 2388 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
00:01:08.0640 2388 C:\WINDOWS\system32\msxml6.dll - ok
00:01:08.0640 2388 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
00:01:08.0640 2388 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
00:01:08.0640 2388 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
00:01:08.0640 2388 C:\WINDOWS\system32\cmd.exe - ok
00:01:08.0656 2388 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\Lisa\LOCALS~1\temp\38BB49BC-1898-445D-8D6C-F214C3AF909D.exe
00:01:08.0656 2388 C:\DOCUME~1\Lisa\LOCALS~1\temp\38BB49BC-1898-445D-8D6C-F214C3AF909D.exe - ok
00:01:08.0656 2388 [ 219AF0F9A54EBEEB3E7E20025D801034 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
00:01:08.0656 2388 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
00:01:08.0656 2388 [ E3FD1FBE163BC4C7820827CE39A7B5F7 ] C:\Program Files\BatteryBar\BatteryBar.dll
00:01:08.0656 2388 C:\Program Files\BatteryBar\BatteryBar.dll - ok
00:01:08.0671 2388 [ 8E61D0D1209B841EA5299DCB0FF45339 ] C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
00:01:08.0671 2388 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
00:01:08.0671 2388 [ 7A7831A07950CD7E8AC82AFA7E44A816 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
00:01:08.0671 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll - ok
00:01:08.0671 2388 [ 5A2FDF0D90643A3279E14E1525D02773 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
00:01:08.0671 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll - ok
00:01:08.0687 2388 [ 723528449ED0D1B0AD98AF3EDF23101D ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
00:01:08.0687 2388 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
00:01:08.0687 2388 [ A79C0249E40EC75C86B99AE0770A34A8 ] C:\Program Files\BatteryBar\BatteryBar.Utilities.dll
00:01:08.0687 2388 C:\Program Files\BatteryBar\BatteryBar.Utilities.dll - ok
00:01:08.0687 2388 [ 66FC56A42D8F49B9CFE6861D92053ACC ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
00:01:08.0687 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll - ok
00:01:08.0703 2388 [ C3FED6BBC024AAFFE6969FD4EE9F5941 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
00:01:08.0703 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll - ok
00:01:08.0703 2388 [ 860FAD57B4668A9F5F350A9D5444AE89 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
00:01:08.0703 2388 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
00:01:08.0703 2388 [ 0C720C33E8D28AD60B7932EAD82309EA ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
00:01:08.0703 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll - ok
00:01:08.0718 2388 [ 51301ACC5E5FDA65CFA1968395E5D951 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
00:01:08.0718 2388 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
00:01:08.0718 2388 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\52660806.sys
00:01:08.0718 2388 C:\WINDOWS\system32\drivers\52660806.sys - ok
00:01:08.0718 2388 [ 98B17BDA1D0BEA2FC8313DB218C0139F ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
00:01:08.0718 2388 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
00:01:08.0734 2388 [ 30B5A2254561E21CCC7BA21F80165D0B ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
00:01:08.0734 2388 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
00:01:08.0734 2388 [ 44DE39CB56D1919346C09C92A4B57C69 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
00:01:08.0734 2388 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
00:01:08.0734 2388 [ 88E05F3B2031980A48D458EB78C67659 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
00:01:08.0734 2388 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
00:01:08.0734 2388 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
00:01:08.0734 2388 C:\WINDOWS\system32\security.dll - ok
00:01:08.0750 2388 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
00:01:08.0750 2388 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
00:01:08.0750 2388 [ A89DFA6DB0C3D00559F770A214962A60 ] C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
00:01:08.0750 2388 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - ok
00:01:08.0750 2388 [ 54A9F1E18AAB48579AB70A32D60D780A ] C:\Program Files\Windows Media Player\wmpband.dll
00:01:08.0750 2388 C:\Program Files\Windows Media Player\wmpband.dll - ok
00:01:08.0765 2388 [ E4E02FF59F65D72E08731CBAC060B678 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7376da3c5dca2b5fadfad0b1eaf76da7\System.Web.Services.ni.dll
00:01:08.0765 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7376da3c5dca2b5fadfad0b1eaf76da7\System.Web.Services.ni.dll - ok
00:01:08.0765 2388 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
00:01:08.0765 2388 C:\WINDOWS\system32\linkinfo.dll - ok
00:01:08.0765 2388 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
00:01:08.0765 2388 C:\WINDOWS\system32\drprov.dll - ok
00:01:08.0781 2388 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
00:01:08.0781 2388 C:\WINDOWS\system32\ntlanman.dll - ok
00:01:08.0781 2388 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
00:01:08.0781 2388 C:\WINDOWS\system32\netui0.dll - ok
00:01:08.0781 2388 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
00:01:08.0781 2388 C:\WINDOWS\system32\netui1.dll - ok
00:01:08.0781 2388 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
00:01:08.0781 2388 C:\WINDOWS\system32\davclnt.dll - ok
00:01:08.0781 2388 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
00:01:08.0781 2388 C:\WINDOWS\system32\webcheck.dll - ok
00:01:08.0796 2388 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
00:01:08.0796 2388 C:\WINDOWS\system32\upnp.dll - ok
00:01:08.0796 2388 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
00:01:08.0796 2388 C:\WINDOWS\system32\ssdpapi.dll - ok
00:01:08.0796 2388 [ EB4964B2361DD80EA9AD6C9885105B92 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
00:01:08.0796 2388 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
00:01:08.0796 2388 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
00:01:08.0796 2388 C:\WINDOWS\system32\stobject.dll - ok
00:01:08.0812 2388 [ EBAADBBFB6C455E54EB6A0E47267D33C ] C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
00:01:08.0812 2388 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - ok
00:01:08.0812 2388 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
00:01:08.0812 2388 C:\WINDOWS\system32\rasmans.dll - ok
00:01:08.0812 2388 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
00:01:08.0812 2388 C:\WINDOWS\system32\batmeter.dll - ok
00:01:08.0828 2388 [ D7D69F304A604387B86BE991CBF07663 ] C:\WINDOWS\system32\WPDShServiceObj.dll
00:01:08.0828 2388 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
00:01:08.0828 2388 [ 3A7C34AD5DCF3040435FAD363AD1BCD1 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
00:01:08.0828 2388 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll - ok
00:01:08.0828 2388 [ 15D0C090E4223C68CC2DAF471584F4A8 ] C:\Program Files\Analog Devices\Core\smax4pnp.exe
00:01:08.0828 2388 C:\Program Files\Analog Devices\Core\smax4pnp.exe - ok
00:01:08.0843 2388 [ A687C458B80C7D55CBE39649D952ED2A ] C:\WINDOWS\system32\PortableDeviceTypes.dll
00:01:08.0843 2388 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
00:01:08.0843 2388 [ E132AD94798E72ACB650E985984C7F58 ] C:\WINDOWS\system32\PortableDeviceApi.dll
00:01:08.0843 2388 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
00:01:08.0843 2388 [ 35A936C7C029A5B705D3FFD40518D660 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
00:01:08.0843 2388 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
00:01:08.0843 2388 [ 003175AF814269C08F88420459CBF911 ] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
00:01:08.0843 2388 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe - ok
00:01:08.0859 2388 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
00:01:08.0859 2388 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
00:01:08.0859 2388 [ FE23D126327D5A46060466BEA762A387 ] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
00:01:08.0859 2388 C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe - ok
00:01:08.0859 2388 [ 5515EB5E3A8B073F66CFC697EB0D4B55 ] C:\Program Files\Microsoft ActiveSync\wcescomm.exe
00:01:08.0859 2388 C:\Program Files\Microsoft ActiveSync\wcescomm.exe - ok
00:01:08.0859 2388 [ A8D6F4F2AF68837CA77C51C0F0BACB34 ] C:\Program Files\BatteryBar\ShowBatteryBar.exe
00:01:08.0859 2388 C:\Program Files\BatteryBar\ShowBatteryBar.exe - ok
00:01:08.0875 2388 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
00:01:08.0875 2388 C:\WINDOWS\system32\msisip.dll - ok
00:01:08.0875 2388 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
00:01:08.0875 2388 C:\WINDOWS\system32\wshext.dll - ok
00:01:08.0875 2388 [ DCE0705B5D3861BFF813DB2A8160FBF0 ] C:\WINDOWS\system32\SynCOM.dll
00:01:08.0875 2388 C:\WINDOWS\system32\SynCOM.dll - ok
00:01:08.0875 2388 [ 40FA2F035ED88108850757CA51DAD942 ] C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
00:01:08.0875 2388 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL - ok
00:01:08.0890 2388 [ 559D9CBFC29DEE2773B28D38851683BA ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
00:01:08.0890 2388 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
00:01:08.0890 2388 [ 9EF5CD37551AC5381FC2CA763DC1CEE8 ] C:\WINDOWS\system32\SynTPAPI.dll
00:01:08.0890 2388 C:\WINDOWS\system32\SynTPAPI.dll - ok
00:01:08.0890 2388 [ BBEB50383CFCBAF50DBE6AF5EE7DA669 ] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.exe
00:01:08.0890 2388 C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.exe - ok
00:01:08.0890 2388 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
00:01:08.0890 2388 C:\WINDOWS\system32\ctfmon.exe - ok
00:01:08.0906 2388 [ 1C22A3866112ED41E1F3684DAE9AD5D2 ] C:\WINDOWS\system32\mmcshext.dll
00:01:08.0906 2388 C:\WINDOWS\system32\mmcshext.dll - ok
00:01:08.0906 2388 [ D3E868700D9B5E3C54B7EED060215CC1 ] C:\WINDOWS\system32\hhsetup.dll
00:01:08.0906 2388 C:\WINDOWS\system32\hhsetup.dll - ok
00:01:08.0906 2388 [ 2E55221866F9D61FF31F9CC7AF1DE70E ] C:\Program Files\Analog Devices\Core\smwdmif.dll
00:01:08.0906 2388 C:\Program Files\Analog Devices\Core\smwdmif.dll - ok
00:01:08.0906 2388 [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
00:01:08.0906 2388 C:\WINDOWS\system32\mfc42.dll - ok
00:01:08.0921 2388 [ 3506A3893B1F22E4B55394DFD09AA06A ] C:\Program Files\BatteryBar\BarExplorerHook.dll
00:01:08.0921 2388 C:\Program Files\BatteryBar\BarExplorerHook.dll - ok
00:01:08.0921 2388 [ 165AE7A443F2139DD2C078AD87699F91 ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
00:01:08.0921 2388 C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok
00:01:08.0921 2388 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
00:01:08.0921 2388 C:\WINDOWS\system32\ksuser.dll - ok
00:01:08.0921 2388 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
00:01:08.0921 2388 C:\WINDOWS\system32\oledlg.dll - ok
00:01:08.0937 2388 [ 43CCB246B3D0C385E54F14B04DF96E9F ] C:\WINDOWS\system32\ceutil.dll
00:01:08.0937 2388 C:\WINDOWS\system32\ceutil.dll - ok
00:01:08.0937 2388 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\MSCTF.dll
00:01:08.0937 2388 C:\WINDOWS\system32\MSCTF.dll - ok
00:01:08.0937 2388 [ D8836CD9622099140E14A60BE5A93E8C ] C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
00:01:08.0937 2388 C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe - ok
00:01:08.0937 2388 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
00:01:08.0937 2388 C:\WINDOWS\system32\msutb.dll - ok
00:01:08.0937 2388 [ B12C853961947ED89B9437966C7507B4 ] C:\WINDOWS\system32\rapi.dll
00:01:08.0937 2388 C:\WINDOWS\system32\rapi.dll - ok
00:01:08.0953 2388 [ DB0AA3706292AF63B46C7084BECCB8C7 ] C:\Program Files\Microsoft ActiveSync\tcp2udp.dll
00:01:08.0953 2388 C:\Program Files\Microsoft ActiveSync\tcp2udp.dll - ok
00:01:08.0953 2388 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\SPTIP.dll
00:01:08.0953 2388 C:\WINDOWS\ime\SPTIP.dll - ok
00:01:08.0953 2388 [ C8B1CADFAB61BB92FD4CBBE71B2F0E76 ] C:\Program Files\Java\jre6\bin\client\jvm.dll
00:01:08.0953 2388 C:\Program Files\Java\jre6\bin\client\jvm.dll - ok
00:01:08.0953 2388 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
00:01:08.0953 2388 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
00:01:08.0968 2388 [ 119C9228FD5E4D930E7729AC0FF14C00 ] C:\Program Files\Java\jre6\bin\verify.dll
00:01:08.0968 2388 C:\Program Files\Java\jre6\bin\verify.dll - ok
00:01:08.0968 2388 [ 9B3173EB1B50FF10686D01FE3DD22839 ] C:\Program Files\Java\jre6\bin\java.dll
00:01:08.0968 2388 C:\Program Files\Java\jre6\bin\java.dll - ok
00:01:08.0968 2388 [ ED377B3C83FDEA8D906109A085D219BA ] C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:01:08.0968 2388 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll - ok
00:01:08.0984 2388 [ 84EA4CFB7F30B08D97A91DE8AEE8C4DE ] C:\Program Files\Java\jre6\bin\zip.dll
00:01:08.0984 2388 C:\Program Files\Java\jre6\bin\zip.dll - ok
00:01:08.0984 2388 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
00:01:08.0984 2388 C:\WINDOWS\system32\tapisrv.dll - ok
00:01:08.0984 2388 [ 81ADBC4E31A721AEF23251A952049BA2 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
00:01:08.0984 2388 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
00:01:08.0984 2388 [ 7D4A768DEA3DC643CBB65222D5B1377B ] C:\PROGRA~1\MICROS~3\rapimgr.exe
00:01:08.0984 2388 C:\PROGRA~1\MICROS~3\rapimgr.exe - ok
00:01:09.0000 2388 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
00:01:09.0000 2388 C:\WINDOWS\system32\termsrv.dll - ok
00:01:09.0000 2388 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
00:01:09.0000 2388 C:\WINDOWS\system32\rastapi.dll - ok
00:01:09.0000 2388 [ D469A0EBA2EF5C6BEE8065B7E3196E5E ] C:\WINDOWS\system32\mshtml.dll
00:01:09.0000 2388 C:\WINDOWS\system32\mshtml.dll - ok
00:01:09.0000 2388 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
00:01:09.0000 2388 C:\WINDOWS\system32\icaapi.dll - ok
00:01:09.0015 2388 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
00:01:09.0015 2388 C:\WINDOWS\system32\unimdm.tsp - ok
00:01:09.0015 2388 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
00:01:09.0015 2388 C:\WINDOWS\system32\mstlsapi.dll - ok
00:01:09.0015 2388 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
00:01:09.0015 2388 C:\WINDOWS\system32\uniplat.dll - ok
00:01:09.0015 2388 [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
00:01:09.0015 2388 C:\WINDOWS\system32\unimdmat.dll - ok
00:01:09.0031 2388 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
00:01:09.0031 2388 C:\WINDOWS\system32\imapi.exe - ok
00:01:09.0031 2388 [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
00:01:09.0031 2388 C:\WINDOWS\system32\modemui.dll - ok
00:01:09.0031 2388 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
00:01:09.0031 2388 C:\WINDOWS\system32\kmddsp.tsp - ok
00:01:09.0031 2388 [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\system32\wscntfy.exe
00:01:09.0031 2388 C:\WINDOWS\system32\wscntfy.exe - ok
00:01:09.0031 2388 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
00:01:09.0031 2388 C:\WINDOWS\system32\ndptsp.tsp - ok
00:01:09.0046 2388 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
00:01:09.0046 2388 C:\WINDOWS\system32\ipconf.tsp - ok
00:01:09.0046 2388 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
00:01:09.0046 2388 C:\WINDOWS\system32\h323.tsp - ok
00:01:09.0046 2388 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
00:01:09.0046 2388 C:\WINDOWS\system32\hidphone.tsp - ok
00:01:09.0046 2388 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
00:01:09.0046 2388 C:\WINDOWS\system32\hid.dll - ok
00:01:09.0062 2388 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
00:01:09.0062 2388 C:\WINDOWS\system32\rasppp.dll - ok
00:01:09.0062 2388 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
00:01:09.0062 2388 C:\WINDOWS\system32\ntlsapi.dll - ok
00:01:09.0062 2388 [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
00:01:09.0062 2388 C:\WINDOWS\system32\msls31.dll - ok
00:01:09.0062 2388 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
00:01:09.0062 2388 C:\WINDOWS\system32\rasqec.dll - ok
00:01:09.0078 2388 [ 254CA8F8B2A387CD59E659991E3E3DBD ] C:\WINDOWS\system32\iepeers.dll
00:01:09.0078 2388 C:\WINDOWS\system32\iepeers.dll - ok
00:01:09.0078 2388 [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\MSIMTF.dll
00:01:09.0078 2388 C:\WINDOWS\system32\MSIMTF.dll - ok
00:01:09.0078 2388 [ 38FFEC2CD31441A6B57D7A0B490D7299 ] C:\WINDOWS\system32\jscript.dll
00:01:09.0078 2388 C:\WINDOWS\system32\jscript.dll - ok
00:01:09.0078 2388 [ 42B928FC8518D793BF7A5EAFC57B1D8B ] C:\WINDOWS\system32\imgutil.dll
00:01:09.0078 2388 C:\WINDOWS\system32\imgutil.dll - ok
00:01:09.0093 2388 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
00:01:09.0093 2388 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
00:01:09.0093 2388 [ E5FA1B044DAC5F6F600A1742D73F6936 ] C:\WINDOWS\system32\pngfilt.dll
00:01:09.0093 2388 C:\WINDOWS\system32\pngfilt.dll - ok
00:01:09.0109 2388 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
00:01:09.0109 2388 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
00:01:09.0109 2388 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
00:01:09.0109 2388 C:\WINDOWS\system32\drivers\http.sys - ok
00:01:09.0109 2388 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
00:01:09.0109 2388 C:\WINDOWS\system32\ssdpsrv.dll - ok
00:01:09.0109 2388 [ 6C1F256696FDB4CCBB46048C206ECEB7 ] C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
00:01:09.0109 2388 C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll - ok
00:01:09.0125 2388 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
00:01:09.0125 2388 C:\WINDOWS\system32\rasdlg.dll - ok
00:01:09.0125 2388 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
00:01:09.0125 2388 C:\WINDOWS\system32\alg.exe - ok
00:01:09.0125 2388 [ 532F1D7F6F40019E1DC56A2470EC6EE2 ] C:\Program Files\Microsoft ActiveSync\dtptdns.dll
00:01:09.0125 2388 C:\Program Files\Microsoft ActiveSync\dtptdns.dll - ok
00:01:09.0125 2388 [ 7A7127A2B14F84EBCB25DBA193385CF7 ] C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
00:01:09.0125 2388 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe - ok
00:01:09.0140 2388 [ 98606059BF69ED5BD13FD973F9652564 ] C:\Program Files\Intel\Wireless\Bin\acAuth.dll
00:01:09.0140 2388 C:\Program Files\Intel\Wireless\Bin\acAuth.dll - ok
00:01:09.0140 2388 [ 7E645765707A3B23E89E3F07526DA5FB ] C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll
00:01:09.0140 2388 C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll - ok
00:01:09.0140 2388 [ 62D031DE158788D49D3CB6ACC629DA30 ] C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.DLL
00:01:09.0140 2388 C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.DLL - ok
00:01:09.0140 2388 [ 4B9689D297B0B7ED616CC4B4EF842B70 ] C:\Program Files\Java\jre6\bin\net.dll
00:01:09.0140 2388 C:\Program Files\Java\jre6\bin\net.dll - ok
00:01:09.0156 2388 [ 4482B97B8C8A1C96917934FFC8EAE344 ] C:\Documents and Settings\Lisa\Local Settings\temp\WindowsAPI.dll5187196900676165544.lib
00:01:09.0156 2388 C:\Documents and Settings\Lisa\Local Settings\temp\WindowsAPI.dll5187196900676165544.lib - ok
00:01:09.0156 2388 [ 1ECAD6CDB2CEE77C847BF579482B3270 ] C:\Program Files\Intel\Wireless\Bin\acCTA.dll
00:01:09.0156 2388 C:\Program Files\Intel\Wireless\Bin\acCTA.dll - ok
00:01:09.0156 2388 [ 3A6B61AF7F5141AD74CD15C02319EC98 ] C:\Program Files\Java\jre6\bin\nio.dll
00:01:09.0156 2388 C:\Program Files\Java\jre6\bin\nio.dll - ok
00:01:09.0171 2388 [ D96111A5E60B604E022CF5AAD09D1522 ] C:\Documents and Settings\Lisa\Local Settings\temp\sqlite-3.6.20-sqlitejdbc.dll
00:01:09.0171 2388 C:\Documents and Settings\Lisa\Local Settings\temp\sqlite-3.6.20-sqlitejdbc.dll - ok
00:01:09.0171 2388 [ B9270BA1B0D210F786D2E001A7BB902B ] C:\Program Files\Motorola Mobility\MotoCast\swt-win32-3740.dll
00:01:09.0171 2388 C:\Program Files\Motorola Mobility\MotoCast\swt-win32-3740.dll - ok
00:01:09.0171 2388 [ 6DEE8BC215BED06DC1721C4FECAC90E1 ] C:\Program Files\Motorola Mobility\MotoCast\swt-gdip-win32-3740.dll
00:01:09.0171 2388 C:\Program Files\Motorola Mobility\MotoCast\swt-gdip-win32-3740.dll - ok
00:01:09.0171 2388 [ 236EAC6473D4EE93B0AEEA22AD888A2C ] C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
00:01:09.0171 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe - ok
00:01:09.0187 2388 [ 7A2E851E0F8518331B44957A3938D6EA ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
00:01:09.0187 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll - ok
00:01:09.0187 2388 [ 3E80F163209D6B0D301C8E242374CA02 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libglib-2.0-0.dll
00:01:09.0187 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libglib-2.0-0.dll - ok
00:01:09.0187 2388 [ C383128F6EAD9602D1E9B07E12C02340 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgobject-2.0-0.dll
00:01:09.0187 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgobject-2.0-0.dll - ok
00:01:09.0203 2388 [ 8019AFCE1C01F4B6032DD6D3B8D9FE59 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgthread-2.0-0.dll
00:01:09.0203 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgthread-2.0-0.dll - ok
00:01:09.0203 2388 [ FF2996C180E637EC7B7B67FDA42F2D3A ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgmodule-2.0-0.dll
00:01:09.0203 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgmodule-2.0-0.dll - ok
00:01:09.0203 2388 [ F014715792B0D75CE3B6C49CB72F908F ] C:\Program Files\Motorola Mobility\MotoCast\bin\libxml2-2.dll
00:01:09.0203 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libxml2-2.dll - ok
00:01:09.0203 2388 [ E74F3DCD930A57F7C377E0A062C0EC50 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libiconv-2.dll
00:01:09.0203 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libiconv-2.dll - ok
00:01:09.0218 2388 [ DD03404093CE4122AB074B43F0D20A0A ] C:\Program Files\Motorola Mobility\MotoCast\bin\z.dll
00:01:09.0218 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\z.dll - ok
00:01:09.0218 2388 [ EE7DCB41A7D9921CB141FD0BE3A98590 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
00:01:09.0218 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll - ok
00:01:09.0218 2388 [ 36BDC0B1F92FB4A4C073CE85BD0AA32D ] C:\Program Files\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
00:01:09.0218 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll - ok
00:01:09.0234 2388 [ 2B3B30DA6AB378929BF290C35C4DE7C7 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
00:01:09.0234 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll - ok
00:01:09.0234 2388 [ 01772488DF26F84255859A4016EC0BCC ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
00:01:09.0234 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll - ok
00:01:09.0234 2388 [ CB5307B12AA7BAB96F3BF4FAFFC37CC0 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
00:01:09.0234 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll - ok
00:01:09.0250 2388 [ 2D099FC684323E91B283948E4D2AA9F7 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
00:01:09.0250 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll - ok
00:01:09.0250 2388 [ 7DD96CF35F20682DB9402FBF241B7F42 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
00:01:09.0250 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll - ok
00:01:09.0250 2388 [ FBDFF0F0CB597FCEA55D6D85BE7F167B ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
00:01:09.0250 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll - ok
00:01:09.0250 2388 [ 430793BA067136D46B350553F99D6FFF ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
00:01:09.0250 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll - ok
00:01:09.0265 2388 [ 27BA69F7F90949382450356E762FD7C4 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
00:01:09.0265 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll - ok
00:01:09.0265 2388 [ 77ABF4885CF23ECE7BE2F59BC0245FE7 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
00:01:09.0265 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll - ok
00:01:09.0265 2388 [ 44C3C44E2E5247D05CCC66BD61DDD53A ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
00:01:09.0265 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll - ok
00:01:09.0281 2388 [ F1CBD7DF0B7EAF0A12E6F75F9C1DBABF ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
00:01:09.0281 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll - ok
00:01:09.0281 2388 [ 6AA3F86F4423CEC4AC2147EE670F3B35 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
00:01:09.0281 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll - ok
00:01:09.0281 2388 [ D1C050FDD3988AAB3693632FC2284D7A ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
00:01:09.0281 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll - ok
00:01:09.0296 2388 [ 54D442EF68FB1FA0896172996949C106 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
00:01:09.0296 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll - ok
00:01:09.0296 2388 [ 1798AFCC2A909A64CFE1BDF8778BAAF6 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
00:01:09.0296 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll - ok
00:01:09.0296 2388 [ 7361F5B1A1232EBFE9959088BC34A315 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
00:01:09.0296 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll - ok
00:01:09.0296 2388 [ 1833F1766A4EC786D3BA0C176A89EDBE ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
00:01:09.0296 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll - ok
00:01:09.0312 2388 [ 5DA4035EDFC9B2024149696A8BA22B8B ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
00:01:09.0312 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll - ok
00:01:09.0312 2388 [ E718240913B4FFF18A6BD6304FB74761 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
00:01:09.0312 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll - ok
00:01:09.0312 2388 [ 3608DF502866F45A9B0BBAFF89BAD7FA ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
00:01:09.0312 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll - ok
00:01:09.0328 2388 [ 952F0577A0DF872DF6DEC61F1ECD8D7D ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
00:01:09.0328 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll - ok
00:01:09.0328 2388 [ A88E1FCCD8303DD232A169531B395181 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
00:01:09.0328 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll - ok
00:01:09.0328 2388 [ 7A9683B1E447A24C763663278361E201 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
00:01:09.0328 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll - ok
00:01:09.0328 2388 [ 083DCC0A21940046E7562091140482C4 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
00:01:09.0328 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll - ok
00:01:09.0343 2388 [ 8FD4820D52F88701CBC5C89664ABAB36 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
00:01:09.0343 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll - ok
00:01:09.0343 2388 [ B22E7D9088737870B737B9C21D1027F1 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
00:01:09.0343 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll - ok
00:01:09.0343 2388 [ 420939BA172294808163A2FB7DEF6F61 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
00:01:09.0343 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll - ok
00:01:09.0359 2388 [ 115BA790B5A7048B65FD532D30929CE2 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
00:01:09.0359 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll - ok
00:01:09.0359 2388 [ 02B7E3E594F9DB5DCFD2B6EF480D661D ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
00:01:09.0359 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll - ok
00:01:09.0359 2388 [ EB150FF7B84375920DD17CC0E14D58A4 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
00:01:09.0359 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll - ok
00:01:09.0359 2388 [ EF30F572232ED3A19114A0BDA59BC6D8 ] C:\WINDOWS\system32\qasf.dll
00:01:09.0359 2388 C:\WINDOWS\system32\qasf.dll - ok
00:01:09.0375 2388 [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
00:01:09.0375 2388 C:\WINDOWS\system32\msdmo.dll - ok
00:01:09.0375 2388 [ 1840318BDEFAB1D23F8F9C0D59263CB3 ] C:\WINDOWS\system32\WMADMOD.dll
00:01:09.0375 2388 C:\WINDOWS\system32\WMADMOD.dll - ok
00:01:09.0375 2388 [ ADC5D27EB04A03368163C7C41F5CA1A8 ] C:\WINDOWS\system32\MFPLAT.dll
00:01:09.0375 2388 C:\WINDOWS\system32\MFPLAT.dll - ok
00:01:09.0375 2388 [ DE2FB32A9EC98B8F1B9A2B869AF5D269 ] C:\WINDOWS\system32\l3codecx.ax
00:01:09.0375 2388 C:\WINDOWS\system32\l3codecx.ax - ok
00:01:09.0390 2388 [ 34FFB6ABA2DA398BB33422E1E9275BA9 ] C:\WINDOWS\system32\quartz.dll
00:01:09.0390 2388 C:\WINDOWS\system32\quartz.dll - ok
00:01:09.0390 2388 [ 20772225C85D21721172953EB486DDAB ] C:\WINDOWS\system32\ffdshow.ax
00:01:09.0390 2388 C:\WINDOWS\system32\ffdshow.ax - ok
00:01:09.0390 2388 [ BC87DB4759083525F96A159861670C5E ] C:\WINDOWS\system32\dinput.dll
00:01:09.0390 2388 C:\WINDOWS\system32\dinput.dll - ok
00:01:09.0390 2388 [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
00:01:09.0390 2388 C:\WINDOWS\system32\d3d9.dll - ok
00:01:09.0406 2388 [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
00:01:09.0406 2388 C:\WINDOWS\system32\d3d8thk.dll - ok
00:01:09.0406 2388 [ 20BF25304BCB0CC3DEEBD49E0A999E94 ] C:\WINDOWS\system32\WMVDECOD.dll
00:01:09.0406 2388 C:\WINDOWS\system32\WMVDECOD.dll - ok
00:01:09.0406 2388 [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
00:01:09.0406 2388 C:\WINDOWS\system32\msvfw32.dll - ok
00:01:09.0406 2388 [ 3FD985E1BE884079788B0435D09A9597 ] C:\WINDOWS\system32\mp4sdecd.dll
00:01:09.0406 2388 C:\WINDOWS\system32\mp4sdecd.dll - ok
00:01:09.0421 2388 [ B8492FADEFB97AD94CC08A2F252DE354 ] C:\WINDOWS\system32\MPG4DECD.dll
00:01:09.0421 2388 C:\WINDOWS\system32\MPG4DECD.dll - ok
00:01:09.0421 2388 [ 0D31F9C7F051B14BD66C847DF465B2F7 ] C:\WINDOWS\system32\MP43DECD.dll
00:01:09.0421 2388 C:\WINDOWS\system32\MP43DECD.dll - ok
00:01:09.0421 2388 [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll
00:01:09.0421 2388 C:\WINDOWS\system32\devenum.dll - ok
00:01:09.0421 2388 [ 105DF9BDEA37648723513B1E4C70E1C4 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
00:01:09.0421 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll - ok
00:01:09.0437 2388 [ DE8DAC424D4A485443B29E107DC745DB ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
00:01:09.0437 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll - ok
00:01:09.0437 2388 [ 282EE90C8BF7BA25E177F96F7D0CEBE9 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
00:01:09.0437 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll - ok
00:01:09.0437 2388 [ A01FEFFFFB9E7C7E006E7A4A40824B4D ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
00:01:09.0437 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll - ok
00:01:09.0437 2388 [ 21BE382541E2A31D6C9C0226E99E1F22 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
00:01:09.0437 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libFLAC-8.dll - ok
00:01:09.0453 2388 [ 760CDBD0047C4DA79EAA0951144170D3 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libogg-0.dll
00:01:09.0453 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libogg-0.dll - ok
00:01:09.0453 2388 [ 600E5D3175FCE759E5E8FF164F6E9C6C ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
00:01:09.0453 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll - ok
00:01:09.0453 2388 [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll
00:01:09.0453 2388 C:\WINDOWS\system32\httpapi.dll - ok
00:01:09.0468 2388 [ 2BFB5FEE91E4228F08633F087F763D2B ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
00:01:09.0468 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll - ok
00:01:09.0468 2388 [ 3D5AF5BD268B70D548C2D90DDF6EF7E7 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
00:01:09.0468 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll - ok
00:01:09.0468 2388 [ 6100A808600F44D999CEBDEF8841C7A3 ] C:\WINDOWS\system32\w3ssl.dll
00:01:09.0468 2388 C:\WINDOWS\system32\w3ssl.dll - ok
00:01:09.0468 2388 [ 4A93B65CFB514F2EA76B59568D5F39CE ] C:\WINDOWS\system32\strmfilt.dll
00:01:09.0468 2388 C:\WINDOWS\system32\strmfilt.dll - ok
00:01:09.0484 2388 [ A9E4ABCBAF1F94A97B1819CE7F1540CC ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
00:01:09.0484 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll - ok
00:01:09.0484 2388 [ 2906175CBFB0B1061C1926992494ACA7 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
00:01:09.0484 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll - ok
00:01:09.0484 2388 [ 35B4487F80FB6488C3ABB0CC234E873A ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
00:01:09.0484 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll - ok
00:01:09.0500 2388 [ F62B3A71D1BCE998B00B13BC41FC7891 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
00:01:09.0500 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll - ok
00:01:09.0500 2388 [ B8B19A2658CB3B114D65054A754C17C5 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
00:01:09.0500 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll - ok
00:01:09.0500 2388 [ B9ED35CB42AE2422CFAAEC18838D6446 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
00:01:09.0500 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll - ok
00:01:09.0500 2388 [ FAF125BE3F886AF4F3A52ECBB9372B1B ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
00:01:09.0500 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll - ok
00:01:09.0515 2388 [ F1C66309DBE0E49603AE0750C5E8A770 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
00:01:09.0515 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll - ok
00:01:09.0515 2388 [ D4361EB79A052461C1DD892F4A231DF8 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
00:01:09.0515 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll - ok
00:01:09.0515 2388 [ 2D4B1C7FB36C7A90EF08A88D6768E719 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
00:01:09.0515 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll - ok
00:01:09.0531 2388 [ 12DAA9D32A64C1C9F018FE9669E05ECD ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
00:01:09.0531 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll - ok
00:01:09.0531 2388 [ CED020BBA00B32E68D5039910C38B9BA ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
00:01:09.0531 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll - ok
00:01:09.0531 2388 [ 37EDB0070F9D81C050A8C475E21F5371 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgio-2.0-0.dll
00:01:09.0531 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgio-2.0-0.dll - ok
00:01:09.0546 2388 [ 3F2C31427479752C0BB5A853DC0AD288 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
00:01:09.0546 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll - ok
00:01:09.0546 2388 [ 69C23EA33DA3A4C0024EE0724A9626DA ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
00:01:09.0546 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll - ok
00:01:09.0546 2388 [ 9D0CA2DF7108A0DF8A94CEB1FBA5DE58 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
00:01:09.0546 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll - ok
00:01:09.0546 2388 [ 83D5F86CEF5BBCFFE05D3A6A5AF1272D ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstisomp4.dll
00:01:09.0546 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstisomp4.dll - ok
00:01:09.0562 2388 [ C6B582111E29E72376233E62F0725733 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
00:01:09.0562 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll - ok
00:01:09.0562 2388 [ 227B3470E11B54010E197EB9D37364A0 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
00:01:09.0562 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll - ok
00:01:09.0562 2388 [ 777C35A3368CC5B5B86C517D78ACCB8A ] C:\Program Files\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
00:01:09.0562 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libjpeg-8.dll - ok
00:01:09.0578 2388 [ DED0C836F62E6E2A2EFD2DA476221B70 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
00:01:09.0578 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll - ok
00:01:09.0578 2388 [ DD7FAAC26951037790418666B8B85E99 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
00:01:09.0578 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll - ok
00:01:09.0578 2388 [ BC3EB39BCBA8784A0D6C3402824B27CA ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
00:01:09.0578 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll - ok
00:01:09.0593 2388 [ 9FED6746585A85EE8EE20802927ED05D ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
00:01:09.0593 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll - ok
00:01:09.0593 2388 [ D8D38BEC3C9A21E95AB7EC77F55E14FD ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
00:01:09.0593 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll - ok
00:01:09.0593 2388 [ 9585EDB041E9CD14D62129CABEB85B62 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
00:01:09.0593 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll - ok
00:01:09.0593 2388 [ F6DF62C010911FCD26A18D18FA3B21B6 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
00:01:09.0593 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll - ok
00:01:09.0609 2388 [ 776CF012E0F6E4689505D7EEE95C2E93 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
00:01:09.0609 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll - ok
00:01:09.0609 2388 [ FE61AFA9F15DBE97808254BBCA56FA99 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
00:01:09.0609 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll - ok
00:01:09.0609 2388 [ 60E45AAB2AD37EF9418A7B86D6A581B7 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
00:01:09.0609 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll - ok
00:01:09.0625 2388 [ EA56118A0E2CB8E15D916DBF8AA72246 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
00:01:09.0625 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll - ok
00:01:09.0625 2388 [ 6D2CB37D2FD49442BC45313921F91187 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libpng14-14.dll
00:01:09.0625 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libpng14-14.dll - ok
00:01:09.0625 2388 [ 6A08499375F68CFAB9C1B4ED49638609 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
00:01:09.0625 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll - ok
00:01:09.0625 2388 [ A861A6318EE1C940AB2E1BEBCEAFD002 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstshift.dll
00:01:09.0625 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstshift.dll - ok
00:01:09.0640 2388 [ 39C6715B6B223EF1C144FCE3A59BB916 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
00:01:09.0640 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll - ok
00:01:09.0640 2388 [ BCD482BE02F470F63C569887987B3858 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
00:01:09.0640 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll - ok
00:01:09.0640 2388 [ E082DD8C3D7DABC7F08979FE6103C858 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
00:01:09.0640 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll - ok
00:01:09.0656 2388 [ 63842A5AF926CA8378E470D73A1ECE7B ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
00:01:09.0656 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll - ok
00:01:09.0656 2388 [ 34E06B8C3C1F86AFE9F130F20A6AEEF5 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
00:01:09.0656 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll - ok
00:01:09.0656 2388 [ 00E8D19E198411A811551E2ADF5E71C3 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
00:01:09.0656 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll - ok
00:01:09.0671 2388 [ F5DD6FF3325D1434BD4C89C778A2C10F ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
00:01:09.0671 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll - ok
00:01:09.0671 2388 [ D0A513A5047103F1A57D36F67C510885 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
00:01:09.0671 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll - ok
00:01:09.0671 2388 [ D80CFD273D3291D4F62E93554E0CF173 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
00:01:09.0671 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll - ok
00:01:09.0671 2388 [ 27863CA47F6D1B09965A0CC7E3500596 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
00:01:09.0671 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbis-0.dll - ok
00:01:09.0687 2388 [ 23C5BAA9943603E85E36F1DF362537A6 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
00:01:09.0687 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll - ok
00:01:09.0687 2388 [ DB31AF492FEEC427F86163FC1CCBFB91 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
00:01:09.0687 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll - ok
00:01:09.0687 2388 [ E31F981AEA78FF8DE8881BE52843B583 ] C:\Program Files\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
00:01:09.0687 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\libwavpack-1.dll - ok
00:01:09.0687 2388 [ 0AAA7EF254D9B2902283C2E347374B43 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
00:01:09.0687 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll - ok
00:01:09.0703 2388 [ 2A64F63F69B855321C4E9CBED0B5AB2D ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
00:01:09.0703 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll - ok
00:01:09.0703 2388 [ DD18A1A2D6A780F282716EC0570251FE ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\mc_enc_aac_i386.dll
00:01:09.0703 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\mc_enc_aac_i386.dll - ok
00:01:09.0703 2388 [ 7427BE3D197B9D9C44DB26169638B8B1 ] C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\mc_enc_avc_i386.dll
00:01:09.0703 2388 C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\mc_enc_avc_i386.dll - ok
00:01:09.0718 2388 ============================================================
00:01:09.0718 2388 Scan finished
00:01:09.0718 2388 ============================================================
00:01:09.0812 2252 Detected object count: 16
00:01:09.0812 2252 Actual detected object count: 16
00:04:34.0031 2252 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0031 2252 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0031 2252 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0031 2252 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0031 2252 FileDisk ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0031 2252 FileDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0031 2252 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0031 2252 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0046 2252 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0046 2252 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0046 2252 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0046 2252 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0046 2252 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0046 2252 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0046 2252 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0046 2252 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0046 2252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0046 2252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0046 2252 NETw5x32 ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0046 2252 NETw5x32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0046 2252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0046 2252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0046 2252 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0046 2252 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0046 2252 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0046 2252 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0062 2252 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
00:04:34.0062 2252 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:04:34.0843 2252 \Device\Harddisk0\DR0\# - copied to quarantine
00:04:34.0843 2252 \Device\Harddisk0\DR0 - copied to quarantine
00:04:34.0875 2252 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
00:04:34.0890 2252 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
00:04:34.0890 2252 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
00:04:34.0906 2252 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
00:04:34.0921 2252 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
00:04:34.0921 2252 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
00:04:34.0921 2252 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
00:04:34.0921 2252 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
00:04:34.0921 2252 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
00:04:34.0921 2252 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
00:04:34.0937 2252 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
00:04:34.0937 2252 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
00:04:34.0968 2252 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
00:04:34.0968 2252 \Device\Harddisk0\DR0 - ok
00:04:34.0968 2252 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
00:04:34.0968 2252 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:04:34.0984 2252 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:04:46.0656 2604 Deinitialize success




00:06:32.0375 2864 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:06:32.0500 2864 ============================================================
00:06:32.0500 2864 Current date / time: 2013/02/07 00:06:32.0500
00:06:32.0500 2864 SystemInfo:
00:06:32.0500 2864
00:06:32.0500 2864 OS Version: 5.1.2600 ServicePack: 3.0
00:06:32.0500 2864 Product type: Workstation
00:06:32.0500 2864 ComputerName: NX9420
00:06:32.0500 2864 UserName: Lisa
00:06:32.0500 2864 Windows directory: C:\WINDOWS
00:06:32.0500 2864 System windows directory: C:\WINDOWS
00:06:32.0500 2864 Processor architecture: Intel x86
00:06:32.0500 2864 Number of processors: 2
00:06:32.0500 2864 Page size: 0x1000
00:06:32.0500 2864 Boot type: Normal boot
00:06:32.0500 2864 ============================================================
00:06:42.0593 2864 BG loaded
00:06:43.0078 2864 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
00:06:43.0109 2864 ============================================================
00:06:43.0109 2864 \Device\Harddisk0\DR0:
00:06:43.0140 2864 MBR partitions:
00:06:43.0140 2864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50A51
00:06:43.0140 2864 ============================================================
00:06:43.0218 2864 C: <-> \Device\Harddisk0\DR0\Partition1
00:06:43.0234 2864 ============================================================
00:06:43.0234 2864 Initialize success
00:06:43.0234 2864 ============================================================




ASWmbr.TXT:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-07 00:11:53
-----------------------------
00:11:53.406 OS Version: Windows 5.1.2600 Service Pack 3
00:11:53.406 Number of processors: 2 586 0xF06
00:11:53.406 ComputerName: NX9420 UserName: Lisa
00:11:53.968 Initialize success
00:19:50.421 AVAST engine defs: 13020601
00:20:37.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:20:37.812 Disk 0 Vendor: HTS72101 MCZO Size: 95396MB BusType: 3
00:20:37.828 Disk 0 MBR read successfully
00:20:37.828 Disk 0 MBR scan
00:20:37.859 Disk 0 unknown MBR code
00:20:37.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95393 MB offset 63
00:20:37.875 Disk 0 scanning sectors +195365520
00:20:37.953 Disk 0 scanning C:\WINDOWS\system32\drivers
00:20:48.531 Service scanning
00:21:12.000 Modules scanning
00:21:19.906 Disk 0 trace - called modules:
00:21:19.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
00:21:19.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa18ab8]
00:21:19.953 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a9d5c58]
00:21:19.968 5 hpdskflt.sys[ba3395ae] -> nt!IofCallDriver -> \Device\00000096[0x8a9f69e0]
00:21:19.984 7 ACPI.sys[b9f51620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a9d4030]
00:21:21.343 AVAST engine scan C:\WINDOWS
00:21:44.093 AVAST engine scan C:\WINDOWS\system32
00:24:54.578 AVAST engine scan C:\WINDOWS\system32\drivers
00:25:09.578 AVAST engine scan C:\Documents and Settings\Lisa
00:35:57.906 File: C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll **INFECTED** Win32:BHO-AJD [Trj]
01:03:36.906 AVAST engine scan C:\Documents and Settings\All Users
01:05:02.453 Scan finished successfully
01:05:52.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lisa\Desktop\MBR.dat"
01:05:52.484 The log file has been saved successfully to "C:\Documents and Settings\Lisa\Desktop\aswMBR.txt"
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

first I want you to rerun TDSSKiller again and when it gets to this point

00:04:34.0968 2252 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:04:34.0984 2252 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

I want you to select delete this time



then I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#9
LisaMc

LisaMc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I tried to start up Google chrone and I got an error box "Your preferences file is corrupt or invalid. Google chrome is unable to recover your settings." but I was able to use it then. Internet Explorer worked ok as did MS Word so it seems it is fixed now!!! Thanks for your help Gringo. I cut and paste the log file from TDSSKiller:



ComboFix 13-02-06.01 - Lisa 02/07/2013 16:38:15.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1955 [GMT -5:00]
Running from: c:\documents and settings\Lisa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lisa\Desktop\CFScript.txt
AV: System Shield *Disabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-07 to 2013-02-07 )))))))))))))))))))))))))))))))
.
.
2013-02-07 05:04 . 2013-02-07 21:35 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-05 17:59 . 2013-01-18 17:17 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1819E4EC-D1F1-401D-9A28-3A6CBD2C30B7}\mpengine.dll
2013-02-05 16:57 . 2013-02-05 16:58 -------- dc-h--w- c:\windows\ie8
2013-02-05 01:20 . 2013-01-18 17:17 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-05 01:20 . 2013-01-17 06:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-04 17:19 . 2013-02-04 17:19 -------- d-----w- c:\program files\Windows Defender
2013-01-25 21:11 . 2013-01-25 21:11 -------- d-----w- c:\program files\GUM7.tmp
2013-01-25 21:01 . 2013-01-25 21:01 -------- d-----w- c:\documents and settings\John\Application Data\Motorola Mobility
2013-01-23 22:15 . 2013-01-25 02:41 -------- d--h--w- c:\documents and settings\Lisa\Application Data\2CE4E61C
2013-01-08 22:55 . 2013-01-08 22:55 -------- d-----w- c:\documents and settings\Lisa\.morena
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 19:09 . 2012-04-02 18:18 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-10 19:09 . 2011-06-13 15:41 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2008-04-14 09:39 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2010-07-13 18:11 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 04:57 . 2010-09-16 23:52 41176 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-12-07 04:57 . 2010-09-16 23:52 23128 ----a-w- c:\windows\system32\smrgdf.exe
2012-12-07 04:42 . 2011-07-12 15:36 2097032 ----a-w- c:\windows\system32\Incinerator32.dll
2012-11-13 01:25 . 2008-04-14 05:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2011-12-21 07:24 . 2011-12-28 22:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-11-21 1704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-07-26 1061960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ??¬???…????\0?…????\0?…????\0?…????\0?…????\0?…
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\SysMech.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Motorola Media Link\\Lite\\MML.exe"=
"c:\\Program Files\\Motorola Mobility\\MotoCast\\motocast.exe"=
"c:\\Program Files\\Motorola Mobility\\MotoCast\\bin\\MotoCast-thumbnailer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [5/25/2012 11:48 AM 137568]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [10/1/2012 12:00 PM 68464]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [7/12/2010 4:16 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/24/2007 7:21 AM 41216]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [5/25/2012 11:48 AM 1210208]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/16/2010 6:52 PM 1053184]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S4 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [9/7/2012 9:36 PM 87992]
S4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [10/23/2012 5:58 PM 120728]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 00926101
*NewlyCreated* - 11610183
*Deregistered* - 00926101
*Deregistered* - 11610183
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 04:11 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 19:09]
.
2013-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 02:01]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 02:01]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1005Core.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-05 22:02]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1005UA.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-05 22:02]
.
2013-02-07 c:\windows\Tasks\MotoCast Update.job
- c:\program files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-11-07 22:09]
.
2013-02-07 c:\windows\Tasks\Motorola Device Manager Engine.job
- c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23 22:58]
.
2012-12-21 c:\windows\Tasks\Motorola Device Manager Update.job
- c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23 22:58]
.
2013-02-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://powerschool....2.nh.us/public/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
LSP: c:\windows\system32\iavlsp.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Lisa\Application Data\Mozilla\Firefox\Profiles\sjl8imbn.default\
FF - prefs.js: browser.startup.homepage - hxxps://powerschool.merrimack.k12.nh.us/public/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-11610183.sys
SafeBoot-42123783.sys
SafeBoot-87526858.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-07 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\iavlsp.dll
.
- - - - - - - > 'explorer.exe'(2580)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\BatteryBar\BatteryBar.dll
c:\program files\BatteryBar\BatteryBar.Utilities.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\iavlsp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2013-02-07 16:46:15
ComboFix-quarantined-files.txt 2013-02-07 21:46
ComboFix2.txt 2013-02-07 01:15
ComboFix3.txt 2013-02-07 00:47
.
Pre-Run: 13,499,154,432 bytes free
Post-Run: 13,262,876,672 bytes free
.
- - End Of File - - 23A406E3CF63538036F6D3A05876F796
  • 0

#10
LisaMc

LisaMc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I went back to check on the laptop to see how it was going and the cursor was frozen and I couldn't do ctrl alt del to bring up the task manager so had to hold down the power key to get it to shut down.
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#12
LisaMc

LisaMc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the report. I want to thank you again for all of your help so far. I had to submit an excellence award nomination for another nurse I work with and I actually was able to do it today (it was the deadline) from my "sick" computer. Also I may not be able to get back to you for a while. I live in southern NH and we are going to have blizzard conditions tonight, so I expect the power to go out with high winds and then I am doing double double shifts this weekend. I will try to get back to you Monday if we have power on any response you have. Thanks so much!!

32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
AIO_Scan
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Audacity 1.2.6
AuthenTec Fingerprint Sensor Minimum Install
AVSDK5
Batch XLSX to XLS Converter
BatteryBar (remove only)
Belarc Advisor 8.3
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Broadcom NetXtreme Ethernet Controller
BufferChm
C4200
C4200_doccd
c4200_Help
CCleaner
Compatibility Pack for the 2007 Office system
Copy
Core Temp 1.0 RC2
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Elecard MPEG-2 PlugIn for WMP
Epocrates Essentials for Pocket PC
eSupportQFolder
File Recover 7.5
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 3.5
HP Product Assistant
HP Quick Launch Buttons 6.30 J1
HP Solution Center 9.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
InCD EasyWrite Reader
inSSIDer 2.0
Intel Matrix Storage Manager
Intel® PROSet/Wireless Software
iolo technologies' System Mechanic Professional
iTunes
Java Auto Updater
Java™ 6 Update 30
Malwarebytes Anti-Malware version 1.70.0.1100
mCore
mDrWiFi
Media Player Codec Pack 4.0.0
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIWA
mLogView
mMHouse
MobileMe Control Panel
MotoCast
MotoHelper MergeModules
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 9.0.1 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6.0 Parser
mWlsSafe
mZConfig
Picasa 3
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickTime
Recuva
Rhapsody
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923789)
SequoiaView
SolutionCenter
SoundMAX
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
System Mechanic 11 Professional
Texas Instruments PCIxx21/x515/xx12 drivers.
The Weather Channel Desktop 6
TIPCI
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB971029)
VideoToolkit01
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Wise Disk Cleaner 5.81
Wise Registry Cleaner 5.8.9
WModem Driver Installer
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Adobe Reader X (10.1.5)
Javaô 6 Update 30

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshopģ Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshopģ Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.



: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#14
LisaMc

LisaMc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I did not have problems until I tried to run Hijackthis. I double clicked on the icon to run it (because I am an XP user). At the top of the application box it says:
Trend Micro JijackThis - v2.0.4

then there is a blue bar over to about 3/4 of the program screen and in red letters it says "INI file values... (2/7)

Under that the R0 and R1 values I can't see all of what it says because there is another program dialog box in front of them, so I can't click to widen the scree, but it I willl type below the 6 lines I can read most of:

R0 - HKCU\Software\Microsoft\InternetExplorer\Main,Start Page = https://powerschool....k12.nh.us/publi (this line highlighted in blue)
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Page_URL = http://go.microsoft....fwlink/?linkId=
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,SearchPage = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\InternetExplorer\Main,StartPage = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings,ProxyOverride = *.local;192.168.*.*
(it is possible there are errors in the above R1 and R0 6 lines, I didn't double check)

There is a dialog box in front of the "Trend Micro HijackThis" box as follows:

The blue title bar is "HijackThis"
Please help us improve HijackThis by report this error

Click 'Yes' to submit

Error Details:

An unexpected error has occurred at procedure:modRegistry_IniGetString(sFile-system.ini, sSection=boot, sValue=Shell)
Error #5 - Invalid procedure call or argument

Windows version: Windows NT 5.01.2600
MSIE version: 8.0.6001.18702
HijackThis version: 2.0.4

Then the yes no buttons


I saved a print screen of this but did not attach it, because I don't think I am supposed to attach files, but if you want it I can reply again and attach it.


I click no on the report this error.


Then I got another error dialogue box with almost the same error stuff...

HijackThis (title)
Please help us improve HijackThis by reporting this error

Click 'Yes" to submit

Error Details:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #5 - Invalid procedure call or argument

Windows version: Windows NT 5.01.2600
MSIE version: 8.0.6001.18702
HijackThis version: 2.0.4

Yes or No buttons
I clicked no


Then it ran a lot more...

This is the log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:23:30 PM, on 2/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Lisa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://powerschool....2.nh.us/public/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmi...inAxControl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1278983986453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1360087072390
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} (EZTwainX by Dosadi) - https://www.member-d...dc/EZTwainX.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - http://update.hpphot.../HPSWUpdate.ocx
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://ive.snhmc.or...SetupClient.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Lisa/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7431 bytes


I also had another hijackthis.log and here is the info from that one:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:23:30 PM, on 2/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Lisa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://powerschool....2.nh.us/public/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmi...inAxControl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1278983986453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1360087072390
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} (EZTwainX by Dosadi) - https://www.member-d...dc/EZTwainX.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - http://update.hpphot.../HPSWUpdate.ocx
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://ive.snhmc.or...SetupClient.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Lisa/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7431 bytes





This is the MBAM log file:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.11.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lisa :: NX9420 [administrator]

2/11/2013 1:55:58 PM
mbam-log-2013-02-11 (13-55-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235033
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


The computer ran fine except as noted above, but I didn't have time to do things like rebooting etc to see how things were. I ran IE without problems and Google Chrome without problems though and the computer didn't freeze. I would try more but I need to leave for work. Thanks again gringo!!
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk"
      O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP