Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Registry Edit Virus [Solved]

Started by dogstar21 , Mar 14 2014 02:46 PM

  • This topic is locked This topic is locked

#1
dogstar21
Posted 14 March 2014 - 02:46 PM

dogstar21

    Member

  • Member
  • PipPipPip
  • 103 posts
If I run my computer in normal mode, I get a prompt to allow Windows to Open My Registry Editor. I click "Do not allow", but the prompt immediately returns. I had this exact same issue a month ago, and was pretty sure we had it resolved, but I'm apparently re-infected.

After rebooting in Safe Mode, I ran MBAM and SuperAntiSpyware scans, and nothing was found other than SuperAntiSpyware finding some adware. I then did a System Restore to a safe point, but when I started my computer in normal mode, the Registry Edit prompt appeared again.

Last time this happened, my computer was overheating as well. It hasn't done so yet, but it's something I'm keeping an eye on.

Here is my OTL scan:

OTL logfile created on: 3/14/2014 4:32:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.23% Memory free
4.22 Gb Paging File | 3.52 Gb Available in Paging File | 83.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 311.42 Gb Free Space | 68.72% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS

Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/14 16:32:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe
PRC - [2014/03/12 01:22:25 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/02/15 00:21:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/12 01:22:24 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/15 00:21:41 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/12/31 08:35:14 | 000,934,400 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/26 16:49:46 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 11:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 08:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/12 01:22:26 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 00:21:41 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/28 22:31:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 20:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/03/29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/28 22:31:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 22:31:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/12/31 10:01:20 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/26 16:50:58 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/10/23 05:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/28 19:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/06 12:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 12:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 07:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 07:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 07:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/21 08:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 21:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/15 03:40:30] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
IE:64bit: - HKLM\..\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}
IE - HKCU\..\SearchScopes\{273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{7148CB92-9375-4E9C-A5C0-166ACF27981A}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://sports.yahoo....X81xSObsw5nYcB"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/15 00:21:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Pete\AppData\Roaming\Move Networks [2009/11/21 20:43:05 | 000,000,000 | ---D | M]

[2011/01/18 16:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
[2014/03/06 20:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions
[2011/04/10 21:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/03/06 20:44:57 | 000,537,052 | ---- | M] () (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/02/15 00:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 00:21:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/11/24 11:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: yahoo.com ([sports] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C1B4C5-FB96-4F64-B942-D383F21133F9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/14 14:10:11 | 000,332,536 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\8z4od2q8.zvv
[2014/03/14 14:09:57 | 000,167,433 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\8q2do4z8.cpp
[2014/02/17 09:42:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/16 01:25:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/02/15 00:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/13 16:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/02/13 16:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/13 16:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java

========== Files - Modified Within 30 Days ==========

[2014/03/14 16:28:00 | 000,170,496 | ---- | M] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/14 16:24:43 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/14 16:24:43 | 000,583,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/14 16:24:43 | 000,097,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/14 16:20:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/14 16:18:25 | 095,027,928 | ---- | M] () -- C:\ProgramData\8z4od2q8.fee
[2014/03/14 16:13:17 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/14 16:13:17 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/14 15:58:11 | 000,000,732 | ---- | M] () -- C:\Users\Pete\AppData\Local\d3d9caps64.dat
[2014/03/14 14:10:03 | 000,000,870 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8z4od2q8.lnk
[2014/03/14 13:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/11 15:17:17 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
[2014/03/07 16:43:44 | 000,002,551 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2014/02/18 01:32:03 | 000,315,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/16 18:54:55 | 000,000,680 | ---- | M] () -- C:\Users\Pete\AppData\Local\d3d9caps.dat
[2014/02/13 16:28:48 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

========== Files Created - No Company Name ==========

[2014/03/14 14:18:35 | 000,000,732 | ---- | C] () -- C:\Users\Pete\AppData\Local\d3d9caps64.dat
[2014/03/14 14:10:03 | 000,000,870 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8z4od2q8.lnk
[2014/03/14 14:10:00 | 095,027,928 | ---- | C] () -- C:\ProgramData\8z4od2q8.fee
[2014/02/13 16:38:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/13 16:28:48 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/02/13 16:28:47 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014/02/11 15:30:57 | 000,690,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 15:23:41 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2013/11/12 17:50:15 | 000,000,004 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\cache.ini
[2010/05/12 11:41:48 | 000,004,922 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf
[2009/11/23 19:48:41 | 000,170,496 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 18:54:46 | 000,005,089 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg
[2009/09/09 09:02:33 | 000,000,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\d3d9caps.dat
[2009/08/26 12:24:45 | 000,000,600 | ---- | C] () -- C:\Users\Pete\PUTTY.RND

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 12:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 12:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2011/05/30 23:22:14 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Flip Video
[2009/10/04 01:38:02 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Gamelab
[2010/03/28 00:01:51 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Leadertech
[2010/05/12 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\MOVAVI
[2010/05/12 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter
[2010/05/12 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter 2
[2009/08/22 00:18:03 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\SPORE Creature Creator
[2009/08/19 13:21:27 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >





-------------

Thanks in advance for your help!
  • 0

Advertisements

#2
pystryker
Posted 16 March 2014 - 06:00 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hi :)

I don't see anything from your logs that would indicate a malware infection other than some entries regarding Ask.com. Let's try this to get rid of your Registry Editor opening up. Then we'll take a look with a different scanning tool. :thumbsup:


Step 1: Msconfig


Click the Windows Orb (Start), type msconfig and press Enter.

Go to the Startup Tab and remove the tick alongside regedit.exe (there may be two of them).

Click Apply, OK, etc. and restart the computer. When it restarts, put a tick in ‘Don‘t show this again‘ as you‘re effectively doing a selective start up.


Step 2: Scan with FRST


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Things I need to see in your next post

FRST Log

Additions.txt Log

Question: Is the Registry Editor no longer opening up at boot?
  • 0

#3
dogstar21
Posted 16 March 2014 - 09:56 PM

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Pystryker, thanks for offering your assistance. I have read and understood the terms, and appreciate your help. Sorry i didn't reply sooner, but i was out all day.

Step 1: There were no entries for regedit.exe (or anything resembling regedit) on the Startup Tab of the msconfig dialogue.

As discussed, i am only running in Safe Mode until advised otherwise, and since i didn't see any entries to remove for regedit, i did NOT attempt to restart the computer in normal mode. When i restarted in normal mode last time, it took immediate control of my machine, allowing for no action other than Yes/No of allow RegEdit. Since we didn't change anything, my assumption it will still be the same.

Step 2: I downloaded and ran FRST from my desktop. Here are the requested logs:

FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Pete (administrator) on PETE-PC on 16-03-2014 23:48:46
Running from C:\Users\Pete\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\helppane.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1560872 2008-07-24] (Synaptics, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [441856 2008-10-26] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2009-02-09] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2010-08-02] (Avira GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-03-19] (Hewlett-Packard Company)
HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-11-18] (Hewlett-Packard)
HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8z4od2q8.lnk
ShortcutTarget: 8z4od2q8.lnk -> C:\ProgramData\8q2do4z8.cpp (Microsoft Corporation)
Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM - {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM - {BFE5EDCC-25B3-461D-8E03-309E92AD753A} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {BFE5EDCC-25B3-461D-8E03-309E92AD753A} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {273B8C2F-51CB-40E1-90AA-9BB1190EEB5F} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {273B8C2F-51CB-40E1-90AA-9BB1190EEB5F} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E} URL =
SearchScopes: HKCU - {7148CB92-9375-4E9C-A5C0-166ACF27981A} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKCU - {BFE5EDCC-25B3-461D-8E03-309E92AD753A} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jp2ssv.dll No File
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default
FF Homepage: hxxp://sports.yahoo.com/fantasy;_ylt=AqcNqZCM6O37CSX81xSObsw5nYcB
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-10]
FF Extension: NoScript - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Pete\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Pete\AppData\Roaming\Move Networks [2009-09-25]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [89088 2008-06-27] (Andrea Electronics Corporation)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-27] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-28] (Avira GmbH)
S2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
S2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] ()
S2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe [279040 2008-10-26] (IDT, Inc.)
S2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2009-02-09] ()
S2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2009-02-09] ()
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-06-28] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-06-28] (Avira GmbH)
S1 Beep; No ImagePath
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-16 23:48 - 2014-03-16 23:49 - 00014509 _____ () C:\Users\Pete\Desktop\FRST.txt
2014-03-16 23:48 - 2014-03-16 23:48 - 02157056 _____ (Farbar) C:\Users\Pete\Desktop\FRST64.exe
2014-03-16 23:48 - 2014-03-16 23:48 - 00000000 ____D () C:\FRST
2014-03-14 16:44 - 2014-03-14 16:44 - 00062262 _____ () C:\Users\Pete\Downloads\Extras.Txt
2014-03-14 16:44 - 2014-03-14 16:44 - 00060740 _____ () C:\Users\Pete\Downloads\OTL.Txt
2014-03-14 16:32 - 2014-03-14 16:32 - 00602112 _____ (OldTimer Tools) C:\Users\Pete\Downloads\OTL.exe
2014-03-14 14:18 - 2014-03-14 15:58 - 00000732 _____ () C:\Users\Pete\AppData\Local\d3d9caps64.dat
2014-03-14 14:10 - 2014-03-14 16:18 - 95027928 ____T () C:\ProgramData\8z4od2q8.fee
2014-03-14 14:10 - 2014-03-14 14:10 - 00332536 ____T (Microsoft Corporation) C:\ProgramData\8z4od2q8.zvv
2014-03-14 14:09 - 2014-03-14 14:09 - 00167433 _____ (Microsoft Corporation) C:\ProgramData\8q2do4z8.cpp
2014-03-11 15:26 - 2014-03-11 15:26 - 00847816 _____ (Google Inc.) C:\Users\Pete\Downloads\ChromeSetup.exe
2014-02-26 20:44 - 2014-02-26 20:44 - 00108024 _____ () C:\Users\Pete\Downloads\atlas-shrugged-header.jpeg
2014-02-21 10:20 - 2012-06-02 18:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-02-21 10:20 - 2012-06-02 18:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-02-21 10:20 - 2012-06-02 18:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-02-21 10:20 - 2012-06-02 18:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-02-21 10:19 - 2012-06-02 18:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-02-21 10:19 - 2012-06-02 18:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-02-21 10:19 - 2012-06-02 18:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-02-21 10:19 - 2012-06-02 18:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-02-21 10:19 - 2012-06-02 18:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-02-21 10:19 - 2012-06-02 18:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-02-21 10:19 - 2012-06-02 16:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-02-21 10:19 - 2012-06-02 16:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-02-21 10:19 - 2012-06-02 16:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-02-21 10:19 - 2012-06-02 16:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-02-15 00:21 - 2014-02-15 00:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-16 23:49 - 2014-03-16 23:48 - 00014509 _____ () C:\Users\Pete\Desktop\FRST.txt
2014-03-16 23:48 - 2014-03-16 23:48 - 02157056 _____ (Farbar) C:\Users\Pete\Desktop\FRST64.exe
2014-03-16 23:48 - 2014-03-16 23:48 - 00000000 ____D () C:\FRST
2014-03-16 23:44 - 2006-11-02 08:46 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 16:44 - 2014-03-14 16:44 - 00062262 _____ () C:\Users\Pete\Downloads\Extras.Txt
2014-03-14 16:44 - 2014-03-14 16:44 - 00060740 _____ () C:\Users\Pete\Downloads\OTL.Txt
2014-03-14 16:32 - 2014-03-14 16:32 - 00602112 _____ (OldTimer Tools) C:\Users\Pete\Downloads\OTL.exe
2014-03-14 16:28 - 2009-11-23 19:48 - 00170496 _____ () C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-14 16:18 - 2014-03-14 14:10 - 95027928 ____T () C:\ProgramData\8z4od2q8.fee
2014-03-14 16:13 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 16:13 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 16:13 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-14 16:13 - 2006-11-02 11:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-14 16:10 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-03-14 16:08 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-03-14 16:01 - 2009-06-15 05:58 - 02080368 _____ () C:\Windows\WindowsUpdate.log
2014-03-14 15:58 - 2014-03-14 14:18 - 00000732 _____ () C:\Users\Pete\AppData\Local\d3d9caps64.dat
2014-03-14 14:10 - 2014-03-14 14:10 - 00332536 ____T (Microsoft Corporation) C:\ProgramData\8z4od2q8.zvv
2014-03-14 14:10 - 2009-08-19 12:30 - 00000000 ___RD () C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 14:09 - 2014-03-14 14:09 - 00167433 _____ (Microsoft Corporation) C:\ProgramData\8q2do4z8.cpp
2014-03-14 13:22 - 2014-02-13 16:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-14 11:11 - 2010-05-11 14:50 - 00000000 ____D () C:\Movavi files
2014-03-13 13:45 - 2009-08-20 14:02 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-13 11:45 - 2009-08-24 19:33 - 00000000 ____D () C:\Users\Pete\Documents\Fantasy Sports
2014-03-12 10:10 - 2009-01-13 13:47 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-03-12 06:20 - 2006-11-02 11:42 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 01:22 - 2014-02-13 16:38 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 01:22 - 2013-09-22 16:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 01:22 - 2011-06-29 07:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 15:26 - 2014-03-11 15:26 - 00847816 _____ (Google Inc.) C:\Users\Pete\Downloads\ChromeSetup.exe
2014-03-11 15:17 - 2009-08-19 12:29 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPete
2014-03-11 15:17 - 2009-08-19 12:29 - 00000330 _____ () C:\Windows\Tasks\HPCeeScheduleForPete.job
2014-03-01 15:09 - 2006-11-02 11:27 - 00144668 _____ () C:\Windows\setupact.log
2014-03-01 13:01 - 2009-01-13 13:23 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-01 12:58 - 2009-08-19 12:44 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Adobe
2014-03-01 12:54 - 2012-04-11 18:42 - 00000000 ____D () C:\Users\Pete\Documents\Taxes
2014-02-26 20:44 - 2014-02-26 20:44 - 00108024 _____ () C:\Users\Pete\Downloads\atlas-shrugged-header.jpeg
2014-02-25 21:03 - 2011-10-28 11:56 - 00000000 ____D () C:\Docs
2014-02-24 20:01 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-02-18 01:36 - 2009-08-19 12:25 - 00076240 _____ () C:\Users\Pete\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 01:32 - 2006-11-02 11:21 - 00315144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-18 01:31 - 2008-01-20 23:26 - 00408664 _____ () C:\Windows\PFRO.log
2014-02-17 09:38 - 2011-11-24 10:51 - 00000000 ____D () C:\Windows\ERDNT
2014-02-16 18:54 - 2009-09-09 09:02 - 00000680 _____ () C:\Users\Pete\AppData\Local\d3d9caps.dat
2014-02-16 01:20 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-15 12:49 - 2012-05-14 10:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 00:21 - 2014-02-15 00:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\Users\Pete\AppData\Roaming\cache.ini
C:\ProgramData\8z4od2q8.fee
C:\ProgramData\8z4od2q8.zvv


Some content of TEMP:
====================
C:\Users\Pete\AppData\Local\Temp\ppmk.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-14 16:36

==================== End Of Log ============================

Additions.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Pete at 2014-03-16 23:49:25
Running from C:\Users\Pete\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
ATI Catalyst Install Manager (HKLM\...\{3975CE71-3544-9FBA-56E5-2E9709E348C5}) (Version: 3.0.704.0 - ATI Technologies, Inc.)
Avira AntiVir Personal - Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 10.2.0.2100 - Avira GmbH)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.1231.1149.21141 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Czech (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Danish (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Dutch (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Finnish (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Greek (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Hungarian (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Korean (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Norwegian (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Polish (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Portuguese (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Russian (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Swedish (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Thai (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Catalyst Control Center Localization Turkish (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Czech (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Danish (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Dutch (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help English (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Finnish (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help French (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help German (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Greek (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Italian (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Japanese (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Korean (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Polish (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Russian (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Spanish (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Swedish (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Thai (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
CCC Help Turkish (x32 Version: 2008.1231.1148.21141 - ATI) Hidden
ccc-core-static (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
ccc-utility64 (Version: 2008.1231.1149.21141 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2326 - CyberLink Corp.) Hidden
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FlipShare (HKLM-x32\...\{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}) (Version: 5.10.25.0 - Flip Video)
GoZone iSync (HKLM-x32\...\GoZone iSync) (Version: 2.0.0 - Virgin HealthMiles)
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Common Access Service Library (x32 Version: 2.00 E6 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6204 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.1.2328 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.1.2425 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.1.2425 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (HKLM-x32\...\HP.MediaSmartSlingPlayer_is1) (Version: 2.1 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)
HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1409 - Hewlett-Packard)
HP MediaSmart TV (x32 Version: 2.1.1409 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.1.1124 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 2.1.1124 - Hewlett-Packard) Hidden
HP Quick Launch Buttons 6.40 L1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 L1 - Hewlett-Packard)
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HP User Guides 0134 (HKLM-x32\...\{6ABE0E28-3A8E-4ADC-A050-784064B76236}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{E5E29403-3D25-40C6-892B-F9FEE2A95585}) (Version: 3.50 A6 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.22 - IDT)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
JMicron JMB38X Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.20.07 - JMicron Technology Corp.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1118 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1118 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{3744B641-61DE-417F-BCDC-9CCED4224DF8}) (Version: 1.18.13.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office XP Standard (HKLM-x32\...\{91120409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30716.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movavi Flash Converter (HKLM-x32\...\{5D4E7A79-23E0-4715-867C-9D49024BFA57}) (Version: 2.11.003 - MOVAVI)
Movavi Screen Capture Studio (HKLM-x32\...\Movavi Screen Capture Studio 3) (Version: 3.0.0 - MOVAVI)
Movavi VideoSuite 7 (HKLM-x32\...\{3BFD4B3C-9105-454A-A673-E023E8BC9D56}) (Version: 7.02.000 - MOVAVI)
Move Media Player (HKCU\...\Move Media Player) (Version: - Move Networks)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}) (Version: 7.0.35.7660 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2317 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2317 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Skins (x32 Version: 2008.1231.1149.21141 - ATI) Hidden
Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.1.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Restore Points =========================

19-02-2014 00:48:45 CleanPC2014-02-18
21-02-2014 14:18:36 Windows Update
09-03-2014 09:01:39 Scheduled Checkpoint
10-03-2014 05:00:55 Scheduled Checkpoint
12-03-2014 12:30:32 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 08:34 - 2011-11-24 11:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {65D6A31C-AAB2-4B8C-89AB-23D69CFB8506} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {B956F5E7-F1FD-413C-8270-F32E67AF16BC} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {E6327634-FD46-4A0A-8A74-772A9198CD15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F8D0B56B-2977-4EC1-B033-8873F8E5D5EF} - System32\Tasks\HPCeeScheduleForPete => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPete.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-04-12 09:32 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8169
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2014 11:40:38 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/14/2014 04:21:10 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/14/2014 02:13:39 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/13/2014 06:17:41 PM) (Source: Application Error) (User: )
Description: Faulting application MOVIEMK.exe, version 6.0.6002.18273, time stamp 0x4c1a518a, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28da13, exception code 0xc00000fd, fault offset 0x000000000001ec25,
process id 0xf88, application start time 0xMOVIEMK.exe0.

Error: (03/12/2014 10:09:46 AM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (03/12/2014 08:30:33 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {91e1fe34-0b19-49f7-b9c0-0dc9813bf27c}

Error: (03/12/2014 07:26:23 AM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (03/10/2014 01:00:56 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {36e7846e-8757-4e34-9ea7-3cebf7c1a727}

Error: (03/09/2014 05:01:42 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {3701e721-468c-4923-bf65-12a82393cf90}

Error: (03/04/2014 07:40:07 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml


System errors:
=============
Error: (03/16/2014 11:41:01 PM) (Source: Service Control Manager) (User: )
Description: avipbb
Beep
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (03/16/2014 11:41:01 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (03/16/2014 11:40:43 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/16/2014 11:40:40 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (03/16/2014 11:40:38 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/16/2014 11:40:30 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/14/2014 04:29:13 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/14/2014 04:21:42 PM) (Source: Service Control Manager) (User: )
Description: avipbb
Beep
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (03/14/2014 04:21:42 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (03/14/2014 04:21:16 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-03-14 15:22:54.907
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-14 15:22:54.814
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-14 15:22:54.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-14 15:22:54.611
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-14 15:22:54.517
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-14 15:22:54.424
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-14 15:22:54.237
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-14 15:22:54.143
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-14 15:22:54.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-14 15:22:53.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 2044.37 MB
Available physical RAM: 1342.63 MB
Total Pagefile: 4326.02 MB
Available Pagefile: 3697.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:453.18 GB) (Free:311.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.58 GB) (Free:1.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A2BF227E)

Partition: GPT Partition Type.

==================== End Of Log ============================


Awaiting your next instructions.
  • 0

#4
pystryker
Posted 17 March 2014 - 05:49 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Pystryker, thanks for offering your assistance. I have read and understood the terms, and appreciate your help. Sorry i didn't reply sooner, but i was out all day.


You're welcome, and no worries on the delay. :thumbsup:

I'd like you to run an additional scan for me, please.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.



  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit

  • 0

#5
dogstar21
Posted 17 March 2014 - 08:26 AM

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
aswMBR.txt contents:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-17 09:14:43
-----------------------------
09:14:43.927 OS Version: Windows x64 6.0.6002 Service Pack 2
09:14:43.927 Number of processors: 2 586 0x170A
09:14:43.927 ComputerName: PETE-PC UserName: Pete
09:14:46.017 Initialize success
09:15:32.724 AVAST engine defs: 14031700
09:15:59.337 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:15:59.337 Disk 0 Vendor: ST9500325AS P003HPM1 Size: 476940MB BusType: 3
09:15:59.415 Disk 0 MBR read successfully
09:15:59.415 Disk 0 MBR scan
09:15:59.415 Disk 0 unknown MBR code
09:15:59.431 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 464058 MB offset 2048
09:15:59.462 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12878 MB offset 950392832
09:15:59.540 Disk 0 scanning C:\Windows\system32\drivers
09:16:15.093 Service scanning
09:16:43.969 Modules scanning
09:16:43.969 Disk 0 trace - called modules:
09:16:44.312 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:16:44.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002a145b0]
09:16:44.328 3 CLASSPNP.SYS[fffffa6000a64c33] -> nt!IofCallDriver -> [0xfffffa8002a13410]
09:16:44.328 5 hpdskflt.sys[fffffa6001a020ee] -> nt!IofCallDriver -> [0xfffffa80027819b0]
09:16:44.328 7 acpi.sys[fffffa60008f9fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002781060]
09:16:50.536 AVAST engine scan C:\Windows
09:16:54.982 AVAST engine scan C:\Windows\system32
09:21:26.828 AVAST engine scan C:\Windows\system32\drivers
09:21:47.997 AVAST engine scan C:\Users\Pete
10:13:21.446 AVAST engine scan C:\ProgramData
10:13:22.195 File: C:\ProgramData\8z4od2q8.zvv **INFECTED** Win32:Malware-gen
10:21:02.925 Scan finished successfully
10:22:21.206 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
10:22:21.222 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"
  • 0

#6
pystryker
Posted 17 March 2014 - 08:48 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Ok, thank you for the log. :) I'll get to work on these, but it will be this evening before I'll have instructions for you. :thumbsup:
  • 0

#7
pystryker
Posted 17 March 2014 - 04:48 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

We have some work to do, so let's get started.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Also, when the machine reboots, let it boot normally and let me know how it does. :thumbsup:


Step 1: FRST Fix

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jp2ssv.dll No File
ShortcutTarget: 8z4od2q8.lnk -> C:\ProgramData\8q2do4z8.cpp (Microsoft Corporation)
Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8z4od2q8.lnk
2014-03-14 14:10 - 2014-03-14 16:18 - 95027928 ____T () C:\ProgramData\8z4od2q8.fee
2014-03-14 14:10 - 2014-03-14 14:10 - 00332536 ____T (Microsoft Corporation) C:\ProgramData\8z4od2q8.zvv
2014-03-14 14:09 - 2014-03-14 14:09 - 00167433 _____ (Microsoft Corporation) C:\ProgramData\8q2do4z8.cpp
C:\Users\Pete\AppData\Roaming\cache.ini
2006-11-02 08:34 - 2011-11-24 11:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Temporary File Cleaner


Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Step 3: TDSSKIller


Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Put a checkmark beside loaded modules.

    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

  • Click the Start Scan button.

    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Things I need to see in your next post:

FRST Fix Log

TDSSKiller Log

How is the machine running?
  • 0

#8
dogstar21
Posted 17 March 2014 - 08:48 PM

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Step 1:
Here are the contents of FRST.txt:
----------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Pete (administrator) on PETE-PC on 16-03-2014 23:48:46
Running from C:\Users\Pete\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\helppane.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1560872 2008-07-24] (Synaptics, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [441856 2008-10-26] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2009-02-09] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2010-08-02] (Avira GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-03-19] (Hewlett-Packard Company)
HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-11-18] (Hewlett-Packard)
HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8z4od2q8.lnk
ShortcutTarget: 8z4od2q8.lnk -> C:\ProgramData\8q2do4z8.cpp (Microsoft Corporation)
Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM - {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM - {BFE5EDCC-25B3-461D-8E03-309E92AD753A} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {BFE5EDCC-25B3-461D-8E03-309E92AD753A} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {273B8C2F-51CB-40E1-90AA-9BB1190EEB5F} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {273B8C2F-51CB-40E1-90AA-9BB1190EEB5F} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E} URL =
SearchScopes: HKCU - {7148CB92-9375-4E9C-A5C0-166ACF27981A} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKCU - {BFE5EDCC-25B3-461D-8E03-309E92AD753A} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jp2ssv.dll No File
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default
FF Homepage: hxxp://sports.yahoo.com/fantasy;_ylt=AqcNqZCM6O37CSX81xSObsw5nYcB
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-10]
FF Extension: NoScript - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Pete\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Pete\AppData\Roaming\Move Networks [2009-09-25]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [89088 2008-06-27] (Andrea Electronics Corporation)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-27] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-28] (Avira GmbH)
S2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
S2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] ()
S2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe [279040 2008-10-26] (IDT, Inc.)
S2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2009-02-09] ()
S2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2009-02-09] ()
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-06-28] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-06-28] (Avira GmbH)
S1 Beep; No ImagePath
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-16 23:48 - 2014-03-16 23:49 - 00014509 _____ () C:\Users\Pete\Desktop\FRST.txt
2014-03-16 23:48 - 2014-03-16 23:48 - 02157056 _____ (Farbar) C:\Users\Pete\Desktop\FRST64.exe
2014-03-16 23:48 - 2014-03-16 23:48 - 00000000 ____D () C:\FRST
2014-03-14 16:44 - 2014-03-14 16:44 - 00062262 _____ () C:\Users\Pete\Downloads\Extras.Txt
2014-03-14 16:44 - 2014-03-14 16:44 - 00060740 _____ () C:\Users\Pete\Downloads\OTL.Txt
2014-03-14 16:32 - 2014-03-14 16:32 - 00602112 _____ (OldTimer Tools) C:\Users\Pete\Downloads\OTL.exe
2014-03-14 14:18 - 2014-03-14 15:58 - 00000732 _____ () C:\Users\Pete\AppData\Local\d3d9caps64.dat
2014-03-14 14:10 - 2014-03-14 16:18 - 95027928 ____T () C:\ProgramData\8z4od2q8.fee
2014-03-14 14:10 - 2014-03-14 14:10 - 00332536 ____T (Microsoft Corporation) C:\ProgramData\8z4od2q8.zvv
2014-03-14 14:09 - 2014-03-14 14:09 - 00167433 _____ (Microsoft Corporation) C:\ProgramData\8q2do4z8.cpp
2014-03-11 15:26 - 2014-03-11 15:26 - 00847816 _____ (Google Inc.) C:\Users\Pete\Downloads\ChromeSetup.exe
2014-02-26 20:44 - 2014-02-26 20:44 - 00108024 _____ () C:\Users\Pete\Downloads\atlas-shrugged-header.jpeg
2014-02-21 10:20 - 2012-06-02 18:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-02-21 10:20 - 2012-06-02 18:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-02-21 10:20 - 2012-06-02 18:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-02-21 10:20 - 2012-06-02 18:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-02-21 10:19 - 2012-06-02 18:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-02-21 10:19 - 2012-06-02 18:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-02-21 10:19 - 2012-06-02 18:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-02-21 10:19 - 2012-06-02 18:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-02-21 10:19 - 2012-06-02 18:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-02-21 10:19 - 2012-06-02 18:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-02-21 10:19 - 2012-06-02 16:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-02-21 10:19 - 2012-06-02 16:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-02-21 10:19 - 2012-06-02 16:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-02-21 10:19 - 2012-06-02 16:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-02-15 00:21 - 2014-02-15 00:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-16 23:49 - 2014-03-16 23:48 - 00014509 _____ () C:\Users\Pete\Desktop\FRST.txt
2014-03-16 23:48 - 2014-03-16 23:48 - 02157056 _____ (Farbar) C:\Users\Pete\Desktop\FRST64.exe
2014-03-16 23:48 - 2014-03-16 23:48 - 00000000 ____D () C:\FRST
2014-03-16 23:44 - 2006-11-02 08:46 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 16:44 - 2014-03-14 16:44 - 00062262 _____ () C:\Users\Pete\Downloads\Extras.Txt
2014-03-14 16:44 - 2014-03-14 16:44 - 00060740 _____ () C:\Users\Pete\Downloads\OTL.Txt
2014-03-14 16:32 - 2014-03-14 16:32 - 00602112 _____ (OldTimer Tools) C:\Users\Pete\Downloads\OTL.exe
2014-03-14 16:28 - 2009-11-23 19:48 - 00170496 _____ () C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-14 16:18 - 2014-03-14 14:10 - 95027928 ____T () C:\ProgramData\8z4od2q8.fee
2014-03-14 16:13 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 16:13 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 16:13 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-14 16:13 - 2006-11-02 11:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-14 16:10 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-03-14 16:08 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-03-14 16:01 - 2009-06-15 05:58 - 02080368 _____ () C:\Windows\WindowsUpdate.log
2014-03-14 15:58 - 2014-03-14 14:18 - 00000732 _____ () C:\Users\Pete\AppData\Local\d3d9caps64.dat
2014-03-14 14:10 - 2014-03-14 14:10 - 00332536 ____T (Microsoft Corporation) C:\ProgramData\8z4od2q8.zvv
2014-03-14 14:10 - 2009-08-19 12:30 - 00000000 ___RD () C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 14:09 - 2014-03-14 14:09 - 00167433 _____ (Microsoft Corporation) C:\ProgramData\8q2do4z8.cpp
2014-03-14 13:22 - 2014-02-13 16:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-14 11:11 - 2010-05-11 14:50 - 00000000 ____D () C:\Movavi files
2014-03-13 13:45 - 2009-08-20 14:02 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-13 11:45 - 2009-08-24 19:33 - 00000000 ____D () C:\Users\Pete\Documents\Fantasy Sports
2014-03-12 10:10 - 2009-01-13 13:47 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-03-12 06:20 - 2006-11-02 11:42 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 01:22 - 2014-02-13 16:38 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 01:22 - 2013-09-22 16:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 01:22 - 2011-06-29 07:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 15:26 - 2014-03-11 15:26 - 00847816 _____ (Google Inc.) C:\Users\Pete\Downloads\ChromeSetup.exe
2014-03-11 15:17 - 2009-08-19 12:29 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPete
2014-03-11 15:17 - 2009-08-19 12:29 - 00000330 _____ () C:\Windows\Tasks\HPCeeScheduleForPete.job
2014-03-01 15:09 - 2006-11-02 11:27 - 00144668 _____ () C:\Windows\setupact.log
2014-03-01 13:01 - 2009-01-13 13:23 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-01 12:58 - 2009-08-19 12:44 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Adobe
2014-03-01 12:54 - 2012-04-11 18:42 - 00000000 ____D () C:\Users\Pete\Documents\Taxes
2014-02-26 20:44 - 2014-02-26 20:44 - 00108024 _____ () C:\Users\Pete\Downloads\atlas-shrugged-header.jpeg
2014-02-25 21:03 - 2011-10-28 11:56 - 00000000 ____D () C:\Docs
2014-02-24 20:01 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-02-18 01:36 - 2009-08-19 12:25 - 00076240 _____ () C:\Users\Pete\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 01:32 - 2006-11-02 11:21 - 00315144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-18 01:31 - 2008-01-20 23:26 - 00408664 _____ () C:\Windows\PFRO.log
2014-02-17 09:38 - 2011-11-24 10:51 - 00000000 ____D () C:\Windows\ERDNT
2014-02-16 18:54 - 2009-09-09 09:02 - 00000680 _____ () C:\Users\Pete\AppData\Local\d3d9caps.dat
2014-02-16 01:20 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-15 12:49 - 2012-05-14 10:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 00:21 - 2014-02-15 00:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\Users\Pete\AppData\Roaming\cache.ini
C:\ProgramData\8z4od2q8.fee
C:\ProgramData\8z4od2q8.zvv


Some content of TEMP:
====================
C:\Users\Pete\AppData\Local\Temp\ppmk.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-14 16:36

==================== End Of Log ============================

Step 2: I ran TFC. It took ~90 minutes to run, and rebooted after, still in Safe Mode.

Step 3: Ran TDSKiller, changed settings, rebooted, still in Safe Mode. It did not prompt to run, but i opened it again, clicked the settings again, and clicked Scan. It completed successfully, and only found Threats/Suspicious Objects. There was no log created that i could see. It didn't Cure any malicious objects. After this completed, it prompted me to reboot. I rebooted in Normal Mode, and there was a prompt for to let a Kapersky file run. I did not allow, and the prompt disappeared. I am still up in Normal Mode and the prompt to open Registry Editor has not appeared so far.
  • 0

#9
pystryker
Posted 17 March 2014 - 08:58 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Ok, regarding step 1, the FRST fix: You hit scan instead of fix and it's only produced another scan. Please re-read and repeat Step 1. When the fix is complete it will produce a log called fixlog.txt. Please post that in your next reply.

Step 3: Ran TDSKiller, changed settings, rebooted, still in Safe Mode. It did not prompt to run, but i opened it again, clicked the settings again, and clicked Scan. It completed successfully, and only found Threats/Suspicious Objects. There was no log created that i could see. It didn't Cure any malicious objects. After this completed, it prompted me to reboot. I rebooted in Normal Mode, and there was a prompt for to let a Kapersky file run. I did not allow, and the prompt disappeared. I am still up in Normal Mode and the prompt to open Registry Editor has not appeared so far.


You will find the TDSSKiller log in your root directory and it will be named "TDSSKiller.[Version]_[Date]_[Time]_log.txt Please post that one as well. :)

Very glad to hear that the registry editor hasn't appeared. :thumbsup: Please post the 2 logs and once I see those, we'll proceed. :)

Things I need to see in your next post:

FRST Fix Log

TDSSKiller Log
  • 0

#10
dogstar21
Posted 17 March 2014 - 09:21 PM

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I thought i had clicked "fix" before. Regardless, i did step 1 again, and here is the Fixlog.txt contents:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Pete at 2014-03-17 23:16:20 Run:2
Running from C:\Users\Pete\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jp2ssv.dll No File
ShortcutTarget: 8z4od2q8.lnk -> C:\ProgramData\8q2do4z8.cpp (Microsoft Corporation)
Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8z4od2q8.lnk
2014-03-14 14:10 - 2014-03-14 16:18 - 95027928 ____T () C:\ProgramData\8z4od2q8.fee
2014-03-14 14:10 - 2014-03-14 14:10 - 00332536 ____T (Microsoft Corporation) C:\ProgramData\8z4od2q8.zvv
2014-03-14 14:09 - 2014-03-14 14:09 - 00167433 _____ (Microsoft Corporation) C:\ProgramData\8q2do4z8.cpp
C:\Users\Pete\AppData\Roaming\cache.ini
2006-11-02 08:34 - 2011-11-24 11:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
End
*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
C:\ProgramData\8q2do4z8.cpp not found.
C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8z4od2q8.lnk not found.
"C:\ProgramData\8z4od2q8.fee" => File/Directory not found.
"C:\ProgramData\8z4od2q8.zvv" => File/Directory not found.
"C:\ProgramData\8q2do4z8.cpp" => File/Directory not found.
"C:\Users\Pete\AppData\Roaming\cache.ini" => File/Directory not found.
"C:\Windows\system32\Drivers\etc\hosts" => File/Directory not found.

==== End of Fixlog ====

Here is the TDSKiller log:
22:28:38.0192 1344 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:28:40.0407 1344 ============================================================
22:28:40.0407 1344 Current date / time: 2014/03/17 22:28:40.0407
22:28:40.0407 1344 SystemInfo:
22:28:40.0407 1344
22:28:40.0407 1344 OS Version: 6.0.6002 ServicePack: 2.0
22:28:40.0407 1344 Product type: Workstation
22:28:40.0407 1344 ComputerName: PETE-PC
22:28:40.0407 1344 UserName: Pete
22:28:40.0407 1344 Windows directory: C:\Windows
22:28:40.0407 1344 System windows directory: C:\Windows
22:28:40.0407 1344 Running under WOW64
22:28:40.0407 1344 Processor architecture: Intel x64
22:28:40.0407 1344 Number of processors: 2
22:28:40.0407 1344 Page size: 0x1000
22:28:40.0407 1344 Boot type: Safe boot with network
22:28:40.0407 1344 ============================================================
22:28:42.0575 1344 BG loaded
22:28:43.0168 1344 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:28:43.0168 1344 ============================================================
22:28:43.0168 1344 \Device\Harddisk0\DR0:
22:28:43.0168 1344 MBR partitions:
22:28:43.0168 1344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38A5D000
22:28:43.0168 1344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38A5D800, BlocksNum 0x1927000
22:28:43.0168 1344 ============================================================
22:28:43.0184 1344 C: <-> \Device\Harddisk0\DR0\Partition1
22:28:43.0246 1344 D: <-> \Device\Harddisk0\DR0\Partition2
22:28:43.0246 1344 ============================================================
22:28:43.0246 1344 Initialize success
22:28:43.0246 1344 ============================================================
22:29:22.0964 0292 ============================================================
22:29:22.0964 0292 Scan started
22:29:22.0964 0292 Mode: Manual; SigCheck; TDLFS;
22:29:22.0964 0292 ============================================================
22:29:25.0226 0292 ================ Scan system memory ========================
22:29:25.0226 0292 System memory - ok
22:29:25.0226 0292 ================ Scan services =============================
22:29:25.0366 0292 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:29:25.0850 0292 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
22:29:25.0850 0292 !SASCORE - detected UnsignedFile.Multi.Generic (1)
22:29:26.0006 0292 [ 60FBB29CCCE48B4C3A6517CAF42C3496 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
22:29:26.0021 0292 Accelerometer - ok
22:29:26.0099 0292 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:29:26.0115 0292 ACPI - ok
22:29:26.0255 0292 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:29:26.0255 0292 AdobeARMservice - ok
22:29:26.0411 0292 [ 9D96B0D5855FD1B98023B3EEC9F06786 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:29:26.0489 0292 AdobeFlashPlayerUpdateSvc - ok
22:29:26.0552 0292 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:29:26.0583 0292 adp94xx - ok
22:29:26.0614 0292 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:29:26.0630 0292 adpahci - ok
22:29:26.0645 0292 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:29:26.0661 0292 adpu160m - ok
22:29:26.0661 0292 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:29:26.0677 0292 adpu320 - ok
22:29:26.0723 0292 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:29:26.0864 0292 AeLookupSvc - ok
22:29:26.0973 0292 [ 7F66523A27754AFCFECAE2F5EB643A4A ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe
22:29:27.0051 0292 AESTFilters - ok
22:29:27.0145 0292 [ 12415CCFD3E7CEC55B5184E67B039FE4 ] AFD C:\Windows\system32\drivers\afd.sys
22:29:27.0207 0292 AFD - ok
22:29:27.0254 0292 [ 8FE65709982F2CB7D291F6C9B2C60805 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
22:29:27.0316 0292 AgereModemAudio - ok
22:29:27.0379 0292 [ 55FCDB10E31C22EB67454AAEF42B6725 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
22:29:27.0441 0292 AgereSoftModem - ok
22:29:27.0581 0292 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:29:27.0597 0292 agp440 - ok
22:29:27.0613 0292 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:29:27.0628 0292 aic78xx - ok
22:29:27.0691 0292 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
22:29:27.0878 0292 ALG - ok
22:29:27.0925 0292 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys
22:29:27.0925 0292 aliide - ok
22:29:27.0940 0292 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys
22:29:27.0940 0292 amdide - ok
22:29:27.0987 0292 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:29:28.0049 0292 AmdK8 - ok
22:29:28.0190 0292 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:29:28.0205 0292 AntiVirSchedulerService - ok
22:29:28.0268 0292 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:29:28.0283 0292 AntiVirService - ok
22:29:28.0361 0292 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
22:29:28.0377 0292 Appinfo - ok
22:29:28.0439 0292 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
22:29:28.0455 0292 arc - ok
22:29:28.0502 0292 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:29:28.0502 0292 arcsas - ok
22:29:28.0549 0292 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:29:28.0595 0292 AsyncMac - ok
22:29:28.0642 0292 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
22:29:28.0642 0292 atapi - ok
22:29:28.0673 0292 [ 54CA8AAC988B441A692311E3B584D944 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
22:29:28.0767 0292 Ati External Event Utility - ok
22:29:28.0892 0292 [ 4B42547AE95A31D0E1E200B68A6C7647 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:29:29.0625 0292 atikmdag - ok
22:29:29.0719 0292 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:29:29.0781 0292 AudioEndpointBuilder - ok
22:29:29.0812 0292 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:29:29.0828 0292 AudioSrv - ok
22:29:29.0968 0292 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:29:30.0140 0292 avgntflt - ok
22:29:30.0218 0292 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:29:30.0218 0292 avipbb - ok
22:29:30.0233 0292 Beep - ok
22:29:30.0311 0292 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
22:29:30.0374 0292 BFE - ok
22:29:30.0483 0292 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
22:29:30.0655 0292 BITS - ok
22:29:30.0686 0292 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:29:30.0748 0292 blbdrive - ok
22:29:30.0764 0292 [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:29:30.0826 0292 bowser - ok
22:29:30.0857 0292 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:29:30.0904 0292 BrFiltLo - ok
22:29:30.0935 0292 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:29:30.0967 0292 BrFiltUp - ok
22:29:31.0029 0292 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
22:29:31.0091 0292 Browser - ok
22:29:31.0123 0292 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
22:29:31.0294 0292 Brserid - ok
22:29:31.0325 0292 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:29:31.0419 0292 BrSerWdm - ok
22:29:31.0435 0292 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:29:31.0497 0292 BrUsbMdm - ok
22:29:31.0513 0292 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:29:31.0591 0292 BrUsbSer - ok
22:29:31.0669 0292 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
22:29:31.0715 0292 BthEnum - ok
22:29:31.0747 0292 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:29:31.0809 0292 BTHMODEM - ok
22:29:31.0840 0292 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:29:31.0903 0292 BthPan - ok
22:29:31.0996 0292 [ 2FF122EEB3A712FEDA238FB331F738B9 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
22:29:32.0059 0292 BTHPORT - ok
22:29:32.0152 0292 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
22:29:32.0215 0292 BthServ - ok
22:29:32.0261 0292 [ 2B668E7C1616C0E931714272934C678B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
22:29:32.0293 0292 BTHUSB - ok
22:29:32.0355 0292 [ 0C5D9C8B412BE72C4535EC67A24C01DB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:29:32.0355 0292 btwaudio - ok
22:29:32.0371 0292 [ DF18E4291C43BED05B1D0C2D5C0E96D6 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
22:29:32.0386 0292 btwavdt - ok
22:29:32.0402 0292 [ 637A44C54520A9958E2E5E3EE9E26C4A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:29:32.0402 0292 btwrchid - ok
22:29:32.0417 0292 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:29:32.0480 0292 cdfs - ok
22:29:32.0542 0292 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:29:32.0589 0292 cdrom - ok
22:29:32.0667 0292 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
22:29:32.0714 0292 CertPropSvc - ok
22:29:32.0745 0292 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:29:32.0792 0292 circlass - ok
22:29:32.0823 0292 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
22:29:32.0854 0292 CLFS - ok
22:29:32.0948 0292 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:29:32.0963 0292 clr_optimization_v2.0.50727_32 - ok
22:29:32.0995 0292 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:29:33.0010 0292 clr_optimization_v2.0.50727_64 - ok
22:29:33.0057 0292 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:29:33.0104 0292 CmBatt - ok
22:29:33.0135 0292 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:29:33.0135 0292 cmdide - ok
22:29:33.0213 0292 [ 12E94E225BD7B05A2BCCD5C0B841E921 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:29:33.0229 0292 Com4QLBEx - ok
22:29:33.0229 0292 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:29:33.0244 0292 Compbatt - ok
22:29:33.0244 0292 COMSysApp - ok
22:29:33.0260 0292 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:29:33.0260 0292 crcdisk - ok
22:29:33.0353 0292 [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:29:33.0385 0292 CryptSvc - ok
22:29:33.0478 0292 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:29:33.0541 0292 DcomLaunch - ok
22:29:33.0634 0292 [ 36CD31121F228E7E79BAE60AA45764C6 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:29:33.0681 0292 DfsC - ok
22:29:33.0790 0292 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
22:29:34.0009 0292 DFSR - ok
22:29:34.0071 0292 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:29:34.0118 0292 Dhcp - ok
22:29:34.0180 0292 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
22:29:34.0180 0292 disk - ok
22:29:34.0258 0292 [ 21D16B37257370975C7457C3A5EFA530 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:29:34.0305 0292 Dnscache - ok
22:29:34.0352 0292 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
22:29:34.0399 0292 dot3svc - ok
22:29:34.0430 0292 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
22:29:34.0492 0292 DPS - ok
22:29:34.0539 0292 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:29:34.0586 0292 drmkaud - ok
22:29:34.0648 0292 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:29:34.0695 0292 DXGKrnl - ok
22:29:34.0789 0292 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:29:34.0835 0292 E1G60 - ok
22:29:34.0882 0292 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
22:29:34.0913 0292 EapHost - ok
22:29:34.0991 0292 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
22:29:35.0007 0292 Ecache - ok
22:29:35.0054 0292 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:29:35.0116 0292 ehRecvr - ok
22:29:35.0132 0292 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
22:29:35.0163 0292 ehSched - ok
22:29:35.0194 0292 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
22:29:35.0241 0292 ehstart - ok
22:29:35.0272 0292 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:29:35.0288 0292 elxstor - ok
22:29:35.0366 0292 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:29:35.0444 0292 EMDMgmt - ok
22:29:35.0459 0292 [ F218A3A27ED6592C0E22EC3595554447 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
22:29:35.0475 0292 enecir - ok
22:29:35.0506 0292 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:29:35.0553 0292 ErrDev - ok
22:29:35.0647 0292 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
22:29:35.0693 0292 EventSystem - ok
22:29:35.0787 0292 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
22:29:35.0834 0292 exfat - ok
22:29:35.0849 0292 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:29:35.0912 0292 fastfat - ok
22:29:35.0943 0292 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:29:35.0990 0292 fdc - ok
22:29:36.0021 0292 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
22:29:36.0083 0292 fdPHost - ok
22:29:36.0099 0292 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
22:29:36.0146 0292 FDResPub - ok
22:29:36.0161 0292 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:29:36.0161 0292 FileInfo - ok
22:29:36.0193 0292 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:29:36.0239 0292 Filetrace - ok
22:29:36.0395 0292 [ 869BDE240B7FE9C7B25BD80DF85641C8 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
22:29:36.0411 0292 FlipShare Service - ok
22:29:36.0567 0292 [ 9C330B7DDEE9492373041E75DA01F80C ] FlipShareServer C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
22:29:36.0661 0292 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
22:29:36.0661 0292 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
22:29:36.0707 0292 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:29:36.0754 0292 flpydisk - ok
22:29:36.0817 0292 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:29:36.0817 0292 FltMgr - ok
22:29:36.0926 0292 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache C:\Windows\system32\FntCache.dll
22:29:37.0004 0292 FontCache - ok
22:29:37.0082 0292 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:29:37.0097 0292 FontCache3.0.0.0 - ok
22:29:37.0113 0292 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:29:37.0160 0292 Fs_Rec - ok
22:29:37.0191 0292 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:29:37.0207 0292 gagp30kx - ok
22:29:37.0253 0292 [ 2E7E49077C7BBEB2947BD6D03C8454B5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
22:29:37.0269 0292 GameConsoleService - ok
22:29:37.0347 0292 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
22:29:37.0394 0292 gpsvc - ok
22:29:37.0487 0292 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:29:37.0503 0292 HdAudAddService - ok
22:29:37.0581 0292 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:29:37.0628 0292 HDAudBus - ok
22:29:37.0675 0292 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:29:37.0753 0292 HidBth - ok
22:29:37.0815 0292 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:29:37.0846 0292 HidIr - ok
22:29:37.0893 0292 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
22:29:37.0955 0292 hidserv - ok
22:29:38.0002 0292 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:29:38.0033 0292 HidUsb - ok
22:29:38.0065 0292 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
22:29:38.0111 0292 hkmsvc - ok
22:29:38.0158 0292 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
22:29:38.0189 0292 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
22:29:38.0189 0292 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
22:29:38.0236 0292 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:29:38.0252 0292 HpCISSs - ok
22:29:38.0299 0292 [ 4A435CA815A54639CA09DDF75D751EBC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
22:29:38.0299 0292 hpdskflt - ok
22:29:38.0314 0292 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:29:38.0361 0292 HpqKbFiltr - ok
22:29:38.0408 0292 [ 188FF0ADF66768D53AD94F43972E1E9A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
22:29:38.0423 0292 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
22:29:38.0423 0292 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
22:29:38.0439 0292 [ 6BF024EA61D7894BF4AF0B10A90B546E ] hpsrv C:\Windows\system32\Hpservice.exe
22:29:38.0486 0292 hpsrv - ok
22:29:38.0564 0292 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:29:38.0595 0292 HTTP - ok
22:29:38.0626 0292 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:29:38.0642 0292 i2omp - ok
22:29:38.0673 0292 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:29:38.0689 0292 i8042prt - ok
22:29:38.0735 0292 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:29:38.0751 0292 iaStorV - ok
22:29:38.0798 0292 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:29:38.0829 0292 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:29:38.0829 0292 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:29:38.0923 0292 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:29:38.0969 0292 idsvc - ok
22:29:39.0001 0292 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:29:39.0016 0292 iirsp - ok
22:29:39.0079 0292 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
22:29:39.0125 0292 IKEEXT - ok
22:29:39.0157 0292 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys
22:29:39.0172 0292 intelide - ok
22:29:39.0188 0292 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:29:39.0235 0292 intelppm - ok
22:29:39.0281 0292 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:29:39.0297 0292 IPBusEnum - ok
22:29:39.0359 0292 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:29:39.0406 0292 IpFilterDriver - ok
22:29:39.0437 0292 [ CD033D871A83E918B14F43F7E7590819 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:29:39.0469 0292 iphlpsvc - ok
22:29:39.0484 0292 IpInIp - ok
22:29:39.0515 0292 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:29:39.0578 0292 IPMIDRV - ok
22:29:39.0609 0292 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:29:39.0656 0292 IPNAT - ok
22:29:39.0671 0292 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:29:39.0718 0292 IRENUM - ok
22:29:39.0749 0292 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:29:39.0765 0292 isapnp - ok
22:29:39.0827 0292 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:29:39.0827 0292 iScsiPrt - ok
22:29:39.0843 0292 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:29:39.0843 0292 iteatapi - ok
22:29:39.0859 0292 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:29:39.0859 0292 iteraid - ok
22:29:39.0905 0292 [ 54DF9EAFB54A98E1A2AC3DB69C16CF05 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
22:29:39.0937 0292 JMCR - ok
22:29:39.0952 0292 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:29:39.0968 0292 kbdclass - ok
22:29:40.0030 0292 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:29:40.0061 0292 kbdhid - ok
22:29:40.0124 0292 [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso C:\Windows\system32\lsass.exe
22:29:40.0171 0292 KeyIso - ok
22:29:40.0249 0292 [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:29:40.0264 0292 KSecDD - ok
22:29:40.0327 0292 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:29:40.0358 0292 ksthunk - ok
22:29:40.0405 0292 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
22:29:40.0483 0292 KtmRm - ok
22:29:40.0592 0292 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:29:40.0639 0292 LanmanServer - ok
22:29:40.0685 0292 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:29:40.0748 0292 LanmanWorkstation - ok
22:29:40.0826 0292 [ AC2E68E3421AF857B8D438414E7AE31C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:29:40.0857 0292 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:29:40.0857 0292 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:29:40.0888 0292 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:29:40.0951 0292 lltdio - ok
22:29:40.0982 0292 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:29:41.0029 0292 lltdsvc - ok
22:29:41.0060 0292 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:29:41.0107 0292 lmhosts - ok
22:29:41.0153 0292 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:29:41.0153 0292 LSI_FC - ok
22:29:41.0169 0292 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:29:41.0185 0292 LSI_SAS - ok
22:29:41.0200 0292 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:29:41.0216 0292 LSI_SCSI - ok
22:29:41.0216 0292 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
22:29:41.0247 0292 luafv - ok
22:29:41.0263 0292 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:29:41.0294 0292 Mcx2Svc - ok
22:29:41.0325 0292 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
22:29:41.0341 0292 megasas - ok
22:29:41.0387 0292 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:29:41.0403 0292 MegaSR - ok
22:29:41.0450 0292 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
22:29:41.0497 0292 MMCSS - ok
22:29:41.0528 0292 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
22:29:41.0543 0292 Modem - ok
22:29:41.0575 0292 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:29:41.0621 0292 monitor - ok
22:29:41.0653 0292 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:29:41.0653 0292 mouclass - ok
22:29:41.0684 0292 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:29:41.0715 0292 mouhid - ok
22:29:41.0731 0292 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:29:41.0746 0292 MountMgr - ok
22:29:41.0840 0292 [ 338037EFA0E8E8699B2667D57B751574 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:29:41.0840 0292 MozillaMaintenance - ok
22:29:41.0855 0292 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
22:29:41.0871 0292 mpio - ok
22:29:41.0887 0292 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:29:41.0933 0292 mpsdrv - ok
22:29:41.0996 0292 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
22:29:42.0043 0292 MpsSvc - ok
22:29:42.0105 0292 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:29:42.0105 0292 Mraid35x - ok
22:29:42.0121 0292 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:29:42.0152 0292 MRxDAV - ok
22:29:42.0183 0292 [ D58D129E26705E83A4DEBA7177EB7972 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:29:42.0230 0292 mrxsmb - ok
22:29:42.0261 0292 [ D5BE5C14E0F1DC489F5BB2A67983F630 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:29:42.0292 0292 mrxsmb10 - ok
22:29:42.0323 0292 [ 09A2990C3B293C212816C9BC0D7C200E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:29:42.0370 0292 mrxsmb20 - ok
22:29:42.0448 0292 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
22:29:42.0448 0292 msahci - ok
22:29:42.0495 0292 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:29:42.0495 0292 msdsm - ok
22:29:42.0526 0292 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
22:29:42.0573 0292 MSDTC - ok
22:29:42.0573 0292 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:29:42.0604 0292 Msfs - ok
22:29:42.0651 0292 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:29:42.0651 0292 msisadrv - ok
22:29:42.0682 0292 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:29:42.0729 0292 MSiSCSI - ok
22:29:42.0729 0292 msiserver - ok
22:29:42.0760 0292 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:29:42.0791 0292 MSKSSRV - ok
22:29:42.0823 0292 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:29:42.0869 0292 MSPCLOCK - ok
22:29:42.0901 0292 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:29:42.0947 0292 MSPQM - ok
22:29:43.0010 0292 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:29:43.0025 0292 MsRPC - ok
22:29:43.0041 0292 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:29:43.0041 0292 mssmbios - ok
22:29:43.0057 0292 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:29:43.0103 0292 MSTEE - ok
22:29:43.0197 0292 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
22:29:43.0213 0292 Mup - ok
22:29:43.0275 0292 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
22:29:43.0306 0292 napagent - ok
22:29:43.0400 0292 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:29:43.0415 0292 NativeWifiP - ok
22:29:43.0509 0292 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:29:43.0525 0292 NDIS - ok
22:29:43.0556 0292 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:29:43.0587 0292 NdisTapi - ok
22:29:43.0603 0292 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:29:43.0618 0292 Ndisuio - ok
22:29:43.0634 0292 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:29:43.0681 0292 NdisWan - ok
22:29:43.0712 0292 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:29:43.0743 0292 NDProxy - ok
22:29:43.0759 0292 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:29:43.0790 0292 NetBIOS - ok
22:29:43.0852 0292 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:29:43.0868 0292 netbt - ok
22:29:43.0883 0292 [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon C:\Windows\system32\lsass.exe
22:29:43.0899 0292 Netlogon - ok
22:29:43.0915 0292 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
22:29:43.0977 0292 Netman - ok
22:29:43.0993 0292 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
22:29:44.0055 0292 netprofm - ok
22:29:44.0102 0292 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:29:44.0117 0292 NetTcpPortSharing - ok
22:29:44.0242 0292 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys
22:29:44.0398 0292 NETw3v64 - ok
22:29:44.0539 0292 [ BFBD278F8C9BCEC693345759AC278E14 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
22:29:45.0116 0292 NETw5v64 - ok
22:29:45.0131 0292 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:29:45.0147 0292 nfrd960 - ok
22:29:45.0178 0292 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
22:29:45.0225 0292 NlaSvc - ok
22:29:45.0272 0292 nosGetPlusHelper - ok
22:29:45.0334 0292 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:29:45.0381 0292 Npfs - ok
22:29:45.0428 0292 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
22:29:45.0475 0292 nsi - ok
22:29:45.0506 0292 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:29:45.0553 0292 nsiproxy - ok
22:29:45.0631 0292 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:29:45.0693 0292 Ntfs - ok
22:29:45.0740 0292 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
22:29:45.0787 0292 Null - ok
22:29:45.0818 0292 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:29:45.0833 0292 nvraid - ok
22:29:45.0880 0292 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:29:45.0896 0292 nvstor - ok
22:29:45.0896 0292 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:29:45.0911 0292 nv_agp - ok
22:29:45.0911 0292 NwlnkFlt - ok
22:29:45.0927 0292 NwlnkFwd - ok
22:29:45.0958 0292 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:29:45.0974 0292 odserv - ok
22:29:46.0083 0292 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:29:46.0130 0292 ohci1394 - ok
22:29:46.0208 0292 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:29:46.0223 0292 ose - ok
22:29:46.0317 0292 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:29:46.0395 0292 p2pimsvc - ok
22:29:46.0426 0292 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
22:29:46.0442 0292 p2psvc - ok
22:29:46.0489 0292 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
22:29:46.0567 0292 Parport - ok
22:29:46.0629 0292 [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:29:46.0629 0292 partmgr - ok
22:29:46.0660 0292 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
22:29:46.0723 0292 PcaSvc - ok
22:29:46.0816 0292 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
22:29:46.0816 0292 pci - ok
22:29:46.0847 0292 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys
22:29:46.0847 0292 pciide - ok
22:29:46.0863 0292 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:29:46.0879 0292 pcmcia - ok
22:29:46.0910 0292 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:29:47.0003 0292 PEAUTH - ok
22:29:47.0050 0292 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:29:47.0159 0292 PerfHost - ok
22:29:47.0237 0292 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
22:29:47.0284 0292 pla - ok
22:29:47.0347 0292 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:29:47.0393 0292 PlugPlay - ok
22:29:47.0440 0292 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:29:47.0456 0292 PNRPAutoReg - ok
22:29:47.0518 0292 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:29:47.0549 0292 PNRPsvc - ok
22:29:47.0627 0292 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:29:47.0674 0292 PolicyAgent - ok
22:29:47.0768 0292 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:29:47.0783 0292 PptpMiniport - ok
22:29:47.0815 0292 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
22:29:47.0861 0292 Processor - ok
22:29:47.0893 0292 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
22:29:47.0939 0292 ProfSvc - ok
22:29:47.0971 0292 [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:29:47.0971 0292 ProtectedStorage - ok
22:29:48.0064 0292 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:29:48.0080 0292 PSched - ok
22:29:48.0127 0292 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:29:48.0189 0292 ql2300 - ok
22:29:48.0220 0292 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:29:48.0236 0292 ql40xx - ok
22:29:48.0251 0292 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
22:29:48.0298 0292 QWAVE - ok
22:29:48.0329 0292 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:29:48.0361 0292 QWAVEdrv - ok
22:29:48.0376 0292 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:29:48.0423 0292 RasAcd - ok
22:29:48.0501 0292 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
22:29:48.0548 0292 RasAuto - ok
22:29:48.0610 0292 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:29:48.0657 0292 Rasl2tp - ok
22:29:48.0704 0292 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
22:29:48.0735 0292 RasMan - ok
22:29:48.0766 0292 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:29:48.0797 0292 RasPppoe - ok
22:29:48.0829 0292 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:29:48.0860 0292 RasSstp - ok
22:29:48.0891 0292 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:29:48.0907 0292 rdbss - ok
22:29:48.0938 0292 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:29:48.0969 0292 RDPCDD - ok
22:29:49.0000 0292 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:29:49.0047 0292 rdpdr - ok
22:29:49.0047 0292 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:29:49.0094 0292 RDPENCDD - ok
22:29:49.0141 0292 [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:29:49.0187 0292 RDPWD - ok
22:29:49.0234 0292 [ BC0A4D47472B042537F4E57B950415FA ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
22:29:49.0250 0292 Recovery Service for Windows - ok
22:29:49.0281 0292 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:29:49.0328 0292 RemoteAccess - ok
22:29:49.0406 0292 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:29:49.0421 0292 RemoteRegistry - ok
22:29:49.0484 0292 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:29:49.0531 0292 RFCOMM - ok
22:29:49.0624 0292 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:29:49.0655 0292 RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:29:49.0655 0292 RichVideo - detected UnsignedFile.Multi.Generic (1)
22:29:49.0702 0292 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
22:29:49.0749 0292 RpcLocator - ok
22:29:49.0780 0292 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
22:29:49.0811 0292 RpcSs - ok
22:29:49.0827 0292 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:29:49.0874 0292 rspndr - ok
22:29:49.0936 0292 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
22:29:49.0983 0292 RTL8169 - ok
22:29:49.0999 0292 [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs C:\Windows\system32\lsass.exe
22:29:50.0014 0292 SamSs - ok
22:29:50.0139 0292 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:29:50.0139 0292 SASDIFSV - ok
22:29:50.0155 0292 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:29:50.0155 0292 SASKUTIL - ok
22:29:50.0186 0292 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:29:50.0186 0292 sbp2port - ok
22:29:50.0264 0292 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:29:50.0279 0292 SCardSvr - ok
22:29:50.0357 0292 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
22:29:50.0389 0292 Schedule - ok
22:29:50.0451 0292 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:29:50.0467 0292 SCPolicySvc - ok
22:29:50.0545 0292 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:29:50.0576 0292 sdbus - ok
22:29:50.0623 0292 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:29:50.0638 0292 SDRSVC - ok
22:29:50.0654 0292 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:29:50.0732 0292 secdrv - ok
22:29:50.0763 0292 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
22:29:50.0810 0292 seclogon - ok
22:29:50.0825 0292 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
22:29:50.0857 0292 SENS - ok
22:29:50.0888 0292 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:29:50.0935 0292 Serenum - ok
22:29:50.0966 0292 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
22:29:51.0028 0292 Serial - ok
22:29:51.0059 0292 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:29:51.0091 0292 sermouse - ok
22:29:51.0122 0292 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
22:29:51.0153 0292 SessionEnv - ok
22:29:51.0184 0292 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:29:51.0231 0292 sffdisk - ok
22:29:51.0247 0292 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:29:51.0293 0292 sffp_mmc - ok
22:29:51.0309 0292 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:29:51.0356 0292 sffp_sd - ok
22:29:51.0371 0292 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:29:51.0418 0292 sfloppy - ok
22:29:51.0465 0292 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:29:51.0496 0292 SharedAccess - ok
22:29:51.0559 0292 [ 2AD15758174DCC7993FF3C00A955DD66 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:29:51.0605 0292 ShellHWDetection - ok
22:29:51.0637 0292 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:29:51.0652 0292 SiSRaid2 - ok
22:29:51.0652 0292 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:29:51.0668 0292 SiSRaid4 - ok
22:29:51.0777 0292 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
22:29:51.0855 0292 slsvc - ok
22:29:51.0902 0292 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:29:51.0949 0292 SLUINotify - ok
22:29:51.0964 0292 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:29:52.0011 0292 Smb - ok
22:29:52.0073 0292 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:29:52.0089 0292 SNMPTRAP - ok
22:29:52.0136 0292 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
22:29:52.0151 0292 spldr - ok
22:29:52.0229 0292 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
22:29:52.0292 0292 Spooler - ok
22:29:52.0354 0292 [ 8CD33A47CA02C79038B669F31F95BDAC ] srv C:\Windows\system32\DRIVERS\srv.sys
22:29:52.0401 0292 srv - ok
22:29:52.0463 0292 [ 1BEDF533096C56E70F87E3E3EE02CAF5 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:29:52.0495 0292 srv2 - ok
22:29:52.0526 0292 [ 2B8C340F830C465F514D966F7E6A822F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:29:52.0541 0292 srvnet - ok
22:29:52.0557 0292 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:29:52.0619 0292 SSDPSRV - ok
22:29:52.0697 0292 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:29:52.0729 0292 SstpSvc - ok
22:29:52.0807 0292 [ A400C503B256CD7C8289B2A943370415 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe
22:29:52.0838 0292 STacSV - ok
22:29:52.0885 0292 [ 0C2BF91CDC0575F5713A4D2D5118BC06 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
22:29:52.0900 0292 STHDA - ok
22:29:52.0994 0292 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
22:29:53.0025 0292 stisvc - ok
22:29:53.0072 0292 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:29:53.0072 0292 swenum - ok
22:29:53.0134 0292 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
22:29:53.0181 0292 swprv - ok
22:29:53.0228 0292 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:29:53.0243 0292 Symc8xx - ok
22:29:53.0243 0292 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:29:53.0259 0292 Sym_hi - ok
22:29:53.0290 0292 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:29:53.0290 0292 Sym_u3 - ok
22:29:53.0321 0292 [ 5BFCF934891022E15404BEFE0F5ECE9F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:29:53.0337 0292 SynTP - ok
22:29:53.0399 0292 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
22:29:53.0462 0292 SysMain - ok
22:29:53.0524 0292 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:29:53.0555 0292 TabletInputService - ok
22:29:53.0618 0292 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:29:53.0680 0292 TapiSrv - ok
22:29:53.0711 0292 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
22:29:53.0774 0292 TBS - ok
22:29:53.0867 0292 [ 973658A2EA9C06B2976884B9046DFC6C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:29:53.0930 0292 Tcpip - ok
22:29:53.0992 0292 [ 973658A2EA9C06B2976884B9046DFC6C ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:29:54.0039 0292 Tcpip6 - ok
22:29:54.0101 0292 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:29:54.0164 0292 tcpipreg - ok
22:29:54.0195 0292 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:29:54.0242 0292 TDPIPE - ok
22:29:54.0257 0292 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:29:54.0304 0292 TDTCP - ok
22:29:54.0351 0292 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:29:54.0382 0292 tdx - ok
22:29:54.0398 0292 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:29:54.0398 0292 TermDD - ok
22:29:54.0476 0292 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
22:29:54.0491 0292 TermService - ok
22:29:54.0523 0292 [ 2AD15758174DCC7993FF3C00A955DD66 ] Themes C:\Windows\system32\shsvcs.dll
22:29:54.0554 0292 Themes - ok
22:29:54.0569 0292 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
22:29:54.0601 0292 THREADORDER - ok
22:29:54.0616 0292 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
22:29:54.0679 0292 TrkWks - ok
22:29:54.0757 0292 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:29:54.0772 0292 TrustedInstaller - ok
22:29:54.0788 0292 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:29:54.0819 0292 tssecsrv - ok
22:29:54.0881 0292 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:29:54.0913 0292 tunmp - ok
22:29:54.0928 0292 [ F6A4FBA7C03AC2EFD00F3301C0C1E067 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:29:54.0975 0292 tunnel - ok
22:29:55.0100 0292 [ 862E9DEC4B802DD58D897A151A17C527 ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
22:29:55.0115 0292 TVCapSvc - ok
22:29:55.0131 0292 [ 5DCE4656BF1EBA4EB475D192F23B0B56 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
22:29:55.0131 0292 TVSched - ok
22:29:55.0162 0292 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:29:55.0178 0292 uagp35 - ok
22:29:55.0209 0292 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:29:55.0240 0292 udfs - ok
22:29:55.0287 0292 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:29:55.0334 0292 UI0Detect - ok
22:29:55.0365 0292 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:29:55.0381 0292 uliagpkx - ok
22:29:55.0412 0292 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:29:55.0427 0292 uliahci - ok
22:29:55.0443 0292 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:29:55.0459 0292 UlSata - ok
22:29:55.0474 0292 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:29:55.0474 0292 ulsata2 - ok
22:29:55.0490 0292 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:29:55.0521 0292 umbus - ok
22:29:55.0537 0292 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
22:29:55.0583 0292 upnphost - ok
22:29:55.0646 0292 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:29:55.0677 0292 usbccgp - ok
22:29:55.0708 0292 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:29:55.0755 0292 usbcir - ok
22:29:55.0817 0292 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:29:55.0849 0292 usbehci - ok
22:29:55.0911 0292 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:29:55.0942 0292 usbhub - ok
22:29:56.0005 0292 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:29:56.0067 0292 usbohci - ok
22:29:56.0114 0292 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:29:56.0145 0292 usbprint - ok
22:29:56.0192 0292 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:29:56.0223 0292 usbscan - ok
22:29:56.0270 0292 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:29:56.0317 0292 USBSTOR - ok
22:29:56.0348 0292 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:29:56.0379 0292 usbuhci - ok
22:29:56.0426 0292 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:29:56.0488 0292 usbvideo - ok
22:29:56.0535 0292 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
22:29:56.0582 0292 UxSms - ok
22:29:56.0613 0292 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
22:29:56.0660 0292 vds - ok
22:29:56.0707 0292 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:29:56.0738 0292 vga - ok
22:29:56.0753 0292 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:29:56.0800 0292 VgaSave - ok
22:29:56.0831 0292 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys
22:29:56.0847 0292 viaide - ok
22:29:56.0909 0292 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:29:56.0925 0292 volmgr - ok
22:29:56.0987 0292 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:29:57.0003 0292 volmgrx - ok
22:29:57.0081 0292 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:29:57.0097 0292 volsnap - ok
22:29:57.0112 0292 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:29:57.0128 0292 vsmraid - ok
22:29:57.0159 0292 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
22:29:57.0221 0292 VSS - ok
22:29:57.0253 0292 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
22:29:57.0284 0292 W32Time - ok
22:29:57.0315 0292 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:29:57.0362 0292 WacomPen - ok
22:29:57.0455 0292 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:29:57.0487 0292 Wanarp - ok
22:29:57.0487 0292 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:29:57.0518 0292 Wanarpv6 - ok
22:29:57.0549 0292 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:29:57.0596 0292 wcncsvc - ok
22:29:57.0658 0292 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:29:57.0689 0292 WcsPlugInService - ok
22:29:57.0721 0292 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
22:29:57.0736 0292 Wd - ok
22:29:57.0814 0292 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
22:29:57.0861 0292 WDC_SAM - ok
22:29:57.0908 0292 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:29:57.0939 0292 Wdf01000 - ok
22:29:57.0986 0292 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:29:58.0033 0292 WdiServiceHost - ok
22:29:58.0033 0292 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:29:58.0064 0292 WdiSystemHost - ok
22:29:58.0173 0292 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
22:29:58.0235 0292 WebClient - ok
22:29:58.0282 0292 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:29:58.0345 0292 Wecsvc - ok
22:29:58.0376 0292 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:29:58.0423 0292 wercplsupport - ok
22:29:58.0438 0292 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
22:29:58.0485 0292 WerSvc - ok
22:29:58.0501 0292 WinDefend - ok
22:29:58.0516 0292 WinHttpAutoProxySvc - ok
22:29:58.0594 0292 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:29:58.0641 0292 Winmgmt - ok
22:29:58.0735 0292 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
22:29:58.0766 0292 WinRM - ok
22:29:58.0875 0292 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:29:58.0937 0292 Wlansvc - ok
22:29:58.0969 0292 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:29:58.0984 0292 WmiAcpi - ok
22:29:59.0062 0292 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:29:59.0078 0292 wmiApSrv - ok
22:29:59.0093 0292 WMPNetworkSvc - ok
22:29:59.0109 0292 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:29:59.0171 0292 WPCSvc - ok
22:29:59.0203 0292 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:29:59.0234 0292 WPDBusEnum - ok
22:29:59.0312 0292 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:29:59.0327 0292 WpdUsb - ok
22:29:59.0374 0292 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:29:59.0405 0292 ws2ifsl - ok
22:29:59.0452 0292 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
22:29:59.0483 0292 wscsvc - ok
22:29:59.0483 0292 WSearch - ok
22:29:59.0593 0292 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:29:59.0686 0292 wuauserv - ok
22:29:59.0749 0292 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:29:59.0795 0292 WUDFRd - ok
22:29:59.0827 0292 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:29:59.0873 0292 wudfsvc - ok
22:29:59.0967 0292 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:29:59.0998 0292 YahooAUService - ok
22:30:00.0029 0292 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
22:30:00.0092 0292 yukonx64 - ok
22:30:00.0139 0292 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
22:30:00.0154 0292 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
22:30:00.0170 0292 ================ Scan global ===============================
22:30:00.0217 0292 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
22:30:00.0279 0292 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll
22:30:00.0310 0292 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll
22:30:00.0373 0292 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
22:30:00.0373 0292 [Global] - ok
22:30:00.0373 0292 ================ Scan MBR ==================================
22:30:00.0388 0292 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
22:30:00.0794 0292 \Device\Harddisk0\DR0 - ok
22:30:00.0794 0292 ================ Scan VBR ==================================
22:30:00.0794 0292 [ 1349200D4DA9910E61661D0F8A4FED02 ] \Device\Harddisk0\DR0\Partition1
22:30:00.0809 0292 \Device\Harddisk0\DR0\Partition1 - ok
22:30:00.0809 0292 [ D10B88BBEB2787637748A66FB5FDF5EC ] \Device\Harddisk0\DR0\Partition2
22:30:00.0809 0292 \Device\Harddisk0\DR0\Partition2 - ok
22:30:00.0809 0292 ================ Scan active images ========================
22:30:00.0809 0292 [ 4F4E1093ADFBAE48544DA6E7CCF09FE4 ] C:\Windows\System32\drivers\crashdmp.sys
22:30:00.0809 0292 C:\Windows\System32\drivers\crashdmp.sys - ok
22:30:00.0809 0292 [ 7E7270D67964C9EDDE6BFDAAC07B7999 ] C:\Windows\System32\drivers\Dumpata.sys
22:30:00.0809 0292 C:\Windows\System32\drivers\Dumpata.sys - ok
22:30:00.0825 0292 [ AA459F2AB3AB603C357FF117CAE3D818 ] C:\Windows\System32\drivers\msahci.sys
22:30:00.0825 0292 C:\Windows\System32\drivers\msahci.sys - ok
22:30:00.0825 0292 [ F6A4FBA7C03AC2EFD00F3301C0C1E067 ] C:\Windows\System32\drivers\tunnel.sys
22:30:00.0825 0292 C:\Windows\System32\drivers\tunnel.sys - ok
22:30:00.0825 0292 [ 89EC74A9E602D16A75A4170511029B3C ] C:\Windows\System32\drivers\TUNMP.SYS
22:30:00.0825 0292 C:\Windows\System32\drivers\TUNMP.SYS - ok
22:30:00.0825 0292 [ F942C5820205F2FB453243EDFEC82A3D ] C:\Windows\System32\drivers\hdaudbus.sys
22:30:00.0825 0292 C:\Windows\System32\drivers\hdaudbus.sys - ok
22:30:00.0841 0292 [ A60FDA63F3901AE49C244FF988427A9C ] C:\Windows\System32\drivers\usbport.sys
22:30:00.0841 0292 C:\Windows\System32\drivers\usbport.sys - ok
22:30:00.0841 0292 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] C:\Windows\System32\drivers\usbuhci.sys
22:30:00.0841 0292 C:\Windows\System32\drivers\usbuhci.sys - ok
22:30:00.0841 0292 [ 827E44DE934A736EA31E91D353EB126F ] C:\Windows\System32\drivers\usbehci.sys
22:30:00.0841 0292 C:\Windows\System32\drivers\usbehci.sys - ok
22:30:00.0856 0292 [ BFBD278F8C9BCEC693345759AC278E14 ] C:\Windows\System32\drivers\NETw5v64.sys
22:30:00.0856 0292 C:\Windows\System32\drivers\NETw5v64.sys - ok
22:30:00.0856 0292 [ 4BA7814D6067E313A8713CAEB7239594 ] C:\Windows\System32\drivers\1394bus.sys
22:30:00.0856 0292 C:\Windows\System32\drivers\1394bus.sys - ok
22:30:00.0856 0292 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] C:\Windows\System32\drivers\ohci1394.sys
22:30:00.0856 0292 C:\Windows\System32\drivers\ohci1394.sys - ok
22:30:00.0856 0292 [ CBB597659A2713CE0C9CC20C88C7591F ] C:\Windows\System32\drivers\i8042prt.sys
22:30:00.0856 0292 C:\Windows\System32\drivers\i8042prt.sys - ok
22:30:00.0872 0292 [ 0ECC54FD34D6A089C300846B011E81D6 ] C:\Windows\System32\drivers\HpqKbFiltr.sys
22:30:00.0872 0292 C:\Windows\System32\drivers\HpqKbFiltr.sys - ok
22:30:00.0872 0292 [ 423696F3BA6472DD17699209B933BC26 ] C:\Windows\System32\drivers\kbdclass.sys
22:30:00.0872 0292 C:\Windows\System32\drivers\kbdclass.sys - ok
22:30:00.0872 0292 [ 5BFCF934891022E15404BEFE0F5ECE9F ] C:\Windows\System32\drivers\SynTP.sys
22:30:00.0872 0292 C:\Windows\System32\drivers\SynTP.sys - ok
22:30:00.0887 0292 [ 4C01941132AF4405D43668302CC59D2F ] C:\Windows\System32\drivers\usbd.sys
22:30:00.0887 0292 C:\Windows\System32\drivers\usbd.sys - ok
22:30:00.0887 0292 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] C:\Windows\System32\drivers\mouclass.sys
22:30:00.0887 0292 C:\Windows\System32\drivers\mouclass.sys - ok
22:30:00.0887 0292 [ F218A3A27ED6592C0E22EC3595554447 ] C:\Windows\System32\drivers\enecir.sys
22:30:00.0887 0292 C:\Windows\System32\drivers\enecir.sys - ok
22:30:00.0887 0292 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] C:\Windows\System32\drivers\cdrom.sys
22:30:00.0887 0292 C:\Windows\System32\drivers\cdrom.sys - ok
22:30:00.0903 0292 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] C:\Windows\System32\drivers\wmiacpi.sys
22:30:00.0903 0292 C:\Windows\System32\drivers\wmiacpi.sys - ok
22:30:00.0903 0292 [ 60FBB29CCCE48B4C3A6517CAF42C3496 ] C:\Windows\System32\drivers\Accelerometer.sys
22:30:00.0903 0292 C:\Windows\System32\drivers\Accelerometer.sys - ok
22:30:00.0903 0292 [ E4FDF99599F27EC25D2CF6D754243520 ] C:\Windows\System32\drivers\msiscsi.sys
22:30:00.0903 0292 C:\Windows\System32\drivers\msiscsi.sys - ok
22:30:00.0919 0292 [ C39A90534C5B1E28B8BC8B38A3900AFF ] C:\Windows\System32\drivers\tdi.sys
22:30:00.0919 0292 C:\Windows\System32\drivers\tdi.sys - ok
22:30:00.0919 0292 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] C:\Windows\System32\drivers\rasl2tp.sys
22:30:00.0919 0292 C:\Windows\System32\drivers\rasl2tp.sys - ok
22:30:00.0919 0292 [ 64DF698A425478E321981431AC171334 ] C:\Windows\System32\drivers\ndistapi.sys
22:30:00.0919 0292 C:\Windows\System32\drivers\ndistapi.sys - ok
22:30:00.0919 0292 [ F8158771905260982CE724076419EF19 ] C:\Windows\System32\drivers\ndiswan.sys
22:30:00.0919 0292 C:\Windows\System32\drivers\ndiswan.sys - ok
22:30:00.0934 0292 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] C:\Windows\System32\drivers\raspppoe.sys
22:30:00.0934 0292 C:\Windows\System32\drivers\raspppoe.sys - ok
22:30:00.0934 0292 [ 23386E9952025F5F21C368971E2E7301 ] C:\Windows\System32\drivers\raspptp.sys
22:30:00.0934 0292 C:\Windows\System32\drivers\raspptp.sys - ok
22:30:00.0934 0292 [ C6A593B51F34C33E5474539544072527 ] C:\Windows\System32\drivers\rassstp.sys
22:30:00.0934 0292 C:\Windows\System32\drivers\rassstp.sys - ok
22:30:00.0934 0292 [ 8C19678D22649EC002EF2282EAE92F98 ] C:\Windows\System32\drivers\termdd.sys
22:30:00.0934 0292 C:\Windows\System32\drivers\termdd.sys - ok
22:30:00.0950 0292 [ 6DF6A6E5642D97B07214B1FBED4A15B3 ] C:\Windows\System32\drivers\ks.sys
22:30:00.0950 0292 C:\Windows\System32\drivers\ks.sys - ok
22:30:00.0950 0292 [ 8A851CA908B8B974F89C50D2E18D4F0C ] C:\Windows\System32\drivers\swenum.sys
22:30:00.0950 0292 C:\Windows\System32\drivers\swenum.sys - ok
22:30:00.0950 0292 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] C:\Windows\System32\drivers\circlass.sys
22:30:00.0950 0292 C:\Windows\System32\drivers\circlass.sys - ok
22:30:00.0965 0292 [ 855796E59DF77EA93AF46F20155BF55B ] C:\Windows\System32\drivers\mssmbios.sys
22:30:00.0965 0292 C:\Windows\System32\drivers\mssmbios.sys - ok
22:30:00.0965 0292 [ 46E9A994C4FED537DD951F60B86AD3F4 ] C:\Windows\System32\drivers\umbus.sys
22:30:00.0965 0292 C:\Windows\System32\drivers\umbus.sys - ok
22:30:00.0965 0292 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] C:\Windows\System32\drivers\usbhub.sys
22:30:00.0965 0292 C:\Windows\System32\drivers\usbhub.sys - ok
22:30:00.0981 0292 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] C:\Windows\System32\drivers\ndproxy.sys
22:30:00.0981 0292 C:\Windows\System32\drivers\ndproxy.sys - ok
22:30:00.0981 0292 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] C:\Windows\System32\drivers\fs_rec.sys
22:30:00.0981 0292 C:\Windows\System32\drivers\fs_rec.sys - ok
22:30:00.0981 0292 [ DD5D684975352B85B52E3FD5347C20CB ] C:\Windows\System32\drivers\null.sys
22:30:00.0981 0292 C:\Windows\System32\drivers\null.sys - ok
22:30:00.0981 0292 [ B83AB16B51FEDA65DD81B8C59D114D63 ] C:\Windows\System32\drivers\vga.sys
22:30:00.0981 0292 C:\Windows\System32\drivers\vga.sys - ok
22:30:00.0997 0292 [ 84F9479F8BD5EF517E98CBBD8D3300F7 ] C:\Windows\System32\drivers\videoprt.sys
22:30:00.0997 0292 C:\Windows\System32\drivers\videoprt.sys - ok
22:30:00.0997 0292 [ 2F956EA22FCCE4C9F15C64175C891A1E ] C:\Windows\System32\drivers\watchdog.sys
22:30:00.0997 0292 C:\Windows\System32\drivers\watchdog.sys - ok
22:30:00.0997 0292 [ CAB9421DAF3D97B33D0D055858E2C3AB ] C:\Windows\System32\drivers\RDPENCDD.sys
22:30:00.0997 0292 C:\Windows\System32\drivers\RDPENCDD.sys - ok
22:30:00.0997 0292 [ 704F59BFC4512D2BB0146AEC31B10A7C ] C:\Windows\System32\drivers\msfs.sys
22:30:00.0997 0292 C:\Windows\System32\drivers\msfs.sys - ok
22:30:01.0012 0292 [ B298874F8E0EA93F06EC40AA8D146478 ] C:\Windows\System32\drivers\npfs.sys
22:30:01.0012 0292 C:\Windows\System32\drivers\npfs.sys - ok
22:30:01.0012 0292 [ 1013B3B663A56D3DDD784F581C1BD005 ] C:\Windows\System32\drivers\rasacd.sys
22:30:01.0012 0292 C:\Windows\System32\drivers\rasacd.sys - ok
22:30:01.0012 0292 [ 458919C8C42E398DC4802178D5FFEE27 ] C:\Windows\System32\drivers\tdx.sys
22:30:01.0012 0292 C:\Windows\System32\drivers\tdx.sys - ok
22:30:01.0028 0292 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] C:\Windows\System32\drivers\smb.sys
22:30:01.0028 0292 C:\Windows\System32\drivers\smb.sys - ok
22:30:01.0028 0292 [ 12415CCFD3E7CEC55B5184E67B039FE4 ] C:\Windows\System32\drivers\afd.sys
22:30:01.0028 0292 C:\Windows\System32\drivers\afd.sys - ok
22:30:01.0028 0292 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] C:\Windows\System32\drivers\netbt.sys
22:30:01.0028 0292 C:\Windows\System32\drivers\netbt.sys - ok
22:30:01.0043 0292 [ 07E3498FC60834219D2356293DA0FECC ] C:\Windows\System32\drivers\usbccgp.sys
22:30:01.0043 0292 C:\Windows\System32\drivers\usbccgp.sys - ok
22:30:01.0043 0292 [ 8A900348370E359B6BFF6A550E4649E1 ] C:\Windows\System32\drivers\ws2ifsl.sys
22:30:01.0043 0292 C:\Windows\System32\drivers\ws2ifsl.sys - ok
22:30:01.0043 0292 [ 70B7902B8DDD3C4B88AC3FC278A9B987 ] C:\Windows\System32\drivers\hidclass.sys
22:30:01.0043 0292 C:\Windows\System32\drivers\hidclass.sys - ok
22:30:01.0043 0292 [ B13C6930BE914AA433C320E01B0182F3 ] C:\Windows\System32\drivers\hidparse.sys
22:30:01.0043 0292 C:\Windows\System32\drivers\hidparse.sys - ok
22:30:01.0059 0292 [ 443BDD2D30BB4F00795C797E2CF99EDF ] C:\Windows\System32\drivers\hidusb.sys
22:30:01.0059 0292 C:\Windows\System32\drivers\hidusb.sys - ok
22:30:01.0059 0292 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] C:\Windows\System32\drivers\pacer.sys
22:30:01.0059 0292 C:\Windows\System32\drivers\pacer.sys - ok
22:30:01.0059 0292 [ DBDF75D51464FBC47D0104EC3D572C05 ] C:\Windows\System32\drivers\kbdhid.sys
22:30:01.0059 0292 C:\Windows\System32\drivers\kbdhid.sys - ok
22:30:01.0059 0292 [ A499294F5029A7862ADC115BDA7371CE ] C:\Windows\System32\drivers\netbios.sys
22:30:01.0059 0292 C:\Windows\System32\drivers\netbios.sys - ok
22:30:01.0075 0292 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] C:\Windows\System32\drivers\rdbss.sys
22:30:01.0075 0292 C:\Windows\System32\drivers\rdbss.sys - ok
22:30:01.0075 0292 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] C:\Windows\System32\drivers\mouhid.sys
22:30:01.0075 0292 C:\Windows\System32\drivers\mouhid.sys - ok
22:30:01.0075 0292 [ 1523AF19EE8B030BA682F7A53537EAEB ] C:\Windows\System32\drivers\nsiproxy.sys
22:30:01.0075 0292 C:\Windows\System32\drivers\nsiproxy.sys - ok
22:30:01.0090 0292 [ 36CD31121F228E7E79BAE60AA45764C6 ] C:\Windows\System32\drivers\dfsc.sys
22:30:01.0090 0292 C:\Windows\System32\drivers\dfsc.sys - ok
22:30:01.0090 0292 [ E035492ACF0C65187A37DFB2D77734D9 ] C:\Windows\System32\ntdll.dll
22:30:01.0090 0292 C:\Windows\System32\ntdll.dll - ok
22:30:01.0090 0292 [ C17704EA5B0F83D78F1377075FFE1C89 ] C:\Windows\System32\smss.exe
22:30:01.0090 0292 C:\Windows\System32\smss.exe - ok
22:30:01.0106 0292 [ E24D4475713CB382A720D003BDDA9628 ] C:\Windows\System32\autochk.exe
22:30:01.0106 0292 C:\Windows\System32\autochk.exe - ok
22:30:01.0106 0292 [ BB8C4784AA400BDC3D51B6ACAA077E96 ] C:\Windows\System32\advapi32.dll
22:30:01.0106 0292 C:\Windows\System32\advapi32.dll - ok
22:30:01.0106 0292 [ 891E1D0DCDE747C8F1EE71E61EA193F5 ] C:\Windows\System32\lpk.dll
22:30:01.0106 0292 C:\Windows\System32\lpk.dll - ok
22:30:01.0106 0292 [ C669ABA2C3298B4B4F252EB6A5AE8964 ] C:\Windows\System32\gdi32.dll
22:30:01.0106 0292 C:\Windows\System32\gdi32.dll - ok
22:30:01.0121 0292 [ 271E8FB1354AA205A214F280A6766E30 ] C:\Windows\System32\wininet.dll
22:30:01.0121 0292 C:\Windows\System32\wininet.dll - ok
22:30:01.0121 0292 [ ADC1964755BB12485A15070A4D4F2697 ] C:\Windows\System32\Wldap32.dll
22:30:01.0121 0292 C:\Windows\System32\Wldap32.dll - ok
22:30:01.0121 0292 [ 533B3BA63E5DB49FC59A842A1DE3121F ] C:\Windows\System32\normaliz.dll
22:30:01.0121 0292 C:\Windows\System32\normaliz.dll - ok
22:30:01.0121 0292 [ 80F7948A361D45E0220B6027BB0CB660 ] C:\Windows\System32\imagehlp.dll
22:30:01.0121 0292 C:\Windows\System32\imagehlp.dll - ok
22:30:01.0137 0292 [ 1785F3FC389381B6F44F52011E47685E ] C:\Windows\System32\oleaut32.dll
22:30:01.0137 0292 C:\Windows\System32\oleaut32.dll - ok
22:30:01.0137 0292 [ 62C15795629FA290656C6A7E5CD25F52 ] C:\Windows\System32\imm32.dll
22:30:01.0137 0292 C:\Windows\System32\imm32.dll - ok
22:30:01.0137 0292 [ A1489655AB04BBB5290C3FC274D33E57 ] C:\Windows\System32\kernel32.dll
22:30:01.0137 0292 C:\Windows\System32\kernel32.dll - ok
22:30:01.0137 0292 [ 87CB61DF57FEC0948A26F9E671ADD81A ] C:\Windows\System32\msctf.dll
22:30:01.0137 0292 C:\Windows\System32\msctf.dll - ok
22:30:01.0153 0292 [ 8E0189219E941613B1512431604114E0 ] C:\Windows\System32\rpcrt4.dll
22:30:01.0153 0292 C:\Windows\System32\rpcrt4.dll - ok
22:30:01.0153 0292 [ 7CAF51D586DFE475147DFB158BEBB3F8 ] C:\Windows\System32\nsi.dll
22:30:01.0153 0292 C:\Windows\System32\nsi.dll - ok
22:30:01.0153 0292 [ 5A45CA615944C38CC7D30A0785B631A1 ] C:\Windows\System32\urlmon.dll
22:30:01.0153 0292 C:\Windows\System32\urlmon.dll - ok
22:30:01.0168 0292 [ FECB38684670F750501A9ADFE7580725 ] C:\Windows\System32\shlwapi.dll
22:30:01.0168 0292 C:\Windows\System32\shlwapi.dll - ok
22:30:01.0168 0292 [ 0CB93E3F36C4F4122E7CBBAA731F67D1 ] C:\Windows\System32\ole32.dll
22:30:01.0168 0292 C:\Windows\System32\ole32.dll - ok
22:30:01.0168 0292 [ BE2E23B3DD533B33338D9B3D826574DA ] C:\Windows\System32\setupapi.dll
22:30:01.0168 0292 C:\Windows\System32\setupapi.dll - ok
22:30:01.0168 0292 [ E9050087C3A3964B7B99899F22F51264 ] C:\Windows\System32\shell32.dll
22:30:01.0168 0292 C:\Windows\System32\shell32.dll - ok
22:30:01.0184 0292 [ AA09B70F619CBF499EFC22E7A63E3CE6 ] C:\Windows\System32\comdlg32.dll
22:30:01.0184 0292 C:\Windows\System32\comdlg32.dll - ok
22:30:01.0184 0292 [ DB310BF331A32FD208CADA64ABA2903A ] C:\Windows\System32\clbcatq.dll
22:30:01.0184 0292 C:\Windows\System32\clbcatq.dll - ok
22:30:01.0184 0292 [ BAB10B35E2D5EE0DC3DE05A177C52C50 ] C:\Windows\System32\ws2_32.dll
22:30:01.0184 0292 C:\Windows\System32\ws2_32.dll - ok
22:30:01.0184 0292 [ F3F5549E69AE8509342E67E4F972CA1C ] C:\Windows\System32\user32.dll
22:30:01.0184 0292 C:\Windows\System32\user32.dll - ok
22:30:01.0199 0292 [ 11EAF90B44A9E378CB6F4ECBF2471F60 ] C:\Windows\System32\usp10.dll
22:30:01.0199 0292 C:\Windows\System32\usp10.dll - ok
22:30:01.0199 0292 [ 51F1A71EF8185B959A6E06D98E489287 ] C:\Windows\System32\iertutil.dll
22:30:01.0199 0292 C:\Windows\System32\iertutil.dll - ok
22:30:01.0199 0292 [ 37B71108BFD6E276695CE24171F2889B ] C:\Windows\System32\msvcrt.dll
22:30:01.0199 0292 C:\Windows\System32\msvcrt.dll - ok
22:30:01.0199 0292 [ AEF2D8B0B518A5623FC5F9832F622677 ] C:\Windows\System32\psapi.dll
22:30:01.0199 0292 C:\Windows\System32\psapi.dll - ok
22:30:01.0215 0292 [ 74ABE02BF1937B32C6FC169A782FCF60 ] C:\Windows\System32\comctl32.dll
22:30:01.0215 0292 C:\Windows\System32\comctl32.dll - ok
22:30:01.0215 0292 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\SysWOW64\normaliz.dll
22:30:01.0215 0292 C:\Windows\SysWOW64\normaliz.dll - ok
22:30:01.0231 0292 [ 4C2DC63036D452FDB636D58D8EA7BC90 ] C:\Windows\System32\drivers\dxapi.sys
22:30:01.0231 0292 C:\Windows\System32\drivers\dxapi.sys - ok
22:30:01.0231 0292 [ E58E4C4AA1D5F187C41975E882F1FB5E ] C:\Windows\System32\win32k.sys
22:30:01.0231 0292 C:\Windows\System32\win32k.sys - ok
22:30:01.0231 0292 [ B4ABE68596B173FF2AB2076BC7C35EB4 ] C:\Windows\System32\csrss.exe
22:30:01.0231 0292 C:\Windows\System32\csrss.exe - ok
22:30:01.0231 0292 [ B529C0275EA8DCDAA9F0927821852221 ] C:\Windows\System32\csrsrv.dll
22:30:01.0231 0292 C:\Windows\System32\csrsrv.dll - ok
22:30:01.0246 0292 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\System32\basesrv.dll
22:30:01.0246 0292 C:\Windows\System32\basesrv.dll - ok
22:30:01.0246 0292 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\System32\winsrv.dll
22:30:01.0246 0292 C:\Windows\System32\winsrv.dll - ok
22:30:01.0246 0292 [ 59E9264A96CA82C5CCFBE14523934104 ] C:\Windows\System32\drivers\dxg.sys
22:30:01.0246 0292 C:\Windows\System32\drivers\dxg.sys - ok
22:30:01.0246 0292 [ 86173B7125321C93E355DF3837039244 ] C:\Windows\System32\tsddd.dll
22:30:01.0246 0292 C:\Windows\System32\tsddd.dll - ok
22:30:01.0262 0292 [ 117EA87DF785CA1B9D821F6F213DCE07 ] C:\Windows\System32\wininit.exe
22:30:01.0262 0292 C:\Windows\System32\wininit.exe - ok
22:30:01.0262 0292 [ 95E848589698D6CF716ECF1403925DFC ] C:\Windows\System32\userenv.dll
22:30:01.0262 0292 C:\Windows\System32\userenv.dll - ok
22:30:01.0262 0292 [ 3CDA5BDDDE0DC63907CD56DE7F74F852 ] C:\Windows\System32\secur32.dll
22:30:01.0262 0292 C:\Windows\System32\secur32.dll - ok
22:30:01.0262 0292 [ 89A722B06A83706797E283016181BEAB ] C:\Windows\System32\KBDUS.DLL
22:30:01.0262 0292 C:\Windows\System32\KBDUS.DLL - ok
22:30:01.0277 0292 [ 07FA442C161607E4FE6CE936846EF807 ] C:\Windows\System32\vga.dll
22:30:01.0277 0292 C:\Windows\System32\vga.dll - ok
22:30:01.0277 0292 [ 1AE29DD0E96D10F52383A8C6396E3A1D ] C:\Windows\System32\framebuf.dll
22:30:01.0277 0292 C:\Windows\System32\framebuf.dll - ok
22:30:01.0277 0292 [ 6D0773A3A65D28B663F334C90441D01A ] C:\Windows\System32\winlogon.exe
22:30:01.0277 0292 C:\Windows\System32\winlogon.exe - ok
22:30:01.0293 0292 [ 1671EF15434501ABBE9E7BE905EF998B ] C:\Windows\System32\winsta.dll
22:30:01.0293 0292 C:\Windows\System32\winsta.dll - ok
22:30:01.0293 0292 [ D1BDCF6DE24D16E16FC57AEE4A1BE9AE ] C:\Windows\System32\WlS0WndH.dll
22:30:01.0293 0292 C:\Windows\System32\WlS0WndH.dll - ok
22:30:01.0293 0292 [ 16687F0351E513BF2019073ABF02B585 ] C:\Windows\System32\sxs.dll
22:30:01.0293 0292 C:\Windows\System32\sxs.dll - ok
22:30:01.0293 0292 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\System32\services.exe
22:30:01.0293 0292 C:\Windows\System32\services.exe - ok
22:30:01.0309 0292 [ 40348DCEC0712ED42231C5F90A69A690 ] C:\Windows\System32\lsass.exe
22:30:01.0309 0292 C:\Windows\System32\lsass.exe - ok
22:30:01.0309 0292 [ 54D814DC2FA54AA847D240D4EA0E6586 ] C:\Windows\System32\lsm.exe
22:30:01.0309 0292 C:\Windows\System32\lsm.exe - ok
22:30:01.0309 0292 [ 72B9092B87A36968A04390368A8DAC54 ] C:\Windows\System32\lsasrv.dll
22:30:01.0309 0292 C:\Windows\System32\lsasrv.dll - ok
22:30:01.0309 0292 [ 495EB57ACF30983AA441B70A8DE2B7ED ] C:\Windows\System32\scesrv.dll
22:30:01.0309 0292 C:\Windows\System32\scesrv.dll - ok
22:30:01.0324 0292 [ 5EF9205E045643A5A75A82B116395B25 ] C:\Windows\System32\authz.dll
22:30:01.0324 0292 C:\Windows\System32\authz.dll - ok
22:30:01.0324 0292 [ 009456399B31D69C67654F6C3618D9A8 ] C:\Windows\System32\sysntfy.dll
22:30:01.0324 0292 C:\Windows\System32\sysntfy.dll - ok
22:30:01.0324 0292 [ 0C2E0A8562FE4B33D00E175A97E05793 ] C:\Windows\System32\wmsgapi.dll
22:30:01.0324 0292 C:\Windows\System32\wmsgapi.dll - ok
22:30:01.0324 0292 [ EAA6D9F1C23A5C3375E6D3653F57E7BE ] C:\Windows\System32\netapi32.dll
22:30:01.0324 0292 C:\Windows\System32\netapi32.dll - ok
22:30:01.0340 0292 [ 60EEC5440C2D05E5FDA04900E45FF717 ] C:\Windows\System32\samsrv.dll
22:30:01.0340 0292 C:\Windows\System32\samsrv.dll - ok
22:30:01.0340 0292 [ FA19D9DE54B122316274703D50F34130 ] C:\Windows\System32\ncobjapi.dll
22:30:01.0340 0292 C:\Windows\System32\ncobjapi.dll - ok
22:30:01.0355 0292 [ 419CE835359938213BD32A7AA327F2B9 ] C:\Windows\System32\cryptdll.dll
22:30:01.0355 0292 C:\Windows\System32\cryptdll.dll - ok
22:30:01.0355 0292 [ 0F421175574BFE0BF2F4D8E910A253BB ] C:\Windows\System32\aelupsvc.dll
22:30:01.0355 0292 C:\Windows\System32\aelupsvc.dll - ok
22:30:01.0355 0292 [ 1A89B7BC97A699393A6BA75715B759A6 ] C:\Windows\System32\dnsapi.dll
22:30:01.0355 0292 C:\Windows\System32\dnsapi.dll - ok
22:30:01.0355 0292 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] C:\Windows\System32\alg.exe
22:30:01.0355 0292 C:\Windows\System32\alg.exe - ok
22:30:01.0371 0292 [ 5279672A8BDAF3CFB0A4C6E0591987AC ] C:\Windows\System32\samlib.dll
22:30:01.0371 0292 C:\Windows\System32\samlib.dll - ok
22:30:01.0371 0292 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] C:\Windows\System32\appinfo.dll
22:30:01.0371 0292 C:\Windows\System32\appinfo.dll - ok
22:30:01.0371 0292 [ 301D19A870E40C12540BE46034BD6B20 ] C:\Windows\System32\msasn1.dll
22:30:01.0371 0292 C:\Windows\System32\msasn1.dll - ok
22:30:01.0371 0292 [ 33741BA808457C9AF07055C0FBEFE973 ] C:\Windows\System32\ntdsapi.dll
22:30:01.0371 0292 C:\Windows\System32\ntdsapi.dll - ok
22:30:01.0387 0292 [ 15C815573011719585EB836614ED1DF1 ] C:\Windows\System32\rascfg.dll
22:30:01.0387 0292 C:\Windows\System32\rascfg.dll - ok
22:30:01.0387 0292 [ 79318C744693EC983D20E9337A2F8196 ] C:\Windows\System32\audiosrv.dll
22:30:01.0387 0292 C:\Windows\System32\audiosrv.dll - ok
22:30:01.0387 0292 [ D7924B0F3AB5574BF59CA2892BE8961A ] C:\Windows\System32\feclient.dll
22:30:01.0387 0292 C:\Windows\System32\feclient.dll - ok
22:30:01.0387 0292 [ B3EBBD687BDFCBBBBCB6115B682D1845 ] C:\Windows\System32\mpr.dll
22:30:01.0387 0292 C:\Windows\System32\mpr.dll - ok
22:30:01.0402 0292 [ FFB96C2589FFA60473EAD78B39FBDE29 ] C:\Windows\System32\BFE.DLL
22:30:01.0402 0292 C:\Windows\System32\BFE.DLL - ok
22:30:01.0402 0292 [ 92399DADA49153870A7C178B7116C356 ] C:\Windows\System32\crypt32.dll
22:30:01.0402 0292 C:\Windows\System32\crypt32.dll - ok
22:30:01.0402 0292 [ 6D316F4859634071CC25C4FD4589AD2C ] C:\Windows\System32\qmgr.dll
22:30:01.0402 0292 C:\Windows\System32\qmgr.dll - ok
22:30:01.0418 0292 [ EE11F2630840479C4AA784AF3770F8E2 ] C:\Windows\System32\SLC.dll
22:30:01.0418 0292 C:\Windows\System32\SLC.dll - ok
22:30:01.0418 0292 [ 45B4004F43B48E4A3F12B85891F81221 ] C:\Windows\System32\wevtapi.dll
22:30:01.0418 0292 C:\Windows\System32\wevtapi.dll - ok
22:30:01.0418 0292 [ A1B39DE453433B115B4EA69EE0343816 ] C:\Windows\System32\browser.dll
22:30:01.0418 0292 C:\Windows\System32\browser.dll - ok
22:30:01.0418 0292 [ A9D70295BA8F31D5EA118B0A6B74183E ] C:\Windows\System32\IPHLPAPI.DLL
22:30:01.0418 0292 C:\Windows\System32\IPHLPAPI.DLL - ok
22:30:01.0433 0292 [ 22E65FFD640F16968F855F5B3528D366 ] C:\Windows\System32\bthserv.dll
22:30:01.0433 0292 C:\Windows\System32\bthserv.dll - ok
22:30:01.0433 0292 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] C:\Windows\System32\dhcpcsvc.dll
22:30:01.0433 0292 C:\Windows\System32\dhcpcsvc.dll - ok
22:30:01.0433 0292 [ 5A268127633C7EE2A7FB87F39D748D56 ] C:\Windows\System32\certprop.dll
22:30:01.0433 0292 C:\Windows\System32\certprop.dll - ok
22:30:01.0433 0292 [ 58AAAEA100F45F4F44297D6DE9ACF8ED ] C:\Windows\System32\winnsi.dll
22:30:01.0433 0292 C:\Windows\System32\winnsi.dll - ok
22:30:01.0449 0292 [ 956148910C7EB6A8C095D9B4E6F94E62 ] C:\Windows\System32\dhcpcsvc6.dll
22:30:01.0449 0292 C:\Windows\System32\dhcpcsvc6.dll - ok
22:30:01.0449 0292 [ DDEE5FE5C3C3141CE02DE6B7B2BF686B ] C:\Windows\System32\comres.dll
22:30:01.0449 0292 C:\Windows\System32\comres.dll - ok
22:30:01.0449 0292 [ 21322B1A2AD337C579F4A65EA0D25193 ] C:\Windows\System32\cngaudit.dll
22:30:01.0449 0292 C:\Windows\System32\cngaudit.dll - ok
22:30:01.0449 0292 [ 38FEE5CE9CD15E56BF48A7360048C4AB ] C:\Windows\System32\ncrypt.dll
22:30:01.0449 0292 C:\Windows\System32\ncrypt.dll - ok
22:30:01.0465 0292 [ 02EE316487BCC8F4F6017CAD538365CC ] C:\Windows\System32\bcrypt.dll
22:30:01.0465 0292 C:\Windows\System32\bcrypt.dll - ok
22:30:01.0465 0292 [ 18918613E63F387CDE4D95CA7D49DCF7 ] C:\Windows\System32\cryptsvc.dll
22:30:01.0465 0292 C:\Windows\System32\cryptsvc.dll - ok
22:30:01.0480 0292 [ B7CCDC4B877DC3CC665DE8F322F2BD9E ] C:\Windows\System32\credssp.dll
22:30:01.0480 0292 C:\Windows\System32\credssp.dll - ok
22:30:01.0480 0292 [ CE7183F26642FAFE46C8374AE70A66DB ] C:\Windows\System32\oleres.dll
22:30:01.0480 0292 C:\Windows\System32\oleres.dll - ok
22:30:01.0480 0292 [ F7097878AE102618656A04F03951C339 ] C:\Windows\System32\msprivs.dll
22:30:01.0480 0292 C:\Windows\System32\msprivs.dll - ok
22:30:01.0480 0292 [ CD6D49EA9DBBD3EA9E449FD84C51C731 ] C:\Windows\System32\kerberos.dll
22:30:01.0480 0292 C:\Windows\System32\kerberos.dll - ok
22:30:01.0496 0292 [ 2E4733239CB09A2212C44FCD1C1B4CC9 ] C:\Windows\System32\dfsrres.dll
22:30:01.0496 0292 C:\Windows\System32\dfsrres.dll - ok
22:30:01.0496 0292 [ 1A7156DD1E850E9914E5E991E3225B94 ] C:\Windows\System32\dot3svc.dll
22:30:01.0496 0292 C:\Windows\System32\dot3svc.dll - ok
22:30:01.0496 0292 [ 2C305F6445662EFF9A08B1BA41784CC0 ] C:\Windows\System32\wship6.dll
22:30:01.0496 0292 C:\Windows\System32\wship6.dll - ok
22:30:01.0496 0292 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] C:\Windows\System32\dps.dll
22:30:01.0496 0292 C:\Windows\System32\dps.dll - ok
22:30:01.0511 0292 [ 253607D6C54A1604436F08E67CCED044 ] C:\Windows\System32\WSHTCPIP.DLL
22:30:01.0511 0292 C:\Windows\System32\WSHTCPIP.DLL - ok
22:30:01.0511 0292 [ C2303883FD9BE49DC36A6400643002EA ] C:\Windows\System32\eapsvc.dll
22:30:01.0511 0292 C:\Windows\System32\eapsvc.dll - ok
22:30:01.0511 0292 [ 599DA6EB260D9601D2D67AE177F95568 ] C:\Windows\System32\wshqos.dll
22:30:01.0511 0292 C:\Windows\System32\wshqos.dll - ok
22:30:01.0511 0292 [ F145BF4C4668E7E312069F81EF847CFC ] C:\Windows\System32\nlasvc.dll
22:30:01.0511 0292 C:\Windows\System32\nlasvc.dll - ok
22:30:01.0527 0292 [ 14CE384D2E27B64C256BDA4DC39C312D ] C:\Windows\ehome\ehrecvr.exe
22:30:01.0527 0292 C:\Windows\ehome\ehrecvr.exe - ok
22:30:01.0527 0292 [ 062972C53BDC6819CE0BAAAA5382F758 ] C:\Windows\System32\NapiNSP.dll
22:30:01.0527 0292 C:\Windows\System32\NapiNSP.dll - ok
22:30:01.0527 0292 [ B93159C1313D66FDFBBE876F5189CD52 ] C:\Windows\ehome\ehsched.exe
22:30:01.0527 0292 C:\Windows\ehome\ehsched.exe - ok
22:30:01.0543 0292 [ E1BAEEE7949ED5019259E69393367400 ] C:\Windows\System32\pnrpnsp.dll
22:30:01.0543 0292 C:\Windows\System32\pnrpnsp.dll - ok
22:30:01.0543 0292 [ F5EE2527D74449868E3C3227A59BCD28 ] C:\Windows\ehome\ehstart.dll
22:30:01.0543 0292 C:\Windows\ehome\ehstart.dll - ok
22:30:01.0543 0292 [ A9B18B63A4FD6BAAB83326706D857FAB ] C:\Windows\System32\emdmgmt.dll
22:30:01.0543 0292 C:\Windows\System32\emdmgmt.dll - ok
22:30:01.0543 0292 [ BB08D93011B82883EC33C7707A9627BE ] C:\Windows\System32\mswsock.dll
22:30:01.0543 0292 C:\Windows\System32\mswsock.dll - ok
22:30:01.0558 0292 [ 434B2B82B237FC2F4F8F6844A8FF1909 ] C:\Windows\System32\msv1_0.dll
22:30:01.0558 0292 C:\Windows\System32\msv1_0.dll - ok
22:30:01.0558 0292 [ A3F1B171702CA04744EE514243B45BFB ] C:\Windows\System32\netlogon.dll
22:30:01.0558 0292 C:\Windows\System32\netlogon.dll - ok
22:30:01.0558 0292 [ B3564B747D0B059D99E888F8369E56BC ] C:\Windows\System32\wevtsvc.dll
22:30:01.0558 0292 C:\Windows\System32\wevtsvc.dll - ok
22:30:01.0558 0292 [ CA307C0BD127FA7ADE5E6FEE8750F046 ] C:\Windows\System32\winbrand.dll
22:30:01.0558 0292 C:\Windows\System32\winbrand.dll - ok
22:30:01.0574 0292 [ DE6D7226DB44AEFD46927CF962A8CFC0 ] C:\Windows\System32\schannel.dll
22:30:01.0574 0292 C:\Windows\System32\schannel.dll - ok
22:30:01.0574 0292 [ BB9267ACACD8B7533DD936C34A0CBA5E ] C:\Windows\System32\fdPHost.dll
22:30:01.0574 0292 C:\Windows\System32\fdPHost.dll - ok
22:30:01.0574 0292 [ 300C80931EABBE1DB7591C516EFE8D0F ] C:\Windows\System32\FDResPub.dll
22:30:01.0574 0292 C:\Windows\System32\FDResPub.dll - ok
22:30:01.0574 0292 [ B4A04D5AA66E8F77DE19E0EB89C52D2B ] C:\Windows\System32\wdigest.dll
22:30:01.0574 0292 C:\Windows\System32\wdigest.dll - ok
22:30:01.0589 0292 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] C:\Windows\System32\FntCache.dll
22:30:01.0589 0292 C:\Windows\System32\FntCache.dll - ok
22:30:01.0589 0292 [ 4D27759CC69F69E4B3228A970FF55F88 ] C:\Windows\System32\rsaenh.dll
22:30:01.0589 0292 C:\Windows\System32\rsaenh.dll - ok
22:30:01.0605 0292 [ BC69DA355B62C898DFEA93851335EAF0 ] C:\Windows\System32\TSpkg.dll
22:30:01.0605 0292 C:\Windows\System32\TSpkg.dll - ok
22:30:01.0605 0292 [ 899F834C330A96A80EC36DAEDA2FF018 ] C:\Windows\System32\gpapi.dll
22:30:01.0605 0292 C:\Windows\System32\gpapi.dll - ok
22:30:01.0605 0292 [ E60BB0CDC5EA153F6D24C51AAD4A73FD ] C:\Windows\System32\PresentationHost.exe
22:30:01.0605 0292 C:\Windows\System32\PresentationHost.exe - ok
22:30:01.0605 0292 [ 59361D38A297755D46A540E450202B2A ] C:\Windows\System32\hidserv.dll
22:30:01.0605 0292 C:\Windows\System32\hidserv.dll - ok
22:30:01.0621 0292 [ B12F367EA39C0795FD57E31242CE1A5A ] C:\Windows\System32\KMSVC.DLL
22:30:01.0621 0292 C:\Windows\System32\KMSVC.DLL - ok
22:30:01.0621 0292 [ 42161FDC47A49CD513D29BACB99D6E0D ] C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
22:30:01.0621 0292 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
22:30:01.0621 0292 [ 0C9EA6E654E7B0471741E343A6C671AF ] C:\Windows\System32\IKEEXT.DLL
22:30:01.0621 0292 C:\Windows\System32\IKEEXT.DLL - ok
22:30:01.0621 0292 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] C:\Windows\System32\IPBusEnum.dll
22:30:01.0621 0292 C:\Windows\System32\IPBusEnum.dll - ok
22:30:01.0636 0292 [ CD033D871A83E918B14F43F7E7590819 ] C:\Windows\System32\iphlpsvc.dll
22:30:01.0636 0292 C:\Windows\System32\iphlpsvc.dll - ok
22:30:01.0636 0292 [ C6336D1625515CC5F70E5630CFF14182 ] C:\Windows\System32\keyiso.dll
22:30:01.0636 0292 C:\Windows\System32\keyiso.dll - ok
22:30:01.0636 0292 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] C:\Windows\System32\srvsvc.dll
22:30:01.0636 0292 C:\Windows\System32\srvsvc.dll - ok
22:30:01.0636 0292 [ CAF86FC1388BE1E470F1A7B43E348ADB ] C:\Windows\System32\wkssvc.dll
22:30:01.0636 0292 C:\Windows\System32\wkssvc.dll - ok
22:30:01.0652 0292 [ 4B8C95B49C58D7A41BF3FE38AA64DC6C ] C:\Windows\System32\lltdres.dll
22:30:01.0652 0292 C:\Windows\System32\lltdres.dll - ok
22:30:01.0652 0292 [ A47F8080CACC23C91FE823AD19AA5612 ] C:\Windows\System32\lmhsvc.dll
22:30:01.0652 0292 C:\Windows\System32\lmhsvc.dll - ok
22:30:01.0652 0292 [ 4698036AE905F88E02C3F69BA77981FB ] C:\Windows\ehome\ehres.dll
22:30:01.0652 0292 C:\Windows\ehome\ehres.dll - ok
22:30:01.0667 0292 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] C:\Windows\System32\mmcss.dll
22:30:01.0667 0292 C:\Windows\System32\mmcss.dll - ok
22:30:01.0667 0292 [ FFA2B274A5CC6C9A03CBDCF5B8F0239A ] C:\Windows\System32\FirewallAPI.dll
22:30:01.0667 0292 C:\Windows\System32\FirewallAPI.dll - ok
22:30:01.0667 0292 [ 1371FA9D8B1E567AE852E0F74D41D040 ] C:\Windows\System32\iscsidsc.dll
22:30:01.0667 0292 C:\Windows\System32\iscsidsc.dll - ok
22:30:01.0667 0292 [ FCD84867883C365A24C61E50AF8A6DB9 ] C:\Windows\System32\msimsg.dll
22:30:01.0667 0292 C:\Windows\System32\msimsg.dll - ok
22:30:01.0683 0292 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] C:\Windows\System32\QAGENTRT.DLL
22:30:01.0683 0292 C:\Windows\System32\QAGENTRT.DLL - ok
22:30:01.0683 0292 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] C:\Windows\System32\netman.dll
22:30:01.0683 0292 C:\Windows\System32\netman.dll - ok
22:30:01.0683 0292 [ 0341CB05512AA87BB64A834DE6264C34 ] C:\Windows\System32\netprof.dll
22:30:01.0683 0292 C:\Windows\System32\netprof.dll - ok
22:30:01.0683 0292 [ ACB62BAA1C319B17752553DF3026EEEB ] C:\Windows\System32\nsisvc.dll
22:30:01.0683 0292 C:\Windows\System32\nsisvc.dll - ok
22:30:01.0699 0292 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] C:\Windows\System32\p2psvc.dll
22:30:01.0699 0292 C:\Windows\System32\p2psvc.dll - ok
22:30:01.0699 0292 [ 9AB157B374192FF276C1628FBDBA2B0E ] C:\Windows\System32\pcasvc.dll
22:30:01.0699 0292 C:\Windows\System32\pcasvc.dll - ok
22:30:01.0699 0292 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] C:\Windows\System32\pla.dll
22:30:01.0699 0292 C:\Windows\System32\pla.dll - ok
22:30:01.0699 0292 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] C:\Windows\System32\umpnpmgr.dll
22:30:01.0699 0292 C:\Windows\System32\umpnpmgr.dll - ok
22:30:01.0714 0292 [ F7BEA2085635CA9B2B991D8EDC426D3A ] C:\Windows\System32\polstore.dll
22:30:01.0714 0292 C:\Windows\System32\polstore.dll - ok
22:30:01.0714 0292 [ E058CE4FC2449D8BFA14739C83B7FF2A ] C:\Windows\System32\profsvc.dll
22:30:01.0714 0292 C:\Windows\System32\profsvc.dll - ok
22:30:01.0714 0292 [ 43A4F5B4EAC81FA11DAC3143ADC77CBA ] C:\Windows\System32\psbase.dll
22:30:01.0714 0292 C:\Windows\System32\psbase.dll - ok
22:30:01.0730 0292 [ 90574842C3DA781E279061A3EFF91F07 ] C:\Windows\System32\qwave.dll
22:30:01.0730 0292 C:\Windows\System32\qwave.dll - ok
22:30:01.0730 0292 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] C:\Windows\System32\drivers\qwavedrv.sys
22:30:01.0730 0292 C:\Windows\System32\drivers\qwavedrv.sys - ok
22:30:01.0730 0292 [ B2AE18F847D07F0044404DDF7CB04497 ] C:\Windows\System32\rasauto.dll
22:30:01.0730 0292 C:\Windows\System32\rasauto.dll - ok
22:30:01.0730 0292 [ 3AD83E4046C43BE510DE681588ACB8AF ] C:\Windows\System32\rasmans.dll
22:30:01.0730 0292 C:\Windows\System32\rasmans.dll - ok
22:30:01.0745 0292 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] C:\Windows\System32\sstpsvc.dll
22:30:01.0745 0292 C:\Windows\System32\sstpsvc.dll - ok
22:30:01.0745 0292 [ C612B9557DA73F70D41F8A6FBC8E5344 ] C:\Windows\System32\mprdim.dll
22:30:01.0745 0292 C:\Windows\System32\mprdim.dll - ok
22:30:01.0745 0292 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] C:\Windows\System32\regsvc.dll
22:30:01.0745 0292 C:\Windows\System32\regsvc.dll - ok
22:30:01.0745 0292 [ F46C457840D4B7A4DAAFEE739CE04102 ] C:\Windows\System32\Locator.exe
22:30:01.0745 0292 C:\Windows\System32\Locator.exe - ok
22:30:01.0761 0292 [ FD1CDCF108D5EF3366F00D18B70FB89B ] C:\Windows\System32\SCardSvr.dll
22:30:01.0761 0292 C:\Windows\System32\SCardSvr.dll - ok
22:30:01.0761 0292 [ 0F838C811AD295D2A4489B9993096C63 ] C:\Windows\System32\schedsvc.dll
22:30:01.0761 0292 C:\Windows\System32\schedsvc.dll - ok
22:30:01.0761 0292 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] C:\Windows\System32\sdrsvc.dll
22:30:01.0761 0292 C:\Windows\System32\sdrsvc.dll - ok
22:30:01.0761 0292 [ 5ACDCBC67FCF894A1815B9F96D704490 ] C:\Windows\System32\seclogon.dll
22:30:01.0761 0292 C:\Windows\System32\seclogon.dll - ok
22:30:01.0777 0292 [ 90973A64B96CD647FF81C79443618EED ] C:\Windows\System32\Sens.dll
22:30:01.0777 0292 C:\Windows\System32\Sens.dll - ok
22:30:01.0777 0292 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] C:\Windows\System32\SessEnv.dll
22:30:01.0777 0292 C:\Windows\System32\SessEnv.dll - ok
22:30:01.0792 0292 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] C:\Windows\System32\ipnathlp.dll
22:30:01.0792 0292 C:\Windows\System32\ipnathlp.dll - ok
22:30:01.0792 0292 [ 2AD15758174DCC7993FF3C00A955DD66 ] C:\Windows\System32\shsvcs.dll
22:30:01.0792 0292 C:\Windows\System32\shsvcs.dll - ok
22:30:01.0792 0292 [ A9A27A8E257B45A604FDAD4F26FE7241 ] C:\Windows\System32\SLsvc.exe
22:30:01.0792 0292 C:\Windows\System32\SLsvc.exe - ok
22:30:01.0792 0292 [ FD74B4B7C2088E390A30C85A896FC3AF ] C:\Windows\System32\SLUINotify.dll
22:30:01.0792 0292 C:\Windows\System32\SLUINotify.dll - ok
22:30:01.0808 0292 [ F8F08779E7D997913607B0146710CC04 ] C:\Windows\System32\tcpipcfg.dll
22:30:01.0808 0292 C:\Windows\System32\tcpipcfg.dll - ok
22:30:01.0808 0292 [ F8F47F38909823B1AF28D60B96340CFF ] C:\Windows\System32\snmptrap.exe
22:30:01.0808 0292 C:\Windows\System32\snmptrap.exe - ok
22:30:01.0808 0292 [ F66FF751E7EFC816D266977939EF5DC3 ] C:\Windows\System32\spoolsv.exe
22:30:01.0808 0292 C:\Windows\System32\spoolsv.exe - ok
22:30:01.0808 0292 [ 192C74646EC5725AEF3F80D19FF75F6A ] C:\Windows\System32\ssdpsrv.dll
22:30:01.0808 0292 C:\Windows\System32\ssdpsrv.dll - ok
22:30:01.0823 0292 [ 15825C1FBFB8779992CB65087F316AF5 ] C:\Windows\System32\wiaservc.dll
22:30:01.0823 0292 C:\Windows\System32\wiaservc.dll - ok
22:30:01.0823 0292 [ 92D7A8B0F87B036F17D25885937897A6 ] C:\Windows\System32\sysmain.dll
22:30:01.0823 0292 C:\Windows\System32\sysmain.dll - ok
22:30:01.0823 0292 [ 005CE42567F9113A3BCCB3B20073B029 ] C:\Windows\System32\TabSvc.dll
22:30:01.0823 0292 C:\Windows\System32\TabSvc.dll - ok
22:30:01.0823 0292 [ CC2562B4D55E0B6A4758C65407F63B79 ] C:\Windows\System32\tapisrv.dll
22:30:01.0823 0292 C:\Windows\System32\tapisrv.dll - ok
22:30:01.0839 0292 [ CDBE8D7C1E201B911CDC346D06617FB5 ] C:\Windows\System32\tbssvc.dll
22:30:01.0839 0292 C:\Windows\System32\tbssvc.dll - ok
22:30:01.0839 0292 [ 5CDD30BC217082DAC71A9878D9BFD566 ] C:\Windows\System32\termsrv.dll
22:30:01.0839 0292 C:\Windows\System32\termsrv.dll - ok
22:30:01.0839 0292 [ F4689F05AF472A651A7B1B7B02D200E7 ] C:\Windows\System32\trkwks.dll
22:30:01.0839 0292 C:\Windows\System32\trkwks.dll - ok
22:30:01.0855 0292 [ 66328B08EF5A9305D8EDE36B93930369 ] C:\Windows\servicing\TrustedInstaller.exe
22:30:01.0855 0292 C:\Windows\servicing\TrustedInstaller.exe - ok
22:30:01.0855 0292 [ 060507C4113391394478F6953A79EEDC ] C:\Windows\System32\UI0Detect.exe
22:30:01.0855 0292 C:\Windows\System32\UI0Detect.exe - ok
22:30:01.0855 0292 [ 7093799FF80E9DECA0680D2E3535BE60 ] C:\Windows\System32\upnphost.dll
22:30:01.0855 0292 C:\Windows\System32\upnphost.dll - ok
22:30:01.0855 0292 [ 449F5AB17863698F12F0BC8E99079AA6 ] C:\Windows\System32\dwm.exe
22:30:01.0855 0292 C:\Windows\System32\dwm.exe - ok
22:30:01.0870 0292 [ 294945381DFA7CE58CECF0A9896AF327 ] C:\Windows\System32\vds.exe
22:30:01.0870 0292 C:\Windows\System32\vds.exe - ok
22:30:01.0870 0292 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] C:\Windows\System32\VSSVC.exe
22:30:01.0870 0292 C:\Windows\System32\VSSVC.exe - ok
22:30:01.0870 0292 [ F14A7DE2EA41883E250892E1E5230A9A ] C:\Windows\System32\w32time.dll
22:30:01.0870 0292 C:\Windows\System32\w32time.dll - ok
22:30:01.0870 0292 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] C:\Windows\System32\wcncsvc.dll
22:30:01.0870 0292 C:\Windows\System32\wcncsvc.dll - ok
22:30:01.0886 0292 [ EA4B369560E986F19D93F45A881484AC ] C:\Windows\System32\WcsPlugInService.dll
22:30:01.0886 0292 C:\Windows\System32\WcsPlugInService.dll - ok
22:30:01.0886 0292 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] C:\Windows\System32\wdi.dll
22:30:01.0886 0292 C:\Windows\System32\wdi.dll - ok
22:30:01.0886 0292 [ 3E6D05381CF35F75EBB055544A8ED9AC ] C:\Windows\System32\WebClnt.dll
22:30:01.0886 0292 C:\Windows\System32\WebClnt.dll - ok
22:30:01.0886 0292 [ 8D40BC587993F876658BF9FB0F7D3462 ] C:\Windows\System32\wecsvc.dll
22:30:01.0886 0292 C:\Windows\System32\wecsvc.dll - ok
22:30:01.0901 0292 [ 9C980351D7E96288EA0C23AE232BD065 ] C:\Windows\System32\wercplsupport.dll
22:30:01.0901 0292 C:\Windows\System32\wercplsupport.dll - ok
22:30:01.0901 0292 [ 66B9ECEBC46683F47EDC06333C075FEF ] C:\Windows\System32\wersvc.dll
22:30:01.0901 0292 C:\Windows\System32\wersvc.dll - ok
22:30:01.0917 0292 [ 52EFD0AF2E9913C5623CF9AEC631C5F7 ] C:\Windows\System32\winhttp.dll
22:30:01.0917 0292 C:\Windows\System32\winhttp.dll - ok
22:30:01.0917 0292 [ D2E7296ED1BD26D8DB2799770C077A02 ] C:\Windows\System32\wbem\WMIsvc.dll
22:30:01.0917 0292 C:\Windows\System32\wbem\WMIsvc.dll - ok
22:30:01.0917 0292 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] C:\Windows\System32\WsmSvc.dll
22:30:01.0917 0292 C:\Windows\System32\WsmSvc.dll - ok
22:30:01.0917 0292 [ EC339C8115E91BAED835957E9A677F16 ] C:\Windows\System32\wlansvc.dll
22:30:01.0917 0292 C:\Windows\System32\wlansvc.dll - ok
22:30:01.0933 0292 [ 21FA389E65A852698B6A1341F36EE02D ] C:\Windows\System32\wbem\WmiApSrv.exe
22:30:01.0933 0292 C:\Windows\System32\wbem\WmiApSrv.exe - ok
22:30:01.0933 0292 [ 56382A5EB85A25446745E3BD6D50A3A5 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
22:30:01.0933 0292 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
22:30:01.0933 0292 [ CBC156C913F099E6680D1DF9307DB7A8 ] C:\Windows\System32\wpcsvc.dll
22:30:01.0933 0292 C:\Windows\System32\wpcsvc.dll - ok
22:30:01.0933 0292 [ A27C8F92D84E2DDC151978E4692C978E ] C:\Windows\System32\wpdbusenum.dll
22:30:01.0933 0292 C:\Windows\System32\wpdbusenum.dll - ok
22:30:01.0948 0292 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] C:\Windows\System32\wscsvc.dll
22:30:01.0948 0292 C:\Windows\System32\wscsvc.dll - ok
22:30:01.0948 0292 [ A2AC37A1EEF83BD9E912B0EFCBEA06BD ] C:\Windows\System32\SearchIndexer.exe
22:30:01.0948 0292 C:\Windows\System32\SearchIndexer.exe - ok
22:30:01.0948 0292 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
22:30:01.0948 0292 C:\Windows\System32\wuaueng.dll - ok
22:30:01.0948 0292 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] C:\Windows\System32\WUDFSvc.dll
22:30:01.0948 0292 C:\Windows\System32\WUDFSvc.dll - ok
22:30:01.0964 0292 [ 9922ADB6DCA8F0F5EA038BEFF339C08B ] C:\Windows\System32\scecli.dll
22:30:01.0964 0292 C:\Windows\System32\scecli.dll - ok
22:30:01.0964 0292 [ EE3718BCF5CEF1C457C10A745E410959 ] C:\Windows\System32\ntmarta.dll
22:30:01.0964 0292 C:\Windows\System32\ntmarta.dll - ok
22:30:01.0964 0292 [ CDA9F1373805AF88F6FA4F2064BBA24D ] C:\Windows\System32\svchost.exe
22:30:01.0964 0292 C:\Windows\System32\svchost.exe - ok
22:30:01.0979 0292 [ 7823A58BF0FE3CAAA555C12B5CF91290 ] C:\Windows\System32\powrprof.dll
22:30:01.0979 0292 C:\Windows\System32\powrprof.dll - ok
22:30:01.0979 0292 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] C:\Windows\System32\rpcss.dll
22:30:01.0979 0292 C:\Windows\System32\rpcss.dll - ok
22:30:01.0979 0292 [ EA3D2B63BA304EB6EDABBAFA21599B47 ] C:\Windows\System32\version.dll
22:30:01.0979 0292 C:\Windows\System32\version.dll - ok
22:30:01.0979 0292 [ BAD79FECE1387CDD8388A3314645757F ] C:\Windows\System32\LogonUI.exe
22:30:01.0979 0292 C:\Windows\System32\LogonUI.exe - ok
22:30:01.0995 0292 [ 363D07C0F427C72BDE0B6D6492A205C9 ] C:\Windows\System32\authui.dll
22:30:01.0995 0292 C:\Windows\System32\authui.dll - ok
22:30:01.0995 0292 [ C5EDECA7546B009484B23FAD0E9724C1 ] C:\Windows\System32\nlaapi.dll
22:30:01.0995 0292 C:\Windows\System32\nlaapi.dll - ok
22:30:01.0995 0292 [ 7FC9AFDD2A2ACFCB52FB05D57FE8C2F4 ] C:\Windows\System32\atl.dll
22:30:01.0995 0292 C:\Windows\System32\atl.dll - ok
22:30:01.0995 0292 [ 99112D6C120A951755E0B3DB24996910 ] C:\Windows\System32\WUDFPlatform.dll
22:30:01.0995 0292 C:\Windows\System32\WUDFPlatform.dll - ok
22:30:02.0011 0292 [ 46662CD685A6341AB4AED86D134D80E9 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd\comctl32.dll
22:30:02.0011 0292 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd\comctl32.dll - ok
22:30:02.0011 0292 [ 2007B826C4ACD94AE32232B41F0842B9 ] C:\Windows\System32\drivers\nwifi.sys
22:30:02.0011 0292 C:\Windows\System32\drivers\nwifi.sys - ok
22:30:02.0011 0292 [ 99AA51A6AE40DED4A74776E6E1C066C1 ] C:\Windows\System32\adtschema.dll
22:30:02.0011 0292 C:\Windows\System32\adtschema.dll - ok
22:30:02.0011 0292 [ 97A0D7C57148C1E850F6614C0241CA89 ] C:\Windows\System32\wintrust.dll
22:30:02.0011 0292 C:\Windows\System32\wintrust.dll - ok
22:30:02.0026 0292 [ 6B58266234B36ABCDD43C797B0D1932E ] C:\Windows\System32\msimg32.dll
22:30:02.0026 0292 C:\Windows\System32\msimg32.dll - ok
22:30:02.0026 0292 [ 88DBC757681093478BC80211C21695E5 ] C:\Windows\System32\uxtheme.dll
22:30:02.0026 0292 C:\Windows\System32\uxtheme.dll - ok
22:30:02.0042 0292 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] C:\Windows\System32\drivers\ndisuio.sys
22:30:02.0042 0292 C:\Windows\System32\drivers\ndisuio.sys - ok
22:30:02.0042 0292 [ E3041BC26D6930D61F42AEDB79C91720 ] C:\Windows\System32\drivers\fltMgr.sys
22:30:02.0042 0292 C:\Windows\System32\drivers\fltMgr.sys - ok
22:30:02.0042 0292 [ EF1980ACFF7E3D5835A0E5BF0FBE1236 ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_56a37cbfb59b8501\GdiPlus.dll
22:30:02.0042 0292 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_56a37cbfb59b8501\GdiPlus.dll - ok
22:30:02.0042 0292 [ 21D16B37257370975C7457C3A5EFA530 ] C:\Windows\System32\dnsrslvr.dll
22:30:02.0042 0292 C:\Windows\System32\dnsrslvr.dll - ok
22:30:02.0057 0292 [ E0159CE395B31F746AA26D0A6996DB29 ] C:\Windows\System32\eapphost.dll
22:30:02.0057 0292 C:\Windows\System32\eapphost.dll - ok
22:30:02.0057 0292 [ 9E693C6146932B5369DFFA584E805EF6 ] C:\Windows\System32\PSHED.DLL
22:30:02.0057 0292 C:\Windows\System32\PSHED.DLL - ok
22:30:02.0057 0292 [ 0160AD4F8F4F817428CA74358612EC48 ] C:\Windows\System32\rastls.dll
22:30:02.0057 0292 C:\Windows\System32\rastls.dll - ok
22:30:02.0057 0292 [ BFDF69526CB6476992540D4C477CC27A ] C:\Windows\System32\raschap.dll
22:30:02.0057 0292 C:\Windows\System32\raschap.dll - ok
22:30:02.0073 0292 [ 57D1DE90D43E25C9E645D81FFC4FB678 ] C:\Windows\System32\umb.dll
22:30:02.0073 0292 C:\Windows\System32\umb.dll - ok
22:30:02.0073 0292 [ 6C2D2558DECB89C83873F80160D19F2C ] C:\Windows\System32\wtsapi32.dll
22:30:02.0073 0292 C:\Windows\System32\wtsapi32.dll - ok
22:30:02.0073 0292 [ 16881B42E07390FAA8C7331E9B8316A7 ] C:\Windows\System32\duser.dll
22:30:02.0073 0292 C:\Windows\System32\duser.dll - ok
22:30:02.0073 0292 [ F64C1360D0590DF16AF01C8DA66973CB ] C:\Windows\System32\wlanmsm.dll
22:30:02.0073 0292 C:\Windows\System32\wlanmsm.dll - ok
22:30:02.0089 0292 [ CE11C00CCC066FB06CC0E671CA0D7660 ] C:\Windows\System32\wlansec.dll
22:30:02.0089 0292 C:\Windows\System32\wlansec.dll - ok
22:30:02.0089 0292 [ DED15764B578A26BE9E45E7692820549 ] C:\Windows\System32\onex.dll
22:30:02.0089 0292 C:\Windows\System32\onex.dll - ok
22:30:02.0089 0292 [ B50D0BF177657752B826697259341858 ] C:\Windows\System32\eappprxy.dll
22:30:02.0089 0292 C:\Windows\System32\eappprxy.dll - ok
22:30:02.0104 0292 [ 03FDED7449428CE493432EE35FE5A2FB ] C:\Windows\System32\eappcfg.dll
22:30:02.0104 0292 C:\Windows\System32\eappcfg.dll - ok
22:30:02.0104 0292 [ 7C5FCCA5993247A35A10DCA2B0F14529 ] C:\Windows\System32\xmllite.dll
22:30:02.0104 0292 C:\Windows\System32\xmllite.dll - ok
22:30:02.0104 0292 [ 0DF951A7088F19032A984A12D118397B ] C:\Windows\System32\oleacc.dll
22:30:02.0104 0292 C:\Windows\System32\oleacc.dll - ok
22:30:02.0104 0292 [ 9689076012A34CE4631D0CBFE148D092 ] C:\Windows\System32\wlgpclnt.dll
22:30:02.0104 0292 C:\Windows\System32\wlgpclnt.dll - ok
22:30:02.0120 0292 [ A73C52B285405E1FD79388AF2C7B2EB6 ] C:\Windows\System32\l2gpstore.dll
22:30:02.0120 0292 C:\Windows\System32\l2gpstore.dll - ok
22:30:02.0120 0292 [ 4DD86EDDA09715DC235E41C1F698F041 ] C:\Windows\System32\wlanutil.dll
22:30:02.0120 0292 C:\Windows\System32\wlanutil.dll - ok
22:30:02.0120 0292 [ B1D4BB8DFD7128A90982562268920724 ] C:\Windows\System32\WinSCard.dll
22:30:02.0120 0292 C:\Windows\System32\WinSCard.dll - ok
22:30:02.0135 0292 [ 12D7F2534615711A25D6D302ED8E32D6 ] C:\Windows\System32\msxml6.dll
22:30:02.0135 0292 C:\Windows\System32\msxml6.dll - ok
22:30:02.0135 0292 [ C501852F1CA40FFC55363ACC0D2DF5BA ] C:\Windows\System32\SmartcardCredentialProvider.dll
22:30:02.0135 0292 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
22:30:02.0135 0292 [ 00C7DAFAD08FAD59E51EB9A1F90925DE ] C:\Windows\System32\shgina.dll
22:30:02.0135 0292 C:\Windows\System32\shgina.dll - ok
22:30:02.0135 0292 [ 4CEA4255CAE84BF21FCA9A2827E16CBB ] C:\Windows\System32\shacct.dll
22:30:02.0135 0292 C:\Windows\System32\shacct.dll - ok
22:30:02.0151 0292 [ FE13271EF661F8BE83A1A0D3366164D0 ] C:\Windows\System32\propsys.dll
22:30:02.0151 0292 C:\Windows\System32\propsys.dll - ok
22:30:02.0151 0292 [ 7972615E382EF39785FD45F136F64D8C ] C:\Windows\System32\FWPUCLNT.DLL
22:30:02.0151 0292 C:\Windows\System32\FWPUCLNT.DLL - ok
22:30:02.0151 0292 [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] C:\Windows\System32\drivers\bowser.sys
22:30:02.0151 0292 C:\Windows\System32\drivers\bowser.sys - ok
22:30:02.0167 0292 [ C92B9ABDB65A5991E00C28F13491DBA2 ] C:\Windows\System32\drivers\mpsdrv.sys
22:30:02.0167 0292 C:\Windows\System32\drivers\mpsdrv.sys - ok
22:30:02.0167 0292 [ D58D129E26705E83A4DEBA7177EB7972 ] C:\Windows\System32\drivers\mrxsmb.sys
22:30:02.0167 0292 C:\Windows\System32\drivers\mrxsmb.sys - ok
22:30:02.0167 0292 [ 897E3BAF68BA406A61682AE39C83900C ] C:\Windows\System32\MPSSVC.dll
22:30:02.0167 0292 C:\Windows\System32\MPSSVC.dll - ok
22:30:02.0167 0292 [ D5BE5C14E0F1DC489F5BB2A67983F630 ] C:\Windows\System32\drivers\mrxsmb10.sys
22:30:02.0167 0292 C:\Windows\System32\drivers\mrxsmb10.sys - ok
22:30:02.0182 0292 [ D1E792408F710173E4E4FB6BFB248DB3 ] C:\Windows\System32\wfapigp.dll
22:30:02.0182 0292 C:\Windows\System32\wfapigp.dll - ok
22:30:02.0182 0292 [ 87B1E9B5DBFADA04D9FFDC52D16CB000 ] C:\Windows\System32\mscms.dll
22:30:02.0182 0292 C:\Windows\System32\mscms.dll - ok
22:30:02.0182 0292 [ 09A2990C3B293C212816C9BC0D7C200E ] C:\Windows\System32\drivers\mrxsmb20.sys
22:30:02.0182 0292 C:\Windows\System32\drivers\mrxsmb20.sys - ok
22:30:02.0182 0292 [ 7D9D615201A483D6FA99491C2E655A5A ] C:\Program Files\SUPERAntiSpyware\SASCore64.exe
22:30:02.0182 0292 C:\Program Files\SUPERAntiSpyware\SASCore64.exe - ok
22:30:02.0198 0292 [ 129F59470F770A2675A39C245BC5AB3F ] C:\Windows\System32\WsmRes.dll
22:30:02.0198 0292 C:\Windows\System32\WsmRes.dll - ok
22:30:02.0198 0292 [ 56697D33950E5E83A4049F477BE7C320 ] C:\Windows\System32\hid.dll
22:30:02.0198 0292 C:\Windows\System32\hid.dll - ok
22:30:02.0198 0292 [ A4F3F34A7146D8633FA8D346535A9CAA ] C:\Windows\System32\rasapi32.dll
22:30:02.0198 0292 C:\Windows\System32\rasapi32.dll - ok
22:30:02.0198 0292 [ 2E10EB73ED1E094E9A113D0798058B88 ] C:\Windows\System32\vssapi.dll
22:30:02.0198 0292 C:\Windows\System32\vssapi.dll - ok
22:30:02.0213 0292 [ 1E68A512FB6010B600CBC3577147AC50 ] C:\Windows\System32\plasrv.exe
22:30:02.0213 0292 C:\Windows\System32\plasrv.exe - ok
22:30:02.0213 0292 [ E9DBC876EC1C78A74A55D8D121016344 ] C:\Windows\System32\wbemcomn.dll
22:30:02.0213 0292 C:\Windows\System32\wbemcomn.dll - ok
22:30:02.0213 0292 [ C30BD20F185A47DCD4FD05F5AE1BC077 ] C:\Windows\System32\rasman.dll
22:30:02.0213 0292 C:\Windows\System32\rasman.dll - ok
22:30:02.0229 0292 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] C:\Windows\System32\IPSECSVC.DLL
22:30:02.0229 0292 C:\Windows\System32\IPSECSVC.DLL - ok
22:30:02.0229 0292 [ B25321F9C037BA9AE1DD68B36913ACAC ] C:\Windows\System32\wbem\WinMgmtR.dll
22:30:02.0229 0292 C:\Windows\System32\wbem\WinMgmtR.dll - ok
22:30:02.0229 0292 [ F0884FA3E83C79775BF89C74DD28B616 ] C:\Windows\System32\tapi32.dll
22:30:02.0229 0292 C:\Windows\System32\tapi32.dll - ok
22:30:02.0229 0292 [ E8AECB69B2057EB308BE15A77AF2489E ] C:\Windows\System32\vsstrace.dll
22:30:02.0229 0292 C:\Windows\System32\vsstrace.dll - ok
22:30:02.0245 0292 [ 14DC30962660BA05F1F54EB11AA5A2B4 ] C:\Windows\System32\FwRemoteSvr.dll
22:30:02.0245 0292 C:\Windows\System32\FwRemoteSvr.dll - ok
22:30:02.0245 0292 [ 5E1D96076745F73C56B1307FEE6BEDFE ] C:\Windows\System32\ncsi.dll
22:30:02.0245 0292 C:\Windows\System32\ncsi.dll - ok
22:30:02.0245 0292 [ F1D25FB6A8BF8FBAE49717B684670393 ] C:\Windows\System32\rtutils.dll
22:30:02.0245 0292 C:\Windows\System32\rtutils.dll - ok
22:30:02.0245 0292 [ DC2D7A3DE9D5DFB63AD2BA98ADB89D62 ] C:\Windows\System32\winmm.dll
22:30:02.0245 0292 C:\Windows\System32\winmm.dll - ok
22:30:02.0260 0292 [ 0C063350E73B443666B17F225BB9FEC7 ] C:\Windows\System32\cfgmgr32.dll
22:30:02.0260 0292 C:\Windows\System32\cfgmgr32.dll - ok
22:30:02.0260 0292 [ 467FBA22AD764B6AB85BE58C25EEF15D ] C:\Windows\System32\ssdpapi.dll
22:30:02.0260 0292 C:\Windows\System32\ssdpapi.dll - ok
22:30:02.0260 0292 [ C1AE82B8F60ADB630C00DCE48E571CDD ] C:\Windows\System32\netcfgx.dll
22:30:02.0260 0292 C:\Windows\System32\netcfgx.dll - ok
22:30:02.0276 0292 [ 73F18E253DF8E0A9CE5FC45E62FB1945 ] C:\Windows\System32\cabinet.dll
22:30:02.0276 0292 C:\Windows\System32\cabinet.dll - ok
22:30:02.0276 0292 [ 514A07C903607458B6B5A430B09BF794 ] C:\Windows\System32\avrt.dll
22:30:02.0276 0292 C:\Windows\System32\avrt.dll - ok
22:30:02.0276 0292 [ BED93F434CD291DEC110901F7343E000 ] C:\Windows\System32\dllhost.exe
22:30:02.0276 0292 C:\Windows\System32\dllhost.exe - ok
22:30:02.0291 0292 [ 09451F87CFF73FF22D9479FB0A73861C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_41466cae55469b30\comctl32.dll
22:30:02.0291 0292 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_41466cae55469b30\comctl32.dll - ok
22:30:02.0291 0292 [ ED4EC7C21A3607A4CB7D36E9C5B90AB2 ] C:\Windows\System32\AtBroker.exe
22:30:02.0291 0292 C:\Windows\System32\AtBroker.exe - ok
22:30:02.0291 0292 [ A0AB2BB9A92293D9CE66E252719AB5FE ] C:\Windows\System32\userinit.exe
22:30:02.0291 0292 C:\Windows\System32\userinit.exe - ok
22:30:02.0291 0292 [ 1AD703C14E705F69D4ADF79154054173 ] C:\Windows\System32\dwmapi.dll
22:30:02.0291 0292 C:\Windows\System32\dwmapi.dll - ok
22:30:02.0307 0292 [ 6B08E54A451B3F95E4109DBA7E594270 ] C:\Windows\explorer.exe
22:30:02.0307 0292 C:\Windows\explorer.exe - ok
22:30:02.0307 0292 [ 9DCAA0F7D8EC0C07BBBE724041DB7AC5 ] C:\Windows\System32\shdocvw.dll
22:30:02.0307 0292 C:\Windows\System32\shdocvw.dll - ok
22:30:02.0307 0292 [ EE9040473EB1339E75E79A75FA47A825 ] C:\Windows\System32\browseui.dll
22:30:02.0307 0292 C:\Windows\System32\browseui.dll - ok
22:30:02.0307 0292 [ 27CEEAA8E6149FC6F2F9EE5E0BDAC5A5 ] C:\Windows\System32\actxprxy.dll
22:30:02.0307 0292 C:\Windows\System32\actxprxy.dll - ok
22:30:02.0323 0292 [ 48FEF0CD6C0D4CA428DE7024F297E1CD ] C:\Windows\System32\WindowsCodecs.dll
22:30:02.0323 0292 C:\Windows\System32\WindowsCodecs.dll - ok
22:30:02.0323 0292 [ F33E804A031F160D128AB78990DE7C91 ] C:\Windows\System32\apphelp.dll
22:30:02.0323 0292 C:\Windows\System32\apphelp.dll - ok
22:30:02.0323 0292 [ B2E32F41E1D6500F62CAEF5EF2B17196 ] C:\Windows\System32\EhStorShell.dll
22:30:02.0323 0292 C:\Windows\System32\EhStorShell.dll - ok
22:30:02.0323 0292 [ EDC41901878A99EA11765F5536CCAE67 ] C:\Windows\System32\imageres.dll
22:30:02.0323 0292 C:\Windows\System32\imageres.dll - ok
22:30:02.0338 0292 [ A45D8543AE13502984366767D7A4B4CD ] C:\Windows\System32\IconCodecService.dll
22:30:02.0338 0292 C:\Windows\System32\IconCodecService.dll - ok
22:30:02.0338 0292 [ 5398BD3BA9735ECF658487A2826C0885 ] C:\Windows\System32\runonce.exe
22:30:02.0338 0292 C:\Windows\System32\runonce.exe - ok
22:30:02.0354 0292 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\SysWOW64\runonce.exe
22:30:02.0354 0292 C:\Windows\SysWOW64\runonce.exe - ok
22:30:02.0354 0292 [ 56007CFC52167C26E4A3F899B8D29CCD ] C:\Windows\SysWOW64\ntdll.dll
22:30:02.0354 0292 C:\Windows\SysWOW64\ntdll.dll - ok
22:30:02.0354 0292 [ 813C216E14005CB42BBD1B037FCF030F ] C:\Windows\System32\wow64.dll
22:30:02.0354 0292 C:\Windows\System32\wow64.dll - ok
22:30:02.0354 0292 [ 8FE910915F14C9C6A9561D8032B603D3 ] C:\Windows\System32\wow64win.dll
22:30:02.0354 0292 C:\Windows\System32\wow64win.dll - ok
22:30:02.0369 0292 [ CA9EECC6092B9C2CE86D95C04B51BA20 ] C:\Windows\System32\wow64cpu.dll
22:30:02.0369 0292 C:\Windows\System32\wow64cpu.dll - ok
22:30:02.0369 0292 [ A5830F679B5B38AE9700A72087178745 ] C:\Windows\SysWOW64\kernel32.dll
22:30:02.0369 0292 C:\Windows\SysWOW64\kernel32.dll - ok
22:30:02.0369 0292 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\SysWOW64\advapi32.dll
22:30:02.0369 0292 C:\Windows\SysWOW64\advapi32.dll - ok
22:30:02.0369 0292 [ 0ABE67004EB4C162F4456E64F90A11FD ] C:\Windows\SysWOW64\rpcrt4.dll
22:30:02.0369 0292 C:\Windows\SysWOW64\rpcrt4.dll - ok
22:30:02.0385 0292 [ C6BA79EE52AC97646269F104027B0ADA ] C:\Windows\SysWOW64\secur32.dll
22:30:02.0385 0292 C:\Windows\SysWOW64\secur32.dll - ok
22:30:02.0385 0292 [ 05C8C8767E29163FC251164FF6839EA5 ] C:\Windows\SysWOW64\gdi32.dll
22:30:02.0385 0292 C:\Windows\SysWOW64\gdi32.dll - ok
22:30:02.0385 0292 [ D29FDB5DEDBDC1BD882164DC6DC4DD53 ] C:\Windows\SysWOW64\user32.dll
22:30:02.0385 0292 C:\Windows\SysWOW64\user32.dll - ok
22:30:02.0385 0292 [ F5E991236960137B1F5449C5E5DF4656 ] C:\Windows\SysWOW64\msvcrt.dll
22:30:02.0385 0292 C:\Windows\SysWOW64\msvcrt.dll - ok
22:30:02.0401 0292 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\SysWOW64\shlwapi.dll
22:30:02.0401 0292 C:\Windows\SysWOW64\shlwapi.dll - ok
22:30:02.0401 0292 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
22:30:02.0401 0292 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
22:30:02.0401 0292 [ 33AE914C24F546AABF281BA7B138186D ] C:\Windows\SysWOW64\shell32.dll
22:30:02.0401 0292 C:\Windows\SysWOW64\shell32.dll - ok
22:30:02.0416 0292 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\SysWOW64\ole32.dll
22:30:02.0416 0292 C:\Windows\SysWOW64\ole32.dll - ok
22:30:02.0416 0292 [ B8FBE5F40B09F5D20E1E5CCFEF893D62 ] C:\Windows\SysWOW64\imm32.dll
22:30:02.0416 0292 C:\Windows\SysWOW64\imm32.dll - ok
22:30:02.0416 0292 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\SysWOW64\msctf.dll
22:30:02.0416 0292 C:\Windows\SysWOW64\msctf.dll - ok
22:30:02.0416 0292 [ DF37346EA13082E3E1B423B54014E641 ] C:\Windows\SysWOW64\lpk.dll
22:30:02.0416 0292 C:\Windows\SysWOW64\lpk.dll - ok
22:30:02.0432 0292 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\SysWOW64\usp10.dll
22:30:02.0432 0292 C:\Windows\SysWOW64\usp10.dll - ok
22:30:02.0432 0292 [ DBBB05E1AD745B842BA790A3835637C8 ] C:\Windows\System32\timedate.cpl
22:30:02.0432 0292 C:\Windows\System32\timedate.cpl - ok
22:30:02.0432 0292 [ AEA31124372857278FE549050206F9F5 ] C:\Windows\System32\msshsq.dll
22:30:02.0432 0292 C:\Windows\System32\msshsq.dll - ok
22:30:02.0432 0292 [ 1E642FBD902FB74778F57A76F8D620F5 ] C:\Windows\System32\NaturalLanguage6.dll
22:30:02.0432 0292 C:\Windows\System32\NaturalLanguage6.dll - ok
22:30:02.0447 0292 [ 90FABA79E004399E5FC69BBBD016CAF9 ] C:\Windows\System32\NlsData0009.dll
22:30:02.0447 0292 C:\Windows\System32\NlsData0009.dll - ok
22:30:02.0447 0292 [ C8E7E069468BC0DEAFE69375421FE839 ] C:\Windows\System32\NlsLexicons0009.dll
22:30:02.0447 0292 C:\Windows\System32\NlsLexicons0009.dll - ok
22:30:02.0447 0292 [ 8BDE3074EE7BB92030448419E33635C7 ] C:\Windows\System32\linkinfo.dll
22:30:02.0447 0292 C:\Windows\System32\linkinfo.dll - ok
22:30:02.0447 0292 [ E572915DB4DAD7F062D99334D9F10BFF ] C:\Windows\System32\networkexplorer.dll
22:30:02.0447 0292 C:\Windows\System32\networkexplorer.dll - ok
22:30:02.0463 0292 [ EFDEB286572A0E25DED02376AF272576 ] C:\Windows\System32\ieframe.dll
22:30:02.0463 0292 C:\Windows\System32\ieframe.dll - ok
22:30:02.0463 0292 [ 814B65E22070E087479A275AAE1931AC ] C:\Windows\System32\control.exe
22:30:02.0463 0292 C:\Windows\System32\control.exe - ok
22:30:02.0479 0292 [ 82955BAF6EE545110F7CE768AECA4144 ] C:\Windows\System32\thumbcache.dll
22:30:02.0806 0292 C:\Windows\System32\thumbcache.dll - ok
22:30:02.0806 0292 [ 35FBB6F5993C9EE70CDB72CC8AAB5D38 ] C:\Windows\System32\wdmaud.drv
22:30:02.0806 0292 C:\Windows\System32\wdmaud.drv - ok
22:30:02.0822 0292 [ 17BF3BF5296936B153FDDDA189B60E07 ] C:\Windows\System32\ksuser.dll
22:30:02.0822 0292 C:\Windows\System32\ksuser.dll - ok
22:30:02.0822 0292 [ 303C4EB5C2FB40F194E2B24CAD7148EF ] C:\Windows\System32\MMDevAPI.dll
22:30:02.0822 0292 C:\Windows\System32\MMDevAPI.dll - ok
22:30:02.0822 0292 [ 61C090AFC693640742904A4FA2409BBC ] C:\Windows\System32\ExplorerFrame.dll
22:30:02.0822 0292 C:\Windows\System32\ExplorerFrame.dll - ok
22:30:02.0822 0292 [ 079C4723655133D5F74A93E232A2E8A8 ] C:\Windows\System32\ntshrui.dll
22:30:02.0822 0292 C:\Windows\System32\ntshrui.dll - ok
22:30:02.0837 0292 [ 75C34D22D3E7D1D0238B62C55F604BFC ] C:\Windows\System32\cscapi.dll
22:30:02.0837 0292 C:\Windows\System32\cscapi.dll - ok
22:30:02.0837 0292 [ F1424C1B9B1813BF825E45DF3790BC8A ] C:\Program Files\Internet Explorer\iexplore.exe
22:30:02.0837 0292 C:\Program Files\Internet Explorer\iexplore.exe - ok
22:30:02.0853 0292 [ 32BFF048169F9A57B9BBAF2DC90EAC1B ] C:\Windows\System32\stobject.dll
22:30:02.0853 0292 C:\Windows\System32\stobject.dll - ok
22:30:02.0853 0292 [ 93E888DA525F3DA1D8A94C174DDCC7C0 ] C:\Windows\System32\batmeter.dll
22:30:02.0853 0292 C:\Windows\System32\batmeter.dll - ok
22:30:02.0853 0292 [ A285373EAB723D7F3FCFDB70ACCB60A1 ] C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll
22:30:02.0853 0292 C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll - ok
22:30:02.0853 0292 [ 8728A91948AC0FE779BDF47BC551BAF5 ] C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
22:30:02.0853 0292 C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe - ok
22:30:02.0869 0292 [ BF2DD8B1253FB01CADB9C7C152984C89 ] C:\Windows\ehome\ehshell.exe
22:30:02.0869 0292 C:\Windows\ehome\ehshell.exe - ok
22:30:02.0869 0292 [ 6655936E40C43120145A11547734F01F ] C:\Users\Pete\Desktop\FRST64.exe
22:30:02.0869 0292 C:\Users\Pete\Desktop\FRST64.exe - ok
22:30:02.0869 0292 [ E12F22B73F153DECE721CD45EC05B4AF ] C:\Windows\System32\es.dll
22:30:02.0869 0292 C:\Windows\System32\es.dll - ok
22:30:02.0869 0292 [ 5C8C51B679B947F3DF948533C0926240 ] C:\Windows\System32\SndVolSSO.dll
22:30:02.0869 0292 C:\Windows\System32\SndVolSSO.dll - ok
22:30:02.0884 0292 [ 0FC2EA59E0A132DE7992068EC84AEC4A ] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
22:30:02.0884 0292 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE - ok
22:30:02.0884 0292 [ 27336F3CC6B3B53043D0666AC0CA4A7F ] C:\Windows\System32\notepad.exe
22:30:02.0884 0292 C:\Windows\System32\notepad.exe - ok
22:30:02.0884 0292 [ FF253B202C460492B9A35C457066CCC0 ] C:\Windows\ehome\ehSSO.dll
22:30:02.0884 0292 C:\Windows\ehome\ehSSO.dll - ok
22:30:02.0884 0292 [ F3AF3A7F82CE01D5FFAAA5B60154AFCD ] C:\Windows\System32\HelpPaneProxy.dll
22:30:02.0884 0292 C:\Windows\System32\HelpPaneProxy.dll - ok
22:30:02.0900 0292 [ 829ACD708A96E5BECBA27B8448198E5E ] C:\Windows\HelpPane.exe
22:30:02.0900 0292 C:\Windows\HelpPane.exe - ok
22:30:02.0900 0292 [ AA6FAA30D3D0D4424DBA3D74D1CA1E14 ] C:\Windows\System32\netshell.dll
22:30:02.0900 0292 C:\Windows\System32\netshell.dll - ok
22:30:02.0900 0292 [ F90ED5EE26169B69A3F915CFD014BA60 ] C:\Windows\System32\apds.dll
22:30:02.0900 0292 C:\Windows\System32\apds.dll - ok
22:30:02.0915 0292 [ 9F6CDCE3281466C6E6FFA57E8F23BFC1 ] C:\Windows\System32\msxml3.dll
22:30:02.0915 0292 C:\Windows\System32\msxml3.dll - ok
22:30:02.0915 0292 [ DE95622B09554A70DB4F035D197330BF ] C:\Windows\System32\pnidui.dll
22:30:02.0915 0292 C:\Windows\System32\pnidui.dll - ok
22:30:02.0915 0292 [ ED99B5F4B9DFE4BECA711F3B0340F931 ] C:\Windows\System32\QUTIL.DLL
22:30:02.0915 0292 C:\Windows\System32\QUTIL.DLL - ok
22:30:02.0915 0292 [ F50B03EB7C150E44DF2843F2138D4F70 ] C:\Windows\System32\mlang.dll
22:30:02.0915 0292 C:\Windows\System32\mlang.dll - ok
22:30:02.0931 0292 [ BE7363676BE97E723D706E2DD38E1189 ] C:\Windows\System32\url.dll
22:30:02.0931 0292 C:\Windows\System32\url.dll - ok
22:30:02.0931 0292 [ 7846D0136CC2B264926A73047BA7688A ] C:\Windows\System32\netprofm.dll
22:30:02.0931 0292 C:\Windows\System32\netprofm.dll - ok
22:30:02.0931 0292 [ 9E3244FE8BA484E98461B8619C86F0D5 ] C:\Program Files\Windows Calendar\WinCal.exe
22:30:02.0931 0292 C:\Program Files\Windows Calendar\WinCal.exe - ok
22:30:02.0931 0292 [ A5D8AD128FBB763F147F29F3D6A1C084 ] C:\Windows\System32\npmproxy.dll
22:30:02.0931 0292 C:\Windows\System32\npmproxy.dll - ok
22:30:02.0947 0292 [ 7F80E2C493079E9D42CCECC715790E10 ] C:\Windows\System32\fundisc.dll
22:30:02.0947 0292 C:\Windows\System32\fundisc.dll - ok
22:30:02.0947 0292 [ 39872A309B2DB96738AF44402F7BD43C ] C:\Windows\System32\rasdlg.dll
22:30:02.0947 0292 C:\Windows\System32\rasdlg.dll - ok
22:30:02.0947 0292 [ 02B4E6CCCA443568764281391635F5A4 ] C:\Windows\System32\mshtml.dll
22:30:02.0947 0292 C:\Windows\System32\mshtml.dll - ok
22:30:02.0947 0292 [ 9DD626CC4FB7CAAC19B2F4C33CD6A2A3 ] C:\Windows\System32\fdProxy.dll
22:30:02.0947 0292 C:\Windows\System32\fdProxy.dll - ok
22:30:02.0962 0292 [ 48DD40677817CE1053C2315F5A87E0D3 ] C:\Program Files\Windows Defender\MSASCui.exe
22:30:02.0962 0292 C:\Program Files\Windows Defender\MSASCui.exe - ok
22:30:02.0962 0292 [ 13E47C975E14031E7DC611191B70FD35 ] C:\Program Files\Movie Maker\DVDMaker.exe
22:30:02.0962 0292 C:\Program Files\Movie Maker\DVDMaker.exe - ok
22:30:02.0978 0292 [ F77B49A32331FA80F11C86877A6700DB ] C:\Windows\System32\mprapi.dll
22:30:02.0978 0292 C:\Windows\System32\mprapi.dll - ok
22:30:02.0978 0292 [ 45C5EAB112D3481A25485B0CF7E3597D ] C:\Windows\System32\activeds.dll
22:30:02.0978 0292 C:\Windows\System32\activeds.dll - ok
22:30:02.0978 0292 [ 80B8B7FF3AADD2156EE969C048644CAF ] C:\Windows\System32\adsldpc.dll
22:30:02.0978 0292 C:\Windows\System32\adsldpc.dll - ok
22:30:02.0978 0292 [ 77C276A0E431203EE56E52600A2575EA ] C:\Windows\System32\credui.dll
22:30:02.0978 0292 C:\Windows\System32\credui.dll - ok
22:30:02.0993 0292 [ B6A7E7F43234BFA6A8E6CC4110CB9448 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
22:30:02.0993 0292 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
22:30:02.0993 0292 [ B51A921F2CA7A068F5025D6EF3C5C8DD ] C:\Program Files\Windows Mail\WinMail.exe
22:30:02.0993 0292 C:\Program Files\Windows Mail\WinMail.exe - ok
22:30:02.0993 0292 [ 697D6CAF74F39C7F0017088C6F6B5C33 ] C:\Program Files\Windows Media Player\wmpnssci.dll
22:30:02.0993 0292 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
22:30:02.0993 0292 [ 483E6FE556B3146D5A634B8552FDD15C ] C:\Windows\System32\wlanapi.dll
22:30:02.0993 0292 C:\Windows\System32\wlanapi.dll - ok
22:30:03.0009 0292 [ 0058E2924F2B6483591FAA7C2A6595A7 ] C:\Windows\System32\msiltcfg.dll
22:30:03.0009 0292 C:\Windows\System32\msiltcfg.dll - ok
22:30:03.0009 0292 [ 2A70994A408D889715DE6A527679397E ] C:\Windows\System32\wshbth.dll
22:30:03.0009 0292 C:\Windows\System32\wshbth.dll - ok
22:30:03.0009 0292 [ 8449D81B9FB1CCADEC3E64F30E1076C7 ] C:\Windows\System32\winrnr.dll
22:30:03.0009 0292 C:\Windows\System32\winrnr.dll - ok
22:30:03.0009 0292 [ D092AA9740076D7B55BA7E3ECD22DFA7 ] C:\Windows\System32\msi.dll
22:30:03.0009 0292 C:\Windows\System32\msi.dll - ok
22:30:03.0025 0292 [ 70071E1657823DA231713D74A9CC8ECA ] C:\Windows\System32\rasadhlp.dll
22:30:03.0025 0292 C:\Windows\System32\rasadhlp.dll - ok
22:30:03.0025 0292 [ FDAC777249FC4A5ED75FF3F563817FA1 ] C:\Windows\System32\AltTab.dll
22:30:03.0025 0292 C:\Windows\System32\AltTab.dll - ok
22:30:03.0025 0292 [ 812486930BE7E11F12D98F5FF3E81A43 ] C:\Windows\System32\WPDShServiceObj.dll
22:30:03.0025 0292 C:\Windows\System32\WPDShServiceObj.dll - ok
22:30:03.0040 0292 [ B6D5917CF9FDA3B434AD908559EBD2B3 ] C:\Windows\System32\srchadmin.dll
22:30:03.0040 0292 C:\Windows\System32\srchadmin.dll - ok
22:30:03.0040 0292 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
22:30:03.0040 0292 C:\Windows\System32\webcheck.dll - ok
22:30:03.0040 0292 [ E55DE59CD89138BD973602F9F202E84D ] C:\Windows\System32\SyncCenter.dll
22:30:03.0040 0292 C:\Windows\System32\SyncCenter.dll - ok
22:30:03.0040 0292 [ 8BFAB6A44A3299152908F4863B3865F8 ] C:\Windows\System32\BTNCopy.dll
22:30:03.0040 0292 C:\Windows\System32\BTNCopy.dll - ok
22:30:03.0056 0292 [ 70DD82E202BD8022452DC8D2B73231AA ] C:\Windows\System32\wscntfy.dll
22:30:03.0056 0292 C:\Windows\System32\wscntfy.dll - ok
22:30:03.0056 0292 [ B4D787DB8D30793A4D4DF9FEED18F136 ] C:\Windows\System32\drivers\cdfs.sys
22:30:03.0056 0292 C:\Windows\System32\drivers\cdfs.sys - ok
22:30:03.0056 0292 [ 2CAB7B034B867AAB48D298F93D04BD3E ] C:\Windows\System32\wscapi.dll
22:30:03.0056 0292 C:\Windows\System32\wscapi.dll - ok
22:30:03.0056 0292 [ D23E5184266747DDCE9D0C6581D916B3 ] C:\Windows\System32\hnetcfg.dll
22:30:03.0056 0292 C:\Windows\System32\hnetcfg.dll - ok
22:30:03.0071 0292 [ 9BBD858EEC0AA9894B8063218CF1D19D ] C:\Windows\System32\upnp.dll
22:30:03.0071 0292 C:\Windows\System32\upnp.dll - ok
22:30:03.0071 0292 [ 2928BBB81F5D3F80C3D65B0701C230DC ] C:\Program Files\Internet Explorer\ieproxy.dll
22:30:03.0071 0292 C:\Program Files\Internet Explorer\ieproxy.dll - ok
22:30:03.0071 0292 [ ED10D55B28FCD8A6DEA09AE3FE20EC3A ] C:\Windows\System32\imapi2.dll
22:30:03.0071 0292 C:\Windows\System32\imapi2.dll - ok
22:30:03.0071 0292 [ 89AEB5FBBE4A5411484C0A211CD44B53 ] C:\Windows\System32\apss.dll
22:30:03.0071 0292 C:\Windows\System32\apss.dll - ok
22:30:03.0087 0292 [ 7326B6CA36F40384EF4817DDA09344CF ] C:\Windows\System32\PortableDeviceTypes.dll
22:30:03.0087 0292 C:\Windows\System32\PortableDeviceTypes.dll - ok
22:30:03.0087 0292 [ 84F9BAD395DADAFA8E46BE7946B18ECD ] C:\Windows\System32\msimtf.dll
22:30:03.0087 0292 C:\Windows\System32\msimtf.dll - ok
22:30:03.0103 0292 [ 494B0A9A4DB58EF767DC115512823A8A ] C:\Windows\System32\PortableDeviceApi.dll
22:30:03.0103 0292 C:\Windows\System32\PortableDeviceApi.dll - ok
22:30:03.0103 0292 [ 8F50FB284B7C97C241F6F53E4C88453B ] C:\Program Files\Windows Collaboration\WinCollab.exe
22:30:03.0103 0292 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
22:30:03.0103 0292 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
22:30:03.0103 0292 C:\Windows\System32\msls31.dll - ok
22:30:03.0103 0292 [ 72A73B43C20902760022FBC91B3EC948 ] C:\Windows\System32\cmd.exe
22:30:03.0103 0292 C:\Windows\System32\cmd.exe - ok
22:30:03.0118 0292 [ 5DD36EC36334E0ED4275AA3A55F5D22C ] C:\Program Files\Movie Maker\MOVIEMK.exe
22:30:03.0118 0292 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
22:30:03.0118 0292 [ B9A29B105BFDE61CB992CB646FD23A4C ] C:\Windows\System32\d2d1.dll
22:30:03.0118 0292 C:\Windows\System32\d2d1.dll - ok
22:30:03.0118 0292 [ 7FB82497FBBF96ACC9E143E7F183BFA7 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
22:30:03.0118 0292 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
22:30:03.0118 0292 [ 9E341BB55760A87268862E40DBA1CEF0 ] C:\Windows\System32\accessibilitycpl.dll
22:30:03.0118 0292 C:\Windows\System32\accessibilitycpl.dll - ok
22:30:03.0134 0292 [ 5B0454675B6A6DED933B0764D18D6788 ] C:\Windows\System32\DWrite.dll
22:30:03.0134 0292 C:\Windows\System32\DWrite.dll - ok
22:30:03.0134 0292 [ 63BD471712132D597431407527A57628 ] C:\Windows\System32\dxgi.dll
22:30:03.0134 0292 C:\Windows\System32\dxgi.dll - ok
22:30:03.0134 0292 [ FF0729002E081668620A681182D63FE6 ] C:\Windows\System32\wuapp.exe
22:30:03.0134 0292 C:\Windows\System32\wuapp.exe - ok
22:30:03.0134 0292 [ E793C43F67070D3F377DF244C4AA0366 ] C:\Windows\System32\d3d10_1.dll
22:30:03.0134 0292 C:\Windows\System32\d3d10_1.dll - ok
22:30:03.0149 0292 [ C9B11E8662B4E90295E2F3AD8C44EFC5 ] C:\Windows\System32\d3d10_1core.dll
22:30:03.0149 0292 C:\Windows\System32\d3d10_1core.dll - ok
22:30:03.0149 0292 [ DFFB91500638FACA4CDEA50E4E1F02F9 ] C:\Windows\System32\Magnify.exe
22:30:03.0149 0292 C:\Windows\System32\Magnify.exe - ok
22:30:03.0149 0292 [ FA76D2252445FBC5EBC7B8611FFE4181 ] C:\Windows\System32\d3d10warp.dll
22:30:03.0149 0292 C:\Windows\System32\d3d10warp.dll - ok
22:30:03.0165 0292 [ 50EBD31C3527366FAFA468BD609F7352 ] C:\Windows\System32\wucltux.dll
22:30:03.0165 0292 C:\Windows\System32\wucltux.dll - ok
22:30:03.0165 0292 [ 8A777C49978A4E03C4F1442E8FDC5CC2 ] C:\Windows\System32\osk.exe
22:30:03.0165 0292 C:\Windows\System32\osk.exe - ok
22:30:03.0165 0292 [ C1F78C1F69CE92BF051A7071F1345210 ] C:\Windows\System32\fsquirt.exe
22:30:03.0165 0292 C:\Windows\System32\fsquirt.exe - ok
22:30:03.0165 0292 [ C72A515E6835CB775A01BA4F42B1A730 ] C:\Windows\System32\calc.exe
22:30:03.0165 0292 C:\Windows\System32\calc.exe - ok
22:30:03.0181 0292 [ DB4A027E320B226D33F68C71D85103F6 ] C:\Windows\System32\mblctr.exe
22:30:03.0181 0292 C:\Windows\System32\mblctr.exe - ok
22:30:03.0181 0292 [ 48B306A0F08606FEB6C6DD9BDF6E4E0F ] C:\Windows\System32\NetProj.exe
22:30:03.0181 0292 C:\Windows\System32\NetProj.exe - ok
22:30:03.0181 0292 [ 61D4DBC6D1C1C98DC935888295A89D01 ] C:\Windows\System32\NetProjW.dll
22:30:03.0181 0292 C:\Windows\System32\NetProjW.dll - ok
22:30:03.0181 0292 [ EC0A7FB35A11EEF77C76781E122BAF0C ] C:\Windows\System32\mspaint.exe
22:30:03.0196 0292 C:\Windows\System32\mspaint.exe - ok
22:30:03.0196 0292 [ B9ECFA30BE99EEEA2948A27D85E1F52E ] C:\Windows\System32\mstsc.exe
22:30:03.0196 0292 C:\Windows\System32\mstsc.exe - ok
22:30:03.0196 0292 [ 21F36392598072A73C7576CD8AFD6E70 ] C:\Windows\System32\wbem\wbemprox.dll
22:30:03.0196 0292 C:\Windows\System32\wbem\wbemprox.dll - ok
22:30:03.0196 0292 [ 9C5A0F070196B601D629F5BA9AA921F8 ] C:\Program Files\Windows Sidebar\sidebar.exe
22:30:03.0196 0292 C:\Program Files\Windows Sidebar\sidebar.exe - ok
22:30:03.0212 0292 [ 0B40AAC953EE451373FB8E26A73ADC94 ] C:\Windows\System32\SnippingTool.exe
22:30:03.0212 0292 C:\Windows\System32\SnippingTool.exe - ok
22:30:03.0212 0292 [ D642A49B5E19B3F5B0B4647FAE27817E ] C:\Windows\System32\wbem\wbemcore.dll
22:30:03.0212 0292 C:\Windows\System32\wbem\wbemcore.dll - ok
22:30:03.0212 0292 [ ECBAA8694660229262B781BEB7DDD625 ] C:\Windows\System32\SoundRecorder.exe
22:30:03.0212 0292 C:\Windows\System32\SoundRecorder.exe - ok
22:30:03.0227 0292 [ A41D6AFF8AFD743507887FD7747B35D3 ] C:\Windows\System32\mobsync.exe
22:30:03.0227 0292 C:\Windows\System32\mobsync.exe - ok
22:30:03.0227 0292 [ 8E29B921BC400F51276F781C4CFB87F6 ] C:\Windows\System32\oobefldr.dll
22:30:03.0227 0292 C:\Windows\System32\oobefldr.dll - ok
22:30:03.0227 0292 [ 37B697901FE364144D634128369098FF ] C:\Windows\System32\wbem\esscli.dll
22:30:03.0227 0292 C:\Windows\System32\wbem\esscli.dll - ok
22:30:03.0227 0292 [ 11F705A35F4CB2B4D6FA51606A9B8C54 ] C:\Windows\System32\wbem\fastprox.dll
22:30:03.0227 0292 C:\Windows\System32\wbem\fastprox.dll - ok
22:30:03.0243 0292 [ 8F8380E73A04BCB85340B1A3653FB8A5 ] C:\Windows\System32\wbem\wbemsvc.dll
22:30:03.0243 0292 C:\Windows\System32\wbem\wbemsvc.dll - ok
22:30:03.0243 0292 [ FAFD25FE1BE024AE20605DCD01F1C435 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
22:30:03.0243 0292 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
22:30:03.0243 0292 [ 1AE49D81622BE6364194F70045F07194 ] C:\Windows\System32\wbem\wmiutils.dll
22:30:03.0243 0292 C:\Windows\System32\wbem\wmiutils.dll - ok
22:30:03.0243 0292 [ CE881FB400AAFE32D3DC0A7561B547C2 ] C:\Windows\Speech\Common\sapisvr.exe
22:30:03.0243 0292 C:\Windows\Speech\Common\sapisvr.exe - ok
22:30:03.0259 0292 [ 4FDF6B8B9449D4AF1D98A0705CB6747D ] C:\Windows\System32\Speech\SpeechUX\sapi.cpl
22:30:03.0259 0292 C:\Windows\System32\Speech\SpeechUX\sapi.cpl - ok
22:30:03.0259 0292 [ C1303E3D550F2934BA825A80D335D18A ] C:\Windows\System32\sdclt.exe
22:30:03.0259 0292 C:\Windows\System32\sdclt.exe - ok
22:30:03.0259 0292 [ 5103B1E343F2D5FBDFA8D0318ABC59C4 ] C:\Windows\System32\wbem\repdrvfs.dll
22:30:03.0259 0292 C:\Windows\System32\wbem\repdrvfs.dll - ok
22:30:03.0259 0292 [ 38D057FA41217FB904B3A0BC34B8D367 ] C:\Windows\System32\charmap.exe
22:30:03.0259 0292 C:\Windows\System32\charmap.exe - ok
22:30:03.0274 0292 [ E1748B86DC11BACA3400B92BB21913CE ] C:\Windows\System32\dfrgui.exe
22:30:03.0274 0292 C:\Windows\System32\dfrgui.exe - ok
22:30:03.0274 0292 [ 10DEAF6B32EB834F5C534EB942111FA8 ] C:\Windows\System32\migwiz\migwiz.exe
22:30:03.0274 0292 C:\Windows\System32\migwiz\migwiz.exe - ok
22:30:03.0274 0292 [ A4AF702E6BB80D014C56EDE22C6BC423 ] C:\Windows\System32\msinfo32.exe
22:30:03.0274 0292 C:\Windows\System32\msinfo32.exe - ok
22:30:03.0290 0292 [ 8DBF26D220D8EE44D7A6286BE2F2C767 ] C:\Windows\System32\rstrui.exe
22:30:03.0290 0292 C:\Windows\System32\rstrui.exe - ok
22:30:03.0290 0292 [ DB83DA870C2C9A612A07A635444BA846 ] C:\Windows\System32\miguiresource.dll
22:30:03.0290 0292 C:\Windows\System32\miguiresource.dll - ok
22:30:03.0290 0292 [ 549D573FE2B83C3ECF7553E8996DFA17 ] C:\Windows\System32\StikyNot.exe
22:30:03.0290 0292 C:\Windows\System32\StikyNot.exe - ok
22:30:03.0305 0292 [ A4E789205FB6C1FC0FB2FD3898455F57 ] C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
22:30:03.0305 0292 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe - ok
22:30:03.0305 0292 [ 4F69B3864A6FA36744E275BABD731B74 ] C:\Program Files\Windows Journal\Journal.exe
22:30:03.0305 0292 C:\Program Files\Windows Journal\Journal.exe - ok
22:30:03.0305 0292 [ BADF546E20F3B6A8630EA80EB9E657C3 ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
22:30:03.0305 0292 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
22:30:03.0305 0292 [ 590D8BF1D514FC519CEFE9C1815FE41D ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
22:30:03.0305 0292 C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe - ok
22:30:03.0321 0292 [ 8AA015739AA5D31E19E853FD1554C769 ] C:\Windows\System32\mycomput.dll
22:30:03.0321 0292 C:\Windows\System32\mycomput.dll - ok
22:30:03.0321 0292 [ F91D87E625D94F74477525861F7B38D7 ] C:\Windows\System32\odbcad32.exe
22:30:03.0321 0292 C:\Windows\System32\odbcad32.exe - ok
22:30:03.0321 0292 [ 53E401AE1E8CEF522E00576650CC11EB ] C:\Windows\System32\odbcint.dll
22:30:03.0321 0292 C:\Windows\System32\odbcint.dll - ok
22:30:03.0321 0292 [ 688844EFB733D426D90A56499B5DC6CD ] C:\Windows\System32\iscsicpl.exe
22:30:03.0321 0292 C:\Windows\System32\iscsicpl.exe - ok
22:30:03.0337 0292 [ 8BAFE3351162FB7CD8E392BA93B25EB4 ] C:\Windows\System32\iscsicpl.dll
22:30:03.0337 0292 C:\Windows\System32\iscsicpl.dll - ok
22:30:03.0337 0292 [ BEEBCBC84D58FC34B3C9DD3A24BB8F24 ] C:\Windows\System32\MdSched.exe
22:30:03.0337 0292 C:\Windows\System32\MdSched.exe - ok
22:30:03.0337 0292 [ E946553F786521C073AABC7CD0714807 ] C:\Windows\System32\wbem\WmiPrvSD.dll
22:30:03.0337 0292 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
22:30:03.0352 0292 [ 832726DEFA39BBA2D34C9E20CEA471C0 ] C:\Windows\System32\wdc.dll
22:30:03.0352 0292 C:\Windows\System32\wdc.dll - ok
22:30:03.0352 0292 [ 8D94313E7A7786997B4C362B7CCB5D29 ] C:\Windows\System32\wbem\wbemess.dll
22:30:03.0352 0292 C:\Windows\System32\wbem\wbemess.dll - ok
22:30:03.0352 0292 [ 256AD83B5C6B3F36247AFCF3A95EFCF9 ] C:\Windows\System32\filemgmt.dll
22:30:03.0352 0292 C:\Windows\System32\filemgmt.dll - ok
22:30:03.0352 0292 [ F1F799F596CA296EE9725EFEA01A63D7 ] C:\Windows\System32\msconfig.exe
22:30:03.0352 0292 C:\Windows\System32\msconfig.exe - ok
22:30:03.0368 0292 [ 03C1410DBD7B35D105B732424FEB7516 ] C:\Windows\System32\AuthFWGP.dll
22:30:03.0368 0292 C:\Windows\System32\AuthFWGP.dll - ok
22:30:03.0368 0292 [ 27336F3CC6B3B53043D0666AC0CA4A7F ] C:\Windows\notepad.exe
22:30:03.0368 0292 C:\Windows\notepad.exe - ok
22:30:03.0368 0292 [ E4D4500B9F619DF2F1765FE259B12A4F ] C:\Windows\System32\WindowsAnytimeUpgrade.exe
22:30:03.0368 0292 C:\Windows\System32\WindowsAnytimeUpgrade.exe - ok
22:30:03.0368 0292 [ 23E4E5A6876082BADECA7B80DD7B21C0 ] C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
22:30:03.0368 0292 C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll - ok
22:30:03.0383 0292 [ BC687BE08AF06AB5FE481BFAFFC55C6D ] C:\Windows\System32\dot3api.dll
22:30:03.0383 0292 C:\Windows\System32\dot3api.dll - ok
22:30:03.0383 0292 [ DF4F9708003752B4C475300BEC1F042B ] C:\Program Files\Microsoft Games\Chess\Chess.exe
22:30:03.0383 0292 C:\Program Files\Microsoft Games\Chess\Chess.exe - ok
22:30:03.0383 0292 [ D86A2D30934F2192E477D4159632AD63 ] C:\Windows\System32\wlanhlp.dll
22:30:03.0383 0292 C:\Windows\System32\wlanhlp.dll - ok
22:30:03.0399 0292 [ DBC0B012A13C7738871D569005DEB5D1 ] C:\Windows\System32\bthprops.cpl
22:30:03.0399 0292 C:\Windows\System32\bthprops.cpl - ok
22:30:03.0399 0292 [ A77267CDDE66443FB779CEE39CEE2141 ] C:\Windows\System32\QAGENT.DLL
22:30:03.0399 0292 C:\Windows\System32\QAGENT.DLL - ok
22:30:03.0399 0292 [ CD2B49ACFAD057AD5577AA26040CC052 ] C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
22:30:03.0399 0292 C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe - ok
22:30:03.0415 0292 [ F2DB8923DBF9491BC7D387E305505CF5 ] C:\Windows\System32\gameux.dll
22:30:03.0415 0292 C:\Windows\System32\gameux.dll - ok
22:30:03.0415 0292 [ 69C0460E837047E172A3B92858ED7AB3 ] C:\Program Files\Microsoft Games\Hearts\Hearts.exe
22:30:03.0415 0292 C:\Program Files\Microsoft Games\Hearts\Hearts.exe - ok
22:30:03.0415 0292 [ 11D415DB881C617288D3CB81BB1FE51D ] C:\Windows\System32\wbem\NCProv.dll
22:30:03.0415 0292 C:\Windows\System32\wbem\NCProv.dll - ok
22:30:03.0415 0292 [ B4761127BA6B6353566FF735EC22F4A4 ] C:\Program Files\Microsoft Games\inkball\inkball.exe
22:30:03.0415 0292 C:\Program Files\Microsoft Games\inkball\inkball.exe - ok
22:30:03.0430 0292 [ E21FFFE678FF09BAA6BF5F76BD8805C6 ] C:\Windows\System32\esent.dll
22:30:03.0430 0292 C:\Windows\System32\esent.dll - ok
22:30:03.0430 0292 [ A0CB916FDBB52C039F5D482701645E86 ] C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
22:30:03.0430 0292 C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe - ok
22:30:03.0430 0292 [ 00D63F95C21D1FE5CFD23E9F815A7A25 ] C:\Windows\System32\d3d10.dll
22:30:03.0430 0292 C:\Windows\System32\d3d10.dll - ok
22:30:03.0430 0292 [ 45EEA3DBE0182FBCFCF9B1F286178BB9 ] C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
22:30:03.0430 0292 C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe - ok
22:30:03.0446 0292 [ 06FDEA0167BAD4CDE26210F92F33FDBA ] C:\Windows\System32\wbem\wbemcons.dll
22:30:03.0446 0292 C:\Windows\System32\wbem\wbemcons.dll - ok
22:30:03.0446 0292 [ AD47DE9AC3309EAF362DA8870272F1D3 ] C:\Windows\System32\d3d10core.dll
22:30:03.0446 0292 C:\Windows\System32\d3d10core.dll - ok
22:30:03.0446 0292 [ C4E6DF4D491A82DFF4EA56BD4C3A6633 ] C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
22:30:03.0446 0292 C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe - ok
22:30:03.0461 0292 [ 7D2CB10042CAC091DE7BC04AFF27CF9E ] C:\Windows\System32\wbem\unsecapp.exe
22:30:03.0461 0292 C:\Windows\System32\wbem\unsecapp.exe - ok
22:30:03.0461 0292 [ 4EF7F56C5D3D3FC63E7296F2A3D283D5 ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
22:30:03.0461 0292 C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
22:30:03.0461 0292 [ E97B6931B5629D7E9F6EE29A68FD6123 ] C:\Windows\System32\wbem\WmiPrvSE.exe
22:30:03.0461 0292 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
22:30:03.0477 0292 [ F347FD7DD03B3408691049CDE0ABB6B6 ] C:\Windows\System32\wbem\wmiprov.dll
22:30:03.0477 0292 C:\Windows\System32\wbem\wmiprov.dll - ok
22:30:03.0477 0292 [ 9A11183400352696047C8F158A1370A3 ] C:\Windows\System32\wmi.dll
22:30:03.0477 0292 C:\Windows\System32\wmi.dll - ok
22:30:03.0477 0292 [ EF4C006CC67119A5E3EA534EC85BEA23 ] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
22:30:03.0477 0292 C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe - ok
22:30:03.0477 0292 [ 39ACE51DDA5477FE240CA90F7C6A0DCC ] C:\Program Files\Java\jre7\bin\javacpl.exe
22:30:03.0477 0292 C:\Program Files\Java\jre7\bin\javacpl.exe - ok
22:30:03.0493 0292 [ AA2F3D9F789F071F90B398CC7D40330E ] C:\Program Files\Java\jre7\bin\java.exe
22:30:03.0493 0292 C:\Program Files\Java\jre7\bin\java.exe - ok
22:30:03.0493 0292 [ EF6D2BC5AF87B6DDFB52245FF77046B7 ] C:\Windows\System32\brcpl.dll
22:30:03.0493 0292 C:\Windows\System32\brcpl.dll - ok
22:30:03.0493 0292 [ 406121C827A2901E72DAB2197DAE180E ] C:\Windows\System32\wercon.exe
22:30:03.0493 0292 C:\Windows\System32\wercon.exe - ok
22:30:03.0493 0292 [ 5767ED421A03FA524B5F18A2C28C1143 ] C:\Windows\System32\msra.exe
22:30:03.0493 0292 C:\Windows\System32\msra.exe - ok
22:30:03.0508 0292 [ 21EF4BB2A6FF4116FD83FAEE52D4A416 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
22:30:03.0508 0292 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe - ok
22:30:03.0508 0292 [ 7E2CF680C69680064D43F4FFE5831DD1 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
22:30:03.0508 0292 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - ok
22:30:03.0508 0292 [ C0F4A57BA5E09A28AE3D2F67ED219EEA ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
22:30:03.0508 0292 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - ok
22:30:03.0524 0292 [ 484ACF6AF85A29AC52F3CF054DFDE9D3 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
22:30:03.0524 0292 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - ok
22:30:03.0524 0292 [ FF6669F7A1782D54E338F5C6EC806E1E ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
22:30:03.0524 0292 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - ok
22:30:03.0524 0292 [ E1AB2AC4A4D50B479DF1B1CEA4A7409B ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
22:30:03.0524 0292 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - ok
22:30:03.0539 0292 [ 3E5AA6A816FA331E64C38A45C6FF5637 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
22:30:03.0539 0292 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe - ok
22:30:03.0539 0292 [ AC142966D25A3F543340B8D7B7C7D1DD ] C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL
22:30:03.0539 0292 C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL - ok
22:30:03.0539 0292 [ 4E1784B96F81FA2F561E5524CCD5FC7E ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_88dc01492fb256de\msvcr80.dll
22:30:03.0539 0292 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_88dc01492fb256de\msvcr80.dll - ok
22:30:03.0539 0292 [ 027879B1DB3F0FA3F779338B021CA970 ] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
22:30:03.0539 0292 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - ok
22:30:03.0555 0292 [ 7DC262AEEA66CCD6ED86DAAB16C4CDFF ] C:\Windows\System32\ntlanman.dll
22:30:03.0555 0292 C:\Windows\System32\ntlanman.dll - ok
22:30:03.0555 0292 [ 2790F04DFDDA00B7B6DE6719399A8739 ] C:\Windows\System32\drprov.dll
22:30:03.0555 0292 C:\Windows\System32\drprov.dll - ok
22:30:03.0555 0292 [ AAC4DFF79689736D8B316FC05A3E25EC ] C:\Windows\System32\davclnt.dll
22:30:03.0555 0292 C:\Windows\System32\davclnt.dll - ok
22:30:03.0555 0292 [ 0B1C3C977F5C7261E6C569C3CF40D6D1 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
22:30:03.0571 0292 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll - ok
22:30:03.0571 0292 [ ABB1B50F36CCBEF119FBEF8FDF14AD61 ] C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL
22:30:03.0571 0292 C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL - ok
22:30:03.0571 0292 [ 3E5D078EBF7820978331D2A5EA6D0F1D ] C:\Program Files (x86)\WinRAR\RarExt64.dll
22:30:03.0571 0292 C:\Program Files (x86)\WinRAR\RarExt64.dll - ok
22:30:03.0571 0292 [ BE2F585891B8FA4DB2AB91ACA1D643EC ] C:\Program Files (x86)\WinRAR\RarExtLoader.exe
22:30:03.0571 0292 C:\Program Files (x86)\WinRAR\RarExtLoader.exe - ok
22:30:03.0586 0292 [ 0496693070014DF30DFA37BDAA9C8609 ] C:\Program Files (x86)\WinRAR\RarExt.dll
22:30:03.0586 0292 C:\Program Files (x86)\WinRAR\RarExt.dll - ok
22:30:03.0586 0292 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
22:30:03.0586 0292 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
22:30:03.0586 0292 [ D430867BAB50812A918B69C485EB4C20 ] C:\Program Files (x86)\WinRAR\Formats\tar.fmt
22:30:03.0586 0292 C:\Program Files (x86)\WinRAR\Formats\tar.fmt - ok
22:30:03.0602 0292 [ 7108EF530E7194EFDCC5CFD2029D27B4 ] C:\Program Files (x86)\WinRAR\Formats\gz.fmt
22:30:03.0602 0292 C:\Program Files (x86)\WinRAR\Formats\gz.fmt - ok
22:30:03.0602 0292 [ 2E602C02F91DB43E10936734C655A144 ] C:\Program Files (x86)\WinRAR\Formats\z.fmt
22:30:03.0602 0292 C:\Program Files (x86)\WinRAR\Formats\z.fmt - ok
22:30:03.0602 0292 [ 1B338781A790D4BAE83AB3919173405B ] C:\Program Files (x86)\WinRAR\Formats\arj.fmt
22:30:03.0602 0292 C:\Program Files (x86)\WinRAR\Formats\arj.fmt - ok
22:30:03.0602 0292 [ E82EF47BEE4D0033BF187F9A497F2853 ] C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
22:30:03.0602 0292 C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll - ok
22:30:03.0617 0292 [ FEB771AF00A645DCA8A7D07CC33F7E8E ] C:\Windows\System32\winspool.drv
22:30:03.0617 0292 C:\Windows\System32\winspool.drv - ok
22:30:03.0617 0292 [ 9DBA941FCC46A45C55C7A2105FB794AC ] C:\Windows\System32\syncui.dll
22:30:03.0617 0292 C:\Windows\System32\syncui.dll - ok
22:30:03.0617 0292 [ 21288BD7994118BD38AA35C5D408600B ] C:\Windows\System32\synceng.dll
22:30:03.0617 0292 C:\Windows\System32\synceng.dll - ok
22:30:03.0633 0292 [ 752654D6C61C0D34485AF97FFD8578F9 ] C:\Windows\System32\cryptnet.dll
22:30:03.0633 0292 C:\Windows\System32\cryptnet.dll - ok
22:30:03.0633 0292 [ 0842A765D31D6E4AE50D6DF7DED61748 ] C:\Windows\System32\SensApi.dll
22:30:03.0633 0292 C:\Windows\System32\SensApi.dll - ok
22:30:03.0633 0292 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Pete\Desktop\tdsskiller.exe
22:30:03.0633 0292 C:\Users\Pete\Desktop\tdsskiller.exe - ok
22:30:03.0633 0292 [ 6659EC6006FD99A3AF1B8A6306F8BE3C ] C:\Windows\SysWOW64\crypt32.dll
22:30:03.0633 0292 C:\Windows\SysWOW64\crypt32.dll - ok
22:30:03.0649 0292 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\SysWOW64\msasn1.dll
22:30:03.0649 0292 C:\Windows\SysWOW64\msasn1.dll - ok
22:30:03.0649 0292 [ CA85552B1A307CB03FF1A1D2D12CB1C5 ] C:\Windows\SysWOW64\oleaut32.dll
22:30:03.0649 0292 C:\Windows\SysWOW64\oleaut32.dll - ok
22:30:03.0649 0292 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\SysWOW64\userenv.dll
22:30:03.0649 0292 C:\Windows\SysWOW64\userenv.dll - ok
22:30:03.0664 0292 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\SysWOW64\setupapi.dll
22:30:03.0664 0292 C:\Windows\SysWOW64\setupapi.dll - ok
22:30:03.0664 0292 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\SysWOW64\version.dll
22:30:03.0664 0292 C:\Windows\SysWOW64\version.dll - ok
22:30:03.0664 0292 [ 6DF578562D2FA95ACAA37D359B68A31D ] C:\Windows\SysWOW64\winhttp.dll
22:30:03.0664 0292 C:\Windows\SysWOW64\winhttp.dll - ok
22:30:03.0664 0292 [ 2829C93217B147387F186479A5F6A1E5 ] C:\Windows\SysWOW64\wintrust.dll
22:30:03.0664 0292 C:\Windows\SysWOW64\wintrust.dll - ok
22:30:03.0680 0292 [ 8C55A6333DAFAB88E44C040C55179274 ] C:\Windows\SysWOW64\imagehlp.dll
22:30:03.0680 0292 C:\Windows\SysWOW64\imagehlp.dll - ok
22:30:03.0680 0292 [ 88B630F6AEB5A11F6AD064930B38C2C0 ] C:\Windows\SysWOW64\uxtheme.dll
22:30:03.0680 0292 C:\Windows\SysWOW64\uxtheme.dll - ok
22:30:03.0680 0292 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\SysWOW64\ws2_32.dll
22:30:03.0680 0292 C:\Windows\SysWOW64\ws2_32.dll - ok
22:30:03.0680 0292 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\SysWOW64\nsi.dll
22:30:03.0680 0292 C:\Windows\SysWOW64\nsi.dll - ok
22:30:03.0695 0292 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\SysWOW64\mswsock.dll
22:30:03.0695 0292 C:\Windows\SysWOW64\mswsock.dll - ok
22:30:03.0695 0292 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
22:30:03.0695 0292 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
22:30:03.0695 0292 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\SysWOW64\nlaapi.dll
22:30:03.0695 0292 C:\Windows\SysWOW64\nlaapi.dll - ok
22:30:03.0695 0292 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\SysWOW64\wship6.dll
22:30:03.0695 0292 C:\Windows\SysWOW64\wship6.dll - ok
22:30:03.0711 0292 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\SysWOW64\IPHLPAPI.DLL
22:30:03.0711 0292 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
22:30:03.0711 0292 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\SysWOW64\dhcpcsvc.dll
22:30:03.0711 0292 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
22:30:03.0711 0292 [ F7683EC1225435144F28B611546BA5F2 ] C:\Windows\SysWOW64\dnsapi.dll
22:30:03.0711 0292 C:\Windows\SysWOW64\dnsapi.dll - ok
22:30:03.0727 0292 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\SysWOW64\winnsi.dll
22:30:03.0727 0292 C:\Windows\SysWOW64\winnsi.dll - ok
22:30:03.0727 0292 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\SysWOW64\dhcpcsvc6.dll
22:30:03.0727 0292 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
22:30:03.0727 0292 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\SysWOW64\NapiNSP.dll
22:30:03.0727 0292 C:\Windows\SysWOW64\NapiNSP.dll - ok
22:30:03.0742 0292 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\SysWOW64\pnrpnsp.dll
22:30:03.0742 0292 C:\Windows\SysWOW64\pnrpnsp.dll - ok
22:30:03.0742 0292 [ EFA80360111D8D179E39E314A49C9ED4 ] C:\Windows\SysWOW64\wshbth.dll
22:30:03.0742 0292 C:\Windows\SysWOW64\wshbth.dll - ok
22:30:03.0742 0292 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\SysWOW64\winrnr.dll
22:30:03.0742 0292 C:\Windows\SysWOW64\winrnr.dll - ok
22:30:03.0742 0292 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\SysWOW64\Wldap32.dll
22:30:03.0742 0292 C:\Windows\SysWOW64\Wldap32.dll - ok
22:30:03.0758 0292 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\SysWOW64\psapi.dll
22:30:03.0758 0292 C:\Windows\SysWOW64\psapi.dll - ok
22:30:03.0758 0292 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\SysWOW64\rasadhlp.dll
22:30:03.0758 0292 C:\Windows\SysWOW64\rasadhlp.dll - ok
22:30:03.0758 0292 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\SysWOW64\riched20.dll
22:30:03.0758 0292 C:\Windows\SysWOW64\riched20.dll - ok
22:30:03.0758 0292 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\93801481.sys
22:30:03.0758 0292 C:\Windows\System32\drivers\93801481.sys - ok
22:30:03.0773 0292 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\SysWOW64\msi.dll
22:30:03.0773 0292 C:\Windows\SysWOW64\msi.dll - ok
22:30:03.0773 0292 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\SysWOW64\clbcatq.dll
22:30:03.0773 0292 C:\Windows\SysWOW64\clbcatq.dll - ok
22:30:03.0773 0292 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\SysWOW64\shdocvw.dll
22:30:03.0773 0292 C:\Windows\SysWOW64\shdocvw.dll - ok
22:30:03.0789 0292 ============================================================
22:30:03.0789 0292 Scan finished
22:30:03.0789 0292 ============================================================
22:30:03.0789 0376 Detected object count: 7
22:30:03.0789 0376 Actual detected object count: 7
22:30:52.0773 0376 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:52.0773 0376 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:52.0773 0376 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:52.0773 0376 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:52.0789 0376 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:52.0789 0376 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:52.0789 0376 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:52.0789 0376 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:52.0789 0376 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:52.0789 0376 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:52.0789 0376 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:52.0789 0376 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:52.0789 0376 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:52.0789 0376 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:37.0342 1352 Deinitialize success
  • 0

Advertisements

#11
pystryker
Posted 17 March 2014 - 09:31 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Looking good :) Let's run a couple more scans.


Step 1: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 2: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Things I need to see in your next post:

AdwCleaner Log

Junkware Removal Tool Log
  • 0

#12
dogstar21
Posted 17 March 2014 - 09:59 PM

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here is the AdwCleaner log:
# AdwCleaner v3.022 - Report created 17/03/2014 at 23:46:41
# Updated 13/03/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Pete - PETE-PC
# Running from : C:\Users\Pete\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [777 octets] - [17/03/2014 23:45:45]
AdwCleaner[S0].txt - [699 octets] - [17/03/2014 23:46:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [758 octets] ##########


and here is the Junkware Removal Tool Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Pete on Mon 03/17/2014 at 23:52:17.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Pete\AppData\Roaming\mozilla\firefox\profiles\4z05qces.default\minidumps [21 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/17/2014 at 23:58:39.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#13
pystryker
Posted 18 March 2014 - 05:30 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Very good :thumbsup: Let's run a sweep for remnants and check for out of date programs on your machine.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Posted Image Please download Malwarebytes' Anti-Malware from Here.

  • Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
  • Proceed through the setup
    • Choose your language
    • Accept the License Agreement
    • Select Destination Location
    • Select Start Menu Folder
    • Select Addtional Tasks
    • Click Install
    • In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
      • Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
      • Keep the check mark beside Update Malwarebytes' Anti-Malware
      • Keep the check mark beside Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan
  • Click Scan. The scan may take some time to finish,so please be patient.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log
  • 0

#14
dogstar21
Posted 18 March 2014 - 09:47 AM

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
ESET Scan Log (found some baddies):

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=800696fdfca36a4d8bb046c1f7088d44
# engine=17492
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-18 03:32:44
# local_time=2014-03-18 11:32:44 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 0 130746512 0 0
# compatibility_mode=5892 16776574 100 100 1666022 231755470 0 0
# scanned=211237
# found=6
# cleaned=0
# scan_time=7254
sh=D514C6F49E0180CBA7756272137ECCD68CABB189 ft=1 fh=cd26d25fbda9c18a vn="a variant of Win32/Kryptik.BXFJ trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\8q2do4z8.cpp.xBAD"
sh=4602C6C92ADAB72A8CF4FC14901DFFC984557170 ft=1 fh=be7ecbba513d6336 vn="a variant of Win64/Kryptik.FT trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\8z4od2q8.zvv.xBAD"
sh=1EFF205D7D0D82BAF841A98C176D700114E13FE6 ft=1 fh=b22528247c19a550 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\ApnIC.dll"
sh=F03442B504B5CE723ABE855CB805DABEF4E78F1E ft=1 fh=5c1d6bdce6f6a178 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\ApnToolbarInstaller.exe"
sh=1EFFB68E3224D867202FB1810951FB77088D92EC ft=1 fh=f94cfe7c0bdd36a1 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\Movavi VideoSuite 7\ReadServer.exe"
sh=E9F05F9731D606FE94F1B9FA2B62FA36F2B04994 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Pete\AppData\Local\Downloaded Installations\{F84C8918-2FBA-4EDF-9248-CD95F8035E02}\Movavi VideoSuite 7.msi"
ESETSmartInstaller@High as downloader log:
all ok
------------------------------------------------------

MBAM Log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.18.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Pete :: PETE-PC [administrator]

3/18/2014 9:09:46 AM
mbam-log-2014-03-18 (09-09-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227341
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
------------------------------------------------

Security Check stopped immediately and produced the following in checkup.txt:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

------------------------------------------------
I had downloaded Security Check from bleeping computer. It's listed as for XP/Vista/Windows 7 (i'm running Vista), so i would think it's the correct version. Should i download from the other link?
  • 0

#15
pystryker
Posted 18 March 2014 - 05:07 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

ESET Scan Log (found some baddies):


Good thing is the majority of them are quarantined and are no threat. The others we'll remove in the next fix. :)

UNSUPPORTED OPERATING SYSTEM! ABORTED!


Try rebooting your machine and running SecurityCheck again. This happens from time to time. :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP