Hi Cypher,
I'm glad you are able to help me.
Just want to remind you that there was an update from Microsoft that I installed after I posted the DDS file. I also ran DDS after the update if you are interested to have it.
I do have the issue again where MSE states that the computer is protected but Security Center shows virus protection OFF.
The requested logs follow:
OTL logfile created on: 7/31/2013 2:21:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.48 Mb Total Physical Memory | 254.68 Mb Available Physical Memory | 50.68% Memory free
1.20 Gb Paging File | 0.98 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 24.38 Gb Free Space | 65.43% Space Free | Partition Type: NTFS
Computer Name: JULIE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/07/31 14:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/19 11:17:06 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/19 11:17:06 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/11 22:26:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled | Stopped] -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/05/10 18:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/09 22:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2004/09/22 16:24:00 | 000,014,695 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2001/08/17 15:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.sympatico.ca/IE - HKCU\..\SearchScopes,DefaultScope = {1974E7D9-C7DE-4DD4-8C47-00DE83D50DCD}
IE - HKCU\..\SearchScopes\{1974E7D9-C7DE-4DD4-8C47-00DE83D50DCD}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF
[2012/03/29 16:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/05 12:55:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/05 12:55:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/03/30 21:17:20 | 000,615,911 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1
www.accuserveadsystem.comO1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1
www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1
www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16259 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupda ... 0508548343 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microso ... 0394782676 (MUWebControl Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
http://content.systemrequirementslab.co ... .5.5.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAF4E7B1-5FA2-4767-9E15-26086347BB37}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/06 13:22:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013/07/31 14:19:59 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fred\Desktop\tdsskiller.exe
[2013/07/31 14:18:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.exe
[2013/07/28 09:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\My Documents\computer problems
[2013/07/28 09:00:59 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2013/07/23 22:59:21 | 000,000,000 | ---D | C] -- C:\Sun
[2013/07/22 14:55:16 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Fred\Desktop\aswclear.exe
[2013/07/17 14:47:31 | 000,919,592 | ---- | C] (BillP Studios) -- C:\Documents and Settings\Fred\Desktop\wpsetup.exe
[2013/07/17 14:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/05/16 17:23:07 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Fred\QuickTimeInstaller.exe
========== Files - Modified Within 30 Days ========== [2013/07/31 14:20:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fred\Desktop\tdsskiller.exe
[2013/07/31 14:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.exe
[2013/07/31 14:13:55 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/31 13:25:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/30 22:43:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/30 21:57:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/30 21:47:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/28 09:15:57 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/28 09:01:49 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2013/07/22 14:55:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Fred\Desktop\aswclear.exe
[2013/07/17 14:47:48 | 000,919,592 | ---- | M] (BillP Studios) -- C:\Documents and Settings\Fred\Desktop\wpsetup.exe
[2013/07/12 08:09:43 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/11 23:09:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/11 23:06:50 | 000,426,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/11 23:06:50 | 000,065,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
========== Files Created - No Company Name ========== [2013/07/28 09:27:31 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/04/09 17:11:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2012/02/16 11:45:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/04/24 11:22:40 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\Fred\NTUSER.bak
========== ZeroAccess Check ========== [2009/06/27 11:32:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 19:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2010/01/31 13:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/08/28 17:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2013/07/17 14:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/01/09 13:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/08/28 17:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2012/08/28 18:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Bell
[2012/03/05 17:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2010/03/15 23:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ErrorExpert
[2012/06/22 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Oracle
[2010/03/15 14:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Windows Search
[2013/07/17 14:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\WinPatrol
========== Purity Check ========== < End of report >
OTL Extras logfile created on: 7/31/2013 2:21:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.48 Mb Total Physical Memory | 254.68 Mb Available Physical Memory | 50.68% Memory free
1.20 Gb Paging File | 0.98 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 24.38 Gb Free Space | 65.43% Space Free | Partition Type: NTFS
Computer Name: JULIE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe" = C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RadialpointClientGateway_is1" = Bell Internet Service Advisor 3.7.44
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 7/7/2013 2:11:29 PM | Computer Name = JULIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/10/2013 1:44:09 PM | Computer Name = JULIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/11/2013 8:04:26 AM | Computer Name = JULIE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
Error - 7/12/2013 8:17:07 AM | Computer Name = JULIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/13/2013 3:24:04 PM | Computer Name = JULIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/15/2013 1:53:07 PM | Computer Name = JULIE | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
Error - 7/15/2013 1:54:54 PM | Computer Name = JULIE | Source = Application Error | ID = 1001
Description = Fault bucket 743219142.
Error - 7/17/2013 2:46:18 PM | Computer Name = JULIE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
P4 1.1.9700.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 7/18/2013 9:38:01 PM | Computer Name = JULIE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
P4 1.1.9700.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 7/20/2013 4:02:39 PM | Computer Name = JULIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 7/7/2013 12:53:42 PM | Computer Name = JULIE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.153.1422.0 Update Source: %%859 Update Stage:
%%852 Source Path:
http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
code: 0x80072f76 Error description: The requested header was not found
Error - 7/11/2013 8:04:30 AM | Computer Name = JULIE | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).
Error - 7/20/2013 7:57:06 AM | Computer Name = JULIE | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.
Error - 7/25/2013 6:46:25 AM | Computer Name = JULIE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.155.679.0 Update Source: %%859 Update Stage:
%%852 Source Path:
http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error
code: 0x80072f76 Error description: The requested header was not found
< End of report >
14:26:55.0390 3792 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:26:56.0312 3792 ============================================================
14:26:56.0312 3792 Current date / time: 2013/07/31 14:26:56.0312
14:26:56.0312 3792 SystemInfo:
14:26:56.0312 3792
14:26:56.0312 3792 OS Version: 5.1.2600 ServicePack: 3.0
14:26:56.0312 3792 Product type: Workstation
14:26:56.0312 3792 ComputerName: JULIE
14:26:56.0312 3792 UserName: Fred
14:26:56.0312 3792 Windows directory: C:\WINDOWS
14:26:56.0312 3792 System windows directory: C:\WINDOWS
14:26:56.0312 3792 Processor architecture: Intel x86
14:26:56.0312 3792 Number of processors: 2
14:26:56.0312 3792 Page size: 0x1000
14:26:56.0312 3792 Boot type: Normal boot
14:26:56.0312 3792 ============================================================
14:27:00.0703 3792 Drive \Device\Harddisk0\DR0 - Size: 0x951240000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:27:00.0734 3792 ============================================================
14:27:00.0734 3792 \Device\Harddisk0\DR0:
14:27:00.0734 3792 MBR partitions:
14:27:00.0734 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
14:27:00.0734 3792 ============================================================
14:27:00.0781 3792 C: <-> \Device\Harddisk0\DR0\Partition1
14:27:00.0781 3792 ============================================================
14:27:00.0781 3792 Initialize success
14:27:00.0781 3792 ============================================================
14:28:01.0109 2996 ============================================================
14:28:01.0109 2996 Scan started
14:28:01.0109 2996 Mode: Manual;
14:28:01.0109 2996 ============================================================
14:28:01.0359 2996 ================ Scan system memory ========================
14:28:01.0359 2996 System memory - ok
14:28:01.0359 2996 ================ Scan services =============================
14:28:01.0468 2996 Abiosdsk - ok
14:28:01.0468 2996 abp480n5 - ok
14:28:01.0515 2996 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:28:01.0531 2996 ACPI - ok
14:28:01.0562 2996 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:28:01.0562 2996 ACPIEC - ok
14:28:01.0593 2996 [ B05F2367F62552A2DE7E3C352B7B9885 ] ADM8511 C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
14:28:01.0593 2996 ADM8511 - ok
14:28:01.0687 2996 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:28:01.0687 2996 AdobeFlashPlayerUpdateSvc - ok
14:28:01.0703 2996 adpu160m - ok
14:28:01.0734 2996 [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
14:28:01.0750 2996 aeaudio - ok
14:28:01.0781 2996 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:28:01.0781 2996 aec - ok
14:28:01.0812 2996 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:28:01.0828 2996 AFD - ok
14:28:01.0828 2996 Aha154x - ok
14:28:01.0828 2996 aic78u2 - ok
14:28:01.0843 2996 aic78xx - ok
14:28:01.0875 2996 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:28:01.0875 2996 Alerter - ok
14:28:01.0906 2996 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:28:01.0906 2996 ALG - ok
14:28:01.0906 2996 AliIde - ok
14:28:01.0906 2996 amsint - ok
14:28:01.0937 2996 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:28:01.0937 2996 AppMgmt - ok
14:28:01.0953 2996 asc - ok
14:28:01.0953 2996 asc3350p - ok
14:28:01.0968 2996 asc3550 - ok
14:28:02.0062 2996 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:28:02.0062 2996 aspnet_state - ok
14:28:02.0093 2996 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:28:02.0093 2996 AsyncMac - ok
14:28:02.0125 2996 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:28:02.0125 2996 atapi - ok
14:28:02.0140 2996 Atdisk - ok
14:28:02.0156 2996 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:28:02.0171 2996 Atmarpc - ok
14:28:02.0187 2996 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:28:02.0187 2996 AudioSrv - ok
14:28:02.0218 2996 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:28:02.0218 2996 audstub - ok
14:28:02.0265 2996 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:28:02.0265 2996 b57w2k - ok
14:28:02.0312 2996 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:28:02.0312 2996 Beep - ok
14:28:02.0359 2996 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:28:02.0375 2996 BITS - ok
14:28:02.0406 2996 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:28:02.0421 2996 Browser - ok
14:28:02.0453 2996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:28:02.0453 2996 cbidf2k - ok
14:28:02.0453 2996 cd20xrnt - ok
14:28:02.0484 2996 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:28:02.0484 2996 Cdaudio - ok
14:28:02.0515 2996 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:28:02.0531 2996 Cdfs - ok
14:28:02.0546 2996 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:28:02.0546 2996 Cdrom - ok
14:28:02.0546 2996 Changer - ok
14:28:02.0578 2996 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:28:02.0578 2996 CiSvc - ok
14:28:02.0593 2996 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:28:02.0593 2996 ClipSrv - ok
14:28:02.0625 2996 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:28:02.0625 2996 clr_optimization_v2.0.50727_32 - ok
14:28:02.0640 2996 CmdIde - ok
14:28:02.0640 2996 COMSysApp - ok
14:28:02.0656 2996 Cpqarray - ok
14:28:02.0734 2996 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
14:28:02.0734 2996 cpudrv - ok
14:28:02.0765 2996 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:28:02.0765 2996 CryptSvc - ok
14:28:02.0781 2996 dac2w2k - ok
14:28:02.0781 2996 dac960nt - ok
14:28:02.0843 2996 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:28:02.0859 2996 DcomLaunch - ok
14:28:02.0890 2996 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:28:02.0890 2996 Dhcp - ok
14:28:02.0921 2996 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:28:02.0921 2996 Disk - ok
14:28:02.0921 2996 dmadmin - ok
14:28:02.0968 2996 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:28:03.0000 2996 dmboot - ok
14:28:03.0031 2996 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:28:03.0031 2996 dmio - ok
14:28:03.0046 2996 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:28:03.0046 2996 dmload - ok
14:28:03.0078 2996 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:28:03.0078 2996 dmserver - ok
14:28:03.0125 2996 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:28:03.0125 2996 DMusic - ok
14:28:03.0156 2996 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:28:03.0171 2996 Dnscache - ok
14:28:03.0187 2996 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:28:03.0203 2996 Dot3svc - ok
14:28:03.0203 2996 dpti2o - ok
14:28:03.0234 2996 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:28:03.0234 2996 drmkaud - ok
14:28:03.0281 2996 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:28:03.0281 2996 EapHost - ok
14:28:03.0296 2996 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:28:03.0312 2996 ERSvc - ok
14:28:03.0343 2996 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:28:03.0343 2996 Eventlog - ok
14:28:03.0390 2996 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:28:03.0390 2996 EventSystem - ok
14:28:03.0437 2996 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:28:03.0437 2996 Fastfat - ok
14:28:03.0468 2996 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:28:03.0468 2996 FastUserSwitchingCompatibility - ok
14:28:03.0484 2996 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:28:03.0484 2996 Fdc - ok
14:28:03.0515 2996 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:28:03.0515 2996 Fips - ok
14:28:03.0531 2996 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:28:03.0531 2996 Flpydisk - ok
14:28:03.0578 2996 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:28:03.0578 2996 FltMgr - ok
14:28:03.0656 2996 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:28:03.0656 2996 FontCache3.0.0.0 - ok
14:28:03.0687 2996 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:28:03.0687 2996 Fs_Rec - ok
14:28:03.0703 2996 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:28:03.0718 2996 Ftdisk - ok
14:28:03.0718 2996 getPlusHelper - ok
14:28:03.0750 2996 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:28:03.0750 2996 Gpc - ok
14:28:03.0828 2996 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:28:03.0828 2996 helpsvc - ok
14:28:03.0859 2996 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:28:03.0875 2996 HidServ - ok
14:28:03.0906 2996 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:28:03.0906 2996 hidusb - ok
14:28:03.0937 2996 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:28:03.0937 2996 hkmsvc - ok
14:28:03.0953 2996 hpn - ok
14:28:03.0984 2996 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:28:04.0000 2996 HTTP - ok
14:28:04.0031 2996 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:28:04.0031 2996 HTTPFilter - ok
14:28:04.0046 2996 i2omgmt - ok
14:28:04.0046 2996 i2omp - ok
14:28:04.0078 2996 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:28:04.0078 2996 i8042prt - ok
14:28:04.0281 2996 [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:28:04.0468 2996 ialm - ok
14:28:04.0546 2996 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:28:04.0562 2996 idsvc - ok
14:28:04.0593 2996 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:28:04.0609 2996 Imapi - ok
14:28:04.0625 2996 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:28:04.0625 2996 ImapiService - ok
14:28:04.0625 2996 ini910u - ok
14:28:04.0671 2996 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:28:04.0671 2996 IntelIde - ok
14:28:04.0687 2996 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:28:04.0687 2996 intelppm - ok
14:28:04.0718 2996 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:28:04.0718 2996 Ip6Fw - ok
14:28:04.0765 2996 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:28:04.0765 2996 IpFilterDriver - ok
14:28:04.0781 2996 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:28:04.0781 2996 IpInIp - ok
14:28:04.0796 2996 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:28:04.0812 2996 IpNat - ok
14:28:04.0812 2996 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:28:04.0828 2996 IPSec - ok
14:28:04.0859 2996 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:28:04.0859 2996 IRENUM - ok
14:28:04.0890 2996 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:28:04.0890 2996 isapnp - ok
14:28:05.0000 2996 [ 4F4D4AA1E0849FECC0CF5AACD59030B5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:28:05.0000 2996 JavaQuickStarterService - ok
14:28:05.0031 2996 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:28:05.0031 2996 Kbdclass - ok
14:28:05.0078 2996 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:28:05.0078 2996 kbdhid - ok
14:28:05.0093 2996 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:28:05.0093 2996 kmixer - ok
14:28:05.0140 2996 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:28:05.0140 2996 KSecDD - ok
14:28:05.0171 2996 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
14:28:05.0171 2996 LanmanServer - ok
14:28:05.0218 2996 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:28:05.0218 2996 lanmanworkstation - ok
14:28:05.0218 2996 lbrtfdc - ok
14:28:05.0265 2996 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:28:05.0265 2996 LmHosts - ok
14:28:05.0296 2996 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:28:05.0296 2996 Messenger - ok
14:28:05.0296 2996 MidiSyn - ok
14:28:05.0328 2996 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:28:05.0328 2996 mnmdd - ok
14:28:05.0359 2996 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:28:05.0359 2996 mnmsrvc - ok
14:28:05.0390 2996 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:28:05.0390 2996 Modem - ok
14:28:05.0406 2996 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:28:05.0406 2996 Mouclass - ok
14:28:05.0421 2996 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:28:05.0421 2996 mouhid - ok
14:28:05.0437 2996 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:28:05.0437 2996 MountMgr - ok
14:28:05.0484 2996 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:28:05.0484 2996 MpFilter - ok
14:28:05.0500 2996 mraid35x - ok
14:28:05.0531 2996 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:28:05.0531 2996 MRxDAV - ok
14:28:05.0593 2996 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:28:05.0609 2996 MRxSmb - ok
14:28:05.0640 2996 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:28:05.0640 2996 MSDTC - ok
14:28:05.0687 2996 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:28:05.0687 2996 Msfs - ok
14:28:05.0687 2996 MSIServer - ok
14:28:05.0734 2996 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:28:05.0734 2996 MSKSSRV - ok
14:28:05.0796 2996 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:28:05.0796 2996 MsMpSvc - ok
14:28:05.0828 2996 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:28:05.0828 2996 MSPCLOCK - ok
14:28:05.0828 2996 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:28:05.0828 2996 MSPQM - ok
14:28:05.0875 2996 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:28:05.0875 2996 mssmbios - ok
14:28:05.0906 2996 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:28:05.0921 2996 Mup - ok
14:28:06.0062 2996 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:28:06.0250 2996 napagent - ok
14:28:06.0328 2996 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:28:06.0375 2996 NDIS - ok
14:28:06.0421 2996 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:28:06.0437 2996 NdisTapi - ok
14:28:06.0484 2996 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:28:06.0500 2996 Ndisuio - ok
14:28:06.0515 2996 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:28:06.0546 2996 NdisWan - ok
14:28:06.0593 2996 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:28:06.0593 2996 NDProxy - ok
14:28:06.0656 2996 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:28:06.0656 2996 NetBIOS - ok
14:28:06.0734 2996 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:28:06.0750 2996 NetBT - ok
14:28:06.0812 2996 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:28:06.0843 2996 NetDDE - ok
14:28:06.0843 2996 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:28:06.0843 2996 NetDDEdsdm - ok
14:28:06.0906 2996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:28:06.0921 2996 Netlogon - ok
14:28:07.0031 2996 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:28:07.0062 2996 Netman - ok
14:28:07.0156 2996 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:28:07.0171 2996 NetTcpPortSharing - ok
14:28:07.0250 2996 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:28:07.0296 2996 Nla - ok
14:28:07.0359 2996 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:28:07.0375 2996 Npfs - ok
14:28:07.0531 2996 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:28:07.0796 2996 Ntfs - ok
14:28:07.0812 2996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:28:07.0812 2996 NtLmSsp - ok
14:28:08.0015 2996 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:28:08.0265 2996 NtmsSvc - ok
14:28:08.0312 2996 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:28:08.0312 2996 Null - ok
14:28:08.0343 2996 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:28:08.0359 2996 NwlnkFlt - ok
14:28:08.0375 2996 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:28:08.0390 2996 NwlnkFwd - ok
14:28:08.0453 2996 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:28:08.0453 2996 ose - ok
14:28:08.0484 2996 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:28:08.0484 2996 Parport - ok
14:28:08.0500 2996 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:28:08.0500 2996 PartMgr - ok
14:28:08.0531 2996 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:28:08.0531 2996 ParVdm - ok
14:28:08.0546 2996 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:28:08.0546 2996 PCI - ok
14:28:08.0562 2996 PCIDump - ok
14:28:08.0593 2996 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
14:28:08.0593 2996 PCIIde - ok
14:28:08.0625 2996 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:28:08.0625 2996 Pcmcia - ok
14:28:08.0625 2996 PDCOMP - ok
14:28:08.0640 2996 PDFRAME - ok
14:28:08.0640 2996 PDRELI - ok
14:28:08.0656 2996 PDRFRAME - ok
14:28:08.0656 2996 perc2 - ok
14:28:08.0671 2996 perc2hib - ok
14:28:08.0703 2996 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:28:08.0703 2996 PlugPlay - ok
14:28:08.0718 2996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:28:08.0718 2996 PolicyAgent - ok
14:28:08.0765 2996 [ 78BDC34B7EC96A7D8B14B2D2D95C388A ] portio C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
14:28:08.0765 2996 portio - ok
14:28:08.0796 2996 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:28:08.0796 2996 PptpMiniport - ok
14:28:08.0812 2996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:28:08.0812 2996 ProtectedStorage - ok
14:28:08.0843 2996 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:28:08.0843 2996 Ptilink - ok
14:28:08.0843 2996 ql1080 - ok
14:28:08.0859 2996 Ql10wnt - ok
14:28:08.0859 2996 ql12160 - ok
14:28:08.0875 2996 ql1240 - ok
14:28:08.0875 2996 ql1280 - ok
14:28:08.0906 2996 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:28:08.0906 2996 RasAcd - ok
14:28:08.0953 2996 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:28:08.0953 2996 RasAuto - ok
14:28:08.0953 2996 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:28:08.0953 2996 Rasl2tp - ok
14:28:08.0984 2996 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:28:08.0984 2996 RasMan - ok
14:28:09.0015 2996 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:28:09.0015 2996 RasPppoe - ok
14:28:09.0015 2996 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:28:09.0015 2996 Raspti - ok
14:28:09.0062 2996 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:28:09.0062 2996 Rdbss - ok
14:28:09.0093 2996 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:28:09.0093 2996 RDPCDD - ok
14:28:09.0125 2996 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:28:09.0140 2996 rdpdr - ok
14:28:09.0171 2996 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:28:09.0171 2996 RDPWD - ok
14:28:09.0218 2996 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:28:09.0218 2996 RDSessMgr - ok
14:28:09.0250 2996 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:28:09.0250 2996 redbook - ok
14:28:09.0281 2996 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:28:09.0281 2996 RemoteAccess - ok
14:28:09.0312 2996 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:28:09.0312 2996 RemoteRegistry - ok
14:28:09.0343 2996 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:28:09.0343 2996 RpcLocator - ok
14:28:09.0390 2996 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:28:09.0390 2996 RpcSs - ok
14:28:09.0437 2996 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:28:09.0437 2996 RSVP - ok
14:28:09.0453 2996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:28:09.0453 2996 SamSs - ok
14:28:09.0500 2996 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:28:09.0500 2996 SCardSvr - ok
14:28:09.0546 2996 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:28:09.0562 2996 Schedule - ok
14:28:09.0578 2996 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:28:09.0578 2996 Secdrv - ok
14:28:09.0609 2996 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:28:09.0609 2996 seclogon - ok
14:28:09.0609 2996 senfilt - ok
14:28:09.0640 2996 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:28:09.0656 2996 SENS - ok
14:28:09.0671 2996 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:28:09.0671 2996 serenum - ok
14:28:09.0687 2996 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:28:09.0687 2996 Serial - ok
14:28:09.0765 2996 [ F464DD807413BDCC227772D759D20106 ] ServicepointService C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
14:28:09.0781 2996 ServicepointService - ok
14:28:09.0812 2996 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:28:09.0812 2996 Sfloppy - ok
14:28:09.0843 2996 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:28:09.0859 2996 SharedAccess - ok
14:28:09.0875 2996 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:28:09.0875 2996 ShellHWDetection - ok
14:28:09.0890 2996 Simbad - ok
14:28:09.0937 2996 [ 4AA922332433CDEB8B82C072C212E32E ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:28:09.0968 2996 smwdm - ok
14:28:09.0968 2996 Sparrow - ok
14:28:10.0015 2996 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:28:10.0015 2996 splitter - ok
14:28:10.0046 2996 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:28:10.0046 2996 Spooler - ok
14:28:10.0062 2996 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:28:10.0062 2996 sr - ok
14:28:10.0109 2996 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:28:10.0109 2996 srservice - ok
14:28:10.0156 2996 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:28:10.0171 2996 Srv - ok
14:28:10.0218 2996 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:28:10.0218 2996 SSDPSRV - ok
14:28:10.0265 2996 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:28:10.0281 2996 stisvc - ok
14:28:10.0312 2996 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:28:10.0312 2996 swenum - ok
14:28:10.0328 2996 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:28:10.0328 2996 swmidi - ok
14:28:10.0328 2996 SwPrv - ok
14:28:10.0343 2996 symc810 - ok
14:28:10.0343 2996 symc8xx - ok
14:28:10.0359 2996 sym_hi - ok
14:28:10.0359 2996 sym_u3 - ok
14:28:10.0375 2996 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:28:10.0390 2996 sysaudio - ok
14:28:10.0421 2996 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:28:10.0421 2996 SysmonLog - ok
14:28:10.0468 2996 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:28:10.0484 2996 TapiSrv - ok
14:28:10.0515 2996 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:28:10.0531 2996 Tcpip - ok
14:28:10.0578 2996 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:28:10.0578 2996 TDPIPE - ok
14:28:10.0593 2996 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:28:10.0593 2996 TDTCP - ok
14:28:10.0609 2996 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:28:10.0609 2996 TermDD - ok
14:28:10.0640 2996 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:28:10.0656 2996 TermService - ok
14:28:10.0671 2996 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:28:10.0671 2996 Themes - ok
14:28:10.0703 2996 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:28:10.0718 2996 TlntSvr - ok
14:28:10.0718 2996 TosIde - ok
14:28:10.0750 2996 [ 317B746B6069A10D635FDBDF48723845 ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys
14:28:10.0750 2996 TPM - ok
14:28:10.0765 2996 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:28:10.0781 2996 TrkWks - ok
14:28:10.0812 2996 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:28:10.0812 2996 Udfs - ok
14:28:10.0812 2996 ultra - ok
14:28:10.0859 2996 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:28:10.0875 2996 Update - ok
14:28:10.0921 2996 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:28:10.0937 2996 upnphost - ok
14:28:10.0953 2996 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:28:10.0953 2996 UPS - ok
14:28:10.0968 2996 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:28:10.0968 2996 usbccgp - ok
14:28:11.0000 2996 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:28:11.0000 2996 usbehci - ok
14:28:11.0000 2996 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:28:11.0015 2996 usbhub - ok
14:28:11.0046 2996 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:28:11.0046 2996 USBSTOR - ok
14:28:11.0078 2996 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:28:11.0078 2996 usbuhci - ok
14:28:11.0109 2996 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:28:11.0109 2996 VgaSave - ok
14:28:11.0125 2996 ViaIde - ok
14:28:11.0125 2996 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:28:11.0140 2996 VolSnap - ok
14:28:11.0171 2996 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:28:11.0187 2996 VSS - ok
14:28:11.0203 2996 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
14:28:11.0218 2996 W32Time - ok
14:28:11.0234 2996 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:28:11.0234 2996 Wanarp - ok
14:28:11.0250 2996 WDICA - ok
14:28:11.0265 2996 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:28:11.0265 2996 wdmaud - ok
14:28:11.0312 2996 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:28:11.0312 2996 WebClient - ok
14:28:11.0390 2996 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:28:11.0390 2996 winmgmt - ok
14:28:11.0437 2996 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:28:11.0437 2996 WmdmPmSN - ok
14:28:11.0484 2996 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:28:11.0515 2996 Wmi - ok
14:28:11.0562 2996 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:28:11.0562 2996 WmiApSrv - ok
14:28:11.0609 2996 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:28:11.0609 2996 wscsvc - ok
14:28:11.0640 2996 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:28:11.0640 2996 wuauserv - ok
14:28:11.0703 2996 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:28:11.0718 2996 WZCSVC - ok
14:28:11.0734 2996 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:28:11.0734 2996 xmlprov - ok
14:28:11.0750 2996 ================ Scan global ===============================
14:28:11.0781 2996 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:28:11.0828 2996 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:28:11.0843 2996 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:28:11.0859 2996 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:28:11.0859 2996 [Global] - ok
14:28:11.0859 2996 ================ Scan MBR ==================================
14:28:11.0875 2996 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:28:12.0031 2996 \Device\Harddisk0\DR0 - ok
14:28:12.0031 2996 ================ Scan VBR ==================================
14:28:12.0031 2996 [ C5505DA66B9F15BA7518E7A046C37EBC ] \Device\Harddisk0\DR0\Partition1
14:28:12.0031 2996 \Device\Harddisk0\DR0\Partition1 - ok
14:28:12.0031 2996 ============================================================
14:28:12.0031 2996 Scan finished
14:28:12.0031 2996 ============================================================
14:28:12.0046 2544 Detected object count: 0
14:28:12.0046 2544 Actual detected object count: 0
14:28:25.0968 1076 Deinitialize success