Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The .NTVDM CPU has encountered an illegal instruction.


  • Please log in to reply
11 replies to this topic

#1 bubbis

bubbis

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 01 October 2012 - 12:46 PM

Hi there

I'm quoting from a thread that handles an issue very much like mine.

[Quote]Hello.

I am using a Win XP3 Pro system fully patched, with NIS 2012.

The past couple of days, I have been receiving a small rectangular popup in the center of my screen.
I wish to paste a screenshot of the popup, but I don't see a way to do that in your forum.

I ran a Full System Scan with NIS 2012, MBAM, both of which came back clean. However SAS detected a Rogue.Agent/Gen-Nullo under C:\Windows\AReset.exe and supposedly cleaned it when I rebooted. Yet a bit later on it came back! What is unusual about this is that my system has 3 user login accounts and it only happens when I am logged on.

Here's the "text," until you can instruct me on how to paste the small image:

__________________________________________________________________________________
16 bit MS-DOS Subsystem

C:\Windows\AReset.exe
The .NTVDM CPU has encountered an illegal instruction.
CS:0e11 IP:0015 OP:64 65 50 62 67 Choose 'Close' to terminate the application.

In boxes: CLOSE IGNORE
___________________________________________________________________________________

You help would be greatly appreciated. I keep clicking on Close, but it pops up every few minutes.

TIA,

Bradley :) [Endquote]



Only some smaller differecies:

I use ESET smart security as av (full scan finds nothing).

My errors points to C:\Windows\System32\libs.exe

And directly after closing that one C:\Windows\System32\WinMonitor.exe error pops up.


MBAM-log from finding and cleaning:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 912093004

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2012-09-30 21:24:39
mbam-log-2012-09-30 (21-24-39).txt

Scan type: Quick scan
Objects scanned: 177796
Time elapsed: 1 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5F906952-72AE-2CD6-3D6C-4AE1678418BE} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F906952-72AE-2CD6-3D6C-4AE1678418BE} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F906952-72AE-2CD6-3D6C-4AE1678418BE} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

After this a full MBAM scan finds nothing.


SAS-log from finding and cleaning:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/01/2012 at 02:45 PM

Application Version : 5.5.1022

Core Rules Database Version : 9318
Trace Rules Database Version: 7130

Scan type : Quick Scan
Total Scan Time : 00:01:53

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 339
Memory threats detected : 0
Registry items scanned : 28529
Registry threats detected : 0
File items scanned : 6356
File threats detected : 2

Rogue.Agent/Gen-Nullo[EXE]
C:\WINDOWS\SYSTEM32\LIBS.EXE
C:\WINDOWS\SYSTEM32\WINMONITOR.EXE


After this a full SAS scan finds nothing.

The last thing I noticed was that the problem files reappeared in System32-folder, then later on disappeared without me doing anything.

Also the latest error popup was accompanied by an ESET-notification of blocking some russian site, containing

libs.tmp and WinMonitor.tmp


The files are back but MBAM and SAS scans (in safe mode)don't see them as treaths anymore, and the error popups seems

to have stopped.

Shall I do some deeper scans? If so what do you recommend as next step?

Thanks in advance /bubbis

Edited by bubbis, 01 October 2012 - 06:23 PM.


BC AdBot (Login to Remove)

 


#2 bubbis

bubbis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 16 October 2012 - 08:04 PM

Replying as the fact is that the error messages is still popping up.

#3 dev00790

dev00790

    Bleeping chocoholic


  • Members
  • 4,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 18 October 2012 - 01:57 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the box next to Loaded modules
  • If you are asked to reboot, then click Yes.

Next

  • Check the boxes next to Loaded modules, Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#4 bubbis

bubbis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 18 October 2012 - 07:34 PM

Thanks alot but I think I've solved it myself.

Against your specific orders I ran combofix without assistans.

And as I decided to do a clean new windows install I decided to go on hard, after combofix I did a registry-cleaning with a most extreme app, set to hardest scan mode (only for testing they stated) and found a lot of things that wasnt supposed to be there, cleaned them out and now all seems to be jolly.

That app couldnt clear all reg-errors so it took alot of regedit deleting and back to hard-scan on and on and now I've been on internet for about 14 hours without any files reappearing or messages of blocked attacks.

I think this thread better be deleted not to tempt any other to try what I did.

I really appreciate your good-doing.

And I hope I don't have to be back with this issue.

Keep up the good work :thumbup2: /bubbis

#5 bubbis

bubbis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 18 October 2012 - 09:50 PM

I did the scans you suggested and I stand corrected

Bit by bit "too long post" hit me.


02:48:23.0890 0504 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
02:48:24.0125 0504 ============================================================
02:48:24.0125 0504 Current date / time: 2012/10/19 02:48:24.0125
02:48:24.0125 0504 SystemInfo:
02:48:24.0125 0504
02:48:24.0125 0504 OS Version: 5.1.2600 ServicePack: 3.0
02:48:24.0125 0504 Product type: Workstation
02:48:24.0125 0504 ComputerName: CHIEFTEC2
02:48:24.0125 0504 UserName: Börje
02:48:24.0125 0504 Windows directory: C:\WINDOWS
02:48:24.0125 0504 System windows directory: C:\WINDOWS
02:48:24.0125 0504 Processor architecture: Intel x86
02:48:24.0125 0504 Number of processors: 2
02:48:24.0125 0504 Page size: 0x1000
02:48:24.0125 0504 Boot type: Normal boot
02:48:24.0125 0504 ============================================================
02:48:26.0515 0504 BG loaded
02:48:26.0703 0504 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:48:26.0703 0504 ============================================================
02:48:26.0703 0504 \Device\Harddisk0\DR0:
02:48:26.0703 0504 MBR partitions:
02:48:26.0703 0504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
02:48:26.0703 0504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A962F0, BlocksNum 0x368EE951
02:48:26.0703 0504 ============================================================
02:48:26.0734 0504 C: <-> \Device\Harddisk0\DR0\Partition1
02:48:26.0765 0504 D: <-> \Device\Harddisk0\DR0\Partition2
02:48:26.0781 0504 ============================================================
02:48:26.0781 0504 Initialize success
02:48:26.0781 0504 ============================================================
02:48:50.0921 3428 ============================================================
02:48:50.0921 3428 Scan started
02:48:50.0921 3428 Mode: Manual;
02:48:50.0921 3428 ============================================================
02:48:51.0828 3428 ================ Scan system memory ========================
02:48:51.0828 3428 System memory - ok
02:48:51.0828 3428 ================ Scan services =============================
02:48:51.0875 3428 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
02:48:51.0875 3428 !SASCORE - ok
02:48:51.0875 3428 .EsetTrialReset - ok
02:48:51.0921 3428 Abiosdsk - ok
02:48:51.0937 3428 abp480n5 - ok
02:48:51.0953 3428 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:48:52.0000 3428 ACPI - ok
02:48:52.0015 3428 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:48:52.0031 3428 ACPIEC - ok
02:48:52.0031 3428 adpu160m - ok
02:48:52.0046 3428 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:48:52.0062 3428 aec - ok
02:48:52.0078 3428 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:48:52.0078 3428 AFD - ok
02:48:52.0093 3428 Aha154x - ok
02:48:52.0093 3428 aic78u2 - ok
02:48:52.0093 3428 aic78xx - ok
02:48:52.0125 3428 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:48:52.0125 3428 Alerter - ok
02:48:52.0140 3428 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
02:48:52.0140 3428 ALG - ok
02:48:52.0156 3428 AliIde - ok
02:48:52.0156 3428 amsint - ok
02:48:52.0171 3428 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:48:52.0187 3428 AppMgmt - ok
02:48:52.0187 3428 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:48:52.0203 3428 Arp1394 - ok
02:48:52.0218 3428 asc - ok
02:48:52.0218 3428 asc3350p - ok
02:48:52.0218 3428 asc3550 - ok
02:48:52.0234 3428 [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
02:48:52.0234 3428 AsIO - ok
02:48:52.0296 3428 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:48:52.0312 3428 aspnet_state - ok
02:48:52.0328 3428 [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO C:\WINDOWS\system32\drivers\AsUpIO.sys
02:48:52.0343 3428 AsUpIO - ok
02:48:52.0359 3428 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:48:52.0375 3428 AsyncMac - ok
02:48:52.0375 3428 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:48:52.0390 3428 atapi - ok
02:48:52.0406 3428 [ F43673D97B9DF66999C3DFA6E538EF5B ] AtcL001 C:\WINDOWS\system32\DRIVERS\l151x86.sys
02:48:52.0421 3428 AtcL001 - ok
02:48:52.0421 3428 Atdisk - ok
02:48:52.0421 3428 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:48:52.0437 3428 Atmarpc - ok
02:48:52.0453 3428 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:48:52.0453 3428 AudioSrv - ok
02:48:52.0468 3428 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:48:52.0484 3428 audstub - ok
02:48:52.0500 3428 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:48:52.0515 3428 Beep - ok
02:48:52.0531 3428 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
02:48:52.0578 3428 BITS - ok
02:48:52.0593 3428 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
02:48:52.0593 3428 Browser - ok
02:48:52.0593 3428 catchme - ok
02:48:52.0625 3428 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:48:52.0640 3428 cbidf2k - ok
02:48:52.0640 3428 cd20xrnt - ok
02:48:52.0640 3428 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:48:52.0656 3428 Cdaudio - ok
02:48:52.0656 3428 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:48:52.0687 3428 Cdfs - ok
02:48:52.0687 3428 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:48:52.0703 3428 Cdrom - ok
02:48:52.0703 3428 Changer - ok
02:48:52.0718 3428 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:48:52.0718 3428 CiSvc - ok
02:48:52.0718 3428 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:48:52.0718 3428 ClipSrv - ok
02:48:52.0750 3428 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:48:52.0781 3428 clr_optimization_v2.0.50727_32 - ok
02:48:52.0843 3428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:48:52.0843 3428 clr_optimization_v4.0.30319_32 - ok
02:48:52.0843 3428 CmdIde - ok
02:48:52.0843 3428 COMSysApp - ok
02:48:52.0859 3428 Cpqarray - ok
02:48:52.0875 3428 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:48:52.0875 3428 CryptSvc - ok
02:48:52.0875 3428 dac2w2k - ok
02:48:52.0890 3428 dac960nt - ok
02:48:52.0906 3428 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:48:52.0906 3428 DcomLaunch - ok
02:48:52.0921 3428 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:48:52.0937 3428 Dhcp - ok
02:48:52.0937 3428 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:48:52.0953 3428 Disk - ok
02:48:52.0953 3428 dmadmin - ok
02:48:52.0984 3428 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:48:53.0015 3428 dmboot - ok
02:48:53.0015 3428 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:48:53.0046 3428 dmio - ok
02:48:53.0046 3428 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:48:53.0062 3428 dmload - ok
02:48:53.0078 3428 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:48:53.0078 3428 dmserver - ok
02:48:53.0093 3428 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:48:53.0093 3428 DMusic - ok
02:48:53.0093 3428 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:48:53.0109 3428 Dnscache - ok
02:48:53.0125 3428 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:48:53.0125 3428 Dot3svc - ok
02:48:53.0125 3428 dpti2o - ok
02:48:53.0125 3428 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:48:53.0140 3428 drmkaud - ok
02:48:53.0156 3428 [ 54E6B2194DA2B8A286077A8ABF42D3B7 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
02:48:53.0171 3428 eamon - ok
02:48:53.0187 3428 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:48:53.0187 3428 EapHost - ok
02:48:53.0203 3428 [ 299A7CE452023A99A65D0D28F3B2BBF6 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
02:48:53.0218 3428 ehdrv - ok
02:48:53.0343 3428 [ 2300F43197C5AE35B700C04D5E1B6BA6 ] EhttpSrv C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
02:48:53.0343 3428 EhttpSrv - ok
02:48:53.0453 3428 [ 4032F381C6A7D396D62A4F5219585A46 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
02:48:53.0453 3428 ekrn - ok
02:48:53.0468 3428 [ 6BFF97E56BE01D712BBCC8734A141B29 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
02:48:53.0484 3428 epfw - ok
02:48:53.0500 3428 [ 6DFB844FD0618DFD46D19184B475738B ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
02:48:53.0515 3428 Epfwndis - ok
02:48:53.0546 3428 [ A68968294949D9DCCC98818273D98033 ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
02:48:53.0546 3428 epfwtdi - ok
02:48:53.0578 3428 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:48:53.0578 3428 ERSvc - ok
02:48:53.0593 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
02:48:53.0593 3428 Eventlog - ok
02:48:53.0609 3428 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
02:48:53.0625 3428 EventSystem - ok
02:48:53.0640 3428 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:48:53.0656 3428 Fastfat - ok
02:48:53.0671 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:48:53.0671 3428 FastUserSwitchingCompatibility - ok
02:48:53.0703 3428 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
02:48:53.0718 3428 Fdc - ok
02:48:53.0734 3428 [ 093913A016845FE257ED9B7FC8E28ED8 ] FileDisk C:\WINDOWS\system32\drivers\FileDisk.sys
02:48:53.0750 3428 FileDisk - ok
02:48:53.0750 3428 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:48:53.0765 3428 Fips - ok
02:48:53.0781 3428 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:48:53.0796 3428 Flpydisk - ok
02:48:53.0796 3428 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:48:53.0828 3428 FltMgr - ok
02:48:53.0875 3428 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:48:53.0875 3428 FontCache3.0.0.0 - ok
02:48:53.0875 3428 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:48:53.0890 3428 Fs_Rec - ok
02:48:53.0890 3428 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:48:53.0906 3428 Ftdisk - ok
02:48:53.0937 3428 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:48:53.0953 3428 Gpc - ok
02:48:53.0968 3428 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:48:53.0984 3428 HDAudBus - ok
02:48:54.0000 3428 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:48:54.0015 3428 helpsvc - ok
02:48:54.0015 3428 HidServ - ok
02:48:54.0015 3428 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:48:54.0031 3428 hidusb - ok
02:48:54.0062 3428 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:48:54.0062 3428 hkmsvc - ok
02:48:54.0062 3428 hpn - ok
02:48:54.0093 3428 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:48:54.0125 3428 HTTP - ok
02:48:54.0140 3428 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:48:54.0140 3428 HTTPFilter - ok
02:48:54.0140 3428 i2omgmt - ok
02:48:54.0156 3428 i2omp - ok
02:48:54.0156 3428 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:48:54.0187 3428 i8042prt - ok
02:48:54.0234 3428 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:48:54.0281 3428 idsvc - ok
02:48:54.0281 3428 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:48:54.0296 3428 Imapi - ok
02:48:54.0328 3428 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
02:48:54.0328 3428 ImapiService - ok
02:48:54.0328 3428 ini910u - ok
02:48:54.0421 3428 [ CBDDAB14249B2F05407FC09AB8FFFB88 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:48:54.0437 3428 IntcAzAudAddService - ok
02:48:54.0453 3428 IntelIde - ok
02:48:54.0468 3428 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:48:54.0484 3428 intelppm - ok
02:48:54.0484 3428 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:48:54.0515 3428 Ip6Fw - ok
02:48:54.0531 3428 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:48:54.0546 3428 IpFilterDriver - ok
02:48:54.0562 3428 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:48:54.0578 3428 IpInIp - ok
02:48:54.0593 3428 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:48:54.0609 3428 IpNat - ok
02:48:54.0625 3428 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:48:54.0640 3428 IPSec - ok
02:48:54.0656 3428 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:48:54.0671 3428 IRENUM - ok
02:48:54.0687 3428 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:48:54.0703 3428 isapnp - ok
02:48:54.0734 3428 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
02:48:54.0734 3428 JavaQuickStarterService - ok
02:48:54.0734 3428 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:48:54.0750 3428 Kbdclass - ok
02:48:54.0765 3428 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:48:54.0781 3428 kmixer - ok
02:48:54.0796 3428 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:48:54.0812 3428 KSecDD - ok
02:48:54.0828 3428 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:48:54.0828 3428 lanmanserver - ok
02:48:54.0843 3428 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:48:54.0859 3428 lanmanworkstation - ok
02:48:54.0859 3428 lbrtfdc - ok
02:48:54.0875 3428 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:48:54.0875 3428 LmHosts - ok
02:48:54.0890 3428 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:48:54.0890 3428 Messenger - ok
02:48:54.0890 3428 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:48:54.0906 3428 mnmdd - ok
02:48:54.0937 3428 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:48:54.0937 3428 mnmsrvc - ok
02:48:54.0937 3428 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:48:54.0953 3428 Modem - ok
02:48:54.0968 3428 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:48:54.0984 3428 Mouclass - ok
02:48:54.0984 3428 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:48:55.0000 3428 mouhid - ok
02:48:55.0000 3428 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:48:55.0015 3428 MountMgr - ok
02:48:55.0046 3428 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:48:55.0046 3428 MozillaMaintenance - ok
02:48:55.0062 3428 mraid35x - ok
02:48:55.0062 3428 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:48:55.0093 3428 MRxDAV - ok
02:48:55.0125 3428 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:48:55.0140 3428 MRxSmb - ok
02:48:55.0140 3428 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:48:55.0140 3428 MSDTC - ok
02:48:55.0156 3428 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:48:55.0171 3428 Msfs - ok
02:48:55.0171 3428 MSIServer - ok
02:48:55.0171 3428 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:48:55.0187 3428 MSKSSRV - ok
02:48:55.0187 3428 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:48:55.0203 3428 MSPCLOCK - ok
02:48:55.0218 3428 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:48:55.0234 3428 MSPQM - ok
02:48:55.0234 3428 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:48:55.0250 3428 mssmbios - ok
02:48:55.0250 3428 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
02:48:55.0265 3428 MTsensor - ok
02:48:55.0281 3428 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:48:55.0296 3428 Mup - ok
02:48:55.0328 3428 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:48:55.0328 3428 napagent - ok
02:48:55.0359 3428 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:48:55.0359 3428 NDIS - ok
02:48:55.0375 3428 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:48:55.0390 3428 NdisTapi - ok
02:48:55.0406 3428 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:48:55.0406 3428 Ndisuio - ok
02:48:55.0421 3428 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:48:55.0437 3428 NdisWan - ok
02:48:55.0453 3428 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:48:55.0468 3428 NDProxy - ok
02:48:55.0468 3428 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:48:55.0484 3428 NetBIOS - ok
02:48:55.0500 3428 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:48:55.0515 3428 NetBT - ok
02:48:55.0531 3428 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
02:48:55.0531 3428 NetDDE - ok
02:48:55.0546 3428 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:48:55.0546 3428 NetDDEdsdm - ok
02:48:55.0562 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:48:55.0562 3428 Netlogon - ok
02:48:55.0562 3428 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
02:48:55.0578 3428 Netman - ok
02:48:55.0593 3428 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:48:55.0593 3428 NetTcpPortSharing - ok
02:48:55.0609 3428 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:48:55.0625 3428 NIC1394 - ok
02:48:55.0656 3428 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
02:48:55.0656 3428 Nla - ok
02:48:55.0656 3428 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:48:55.0671 3428 Npfs - ok
02:48:55.0687 3428 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:48:55.0703 3428 Ntfs - ok
02:48:55.0718 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:48:55.0718 3428 NtLmSsp - ok
02:48:55.0734 3428 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:48:55.0734 3428 NtmsSvc - ok
02:48:55.0750 3428 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:48:55.0765 3428 Null - ok
02:48:55.0953 3428 [ B9B1BB146EB9A83DCF0F5635B09D3D43 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:48:56.0015 3428 nv - ok
02:48:56.0078 3428 [ 8BB901D3DBD7CA15C4D9F1EC98927379 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:48:56.0109 3428 nvUpdatusService - ok
02:48:56.0125 3428 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:48:56.0140 3428 NwlnkFlt - ok
02:48:56.0156 3428 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:48:56.0171 3428 NwlnkFwd - ok
02:48:56.0171 3428 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:48:56.0203 3428 ohci1394 - ok
02:48:56.0265 3428 [ D3530461AF3737392E5693D9E2CEA4A2 ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
02:48:56.0281 3428 OODefragAgent - ok
02:48:56.0281 3428 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
02:48:56.0296 3428 Parport - ok
02:48:56.0312 3428 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:48:56.0312 3428 PartMgr - ok
02:48:56.0343 3428 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:48:56.0343 3428 ParVdm - ok
02:48:56.0359 3428 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:48:56.0375 3428 PCI - ok
02:48:56.0375 3428 PciCon - ok
02:48:56.0375 3428 PCIDump - ok
02:48:56.0390 3428 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:48:56.0406 3428 PCIIde - ok
02:48:56.0421 3428 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:48:56.0453 3428 Pcmcia - ok
02:48:56.0453 3428 PDCOMP - ok
02:48:56.0453 3428 PDFRAME - ok
02:48:56.0453 3428 PDRELI - ok
02:48:56.0468 3428 PDRFRAME - ok
02:48:56.0468 3428 perc2 - ok
02:48:56.0468 3428 perc2hib - ok
02:48:56.0500 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
02:48:56.0500 3428 PlugPlay - ok
02:48:56.0500 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:48:56.0500 3428 PolicyAgent - ok
02:48:56.0515 3428 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:48:56.0531 3428 PptpMiniport - ok
02:48:56.0531 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:48:56.0531 3428 ProtectedStorage - ok
02:48:56.0531 3428 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:48:56.0562 3428 PSched - ok
02:48:56.0562 3428 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:48:56.0578 3428 Ptilink - ok
02:48:56.0593 3428 ql1080 - ok
02:48:56.0593 3428 Ql10wnt - ok
02:48:56.0593 3428 ql12160 - ok
02:48:56.0593 3428 ql1240 - ok
02:48:56.0609 3428 ql1280 - ok
02:48:56.0609 3428 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:48:56.0625 3428 RasAcd - ok
02:48:56.0640 3428 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:48:56.0640 3428 RasAuto - ok
02:48:56.0656 3428 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:48:56.0671 3428 Rasl2tp - ok
02:48:56.0703 3428 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:48:56.0703 3428 RasMan - ok
02:48:56.0718 3428 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:48:56.0734 3428 RasPppoe - ok
02:48:56.0734 3428 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:48:56.0750 3428 Raspti - ok
02:48:56.0765 3428 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:48:56.0812 3428 Rdbss - ok
02:48:56.0812 3428 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:48:56.0828 3428 RDPCDD - ok
02:48:56.0843 3428 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:48:56.0859 3428 rdpdr - ok
02:48:56.0875 3428 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:48:56.0906 3428 RDPWD - ok
02:48:56.0921 3428 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:48:56.0921 3428 RDSessMgr - ok
02:48:56.0937 3428 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:48:56.0953 3428 redbook - ok
02:48:56.0968 3428 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:48:56.0968 3428 RemoteAccess - ok
02:48:56.0984 3428 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:48:56.0984 3428 RemoteRegistry - ok
02:48:57.0000 3428 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
02:48:57.0000 3428 RpcLocator - ok
02:48:57.0031 3428 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
02:48:57.0031 3428 RpcSs - ok
02:48:57.0046 3428 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:48:57.0046 3428 RSVP - ok
02:48:57.0062 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
02:48:57.0062 3428 SamSs - ok
02:48:57.0078 3428 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:48:57.0093 3428 SASDIFSV - ok
02:48:57.0093 3428 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:48:57.0109 3428 SASKUTIL - ok
02:48:57.0125 3428 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:48:57.0125 3428 SCardSvr - ok
02:48:57.0140 3428 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:48:57.0156 3428 Schedule - ok
02:48:57.0171 3428 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:48:57.0187 3428 Secdrv - ok
02:48:57.0187 3428 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
02:48:57.0187 3428 seclogon - ok
02:48:57.0203 3428 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
02:48:57.0203 3428 SENS - ok
02:48:57.0203 3428 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:48:57.0218 3428 serenum - ok
02:48:57.0234 3428 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:48:57.0265 3428 Serial - ok
02:48:57.0281 3428 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:48:57.0296 3428 Sfloppy - ok
02:48:57.0312 3428 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:48:57.0312 3428 SharedAccess - ok
02:48:57.0328 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:48:57.0328 3428 ShellHWDetection - ok
02:48:57.0328 3428 Simbad - ok
02:48:57.0328 3428 Sparrow - ok
02:48:57.0343 3428 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:48:57.0359 3428 splitter - ok
02:48:57.0359 3428 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:48:57.0375 3428 Spooler - ok
02:48:57.0390 3428 [ C4BB8A12843D9CBB65F5FF617F389BBD ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
02:48:57.0390 3428 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: C4BB8A12843D9CBB65F5FF617F389BBD
02:48:57.0390 3428 sptd ( LockedFile.Multi.Generic ) - warning
02:48:57.0390 3428 sptd - detected LockedFile.Multi.Generic (1)
02:48:57.0421 3428 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:48:57.0437 3428 sr - ok
02:48:57.0453 3428 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
02:48:57.0453 3428 srservice - ok
02:48:57.0468 3428 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:48:57.0484 3428 Srv - ok
02:48:57.0484 3428 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:48:57.0500 3428 SSDPSRV - ok
02:48:57.0515 3428 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:48:57.0515 3428 stisvc - ok
02:48:57.0531 3428 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:48:57.0546 3428 swenum - ok
02:48:57.0562 3428 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:48:57.0578 3428 swmidi - ok
02:48:57.0593 3428 SwPrv - ok
02:48:57.0593 3428 symc810 - ok
02:48:57.0593 3428 symc8xx - ok
02:48:57.0593 3428 sym_hi - ok
02:48:57.0609 3428 sym_u3 - ok
02:48:57.0609 3428 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:48:57.0609 3428 sysaudio - ok
02:48:57.0625 3428 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:48:57.0625 3428 SysmonLog - ok
02:48:57.0640 3428 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:48:57.0656 3428 TapiSrv - ok
02:48:57.0671 3428 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:48:57.0687 3428 Tcpip - ok
02:48:57.0687 3428 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:48:57.0703 3428 TDPIPE - ok
02:48:57.0718 3428 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:48:57.0734 3428 TDTCP - ok
02:48:57.0734 3428 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:48:57.0781 3428 TermDD - ok
02:48:57.0781 3428 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
02:48:57.0796 3428 TermService - ok
02:48:57.0796 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
02:48:57.0812 3428 Themes - ok
02:48:57.0812 3428 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:48:57.0828 3428 TlntSvr - ok
02:48:57.0828 3428 TosIde - ok
02:48:57.0828 3428 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:48:57.0828 3428 TrkWks - ok
02:48:57.0843 3428 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:48:57.0859 3428 Udfs - ok
02:48:57.0859 3428 ultra - ok
02:48:57.0875 3428 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:48:57.0906 3428 Update - ok
02:48:57.0921 3428 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:48:57.0921 3428 upnphost - ok
02:48:57.0937 3428 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
02:48:57.0937 3428 UPS - ok
02:48:57.0953 3428 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:48:57.0968 3428 usbehci - ok
02:48:57.0968 3428 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:48:57.0984 3428 usbhub - ok
02:48:58.0000 3428 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:48:58.0015 3428 usbstor - ok
02:48:58.0031 3428 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:48:58.0046 3428 usbuhci - ok
02:48:58.0046 3428 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:48:58.0062 3428 VgaSave - ok
02:48:58.0062 3428 ViaIde - ok
02:48:58.0062 3428 VMnetAdapter - ok
02:48:58.0078 3428 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:48:58.0093 3428 VolSnap - ok
02:48:58.0109 3428 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
02:48:58.0125 3428 VSS - ok
02:48:58.0125 3428 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
02:48:58.0125 3428 W32Time - ok
02:48:58.0140 3428 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:48:58.0156 3428 Wanarp - ok
02:48:58.0156 3428 WDICA - ok
02:48:58.0171 3428 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:48:58.0187 3428 wdmaud - ok
02:48:58.0203 3428 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:48:58.0218 3428 WebClient - ok
02:48:58.0250 3428 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:48:58.0250 3428 winmgmt - ok
02:48:58.0265 3428 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:48:58.0281 3428 WmdmPmSN - ok
02:48:58.0296 3428 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:48:58.0296 3428 Wmi - ok
02:48:58.0312 3428 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:48:58.0312 3428 WmiApSrv - ok
02:48:58.0359 3428 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
02:48:58.0375 3428 WMPNetworkSvc - ok
02:48:58.0515 3428 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:48:58.0640 3428 WPFFontCache_v0400 - ok
02:48:58.0687 3428 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:48:58.0703 3428 WS2IFSL - ok
02:48:58.0734 3428 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:48:58.0734 3428 wscsvc - ok
02:48:58.0796 3428 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:48:58.0828 3428 wuauserv - ok
02:48:58.0843 3428 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:48:58.0984 3428 WZCSVC - ok
02:48:59.0031 3428 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:48:59.0109 3428 xmlprov - ok
02:48:59.0109 3428 ================ Scan global ===============================
02:48:59.0140 3428 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:48:59.0187 3428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:48:59.0218 3428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:48:59.0234 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:48:59.0250 3428 [Global] - ok
02:48:59.0250 3428 ================ Scan MBR ==================================
02:48:59.0281 3428 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
02:49:00.0109 3428 \Device\Harddisk0\DR0 - ok
02:49:00.0109 3428 ================ Scan VBR ==================================
02:49:00.0109 3428 [ E46F846BDEA39FB60C8489CCCB434766 ] \Device\Harddisk0\DR0\Partition1
02:49:00.0109 3428 \Device\Harddisk0\DR0\Partition1 - ok
02:49:00.0125 3428 [ C0F15464E4C8BA20FB24B76C272333BA ] \Device\Harddisk0\DR0\Partition2
02:49:00.0125 3428 \Device\Harddisk0\DR0\Partition2 - ok
02:49:00.0125 3428 ================ Scan active images ========================
02:49:00.0125 3428 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
02:49:00.0125 3428 C:\WINDOWS\system32\drivers\intelppm.sys - ok
02:49:00.0125 3428 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
02:49:00.0125 3428 C:\WINDOWS\system32\drivers\videoprt.sys - ok
02:49:00.0140 3428 [ B9B1BB146EB9A83DCF0F5635B09D3D43 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
02:49:00.0140 3428 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
02:49:00.0140 3428 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
02:49:00.0140 3428 C:\WINDOWS\system32\drivers\usbport.sys - ok
02:49:00.0140 3428 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
02:49:00.0140 3428 C:\WINDOWS\system32\drivers\usbehci.sys - ok
02:49:00.0140 3428 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
02:49:00.0140 3428 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
02:49:00.0140 3428 [ D48659BB24C48345D926ECB45C1EBDF5 ] C:\WINDOWS\system32\drivers\ASACPI.sys
02:49:00.0140 3428 C:\WINDOWS\system32\drivers\ASACPI.sys - ok
02:49:00.0156 3428 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
02:49:00.0156 3428 C:\WINDOWS\system32\drivers\fdc.sys - ok
02:49:00.0156 3428 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
02:49:00.0156 3428 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
02:49:00.0156 3428 [ F43673D97B9DF66999C3DFA6E538EF5B ] C:\WINDOWS\system32\drivers\l151x86.sys
02:49:00.0156 3428 C:\WINDOWS\system32\drivers\l151x86.sys - ok
02:49:00.0156 3428 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
02:49:00.0156 3428 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
02:49:00.0156 3428 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
02:49:00.0156 3428 C:\WINDOWS\system32\drivers\serenum.sys - ok
02:49:00.0171 3428 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
02:49:00.0171 3428 C:\WINDOWS\system32\drivers\serial.sys - ok
02:49:00.0171 3428 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
02:49:00.0171 3428 C:\WINDOWS\system32\drivers\cdrom.sys - ok
02:49:00.0171 3428 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
02:49:00.0171 3428 C:\WINDOWS\system32\drivers\imapi.sys - ok
02:49:00.0171 3428 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
02:49:00.0171 3428 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
02:49:00.0187 3428 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
02:49:00.0187 3428 C:\WINDOWS\system32\drivers\ks.sys - ok
02:49:00.0187 3428 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
02:49:00.0187 3428 C:\WINDOWS\system32\drivers\redbook.sys - ok
02:49:00.0187 3428 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
02:49:00.0187 3428 C:\WINDOWS\system32\drivers\audstub.sys - ok
02:49:00.0187 3428 [ 6DFB844FD0618DFD46D19184B475738B ] C:\WINDOWS\system32\drivers\epfwndis.sys
02:49:00.0187 3428 C:\WINDOWS\system32\drivers\epfwndis.sys - ok
02:49:00.0187 3428 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
02:49:00.0187 3428 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
02:49:00.0203 3428 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
02:49:00.0203 3428 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
02:49:00.0203 3428 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
02:49:00.0203 3428 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
02:49:00.0203 3428 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
02:49:00.0203 3428 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
02:49:00.0203 3428 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
02:49:00.0203 3428 C:\WINDOWS\system32\drivers\raspptp.sys - ok
02:49:00.0203 3428 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
02:49:00.0203 3428 C:\WINDOWS\system32\drivers\tdi.sys - ok
02:49:00.0218 3428 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
02:49:00.0218 3428 C:\WINDOWS\system32\drivers\msgpc.sys - ok
02:49:00.0218 3428 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
02:49:00.0218 3428 C:\WINDOWS\system32\drivers\psched.sys - ok
02:49:00.0218 3428 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
02:49:00.0218 3428 C:\WINDOWS\system32\drivers\mouclass.sys - ok
02:49:00.0218 3428 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
02:49:00.0218 3428 C:\WINDOWS\system32\drivers\ptilink.sys - ok
02:49:00.0218 3428 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
02:49:00.0218 3428 C:\WINDOWS\system32\drivers\raspti.sys - ok
02:49:00.0234 3428 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
02:49:00.0234 3428 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
02:49:00.0234 3428 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
02:49:00.0234 3428 C:\WINDOWS\system32\drivers\termdd.sys - ok
02:49:00.0234 3428 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
02:49:00.0234 3428 C:\WINDOWS\system32\drivers\swenum.sys - ok
02:49:00.0234 3428 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
02:49:00.0234 3428 C:\WINDOWS\system32\drivers\update.sys - ok
02:49:00.0250 3428 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
02:49:00.0250 3428 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
02:49:00.0250 3428 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
02:49:00.0250 3428 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
02:49:00.0250 3428 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
02:49:00.0250 3428 C:\WINDOWS\system32\drivers\usbd.sys - ok
02:49:00.0250 3428 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
02:49:00.0250 3428 C:\WINDOWS\system32\drivers\usbhub.sys - ok
02:49:00.0250 3428 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
02:49:00.0250 3428 C:\WINDOWS\system32\drivers\drmk.sys - ok
02:49:00.0265 3428 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
02:49:00.0265 3428 C:\WINDOWS\system32\drivers\portcls.sys - ok
02:49:00.0265 3428 [ CBDDAB14249B2F05407FC09AB8FFFB88 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:49:00.0265 3428 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
02:49:00.0265 3428 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
02:49:00.0265 3428 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
02:49:00.0265 3428 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
02:49:00.0265 3428 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
02:49:00.0281 3428 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
02:49:00.0281 3428 C:\WINDOWS\system32\drivers\beep.sys - ok
02:49:00.0281 3428 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
02:49:00.0281 3428 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
02:49:00.0281 3428 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
02:49:00.0281 3428 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
02:49:00.0281 3428 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
02:49:00.0281 3428 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
02:49:00.0281 3428 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
02:49:00.0281 3428 C:\WINDOWS\system32\drivers\null.sys - ok
02:49:00.0296 3428 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
02:49:00.0296 3428 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
02:49:00.0296 3428 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
02:49:00.0296 3428 C:\WINDOWS\system32\drivers\vga.sys - ok
02:49:00.0296 3428 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
02:49:00.0296 3428 C:\WINDOWS\system32\drivers\msfs.sys - ok
02:49:00.0296 3428 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
02:49:00.0296 3428 C:\WINDOWS\system32\drivers\ipsec.sys - ok
02:49:00.0296 3428 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
02:49:00.0296 3428 C:\WINDOWS\system32\drivers\npfs.sys - ok
02:49:00.0312 3428 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
02:49:00.0312 3428 C:\WINDOWS\system32\drivers\rasacd.sys - ok
02:49:00.0312 3428 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
02:49:00.0312 3428 C:\WINDOWS\system32\drivers\tcpip.sys - ok
02:49:00.0312 3428 [ A68968294949D9DCCC98818273D98033 ] C:\WINDOWS\system32\drivers\epfwtdi.sys
02:49:00.0312 3428 C:\WINDOWS\system32\drivers\epfwtdi.sys - ok
02:49:00.0312 3428 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
02:49:00.0312 3428 C:\WINDOWS\system32\drivers\ipnat.sys - ok
02:49:00.0328 3428 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
02:49:00.0328 3428 C:\WINDOWS\system32\drivers\netbt.sys - ok
02:49:00.0328 3428 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
02:49:00.0328 3428 C:\WINDOWS\system32\drivers\wanarp.sys - ok
02:49:00.0328 3428 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
02:49:00.0328 3428 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
02:49:00.0328 3428 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
02:49:00.0328 3428 C:\WINDOWS\system32\drivers\afd.sys - ok
02:49:00.0328 3428 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
02:49:00.0328 3428 C:\WINDOWS\system32\drivers\netbios.sys - ok
02:49:00.0343 3428 [ 39763504067962108505BFF25F024345 ] C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
02:49:00.0343 3428 C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok
02:49:00.0343 3428 [ 77B9FC20084B48408AD3E87570EB4A85 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:49:00.0343 3428 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok
02:49:00.0343 3428 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
02:49:00.0343 3428 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
02:49:00.0343 3428 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
02:49:00.0343 3428 C:\WINDOWS\system32\drivers\rdbss.sys - ok
02:49:00.0343 3428 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
02:49:00.0343 3428 C:\WINDOWS\system32\drivers\fips.sys - ok
02:49:00.0359 3428 [ 9D8CB58B9A9E177DDD599791A58A654D ] C:\WINDOWS\system32\drivers\AsIO.sys
02:49:00.0359 3428 C:\WINDOWS\system32\drivers\AsIO.sys - ok
02:49:00.0359 3428 [ E67493490466B5F04B58C22D2590E8CA ] C:\WINDOWS\system32\drivers\AsUpIO.sys
02:49:00.0359 3428 C:\WINDOWS\system32\drivers\AsUpIO.sys - ok
02:49:00.0359 3428 [ 093913A016845FE257ED9B7FC8E28ED8 ] C:\WINDOWS\system32\drivers\filedisk.sys
02:49:00.0359 3428 C:\WINDOWS\system32\drivers\filedisk.sys - ok
02:49:00.0359 3428 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
02:49:00.0359 3428 C:\WINDOWS\system32\smss.exe - ok
02:49:00.0375 3428 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
02:49:00.0375 3428 C:\WINDOWS\system32\ntdll.dll - ok
02:49:00.0375 3428 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
02:49:00.0375 3428 C:\WINDOWS\system32\autochk.exe - ok
02:49:00.0375 3428 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
02:49:00.0375 3428 C:\WINDOWS\system32\drivers\hidclass.sys - ok
02:49:00.0375 3428 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
02:49:00.0375 3428 C:\WINDOWS\system32\drivers\hidparse.sys - ok
02:49:00.0375 3428 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
02:49:00.0375 3428 C:\WINDOWS\system32\drivers\hidusb.sys - ok
02:49:00.0390 3428 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
02:49:00.0390 3428 C:\WINDOWS\system32\drivers\mouhid.sys - ok
02:49:00.0390 3428 [ BFE4BDB5953E20940BEF11BED3239172 ] C:\WINDOWS\system32\oodbs.exe
02:49:00.0390 3428 C:\WINDOWS\system32\oodbs.exe - ok
02:49:00.0390 3428 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
02:49:00.0390 3428 C:\WINDOWS\system32\sfcfiles.dll - ok
02:49:00.0390 3428 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
02:49:00.0390 3428 C:\WINDOWS\system32\drivers\cdfs.sys - ok
02:49:00.0390 3428 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
02:49:00.0390 3428 C:\WINDOWS\system32\drivers\wmilib.sys - ok
02:49:00.0406 3428 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
02:49:00.0406 3428 C:\WINDOWS\system32\drivers\atapi.sys - ok
02:49:00.0406 3428 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
02:49:00.0406 3428 C:\WINDOWS\system32\drivers\dxapi.sys - ok
02:49:00.0406 3428 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:49:00.0406 3428 C:\WINDOWS\system32\basesrv.dll - ok
02:49:00.0406 3428 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
02:49:00.0406 3428 C:\WINDOWS\system32\csrsrv.dll - ok
02:49:00.0421 3428 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
02:49:00.0421 3428 C:\WINDOWS\system32\csrss.exe - ok
02:49:00.0421 3428 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
02:49:00.0421 3428 C:\WINDOWS\system32\watchdog.sys - ok
02:49:00.0421 3428 [ D6F934A361D7F0BE8271673988D4E7FD ] C:\WINDOWS\system32\win32k.sys
02:49:00.0421 3428 C:\WINDOWS\system32\win32k.sys - ok
02:49:00.0421 3428 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
02:49:00.0421 3428 C:\WINDOWS\system32\gdi32.dll - ok
02:49:00.0421 3428 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
02:49:00.0421 3428 C:\WINDOWS\system32\kernel32.dll - ok
02:49:00.0437 3428 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
02:49:00.0437 3428 C:\WINDOWS\system32\user32.dll - ok
02:49:00.0437 3428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:49:00.0437 3428 C:\WINDOWS\system32\winsrv.dll - ok
02:49:00.0437 3428 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
02:49:00.0437 3428 C:\WINDOWS\system32\drivers\dxg.sys - ok
02:49:00.0437 3428 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
02:49:00.0437 3428 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
02:49:00.0437 3428 [ 0B0DDC97D6E6B93C769EA61B2385F889 ] C:\WINDOWS\system32\nv4_disp.dll
02:49:00.0437 3428 C:\WINDOWS\system32\nv4_disp.dll - ok
02:49:00.0453 3428 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
02:49:00.0453 3428 C:\WINDOWS\system32\vga.dll - ok
02:49:00.0453 3428 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
02:49:00.0453 3428 C:\WINDOWS\system32\winlogon.exe - ok
02:49:00.0453 3428 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
02:49:00.0453 3428 C:\WINDOWS\system32\advapi32.dll - ok
02:49:00.0453 3428 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
02:49:00.0453 3428 C:\WINDOWS\system32\rpcrt4.dll - ok
02:49:00.0453 3428 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
02:49:00.0453 3428 C:\WINDOWS\system32\secur32.dll - ok
02:49:00.0468 3428 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
02:49:00.0468 3428 C:\WINDOWS\system32\authz.dll - ok
02:49:00.0468 3428 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
02:49:00.0468 3428 C:\WINDOWS\system32\msvcrt.dll - ok
02:49:00.0468 3428 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
02:49:00.0468 3428 C:\WINDOWS\system32\crypt32.dll - ok
02:49:00.0468 3428 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
02:49:00.0468 3428 C:\WINDOWS\system32\msasn1.dll - ok
02:49:00.0484 3428 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
02:49:00.0484 3428 C:\WINDOWS\system32\nddeapi.dll - ok
02:49:00.0484 3428 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
02:49:00.0484 3428 C:\WINDOWS\system32\netapi32.dll - ok
02:49:00.0484 3428 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
02:49:00.0484 3428 C:\WINDOWS\system32\profmap.dll - ok
02:49:00.0484 3428 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
02:49:00.0484 3428 C:\WINDOWS\system32\userenv.dll - ok
02:49:00.0484 3428 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
02:49:00.0484 3428 C:\WINDOWS\system32\psapi.dll - ok
02:49:00.0500 3428 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
02:49:00.0500 3428 C:\WINDOWS\system32\regapi.dll - ok
02:49:00.0500 3428 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
02:49:00.0500 3428 C:\WINDOWS\system32\setupapi.dll - ok
02:49:00.0500 3428 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
02:49:00.0500 3428 C:\WINDOWS\system32\version.dll - ok
02:49:00.0500 3428 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
02:49:00.0500 3428 C:\WINDOWS\system32\winsta.dll - ok
02:49:00.0500 3428 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
02:49:00.0500 3428 C:\WINDOWS\system32\imagehlp.dll - ok
02:49:00.0515 3428 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
02:49:00.0515 3428 C:\WINDOWS\system32\imm32.dll - ok
02:49:00.0515 3428 [ 28D0AE434F7A8E8B1185AA07DD71AC44 ] C:\WINDOWS\system32\kbdsw.dll
02:49:00.0515 3428 C:\WINDOWS\system32\kbdsw.dll - ok
02:49:00.0515 3428 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
02:49:00.0515 3428 C:\WINDOWS\system32\wintrust.dll - ok
02:49:00.0515 3428 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
02:49:00.0515 3428 C:\WINDOWS\system32\ws2help.dll - ok
02:49:00.0531 3428 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
02:49:00.0531 3428 C:\WINDOWS\system32\ws2_32.dll - ok
02:49:00.0531 3428 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
02:49:00.0531 3428 C:\WINDOWS\system32\msgina.dll - ok
02:49:00.0531 3428 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
02:49:00.0531 3428 C:\WINDOWS\system32\comctl32.dll - ok
02:49:00.0531 3428 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
02:49:00.0531 3428 C:\WINDOWS\system32\odbc32.dll - ok
02:49:00.0531 3428 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
02:49:00.0531 3428 C:\WINDOWS\system32\comdlg32.dll - ok
02:49:00.0546 3428 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
02:49:00.0546 3428 C:\WINDOWS\system32\shell32.dll - ok
02:49:00.0546 3428 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
02:49:00.0546 3428 C:\WINDOWS\system32\shlwapi.dll - ok
02:49:00.0546 3428 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
02:49:00.0546 3428 C:\WINDOWS\system32\sxs.dll - ok
02:49:00.0546 3428 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
02:49:00.0546 3428 C:\WINDOWS\system32\odbcint.dll - ok
02:49:00.0546 3428 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
02:49:00.0546 3428 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
02:49:00.0562 3428 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
02:49:00.0562 3428 C:\WINDOWS\system32\ole32.dll - ok
02:49:00.0562 3428 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
02:49:00.0562 3428 C:\WINDOWS\system32\sfc.dll - ok
02:49:00.0562 3428 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
02:49:00.0562 3428 C:\WINDOWS\system32\sfc_os.dll - ok
02:49:00.0562 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
02:49:00.0562 3428 C:\WINDOWS\system32\shsvcs.dll - ok
02:49:00.0578 3428 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
02:49:00.0578 3428 C:\WINDOWS\system32\apphelp.dll - ok
02:49:00.0578 3428 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
02:49:00.0578 3428 C:\WINDOWS\system32\lsasrv.dll - ok
02:49:00.0578 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
02:49:00.0578 3428 C:\WINDOWS\system32\lsass.exe - ok
02:49:00.0578 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:49:00.0578 3428 C:\WINDOWS\system32\services.exe - ok
02:49:00.0578 3428 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
02:49:00.0578 3428 C:\WINDOWS\system32\dnsapi.dll - ok
02:49:00.0593 3428 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
02:49:00.0593 3428 C:\WINDOWS\system32\mpr.dll - ok
02:49:00.0593 3428 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
02:49:00.0593 3428 C:\WINDOWS\system32\msvcp60.dll - ok
02:49:00.0593 3428 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
02:49:00.0593 3428 C:\WINDOWS\system32\ncobjapi.dll - ok
02:49:00.0593 3428 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
02:49:00.0593 3428 C:\WINDOWS\system32\ntdsapi.dll - ok
02:49:00.0593 3428 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
02:49:00.0593 3428 C:\WINDOWS\system32\wldap32.dll - ok
02:49:00.0609 3428 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
02:49:00.0609 3428 C:\WINDOWS\system32\samlib.dll - ok
02:49:00.0609 3428 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
02:49:00.0609 3428 C:\WINDOWS\AppPatch\acgenral.dll - ok
02:49:00.0609 3428 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
02:49:00.0609 3428 C:\WINDOWS\system32\cryptdll.dll - ok
02:49:00.0609 3428 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
02:49:00.0609 3428 C:\WINDOWS\system32\samsrv.dll - ok
02:49:00.0625 3428 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
02:49:00.0625 3428 C:\WINDOWS\system32\scesrv.dll - ok
02:49:00.0625 3428 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
02:49:00.0625 3428 C:\WINDOWS\system32\shimeng.dll - ok
02:49:00.0625 3428 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
02:49:00.0625 3428 C:\WINDOWS\system32\umpnpmgr.dll - ok
02:49:00.0625 3428 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
02:49:00.0625 3428 C:\WINDOWS\AppPatch\acadproc.dll - ok
02:49:00.0625 3428 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
02:49:00.0625 3428 C:\WINDOWS\system32\msacm32.dll - ok
02:49:00.0640 3428 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
02:49:00.0640 3428 C:\WINDOWS\system32\oleaut32.dll - ok
02:49:00.0640 3428 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
02:49:00.0640 3428 C:\WINDOWS\system32\uxtheme.dll - ok
02:49:00.0640 3428 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
02:49:00.0640 3428 C:\WINDOWS\system32\winmm.dll - ok
02:49:00.0640 3428 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
02:49:00.0640 3428 C:\WINDOWS\system32\digest.dll - ok
02:49:00.0656 3428 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
02:49:00.0656 3428 C:\WINDOWS\system32\msapsspc.dll - ok
02:49:00.0656 3428 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
02:49:00.0656 3428 C:\WINDOWS\system32\msnsspc.dll - ok
02:49:00.0656 3428 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
02:49:00.0656 3428 C:\WINDOWS\system32\msvcrt40.dll - ok
02:49:00.0656 3428 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
02:49:00.0656 3428 C:\WINDOWS\system32\schannel.dll - ok
02:49:00.0656 3428 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
02:49:00.0656 3428 C:\WINDOWS\system32\kerberos.dll - ok
02:49:00.0671 3428 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
02:49:00.0671 3428 C:\WINDOWS\system32\msctfime.ime - ok
02:49:00.0671 3428 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
02:49:00.0671 3428 C:\WINDOWS\system32\msprivs.dll - ok
02:49:00.0671 3428 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
02:49:00.0671 3428 C:\WINDOWS\system32\atmfd.dll - ok
02:49:00.0671 3428 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
02:49:00.0671 3428 C:\WINDOWS\system32\iphlpapi.dll - ok
02:49:00.0671 3428 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
02:49:00.0671 3428 C:\WINDOWS\system32\msv1_0.dll - ok
02:49:00.0687 3428 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
02:49:00.0687 3428 C:\WINDOWS\system32\netlogon.dll - ok
02:49:00.0687 3428 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
02:49:00.0687 3428 C:\WINDOWS\system32\w32time.dll - ok
02:49:00.0687 3428 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
02:49:00.0687 3428 C:\WINDOWS\system32\rsaenh.dll - ok
02:49:00.0687 3428 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
02:49:00.0687 3428 C:\WINDOWS\system32\wdigest.dll - ok
02:49:00.0703 3428 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
02:49:00.0703 3428 C:\WINDOWS\system32\winscard.dll - ok
02:49:00.0703 3428 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
02:49:00.0703 3428 C:\WINDOWS\system32\wtsapi32.dll - ok
02:49:00.0703 3428 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
02:49:00.0703 3428 C:\WINDOWS\system32\scecli.dll - ok
02:49:00.0703 3428 [ 54E6B2194DA2B8A286077A8ABF42D3B7 ] C:\WINDOWS\system32\drivers\eamon.sys
02:49:00.0703 3428 C:\WINDOWS\system32\drivers\eamon.sys - ok
02:49:00.0703 3428 [ 299A7CE452023A99A65D0D28F3B2BBF6 ] C:\WINDOWS\system32\drivers\ehdrv.sys
02:49:00.0703 3428 C:\WINDOWS\system32\drivers\ehdrv.sys - ok
02:49:00.0703 3428 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
02:49:00.0703 3428 C:\WINDOWS\system32\svchost.exe - ok
02:49:00.0718 3428 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
02:49:00.0718 3428 C:\WINDOWS\system32\ntmarta.dll - ok
02:49:00.0718 3428 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
02:49:00.0718 3428 C:\WINDOWS\system32\rpcss.dll - ok
02:49:00.0718 3428 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
02:49:00.0718 3428 C:\WINDOWS\system32\xpsp2res.dll - ok
02:49:00.0718 3428 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
02:49:00.0718 3428 C:\WINDOWS\system32\eventlog.dll - ok
02:49:00.0734 3428 [ 6BFF97E56BE01D712BBCC8734A141B29 ] C:\WINDOWS\system32\drivers\epfw.sys
02:49:00.0734 3428 C:\WINDOWS\system32\drivers\epfw.sys - ok
02:49:00.0734 3428 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
02:49:00.0734 3428 C:\WINDOWS\system32\hnetcfg.dll - ok
02:49:00.0734 3428 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
02:49:00.0734 3428 C:\WINDOWS\system32\mswsock.dll - ok
02:49:00.0734 3428 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
02:49:00.0734 3428 C:\WINDOWS\system32\rasadhlp.dll - ok
02:49:00.0734 3428 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
02:49:00.0734 3428 C:\WINDOWS\system32\winrnr.dll - ok
02:49:00.0750 3428 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
02:49:00.0750 3428 C:\WINDOWS\system32\wshtcpip.dll - ok
02:49:00.0750 3428 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
02:49:00.0750 3428 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
02:49:00.0750 3428 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
02:49:00.0750 3428 C:\WINDOWS\system32\dhcpcsvc.dll - ok
02:49:00.0750 3428 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
02:49:00.0750 3428 C:\WINDOWS\system32\dnsrslvr.dll - ok
02:49:00.0765 3428 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
02:49:00.0765 3428 C:\WINDOWS\system32\lmhsvc.dll - ok
02:49:00.0765 3428 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
02:49:00.0765 3428 C:\WINDOWS\system32\wzcsvc.dll - ok
02:49:00.0765 3428 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
02:49:00.0765 3428 C:\WINDOWS\system32\atl.dll - ok
02:49:00.0765 3428 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
02:49:00.0765 3428 C:\WINDOWS\system32\dot3api.dll - ok
02:49:00.0765 3428 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
02:49:00.0765 3428 C:\WINDOWS\system32\eapolqec.dll - ok
02:49:00.0781 3428 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
02:49:00.0781 3428 C:\WINDOWS\system32\esent.dll - ok
02:49:00.0781 3428 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
02:49:00.0781 3428 C:\WINDOWS\system32\qutil.dll - ok
02:49:00.0781 3428 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
02:49:00.0781 3428 C:\WINDOWS\system32\rtutils.dll - ok
02:49:00.0781 3428 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
02:49:00.0781 3428 C:\WINDOWS\system32\wmi.dll - ok
02:49:00.0781 3428 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
02:49:00.0781 3428 C:\WINDOWS\system32\clbcatq.dll - ok
02:49:00.0796 3428 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
02:49:00.0796 3428 C:\WINDOWS\system32\comres.dll - ok
02:49:00.0796 3428 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
02:49:00.0796 3428 C:\WINDOWS\system32\rastls.dll - ok
02:49:00.0796 3428 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
02:49:00.0796 3428 C:\WINDOWS\system32\cryptui.dll - ok
02:49:00.0796 3428 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
02:49:00.0796 3428 C:\WINDOWS\system32\cscdll.dll - ok
02:49:00.0812 3428 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
02:49:00.0812 3428 C:\WINDOWS\system32\logonui.exe - ok
02:49:00.0812 3428 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
02:49:00.0812 3428 C:\WINDOWS\system32\dimsntfy.dll - ok
02:49:00.0812 3428 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
02:49:00.0812 3428 C:\WINDOWS\system32\normaliz.dll - ok
02:49:00.0812 3428 [ FF1C14BCA1A797CE45DD359FA2C9EDA8 ] C:\WINDOWS\system32\wininet.dll
02:49:00.0812 3428 C:\WINDOWS\system32\wininet.dll - ok
02:49:00.0812 3428 [ 0579CC3B95EDD1CE664A35E016F3DD58 ] C:\WINDOWS\system32\iertutil.dll
02:49:00.0812 3428 C:\WINDOWS\system32\iertutil.dll - ok
02:49:00.0828 3428 [ 9371862D37E8F0AF21E4DEA95E867C39 ] C:\WINDOWS\system32\urlmon.dll
02:49:00.0828 3428 C:\WINDOWS\system32\urlmon.dll - ok
02:49:00.0828 3428 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
02:49:00.0828 3428 C:\WINDOWS\system32\activeds.dll - ok
02:49:00.0828 3428 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
02:49:00.0828 3428 C:\WINDOWS\system32\adsldpc.dll - ok
02:49:00.0828 3428 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
02:49:00.0828 3428 C:\WINDOWS\system32\duser.dll - ok
02:49:00.0843 3428 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
02:49:00.0843 3428 C:\WINDOWS\system32\mprapi.dll - ok
02:49:00.0843 3428 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
02:49:00.0843 3428 C:\WINDOWS\system32\msimg32.dll - ok
02:49:00.0843 3428 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
02:49:00.0843 3428 C:\WINDOWS\system32\oleacc.dll - ok
02:49:00.0843 3428 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
02:49:00.0843 3428 C:\WINDOWS\system32\rasapi32.dll - ok
02:49:00.0843 3428 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
02:49:00.0843 3428 C:\WINDOWS\system32\rasman.dll - ok
02:49:00.0859 3428 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
02:49:00.0859 3428 C:\WINDOWS\system32\tapi32.dll - ok
02:49:00.0859 3428 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
02:49:00.0859 3428 C:\WINDOWS\system32\winspool.drv - ok
02:49:00.0859 3428 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
02:49:00.0859 3428 C:\WINDOWS\system32\wlnotify.dll - ok
02:49:00.0859 3428 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
02:49:00.0859 3428 C:\WINDOWS\system32\msxml3.dll - ok
02:49:00.0875 3428 [ 8AF3AF9B462AC590BADE6971676879E9 ] C:\WINDOWS\system32\WgaLogon.dll
02:49:00.0875 3428 C:\WINDOWS\system32\WgaLogon.dll - ok
02:49:00.0875 3428 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
02:49:00.0875 3428 C:\WINDOWS\system32\riched20.dll - ok
02:49:00.0875 3428 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
02:49:00.0875 3428 C:\WINDOWS\system32\raschap.dll - ok
02:49:00.0875 3428 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
02:49:00.0875 3428 C:\WINDOWS\system32\shgina.dll - ok
02:49:00.0890 3428 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
02:49:00.0890 3428 C:\WINDOWS\system32\schedsvc.dll - ok
02:49:00.0890 3428 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
02:49:00.0890 3428 C:\WINDOWS\system32\msidle.dll - ok
02:49:00.0890 3428 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
02:49:00.0890 3428 C:\WINDOWS\system32\spoolsv.exe - ok
02:49:00.0890 3428 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
02:49:00.0890 3428 C:\WINDOWS\system32\audiosrv.dll - ok
02:49:00.0906 3428 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
02:49:00.0906 3428 C:\WINDOWS\system32\wkssvc.dll - ok
02:49:00.0906 3428 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
02:49:00.0906 3428 C:\WINDOWS\system32\cscui.dll - ok
02:49:00.0906 3428 [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
02:49:00.0906 3428 C:\WINDOWS\system32\dpcdll.dll - ok
02:49:00.0906 3428 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
02:49:00.0906 3428 C:\WINDOWS\system32\powrprof.dll - ok
02:49:00.0906 3428 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
02:49:00.0906 3428 C:\WINDOWS\system32\wdmaud.drv - ok
02:49:00.0921 3428 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
02:49:00.0921 3428 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
02:49:00.0921 3428 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
02:49:00.0921 3428 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
02:49:00.0921 3428 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
02:49:00.0921 3428 C:\WINDOWS\system32\drivers\aec.sys - ok
02:49:00.0921 3428 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
02:49:00.0921 3428 C:\WINDOWS\system32\drivers\splitter.sys - ok
02:49:00.0937 3428 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
02:49:00.0937 3428 C:\WINDOWS\system32\drivers\dmusic.sys - ok
02:49:00.0937 3428 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
02:49:00.0937 3428 C:\WINDOWS\system32\drivers\swmidi.sys - ok
02:49:00.0937 3428 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
02:49:00.0937 3428 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
02:49:00.0937 3428 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
02:49:00.0937 3428 C:\WINDOWS\system32\drivers\kmixer.sys - ok
02:49:00.0937 3428 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
02:49:00.0937 3428 C:\WINDOWS\system32\userinit.exe - ok
02:49:00.0953 3428 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
02:49:00.0953 3428 C:\WINDOWS\system32\msacm32.drv - ok
02:49:00.0953 3428 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
02:49:00.0953 3428 C:\WINDOWS\explorer.exe - ok
02:49:00.0953 3428 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
02:49:00.0953 3428 C:\WINDOWS\system32\midimap.dll - ok
02:49:00.0953 3428 [ 1D4E4DC79155F745F09458B9EB095861 ] C:\WINDOWS\system32\browseui.dll
02:49:00.0953 3428 C:\WINDOWS\system32\browseui.dll - ok
02:49:00.0953 3428 [ 43D875D915A076F36BDF2C8EF50E0FFA ] C:\WINDOWS\system32\shdocvw.dll
02:49:00.0953 3428 C:\WINDOWS\system32\shdocvw.dll - ok
02:49:00.0968 3428 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
02:49:00.0968 3428 C:\WINDOWS\system32\desk.cpl - ok
02:49:00.0968 3428 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
02:49:00.0968 3428 C:\WINDOWS\system32\themeui.dll - ok
02:49:00.0968 3428 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
02:49:00.0968 3428 C:\WINDOWS\system32\actxprxy.dll - ok
02:49:00.0968 3428 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
02:49:00.0968 3428 C:\WINDOWS\system32\mlang.dll - ok
02:49:00.0968 3428 [ 2975C66459C426C20BC22D639DF6B611 ] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
02:49:00.0968 3428 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok
02:49:00.0984 3428 [ D573DEB87CB2DF4E5116D2A4E284EAB4 ] C:\WINDOWS\system32\ieframe.dll
02:49:00.0984 3428 C:\WINDOWS\system32\ieframe.dll - ok
02:49:00.0984 3428 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
02:49:00.0984 3428 C:\WINDOWS\system32\cmd.exe - ok
02:49:00.0984 3428 [ 9ED9F21D73F9D71E30EAB71835E656EB ] C:\DOCUME~1\BRJE~1\LOCALS~1\temp\4AC41F4B-7993-48C9-A637-DD3249BF103D.exe
02:49:00.0984 3428 C:\DOCUME~1\BRJE~1\LOCALS~1\temp\4AC41F4B-7993-48C9-A637-DD3249BF103D.exe - ok
02:49:00.0984 3428 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
02:49:00.0984 3428 C:\WINDOWS\system32\winhttp.dll - ok
02:49:01.0000 3428 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
02:49:01.0000 3428 C:\WINDOWS\system32\ntshrui.dll - ok
02:49:01.0000 3428 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
02:49:01.0000 3428 C:\WINDOWS\system32\verclsid.exe - ok
02:49:01.0000 3428 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
02:49:01.0000 3428 C:\WINDOWS\system32\msi.dll - ok
02:49:01.0000 3428 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
02:49:01.0000 3428 C:\WINDOWS\system32\linkinfo.dll - ok
02:49:01.0000 3428 [ 32C139FC0363681804EFF9394CD6B1B8 ] C:\WINDOWS\RTHDCPL.exe
02:49:01.0000 3428 C:\WINDOWS\RTHDCPL.exe - ok
02:49:01.0015 3428 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
02:49:01.0015 3428 C:\WINDOWS\system32\netshell.dll - ok
02:49:01.0015 3428 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
02:49:01.0015 3428 C:\WINDOWS\system32\dsound.dll - ok
02:49:01.0015 3428 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
02:49:01.0015 3428 C:\WINDOWS\system32\hhctrl.ocx - ok
02:49:01.0015 3428 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
02:49:01.0015 3428 C:\WINDOWS\system32\credui.dll - ok
02:49:01.0031 3428 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
02:49:01.0031 3428 C:\WINDOWS\system32\dot3dlg.dll - ok
02:49:01.0031 3428 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
02:49:01.0031 3428 C:\WINDOWS\system32\eappcfg.dll - ok
02:49:01.0031 3428 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
02:49:01.0031 3428 C:\WINDOWS\system32\eappprxy.dll - ok
02:49:01.0031 3428 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
02:49:01.0031 3428 C:\WINDOWS\system32\onex.dll - ok
02:49:01.0031 3428 [ B8E421C0890356CD4A793D8A346D9096 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
02:49:01.0031 3428 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
02:49:01.0046 3428 [ 90E7520A681FF31EFC920F32EE34DD42 ] C:\Program Files\Net iD\iid.dll
02:49:01.0046 3428 C:\Program Files\Net iD\iid.dll - ok
02:49:01.0046 3428 [ 0C2E2462FBEEDC2ABF2A55A6D5E50762 ] C:\Program Files\Net iD\iid.exe
02:49:01.0046 3428 C:\Program Files\Net iD\iid.exe - ok
02:49:01.0046 3428 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
02:49:01.0046 3428 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
02:49:01.0046 3428 [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
02:49:01.0046 3428 C:\WINDOWS\system32\mfc42.dll - ok
02:49:01.0046 3428 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
02:49:01.0046 3428 C:\WINDOWS\system32\sensapi.dll - ok
02:49:01.0062 3428 [ A404A9C9DBF60073424FA62AD71B129F ] C:\Program Files\ESET\ESET Smart Security\egui.exe
02:49:01.0062 3428 C:\Program Files\ESET\ESET Smart Security\egui.exe - ok
02:49:01.0062 3428 [ 686B224B4987C22B153FBB545FEE9657 ] C:\Program Files\ESET\ESET Smart Security\mfc80u.dll
02:49:01.0062 3428 C:\Program Files\ESET\ESET Smart Security\mfc80u.dll - ok
02:49:01.0062 3428 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
02:49:01.0062 3428 C:\WINDOWS\system32\shfolder.dll - ok
02:49:01.0062 3428 [ 1169436EE42F860C7DB37A4692B38F0E ] C:\Program Files\ESET\ESET Smart Security\msvcr80.dll
02:49:01.0062 3428 C:\Program Files\ESET\ESET Smart Security\msvcr80.dll - ok
02:49:01.0078 3428 [ 60B5FC7A3393F8DCD1FC0223E3B7D11F ] C:\Program Files\Net iD\iidp11.dll
02:49:01.0078 3428 C:\Program Files\Net iD\iidp11.dll - ok
02:49:01.0078 3428 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\16207673.sys
02:49:01.0078 3428 C:\WINDOWS\system32\drivers\16207673.sys - ok
02:49:01.0078 3428 [ 07CDD5732A8A084BA8EC10287CADDD36 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
02:49:01.0078 3428 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
02:49:01.0078 3428 [ 6DE5C66E434A9C1729575763D891C6C2 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
02:49:01.0078 3428 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll - ok
02:49:01.0078 3428 [ E7D91D008FE76423962B91C43C88E4EB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
02:49:01.0078 3428 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll - ok
02:49:01.0093 3428 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
02:49:01.0093 3428 C:\WINDOWS\system32\ksuser.dll - ok
02:49:01.0093 3428 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
02:49:01.0093 3428 C:\WINDOWS\system32\webcheck.dll - ok
02:49:01.0093 3428 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
02:49:01.0093 3428 C:\WINDOWS\system32\batmeter.dll - ok
02:49:01.0093 3428 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
02:49:01.0093 3428 C:\WINDOWS\system32\stobject.dll - ok
02:49:01.0093 3428 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
02:49:01.0093 3428 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
02:49:01.0109 3428 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
02:49:01.0109 3428 C:\WINDOWS\system32\mydocs.dll - ok
02:49:01.0109 3428 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
02:49:01.0109 3428 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
02:49:01.0109 3428 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
02:49:01.0109 3428 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
02:49:01.0109 3428 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
02:49:01.0109 3428 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
02:49:01.0125 3428 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
02:49:01.0125 3428 C:\WINDOWS\system32\webclnt.dll - ok
02:49:01.0125 3428 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] C:\Program Files\SUPERAntiSpyware\SASCore.exe
02:49:01.0125 3428 C:\Program Files\SUPERAntiSpyware\SASCore.exe - ok
02:49:01.0125 3428 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
02:49:01.0125 3428 C:\WINDOWS\system32\drivers\parport.sys - ok
02:49:01.0125 3428 [ 2E5445A4C9E9A5D1168205AEC44AEACF ] C:\WINDOWS\reset.exe
02:49:01.0125 3428 C:\WINDOWS\reset.exe - ok
02:49:01.0125 3428 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
02:49:01.0125 3428 C:\WINDOWS\system32\wsock32.dll - ok
02:49:01.0140 3428 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:49:01.0140 3428 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
02:49:01.0140 3428 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
02:49:01.0140 3428 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
02:49:01.0140 3428 [ B04DB1F0B2652FCBCCC5FD0C46579F0F ] C:\WINDOWS\system32\mscoree.dll
02:49:01.0140 3428 C:\WINDOWS\system32\mscoree.dll - ok
02:49:01.0140 3428 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
02:49:01.0140 3428 C:\WINDOWS\system32\cryptsvc.dll - ok
02:49:01.0156 3428 [ 4032F381C6A7D396D62A4F5219585A46 ] C:\Program Files\ESET\ESET Smart Security\ekrn.exe
02:49:01.0156 3428 C:\Program Files\ESET\ESET Smart Security\ekrn.exe - ok
02:49:01.0156 3428 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
02:49:01.0156 3428 C:\WINDOWS\system32\certcli.dll - ok
02:49:01.0156 3428 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
02:49:01.0156 3428 C:\WINDOWS\system32\dmserver.dll - ok
02:49:01.0156 3428 [ 8C53CCD787C381CD535D8DCCA12584D8 ] C:\Program Files\ESET\ESET Smart Security\msvcp80.dll
02:49:01.0156 3428 C:\Program Files\ESET\ESET Smart Security\msvcp80.dll - ok
02:49:01.0156 3428 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
02:49:01.0156 3428 C:\WINDOWS\system32\dssenh.dll - ok
02:49:01.0171 3428 [ 80F08F50D248EEEEB9256F6522891D40 ] C:\Program Files\Java\jre7\bin\jqs.exe
02:49:01.0171 3428 C:\Program Files\Java\jre7\bin\jqs.exe - ok
02:49:01.0171 3428 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
02:49:01.0171 3428 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
02:49:01.0171 3428 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
02:49:01.0171 3428 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
02:49:01.0171 3428 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
02:49:01.0171 3428 C:\WINDOWS\system32\ersvc.dll - ok
02:49:01.0171 3428 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
02:49:01.0171 3428 C:\WINDOWS\system32\es.dll - ok
02:49:01.0187 3428 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
02:49:01.0187 3428 C:\WINDOWS\system32\pdh.dll - ok
02:49:01.0187 3428 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
02:49:01.0187 3428 C:\WINDOWS\system32\odbcbcp.dll - ok
02:49:01.0187 3428 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
02:49:01.0187 3428 C:\WINDOWS\system32\srvsvc.dll - ok
02:49:01.0187 3428 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
02:49:01.0187 3428 C:\WINDOWS\system32\netman.dll - ok
02:49:01.0203 3428 [ D3530461AF3737392E5693D9E2CEA4A2 ] C:\Program Files\OO Software\Defrag\oodag.exe
02:49:01.0203 3428 C:\Program Files\OO Software\Defrag\oodag.exe - ok
02:49:01.0203 3428 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
02:49:01.0203 3428 C:\WINDOWS\system32\wzcsapi.dll - ok
02:49:01.0203 3428 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
02:49:01.0203 3428 C:\WINDOWS\system32\netmsg.dll - ok
02:49:01.0203 3428 [ 751068D5D0ECD64A4810379729A1F0BC ] C:\WINDOWS\system32\ulib.dll
02:49:01.0203 3428 C:\WINDOWS\system32\ulib.dll - ok
02:49:01.0203 3428 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
02:49:01.0203 3428 C:\WINDOWS\system32\dbghelp.dll - ok
02:49:01.0218 3428 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
02:49:01.0218 3428 C:\WINDOWS\system32\drivers\srv.sys - ok
02:49:01.0218 3428 [ F5C2F3DC62752181247456DD64473846 ] C:\Program Files\OO Software\Defrag\oodagrs.dll
02:49:01.0218 3428 C:\Program Files\OO Software\Defrag\oodagrs.dll - ok
02:49:01.0218 3428 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
02:49:01.0218 3428 C:\WINDOWS\system32\ipsecsvc.dll - ok
02:49:01.0218 3428 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
02:49:01.0218 3428 C:\WINDOWS\system32\oakley.dll - ok
02:49:01.0218 3428 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
02:49:01.0218 3428 C:\WINDOWS\system32\seclogon.dll - ok
02:49:01.0234 3428 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
02:49:01.0234 3428 C:\WINDOWS\system32\winipsec.dll - ok
02:49:01.0234 3428 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
02:49:01.0234 3428 C:\WINDOWS\system32\pstorsvc.dll - ok
02:49:01.0234 3428 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
02:49:01.0234 3428 C:\WINDOWS\system32\perfdisk.dll - ok
02:49:01.0234 3428 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
02:49:01.0234 3428 C:\WINDOWS\system32\perfos.dll - ok
02:49:01.0234 3428 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
02:49:01.0234 3428 C:\WINDOWS\system32\vssapi.dll - ok
02:49:01.0250 3428 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
02:49:01.0250 3428 C:\WINDOWS\system32\psbase.dll - ok
02:49:01.0250 3428 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
02:49:01.0250 3428 C:\WINDOWS\system32\sens.dll - ok
02:49:01.0250 3428 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
02:49:01.0250 3428 C:\WINDOWS\system32\srsvc.dll - ok
02:49:01.0250 3428 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
02:49:01.0250 3428 C:\WINDOWS\system32\trkwks.dll - ok
02:49:01.0265 3428 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
02:49:01.0265 3428 C:\WINDOWS\system32\cabinet.dll - ok
02:49:01.0265 3428 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
02:49:01.0265 3428 C:\WINDOWS\system32\wuaueng.dll - ok
02:49:01.0265 3428 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
02:49:01.0265 3428 C:\WINDOWS\system32\wuauserv.dll - ok
02:49:01.0265 3428 [ 467CFC0FE895D9FD08B27188CDE02063 ] C:\Program Files\Java\jre7\bin\awt.dll
02:49:01.0265 3428 C:\Program Files\Java\jre7\bin\awt.dll - ok
02:49:01.0265 3428 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
02:49:01.0265 3428 C:\WINDOWS\system32\mspatcha.dll - ok
02:49:01.0281 3428 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
02:49:01.0281 3428 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
02:49:01.0281 3428 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
02:49:01.0281 3428 C:\WINDOWS\system32\browser.dll - ok
02:49:01.0281 3428 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
02:49:01.0281 3428 C:\WINDOWS\system32\ipnathlp.dll - ok
02:49:01.0281 3428 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
02:49:01.0281 3428 C:\WINDOWS\system32\wscsvc.dll - ok
02:49:01.0281 3428 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
02:49:01.0281 3428 C:\WINDOWS\system32\wups.dll - ok
02:49:01.0296 3428 [ 95AC512898A8E9F0E76740EB259E4C31 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
02:49:01.0296 3428 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
02:49:01.0296 3428 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
02:49:01.0296 3428 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
02:49:01.0296 3428 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
02:49:01.0296 3428 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
02:49:01.0296 3428 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
02:49:01.0296 3428 C:\WINDOWS\system32\wups2.dll - ok
02:49:01.0312 3428 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
02:49:01.0312 3428 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
02:49:01.0312 3428 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
02:49:01.0312 3428 C:\WINDOWS\system32\wbem\esscli.dll - ok
02:49:01.0312 3428 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
02:49:01.0312 3428 C:\WINDOWS\system32\wbem\fastprox.dll - ok
02:49:01.0312 3428 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
02:49:01.0312 3428 C:\WINDOWS\system32\comsvcs.dll - ok
02:49:01.0312 3428 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
02:49:01.0312 3428 C:\WINDOWS\system32\clusapi.dll - ok
02:49:01.0328 3428 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
02:49:01.0328 3428 C:\WINDOWS\system32\colbact.dll - ok
02:49:01.0328 3428 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
02:49:01.0328 3428 C:\WINDOWS\system32\mtxclu.dll - ok
02:49:01.0328 3428 [ 87E6543D1CB0D386AC7AC287828E5B07 ] C:\Program Files\Java\jre7\bin\dcpr.dll
02:49:01.0328 3428 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
02:49:01.0328 3428 [ 21F53789F627FF735F54E17BDA1DFD81 ] C:\Program Files\Java\jre7\bin\deploy.dll
02:49:01.0328 3428 C:\Program Files\Java\jre7\bin\deploy.dll - ok
02:49:01.0328 3428 [ 2B8B64AA14F817BDF3E3204FB041A61D ] C:\WINDOWS\system32\mtxoci.dll
02:49:01.0328 3428 C:\WINDOWS\system32\mtxoci.dll - ok
02:49:01.0343 3428 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
02:49:01.0343 3428 C:\WINDOWS\system32\resutils.dll - ok
02:49:01.0343 3428 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
02:49:01.0343 3428 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
02:49:01.0343 3428 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
02:49:01.0343 3428 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
02:49:01.0343 3428 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
02:49:01.0343 3428 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
02:49:01.0359 3428 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
02:49:01.0359 3428 C:\WINDOWS\system32\wuauclt.exe - ok
02:49:01.0359 3428 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
02:49:01.0359 3428 C:\WINDOWS\system32\wbem\wbemess.dll - ok
02:49:01.0359 3428 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
02:49:01.0359 3428 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
02:49:01.0359 3428 [ 28661294ADE35EF4170615FD43A8A406 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
02:49:01.0359 3428 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
02:49:01.0359 3428 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
02:49:01.0359 3428 C:\WINDOWS\system32\wuapi.dll - ok
02:49:01.0375 3428 [ 1E15EAF07C548430B88620AAFD75EB6A ] C:\Program Files\Java\jre7\bin\java.dll
02:49:01.0375 3428 C:\Program Files\Java\jre7\bin\java.dll - ok
02:49:01.0375 3428 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
02:49:01.0375 3428 C:\WINDOWS\system32\wbem\ncprov.dll - ok
02:49:01.0375 3428 [ A8F3C0659931724881347F586730827C ] C:\Program Files\Java\jre7\bin\javaw.exe
02:49:01.0375 3428 C:\Program Files\Java\jre7\bin\javaw.exe - ok
02:49:01.0375 3428 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
02:49:01.0375 3428 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
02:49:01.0390 3428 [ 567E9566ABB3590D5AABA395E76CE6BD ] C:\Program Files\Java\jre7\bin\jp2native.dll
02:49:01.0390 3428 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
02:49:01.0390 3428 [ 0A93AD186EDBAFA06F60712C16063AC6 ] C:\Program Files\Java\jre7\bin\jpeg.dll
02:49:01.0390 3428 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
02:49:01.0390 3428 [ CFFAD68E72DD41D207CBD0A77956989E ] C:\Program Files\Java\jre7\bin\net.dll
02:49:01.0390 3428 C:\Program Files\Java\jre7\bin\net.dll - ok
02:49:01.0390 3428 [ 96257A7FB009579DE9DC3A58D626BB47 ] C:\Program Files\Java\jre7\bin\nio.dll
02:49:01.0390 3428 C:\Program Files\Java\jre7\bin\nio.dll - ok
02:49:01.0390 3428 [ F613C1A517B04533C6DA1813200E2A95 ] C:\Program Files\Java\jre7\bin\verify.dll
02:49:01.0390 3428 C:\Program Files\Java\jre7\bin\verify.dll - ok
02:49:01.0406 3428 [ CFDBFCD763E3612E41E198D6AA3CB09A ] C:\Program Files\Java\jre7\bin\zip.dll
02:49:01.0406 3428 C:\Program Files\Java\jre7\bin\zip.dll - ok
02:49:01.0406 3428 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
02:49:01.0406 3428 C:\WINDOWS\system32\upnp.dll - ok
02:49:01.0406 3428 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
02:49:01.0406 3428 C:\WINDOWS\system32\ssdpapi.dll - ok
02:49:01.0406 3428 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
02:49:01.0406 3428 C:\WINDOWS\system32\netcfgx.dll - ok
02:49:01.0406 3428 [ E38A31544CB879C2A50BAAB8B7FA36A5 ] C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll
02:49:01.0406 3428 C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll - ok
02:49:01.0421 3428 [ A6B6D934988027EC096EA27E80201BB7 ] C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll
02:49:01.0421 3428 C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll - ok
02:49:01.0421 3428 [ E147006F832425DBD6C6FE5A57BFB44D ] C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll
02:49:01.0421 3428 C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll - ok
02:49:01.0421 3428 [ 5A2B5E98439C3F6D0267159994FFB4D8 ] C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll
02:49:01.0421 3428 C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll - ok
02:49:01.0421 3428 [ AFB8F4DC35E6DD92DEE48E2F3959F252 ] C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll
02:49:01.0421 3428 C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll - ok
02:49:01.0437 3428 [ C6A2C1B363CD56411D43BB51E9D39621 ] C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll
02:49:01.0437 3428 C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll - ok
02:49:01.0437 3428 [ F1A2535F814190E0CCE1691C32468950 ] C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll
02:49:01.0437 3428 C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll - ok
02:49:01.0437 3428 [ 8963512305E8FFFB85479C2739C2BE32 ] C:\Program Files\ESET\ESET Smart Security\updater.dll
02:49:01.0437 3428 C:\Program Files\ESET\ESET Smart Security\updater.dll - ok
02:49:01.0437 3428 [ EBF45FB86327AD570F158703A64FFFCE ] C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll
02:49:01.0437 3428 C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll - ok
02:49:01.0437 3428 [ FD81AE8E1D439C1FBFFE417EC8036708 ] C:\Program Files\ESET\ESET Smart Security\eplgOE.dll
02:49:01.0437 3428 C:\Program Files\ESET\ESET Smart Security\eplgOE.dll - ok
02:49:01.0453 3428 [ F52085AAD959B9FAF7723CEA0F833C4A ] C:\Program Files\ESET\ESET Smart Security\PPESET.dll
02:49:01.0453 3428 C:\Program Files\ESET\ESET Smart Security\PPESET.dll - ok
02:49:01.0453 3428 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
02:49:01.0453 3428 C:\WINDOWS\system32\termsrv.dll - ok
02:49:01.0453 3428 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
02:49:01.0453 3428 C:\WINDOWS\system32\icaapi.dll - ok
02:49:01.0453 3428 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
02:49:01.0453 3428 C:\WINDOWS\system32\mstlsapi.dll - ok
02:49:01.0453 3428 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
02:49:01.0453 3428 C:\WINDOWS\system32\imapi.exe - ok
02:49:01.0468 3428 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
02:49:01.0468 3428 C:\WINDOWS\system32\drivers\http.sys - ok
02:49:01.0468 3428 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
02:49:01.0468 3428 C:\WINDOWS\system32\ssdpsrv.dll - ok
02:49:01.0468 3428 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
02:49:01.0468 3428 C:\WINDOWS\system32\rasdlg.dll - ok
02:49:01.0468 3428 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
02:49:01.0468 3428 C:\WINDOWS\system32\alg.exe - ok
02:49:01.0468 3428 [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\system32\wscntfy.exe
02:49:01.0468 3428 C:\WINDOWS\system32\wscntfy.exe - ok
02:49:01.0484 3428 [ 0AEF48CF7FCA6EAF63F4A21B2517BF53 ] C:\Program Files\ESET\ESET Smart Security\eguiScan.dll
02:49:01.0484 3428 C:\Program Files\ESET\ESET Smart Security\eguiScan.dll - ok
02:49:01.0484 3428 [ 772546EA591C9893500CB5C3CD56DEA0 ] C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll
02:49:01.0484 3428 C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll - ok
02:49:01.0484 3428 [ EF28A8F52FF367DC6827E5E239EA2132 ] C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll
02:49:01.0484 3428 C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll - ok
02:49:01.0484 3428 [ 1471A02C94F0CD02719B102DED11EEDE ] C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll
02:49:01.0484 3428 C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll - ok
02:49:01.0500 3428 [ B2518E550F2AA29EDFF51E80FCEEC513 ] C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll
02:49:01.0500 3428 C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll - ok
02:49:01.0500 3428 [ 6E8B44C3BBEF200C7F312C963EE31BAB ] C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll
02:49:01.0500 3428 C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll - ok
02:49:01.0500 3428 [ 0FED411604F02C917F83BE4DFFB4450A ] C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll
02:49:01.0500 3428 C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll - ok
02:49:01.0500 3428 [ A6C5404608AC84C7ECBB8D33817C7BB1 ] C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll
02:49:01.0500 3428 C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll - ok
02:49:01.0500 3428 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
02:49:01.0500 3428 C:\WINDOWS\system32\usp10.dll - ok
02:49:01.0515 3428 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
02:49:01.0515 3428 C:\WINDOWS\system32\spoolss.dll - ok
02:49:01.0515 3428 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
02:49:01.0515 3428 C:\WINDOWS\system32\localspl.dll - ok
02:49:01.0515 3428 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
02:49:01.0515 3428 C:\WINDOWS\system32\cnbjmon.dll - ok
02:49:01.0515 3428 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
02:49:01.0515 3428 C:\WINDOWS\system32\pjlmon.dll - ok
02:49:01.0515 3428 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
02:49:01.0515 3428 C:\WINDOWS\system32\tcpmon.dll - ok
02:49:01.0531 3428 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
02:49:01.0531 3428 C:\WINDOWS\system32\usbmon.dll - ok
02:49:01.0531 3428 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
02:49:01.0531 3428 C:\WINDOWS\system32\netrap.dll - ok
02:49:01.0531 3428 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
02:49:01.0531 3428 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
02:49:01.0531 3428 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
02:49:01.0531 3428 C:\WINDOWS\system32\win32spl.dll - ok
02:49:01.0546 3428 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
02:49:01.0546 3428 C:\WINDOWS\system32\inetpp.dll - ok
02:49:01.0546 3428 ============================================================
02:49:01.0546 3428 Scan finished
02:49:01.0546 3428 ============================================================
02:49:01.0546 3420 Detected object count: 1
02:49:01.0546 3420 Actual detected object count: 1
02:52:02.0890 3420 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:52:02.0890 3420 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#6 bubbis

bubbis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 18 October 2012 - 10:19 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Börje (administrator) on 19-10-2012 at 03:47:08
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : chieftec2 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : lanEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller Physical Address. . . . . . . . . : 00-1D-60-40-5B-14 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.103 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.11 DHCP Server . . . . . . . . . . . : 192.168.0.11 DNS Servers . . . . . . . . . . . : 192.168.0.11 Lease Obtained. . . . . . . . . . : den 19 oktober 2012 02:48:21 Lease Expires . . . . . . . . . . : den 26 oktober 2012 02:48:21DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.11

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 173.194.32.35, 173.194.32.40, 173.194.32.46, 173.194.32.32
173.194.32.41, 173.194.32.39, 173.194.32.37, 173.194.32.33, 173.194.32.38
173.194.32.36, 173.194.32.34

Pinging google.com [173.194.32.34] with 32 bytes of data:Reply from 173.194.32.34: bytes=32 time=55ms TTL=51Reply from 173.194.32.34: bytes=32 time=50ms TTL=51Ping statistics for 173.194.32.34: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 50ms, Maximum = 55ms, Average = 52msDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.11

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=286ms TTL=49Reply from 98.138.253.109: bytes=32 time=166ms TTL=49Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 166ms, Maximum = 286ms, Average = 226msDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.11

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 60 40 5b 14 ...... Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.11 192.168.0.103 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.103 192.168.0.103 20
192.168.0.103 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.103 192.168.0.103 20
224.0.0.0 240.0.0.0 192.168.0.103 192.168.0.103 20
255.255.255.255 255.255.255.255 192.168.0.103 192.168.0.103 1
Default Gateway: 192.168.0.11
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/05/2012 06:04:07 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x800706be

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - CLR: Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)


System errors:
=============
Error: (10/19/2012 02:48:36 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/19/2012 02:48:36 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1326

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (10/18/2012 06:56:22 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/18/2012 06:56:22 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1326

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).


Microsoft Office Sessions:
=========================
Error: (10/05/2012 06:04:07 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x800706be
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - CLR: Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Annabel 1.00
Attansic Ethernet Utility (Version: 2.0.60.4)
Attansic L1 Gigabit Ethernet Driver
AveyondJust For Fun Games
CCleaner (Version: 3.22)
CPUID CPU-Z 1.61.3
CPUID HWMonitor 1.20
ESET Smart Security (Version: 4.2.58.3)
GetDiz 4.5 (Version: 4.5)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
jv16 PowerTools 2011 (Version: )
Malwarebytes' Anti-Malware version 1.51.0.1200 (Version: 1.51.0.1200)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
Net iD 5.4.1 (Version: 5.4.1.34)
NVIDIA Control Panel 306.23 (Version: 306.23)
NVIDIA Graphics Driver 306.23 (Version: 306.23)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA nView 136.28 (Version: 136.28)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
O&O Defrag Professional (Version: 16.0.139)
OpenAL
Realtek High Definition Audio Driver (Version: 5.10.0.5391)
SUPERAntiSpyware (Version: 5.5.1022)
TPTEST 5.0.2
UltraISO Premium V9.36
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinImage
WinRAR archiver
VLC media player 2.0.2 (Version: 2.0.2)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 2047.04 MB
Available physical RAM: 1602.25 MB
Total Pagefile: 3942.91 MB
Available Pagefile: 3646.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.28 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:29.29 GB) (Free:10.1 GB) NTFS
3 Drive d: (Ddrive) (Fixed) (Total:436.47 GB) (Free:264.27 GB) NTFS

========================= Users: ========================================

User accounts for \\CHIEFTEC2

Administrator B”rje Guest

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

18-10-2012 12:19:28 System Checkpoint

**** End of log ****

Edited by bubbis, 18 October 2012 - 10:26 PM.


#7 bubbis

bubbis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 18 October 2012 - 10:33 PM

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 4.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
CCleaner
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.4.402.287
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

#8 bubbis

bubbis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 18 October 2012 - 10:37 PM

Farbar Service Scanner Version: 07-10-2012
Ran by Börje (administrator) on 19-10-2012 at 03:42:13
Running from "C:\Documents and Settings\Börje\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Epfwndis(17) epfwtdi(18) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x12000000050000000100000002000000030000000400000012000000100000000E0000000C000000090000000600000007000000080000000A0000000B0000000D0000000F00000011000000
IpSec Tag value is correct.

**** End of log ****

#9 bubbis

bubbis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 18 October 2012 - 10:40 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Börje (administrator) on 19-10-2012 at 03:47:08
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : chieftec2 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : lanEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller Physical Address. . . . . . . . . : 00-1D-60-40-5B-14 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.103 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.11 DHCP Server . . . . . . . . . . . : 192.168.0.11 DNS Servers . . . . . . . . . . . : 192.168.0.11 Lease Obtained. . . . . . . . . . : den 19 oktober 2012 02:48:21 Lease Expires . . . . . . . . . . : den 26 oktober 2012 02:48:21DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.11

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 173.194.32.35, 173.194.32.40, 173.194.32.46, 173.194.32.32
173.194.32.41, 173.194.32.39, 173.194.32.37, 173.194.32.33, 173.194.32.38
173.194.32.36, 173.194.32.34

Pinging google.com [173.194.32.34] with 32 bytes of data:Reply from 173.194.32.34: bytes=32 time=55ms TTL=51Reply from 173.194.32.34: bytes=32 time=50ms TTL=51Ping statistics for 173.194.32.34: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 50ms, Maximum = 55ms, Average = 52msDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.11

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=286ms TTL=49Reply from 98.138.253.109: bytes=32 time=166ms TTL=49Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 166ms, Maximum = 286ms, Average = 226msDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.11

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 60 40 5b 14 ...... Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.11 192.168.0.103 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.103 192.168.0.103 20
192.168.0.103 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.103 192.168.0.103 20
224.0.0.0 240.0.0.0 192.168.0.103 192.168.0.103 20
255.255.255.255 255.255.255.255 192.168.0.103 192.168.0.103 1
Default Gateway: 192.168.0.11
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/05/2012 06:04:07 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x800706be

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - CLR: Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)


System errors:
=============
Error: (10/19/2012 02:48:36 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/19/2012 02:48:36 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1326

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (10/18/2012 06:56:22 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/18/2012 06:56:22 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1326

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).


Microsoft Office Sessions:
=========================
Error: (10/05/2012 06:04:07 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x800706be
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - CLR: Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)

Error: (10/05/2012 05:56:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3082 - Fatal Execution Engine Error (7A0979C6) (80131506)


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Annabel 1.00
Attansic Ethernet Utility (Version: 2.0.60.4)
Attansic L1 Gigabit Ethernet Driver
AveyondJust For Fun Games
CCleaner (Version: 3.22)
CPUID CPU-Z 1.61.3
CPUID HWMonitor 1.20
ESET Smart Security (Version: 4.2.58.3)
GetDiz 4.5 (Version: 4.5)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
jv16 PowerTools 2011 (Version: )
Malwarebytes' Anti-Malware version 1.51.0.1200 (Version: 1.51.0.1200)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
Net iD 5.4.1 (Version: 5.4.1.34)
NVIDIA Control Panel 306.23 (Version: 306.23)
NVIDIA Graphics Driver 306.23 (Version: 306.23)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA nView 136.28 (Version: 136.28)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
O&O Defrag Professional (Version: 16.0.139)
OpenAL
Realtek High Definition Audio Driver (Version: 5.10.0.5391)
SUPERAntiSpyware (Version: 5.5.1022)
TPTEST 5.0.2
UltraISO Premium V9.36
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinImage
WinRAR archiver
VLC media player 2.0.2 (Version: 2.0.2)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 2047.04 MB
Available physical RAM: 1602.25 MB
Total Pagefile: 3942.91 MB
Available Pagefile: 3646.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.28 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:29.29 GB) (Free:10.1 GB) NTFS
3 Drive d: (Ddrive) (Fixed) (Total:436.47 GB) (Free:264.27 GB) NTFS

========================= Users: ========================================

User accounts for \\CHIEFTEC2

Administrator B”rje Guest

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

18-10-2012 12:19:28 System Checkpoint

**** End of log ****


Sorry for each log in reply but it got "too long post" message otherwise.

/ b

Edited by bubbis, 18 October 2012 - 10:44 PM.


#10 dev00790

dev00790

    Bleeping chocoholic


  • Members
  • 4,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 19 October 2012 - 06:32 PM

Hi


Combofix is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Since you have run Combofix without Supervision :nono: ..

------------------------

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 bubbis

bubbis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 20 October 2012 - 06:54 AM

Hi dev

Thanks for assisting.

I am fully aware that combofix is not a toy.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Börje at 12:42:09 on 2012-10-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1454 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Net iD\iid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Börje\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Net iD] "c:\program files\net id\iid.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: DhcpNameServer = 192.168.0.11
TCP: Interfaces\{29B1E043-28B1-4B94-B332-17F876521B4A} : DhcpNameServer = 192.168.0.11
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\börje\application data\mozilla\firefox\profiles\up0b595q.default\
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2012-8-30 11448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-6-24 810144]
R2 OODefragAgent;O&O Defrag;c:\program files\oo software\defrag\oodag.exe [2012-9-14 2019184]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-4-6 37376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-10-2 1258856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 115168]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-18 16:42:37 -------- d-----w- c:\documents and settings\börje\application data\ESET
2012-10-18 16:41:54 -------- d-----w- c:\program files\ESET
2012-10-18 12:15:35 98816 ----a-w- c:\windows\sed.exe
2012-10-18 12:15:35 518144 ----a-w- c:\windows\SWREG.exe
2012-10-18 12:15:35 256000 ----a-w- c:\windows\PEV.exe
2012-10-18 12:15:35 208896 ----a-w- c:\windows\MBR.exe
2012-10-09 19:29:26 -------- d--h--w- c:\documents and settings\börje\PrintHood
2012-10-09 00:00:42 -------- d--h--r- c:\documents and settings\börje\Recent
2012-10-05 15:29:20 -------- d-----w- c:\windows\system32\XPSViewer
2012-10-03 16:34:04 343040 -c--a-w- c:\windows\system32\dllcache\msvcrt.dll
2012-10-03 16:34:04 343040 ----a-w- c:\windows\system32\msvcrt.dll
2012-10-03 16:30:08 343040 ----a-w- c:\windows\msvcrt.dll
2012-10-03 16:22:59 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-10-03 16:21:59 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-10-03 16:20:58 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2012-10-03 16:19:57 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2012-10-03 16:18:53 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-10-03 16:17:58 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-10-03 16:16:59 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-10-03 16:15:58 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-10-03 16:14:55 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-10-03 16:13:58 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-10-03 16:12:59 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-10-03 16:11:59 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-10-03 16:10:58 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-10-03 16:09:57 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-10-03 16:08:59 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2012-10-03 16:07:59 70174 -c--a-w- c:\windows\system32\dllcache\el98xn5.sys
2012-10-03 16:06:59 25600 -c--a-w- c:\windows\system32\dllcache\dc210_32.dll
2012-10-03 16:05:52 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-10-03 16:04:57 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2012-10-02 20:06:37 -------- d-----w- c:\windows\system32\oodag
2012-10-02 20:00:49 -------- d-----w- c:\program files\OO Software
2012-10-02 19:58:39 -------- d-----w- c:\documents and settings\all users\application data\OO Software
2012-10-02 13:56:11 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2012-10-02 13:54:54 -------- d-----w- C:\temp
2012-10-02 13:54:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-02 13:54:14 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-01 23:42:50 -------- d-sh--w- c:\documents and settings\börje\PrivacIE
2012-10-01 23:42:03 -------- d-sh--w- c:\documents and settings\börje\IETldCache
2012-10-01 23:40:27 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-01 23:40:02 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-10-01 23:39:43 -------- d-----w- c:\windows\ie8updates
2012-10-01 23:39:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-01 23:39:29 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-10-01 23:39:29 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-10-01 23:39:29 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-10-01 23:39:29 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-10-01 23:39:29 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-10-01 23:39:29 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-10-01 23:38:37 -------- dc-h--w- c:\windows\ie8
2012-10-01 12:41:52 -------- d-----w- c:\documents and settings\börje\application data\SUPERAntiSpyware.com
2012-10-01 12:40:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-01 12:40:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-28 14:55:38 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
2012-10-12 13:44:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-12 13:44:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 16:22:19 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-10-10 16:22:19 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-10-10 16:22:18 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-09-14 16:42:40 206192 ----a-w- c:\windows\system32\oodbs.exe
2012-09-14 16:42:10 10096 ----a-w- c:\windows\system32\oodbsrs.dll
2012-08-31 12:43:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 12:43:07 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-31 12:43:06 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 12:43:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 16:44:07 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-08-30 16:43:36 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-08-30 16:43:36 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 16:43:34 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-08-30 16:43:34 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:42:16,90 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-20 13:47:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD5000AAKS-65YGA0 rev.12.01C02
Running: gmer.exe; Driver: C:\DOCUME~1\BRJE~1\LOCALS~1\Temp\kglcrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB2AD1610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB2AD1C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB2AD1730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB2AD14B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB2AD1570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB2AD16D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xB2AD1790]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB2AD1690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB2AD1650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB2AD17D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB2AD1510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB2AD1590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB2AD14D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB2AD15D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB2AD1750]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB74233A0, 0x5CC259, 0xE8000020]
? C:\DOCUME~1\BRJE~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0149A650 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[336] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 016D7E1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[336] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 016D7DF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[336] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0149EDB3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[336] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 016D7D78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[496] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 105DADE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[496] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 105DAD6F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[496] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104247EC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[496] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 10424E1E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[816] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\OO Software\Defrag\oodag.exe[968] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00401C50 C:\Program Files\OO Software\Defrag\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xD3 0x6E 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xAB 0xB4 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0xE1 0x52 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x31 0xCC 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x29 0x37 0xEF 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x51 0xAD 0xBA 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x1D 0x5C 0x23 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xD3 0x6E 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xAB 0xB4 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0xE1 0x52 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x31 0xCC 0x05 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x29 0x37 0xEF 0xC1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x51 0xAD 0xBA 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x1D 0x5C 0x23 0x24 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 12B9554766A55BC4F9A1B8C9DDB95C14FA0A112017DB81194F2C69F2A5A878BD4E426208D855B7EB619A688A5FCC1C9E4DC1C0E6B361E5854D36E931DF8775B4F531C6278E2A636A76799636E6806460954FC815C3857D2E95DD92EF2D700CBBD3456122AEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA2D97226D213B555A6171C11EC38DE3DB901B196181330BF0054300622962EDCB94109397BB359D16BA47FDABEC5263DBC74DD94DAB4A6747EC0E6B51DE9C557B510D62F42058EF0397AF7D722ED0C63E4A4440760AF2D2ED10419FCB8A5C3B829EFF71DD0F40D380207D87222DB505E4C660F0B70CE7FD856ACB91F4C63FEA0544CC80CAC0BE39E02B2889897A3D798523E4E1254537DF32B7B2332B2AF6E4435C48A566441C2ACBA1B518B60CC2F9117E375E35BEEAB16B16811A04D0BB06E8FAB63AC88850103728F62DDDD51045C02C65A9759CBB064131EA12B00EB857B6D8A5C92AC3A985230954EFAF620AA1F3D09BA9C2385D99D39795CE130BA535C199C64DE6AB426E0C1E30A9E131D9917367D3534932B1511D30FA82DCB53A19624CEC9BE5EBE6D0A3AE87058A01FEA921F304C748AC1F822552452C6C0089D44E0C7C432A81853BA6B45C18E12705EF4EE5D6847E9423A4BF5B30

---- EOF - GMER 1.0.15 ----

Edited by bubbis, 20 October 2012 - 06:59 AM.


#12 dev00790

dev00790

    Bleeping chocoholic


  • Members
  • 4,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 AM

Posted 20 October 2012 - 11:39 AM

Hi bubbis,

Please post the logs in a new topic as previously stated in the link provided - not in this topic.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users