Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Terminal Server 2003 R2 x64 slow log offs after cleaning up infection


  • Please log in to reply
17 replies to this topic

#1 ajafar

ajafar

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 21 March 2012 - 10:48 PM

Hi guys,

I'm at my wits end with this problem with a client of mine.

Windows Server 2003 R2 x64 running Terminal Services was infected with a few spyware and the consrv.dll virus.

The server was running on an ESXi 4.1 Host, I made a copy and it's running in a sandbox environment to try to help and troubleshoot.

It has 4 processors, 250gb Intel X25-m G2 SSD as the hdd and 8gigs of ram allocated to it. It's extremely fast logging in, booting up and running apps.

Removed what I think is everything using a combination of spybot s&d, superantispyware, Kaspersky and finally Microsoft Forefront Endpoint Security (Microsoft Security Essentials for enterprise).

Monitored outgoing network connections on our firewall to make sure that there was no rogue rootkit still connecting to the internet. The new problem we have now is the Server will not gravefully log off sessions all the time. RDP sessions will log off sometimes, other times will hang on nearly every process (explorer.exe, rdpclip.exe, etc). If logging onto the console session, initiating a logoff will sometimes hang and every rdp session will hang till the console session times out and logs off.

I've done everything including turning off every non-microsoft service, disabling printer spooler (terminal server troubleshooting), creating new user profiles to test it out and I've been working with Microsoft support for the last week with no real progress.

I would like to fix this problem instead of rebuilding this terminal server because 80 users log onto it and we would need to recreate every user profile.

So, I'm looking to the experts here to see if maybe we might still be infected or some registry hook is tying up the server. Am I in the right place to see if we can run some scans to make sure this is not some sort of infection?

Edited by ajafar, 21 March 2012 - 10:50 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:40 PM

Posted 29 March 2012 - 08:57 PM

Can you post the logs?

#3 ajafar

ajafar
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 29 March 2012 - 09:10 PM

What logs would you like? I haven't run any analysis software from this site.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:40 PM

Posted 29 March 2012 - 10:01 PM

These logs:

Removed what I think is everything using a combination of spybot s&d, superantispyware, Kaspersky and finally Microsoft Forefront Endpoint Security (Microsoft Security Essentials for enterprise).

#5 ajafar

ajafar
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 March 2012 - 03:50 PM

Malware Bytes latest Scan
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows Server 2003 Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18702
ali :: TS [administrator]

Protection: Enabled

3/30/2012 11:42:00 AM
mbam-log-2012-03-30 (11-42-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 37065
Time elapsed: 40 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{df22384f-cf68-4d19-969f-10423715528b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF22384F-CF68-4D19-969F-10423715528B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Spybot Search and Destroy


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-03-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi
2012-03-20 Includes\AdwareC.sbi
2010-08-12 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2011-11-29 Includes\DialerC.sbi
2012-01-31 Includes\HeavyDuty.sbi
2012-03-20 Includes\Hijackers.sbi
2011-10-04 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2012-03-13 Includes\Keyloggers.sbi
2012-03-13 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2012-03-27 Includes\Malware.sbi
2012-03-27 Includes\MalwareC.sbi
2011-02-24 Includes\PUPS.sbi
2012-02-28 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2011-02-24 Includes\Security.sbi
2011-12-13 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2012-01-17 Includes\Spyware.sbi
2012-02-28 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2011-09-27 Includes\Trojans.sbi
2012-03-21 Includes\TrojansC-02.sbi
2012-03-27 Includes\TrojansC-03.sbi
2012-03-27 Includes\TrojansC-04.sbi
2012-03-27 Includes\TrojansC-05.sbi
2012-03-20 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows 2003/XPx64 (Build: 3790) Service Pack 2 (5.2.3790)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


--- Startup entries list ---
Located: HK_LM:Run, Malwarebytes' Anti-Malware
command: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
file: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
size: 460872
MD5: 60D0647A2DC2D397B84D0AFB0808F85D

Located: HK_CU:Run,
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce,
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, TSClientMSIUninstaller
where: .DEFAULT...
command: cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 49A5F0A9A539780BA5A1A202416915A0

Located: HK_CU:RunOnce, tscuninstall
where: .DEFAULT...
command: %systemroot%\system32\tscupgrd.exe
file: C:\WINDOWS\system32\tscupgrd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, tscuninstall
where: S-1-5-19...
command: %systemroot%\system32\tscupgrd.exe
file: C:\WINDOWS\system32\tscupgrd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, tscuninstall
where: S-1-5-20...
command: %systemroot%\system32\tscupgrd.exe
file: C:\WINDOWS\system32\tscupgrd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3511556105-3077299275-3811863912-1013...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 07C627121E84C7EBF7E38E3A1DBCDEC3

Located: HK_CU:Run,
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce,
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, TSClientMSIUninstaller
where: S-1-5-18...
command: cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 49A5F0A9A539780BA5A1A202416915A0

Located: HK_CU:RunOnce, tscuninstall
where: S-1-5-18...
command: %systemroot%\system32\tscupgrd.exe
file: C:\WINDOWS\system32\tscupgrd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (user), _uninst_14236367.lnk
where: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup...
command: C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_14236367.bat
file: C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_14236367.bat
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: dimsntfy.dll
file: dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, EFS
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/3/2012 6:10:44 AM
Date (last access): 3/30/2012 1:10:26 PM
Date (last write): 1/3/2012 6:10:44 AM
Filesize: 63912
Attributes: archive
MD5: 8A3BA48B5BE893E1D81BFAC17A3C1B1F
CRC32: B2328724
Version: 10.1.2.45

{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PlayBryte BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: PlayBryte BHO
Path:
Long name: mscoree.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java™ Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java™ Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 2/24/2012 2:07:44 PM
Date (last access): 3/30/2012 1:43:12 PM
Date (last write): 2/24/2012 2:07:44 PM
Filesize: 325408
Attributes: archive
MD5: 8E6C86726B67D3FAA3144849B9AAC06C
CRC32: B1F4AB5B
Version: 6.0.310.5

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java™ Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 2/24/2012 2:07:44 PM
Date (last access): 3/30/2012 1:43:12 PM
Date (last write): 2/24/2012 2:07:44 PM
Filesize: 42272
Attributes: archive
MD5: A9770771B622A871643EA2A4A3983E95
CRC32: D1C0DA03
Version: 6.0.310.5

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 2/24/2012 2:07:44 PM
Date (last access): 3/30/2012 1:43:12 PM
Date (last write): 2/24/2012 2:07:44 PM
Filesize: 79648
Attributes: archive
MD5: 59B9F6ABAC6CBBC356E092C556FF8EA5
CRC32: 01015427
Version: 6.0.310.5



--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase: http://office2010.microsoft.com/sites/production/ieawsdc32.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~2\MICROS~3\OFFICE11\
Long name: IEAWSDC.DLL
Short name:
Date (created): 4/19/2007 3:10:30 PM
Date (last access): 3/30/2012 12:13:12 PM
Date (last write): 4/14/2010 11:56:04 PM
Filesize: 190984
Attributes: archive
MD5: 237943184FC728D9B7CF6AA5F09DC837
CRC32: 5B40D026
Version: 14.0.5506.0

{0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control)
DPF name:
CLSID name: Microsoft Data Collection Control
Installer:
Codebase: https://support.microsoft.com/dcode/ActiveX/MSDcode.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSDcode.dll
Short name:
Date (created): 12/14/2010 11:00:30 AM
Date (last access): 3/30/2012 12:17:24 PM
Date (last write): 12/14/2010 11:00:30 AM
Filesize: 562512
Attributes: archive
MD5: 7B0C2FBC82CFD78C90B7279F623F0495
CRC32: 65883B0A
Version: 2.7.251.0

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\SysWow64\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 1/7/2009 6:20:24 PM
Date (last access): 3/30/2012 12:24:34 PM
Date (last write): 6/25/2009 1:20:28 PM
Filesize: 1485176
Attributes: archive
MD5: 3307A07B81206F354F0D4BEFEE922437
CRC32: 58E4DC38
Version: 1.9.42.0

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232167070011
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\SysWow64\
Long name: wuweb.dll
Short name:
Date (created): 1/16/2009 8:50:58 PM
Date (last access): 3/30/2012 12:24:54 PM
Date (last write): 8/6/2009 7:24:18 PM
Filesize: 209632
Attributes: archive
MD5: 033AF4CE25B6D871F0DE2C982658E049
CRC32: 2C204902
Version: 7.4.7600.226

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232167286323
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\SysWow64\
Long name: muweb.dll
Short name:
Date (created): 10/16/2008 3:07:48 PM
Date (last access): 3/30/2012 12:24:42 PM
Date (last write): 8/6/2009 7:23:46 PM
Filesize: 215920
Attributes: archive
MD5: A1350D646EF6E57E8F4F33EBE7320D08
CRC32: AB3CA24F
Version: 7.4.7600.226

{7EC816D4-6FC3-4C58-A7DA-A770EE461602} (PowerTerm Downloader Class)
DPF name:
CLSID name: PowerTerm Downloader Class
Installer: C:\WINDOWS\Downloaded Program Files\PtDownloader.inf
Codebase: http://secure.bladetop.com/webconnect/windows/ptdownloader.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PtDownloader.dll
Short name: PTDOWN~1.DLL
Date (created): 7/16/2007 10:34:12 AM
Date (last access): 3/30/2012 12:17:24 PM
Date (last write): 7/16/2007 10:34:12 AM
Filesize: 111920
Attributes: archive
MD5: EFDAF53BB52D0E3FDDEE64A8010477C8
CRC32: CA4C588A
Version: 5.6.0.1007

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 2/24/2012 2:07:44 PM
Date (last access): 3/30/2012 12:13:06 PM
Date (last write): 2/24/2012 2:07:44 PM
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 2/24/2012 2:07:44 PM
Date (last access): 3/30/2012 1:48:28 PM
Date (last write): 2/24/2012 2:07:44 PM
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 2/24/2012 2:07:44 PM
Date (last access): 3/30/2012 1:48:28 PM
Date (last write): 2/24/2012 2:07:44 PM
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash64.inf
Codebase: http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SysWOW64\Macromed\Flash\
Long name: Flash11g.ocx
Short name:
Date (created): 3/16/2012 6:52:50 AM
Date (last access): 3/30/2012 1:22:40 PM
Date (last write): 3/16/2012 6:52:50 AM
Filesize: 8632480
Attributes: readonly archive
MD5: A303750BF0EFFC0458175E67958A7324
CRC32: 38CE109B
Version: 11.1.102.63

{DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class)
DPF name:
CLSID name: AxisMediaControlEmb Class
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://67.90.233.35/activex/AMC.cab
description:
classification: Open for discussion
known filename: AxisMediaControlEmb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Axis Communications\AXIS Media Control Embedded\
Long name: AxisMediaControlEmb.dll
Short name: AXISME~1.DLL
Date (created): 8/14/2009 4:16:38 PM
Date (last access): 3/30/2012 1:10:14 PM
Date (last write): 2/28/2006 8:26:38 AM
Filesize: 618496
Attributes: archive
MD5: D2B47806C5E266218F8D35D9AC993860
CRC32: BC3E357C
Version: 3.32.31.0

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Installer: C:\WINDOWS\Downloaded Program Files\ieatgpc.inf
Codebase: https://akamaicdn.webex.com/client/WBXclient-T27L10NSP30-13034/webex/ieatgpc.cab
description:
classification: Legitimate
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ieatgpc.dll
Short name:
Date (created): 9/28/2011 6:34:22 AM
Date (last access): 3/30/2012 12:17:24 PM
Date (last write): 9/28/2011 6:34:22 AM
Filesize: 302904
Attributes: archive
MD5: ECF918C911969027302C45478BA4BC3F
CRC32: 4218DFA7
Version: 2.1.0.0

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: gp.ocx
Short name:
Date (created): 9/1/2010 3:52:10 PM
Date (last access): 3/30/2012 12:17:24 PM
Date (last write): 9/1/2010 3:52:10 PM
Filesize: 65184
Attributes: archive
MD5: CDFE6CC527D5F6FE75FB9DFFB85D3133
CRC32: 8D372D12
Version: 1.6.2.91

{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control)
DPF name:
CLSID name: Performance Viewer Activex Control
Installer: C:\WINDOWS\Downloaded Program Files\RACtrl.inf
Codebase: https://secure.logmein.com/activex/ractrl.cab?lmi=100
description:
classification: Legitimate
known filename: RACtrl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: RACtrl.dll
Short name:
Date (created): 6/1/2010 11:46:58 AM
Date (last access): 3/30/2012 12:17:24 PM
Date (last write): 6/1/2010 11:46:58 AM
Filesize: 4064656
Attributes: archive
MD5: 1C635861E857359F1FCF692C9076F61F
CRC32: 78D8F481
Version: 1.0.0.608



--- Process list ---
PID: 0 ( 0) [System]
PID: 1112 ( 412) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
size: 652360
MD5: 056B19651BD7B7CE5F89A3AC46DBDC08
PID: 2212 ( 212) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 2252 (2212) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 2312 (2212) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 07C627121E84C7EBF7E38E3A1DBCDEC3
PID: 2520 ( 212) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
size: 981680
MD5: B8F49232247D0825B2B82E08A9E10753
PID: 2888 (2520) C:\WINDOWS\system32\NOTEPAD.EXE
size: 68608
MD5: 7200B516A1A5E86DDAFA49206ABC8715
PID: 872 (2520) C:\WINDOWS\system32\NOTEPAD.EXE
size: 68608
MD5: 7200B516A1A5E86DDAFA49206ABC8715
PID: 1468 ( 212) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 288 ( 4) C:\WINDOWS\system32\smss.exe
size: 53760
MD5: 97E9B4A202E645E7826BE7597B335C47
PID: 344 ( 288) C:\WINDOWS\system32\csrss.exe
PID: 368 ( 288) C:\WINDOWS\system32\winlogon.exe
PID: 412 ( 368) C:\WINDOWS\system32\services.exe
PID: 424 ( 368) C:\WINDOWS\system32\lsass.exe
PID: 608 ( 412) C:\WINDOWS\system32\svchost.exe
size: 14848
MD5: C09CCFE81DEC9B162533D7184D705682
PID: 668 ( 412) C:\WINDOWS\system32\svchost.exe
size: 14848
MD5: C09CCFE81DEC9B162533D7184D705682
PID: 728 ( 412) C:\WINDOWS\system32\svchost.exe
size: 14848
MD5: C09CCFE81DEC9B162533D7184D705682
PID: 768 ( 412) C:\WINDOWS\system32\svchost.exe
size: 14848
MD5: C09CCFE81DEC9B162533D7184D705682
PID: 796 ( 412) C:\WINDOWS\system32\svchost.exe
size: 14848
MD5: C09CCFE81DEC9B162533D7184D705682
PID: 896 ( 412) C:\WINDOWS\system32\spoolsv.exe
size: 111616
MD5: 206FD327B4AAD3AEAA8E0D7D03F2044A
PID: 920 ( 412) C:\WINDOWS\system32\msdtc.exe
PID: 1032 ( 412) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
size: 140672
MD5: 7D9D615201A483D6FA99491C2E655A5A
PID: 1156 ( 412) C:\WINDOWS\system32\svchost.exe
size: 14848
MD5: C09CCFE81DEC9B162533D7184D705682
PID: 1204 ( 412) C:\WINDOWS\system32\svchost.exe
size: 14848
MD5: C09CCFE81DEC9B162533D7184D705682
PID: 1264 ( 412) C:\WINDOWS\system32\svchost.exe
size: 14848
MD5: C09CCFE81DEC9B162533D7184D705682
PID: 1712 ( 608) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 217600
MD5: 332124357850EB5429E41FA85C82AF0F
PID: 212 (2032) C:\WINDOWS\explorer.exe
size: 1364480
MD5: AE7A08C05F72A9242734C03230A5CD7F
PID: 1176 ( 412) C:\WINDOWS\system32\svchost.exe
size: 14848
MD5: C09CCFE81DEC9B162533D7184D705682
PID: 1888 ( 212) C:\WINDOWS\hh.exe
size: 12288
MD5: 1BB94C8D6D32BB4782CE45D96AB7D79D


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/30/2012 1:48:27 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
res://iesetup.dll/softAdmin.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
res://iesetup.dll/softAdmin.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace


Superantispyware has nothing to report. Neither did Forefront Endpoint. The original outbreak involved the conserv.dll virus and I used Kaspersky Online Scanner to fix that.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:40 PM

Posted 30 March 2012 - 03:53 PM

Can you post the Kaspersky log, and is this server being used as an actual work station?

#7 ajafar

ajafar
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 March 2012 - 05:44 PM

I took a snapshot copy of the production server and cloned it into a sandbox testing Virtual Environment.

Here is the Kaspersky TDDSKiller Log.

15:40:49.0265 1816 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
15:40:49.0812 1816 ============================================================
15:40:49.0812 1816 Current date / time: 2012/03/30 15:40:49.0812
15:40:49.0812 1816 SystemInfo:
15:40:49.0812 1816
15:40:49.0812 1816 OS Version: 5.2.3790 ServicePack: 2.0
15:40:49.0812 1816 Product type: Server
15:40:49.0812 1816 ComputerName: TS
15:40:49.0812 1816 UserName: ali
15:40:49.0812 1816 Windows directory: C:\WINDOWS
15:40:49.0812 1816 System windows directory: C:\WINDOWS
15:40:49.0812 1816 Running under WOW64
15:40:49.0812 1816 Processor architecture: Intel x64
15:40:49.0812 1816 Number of processors: 4
15:40:49.0812 1816 Page size: 0x1000
15:40:49.0812 1816 Boot type: Normal boot
15:40:49.0812 1816 ============================================================
15:40:50.0171 1816 Drive \Device\Harddisk0\DR0 - Size: 0x3C00FAC800 (240.02 Gb), SectorSize: 0x200, Cylinders: 0x7A64, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
15:40:50.0171 1816 \Device\Harddisk0\DR0:
15:40:50.0171 1816 MBR used
15:40:50.0171 1816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E003E64
15:40:50.0171 1816 Initialize success
15:40:50.0171 1816 ============================================================
15:40:51.0531 2076 ============================================================
15:40:51.0531 2076 Scan started
15:40:51.0531 2076 Mode: Manual;
15:40:51.0531 2076 ============================================================
15:40:52.0078 2076 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:40:52.0078 2076 !SASCORE - ok
15:40:52.0140 2076 Abiosdsk - ok
15:40:52.0171 2076 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:40:52.0171 2076 ACPI - ok
15:40:52.0218 2076 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:40:52.0218 2076 ACPIEC - ok
15:40:52.0218 2076 adpu160m - ok
15:40:52.0234 2076 adpu320 - ok
15:40:52.0250 2076 AeLookupSvc (ac7010dde9111a1c65d7391ada5c7257) C:\WINDOWS\System32\aelupsvc.dll
15:40:52.0250 2076 AeLookupSvc - ok
15:40:52.0281 2076 AFD (886c37d055020d0d02c35ac5b84e76ab) C:\WINDOWS\System32\drivers\afd.sys
15:40:52.0296 2076 AFD - ok
15:40:52.0296 2076 aic78u2 - ok
15:40:52.0312 2076 aic78xx - ok
15:40:52.0312 2076 Alerter (afa2cf7cb731ca177cccffffe5d88776) C:\WINDOWS\system32\alrsvc.dll
15:40:52.0312 2076 Alerter - ok
15:40:52.0328 2076 ALG (2d21ff6d4cd30e679f1a294d5ba3d97b) C:\WINDOWS\System32\alg.exe
15:40:52.0328 2076 ALG - ok
15:40:52.0328 2076 AliIde - ok
15:40:52.0343 2076 AmdIde - ok
15:40:52.0359 2076 AppMgmt (4f6b2de8bc199c542f174844bb64485a) C:\WINDOWS\System32\appmgmts.dll
15:40:52.0375 2076 AppMgmt - ok
15:40:52.0375 2076 arc - ok
15:40:52.0390 2076 aspnet_state (f9f0f095586009e5da0c32e648aa99fa) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
15:40:52.0390 2076 aspnet_state - ok
15:40:52.0421 2076 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:40:52.0421 2076 AsyncMac - ok
15:40:52.0421 2076 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:40:52.0421 2076 atapi - ok
15:40:52.0437 2076 Atdisk - ok
15:40:52.0453 2076 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:40:52.0453 2076 Atmarpc - ok
15:40:52.0484 2076 AudioSrv (0da015ab1ee54988572cfc4b7644556a) C:\WINDOWS\System32\audiosrv.dll
15:40:52.0484 2076 AudioSrv - ok
15:40:52.0515 2076 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:40:52.0515 2076 audstub - ok
15:40:52.0562 2076 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
15:40:52.0562 2076 Beep - ok
15:40:52.0562 2076 BetterCareerSearch_2bService - ok
15:40:52.0593 2076 BITS (749c15323919984a6e08bad427d89936) C:\WINDOWS\system32\qmgr.dll
15:40:52.0609 2076 BITS - ok
15:40:52.0625 2076 bmdrvr (49fdfd4cb5b326cf2ceed08d3d159cdf) C:\WINDOWS\syswow64\drivers\bmdrvr.sys
15:40:52.0625 2076 bmdrvr - ok
15:40:52.0656 2076 Browser (3a8e1df1a159df863af4e5b84019a2bc) C:\WINDOWS\System32\browser.dll
15:40:52.0656 2076 Browser - ok
15:40:52.0671 2076 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
15:40:52.0671 2076 Cdfs - ok
15:40:52.0703 2076 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:40:52.0703 2076 Cdrom - ok
15:40:52.0718 2076 CiSvc (46c54f209031afa0f100d0703fc346da) C:\WINDOWS\system32\cisvc.exe
15:40:52.0718 2076 CiSvc - ok
15:40:52.0734 2076 ClipSrv (74f11d0323666d9f615a2d3692590122) C:\WINDOWS\system32\clipsrv.exe
15:40:52.0734 2076 ClipSrv - ok
15:40:52.0734 2076 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:40:52.0734 2076 clr_optimization_v2.0.50727_32 - ok
15:40:52.0750 2076 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:40:52.0750 2076 clr_optimization_v2.0.50727_64 - ok
15:40:52.0796 2076 ClusDisk (12a9958fba322146cf415ea7e065c1e9) C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
15:40:52.0796 2076 ClusDisk - ok
15:40:52.0828 2076 CmBatt (2bde819fca7370ad84aecbd76520eaf9) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:40:52.0828 2076 CmBatt - ok
15:40:52.0843 2076 CmdIde - ok
15:40:52.0859 2076 Compbatt (35f6977863f97d80d3e30f8ff0c293a4) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:40:52.0859 2076 Compbatt - ok
15:40:52.0859 2076 COMSysApp - ok
15:40:52.0875 2076 cpqcissm - ok
15:40:52.0890 2076 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
15:40:52.0890 2076 crcdisk - ok
15:40:52.0921 2076 CryptSvc (8b0b3744c60936acae31012799db3982) C:\WINDOWS\System32\cryptsvc.dll
15:40:52.0937 2076 CryptSvc - ok
15:40:53.0000 2076 DcomLaunch (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
15:40:53.0015 2076 DcomLaunch - ok
15:40:53.0062 2076 Dfs (f59a8ec4ede700be463fc198ab00b49f) C:\WINDOWS\system32\Dfssvc.exe
15:40:53.0062 2076 Dfs - ok
15:40:53.0093 2076 DfsDriver (37309ced300998e8e2faf19c7d755dcd) C:\WINDOWS\system32\drivers\Dfs.sys
15:40:53.0093 2076 DfsDriver - ok
15:40:53.0125 2076 Dhcp (de4c841dda8d5800515a5ca908580a36) C:\WINDOWS\System32\dhcpcsvc.dll
15:40:53.0140 2076 Dhcp - ok
15:40:53.0156 2076 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
15:40:53.0156 2076 Disk - ok
15:40:53.0156 2076 dmadmin - ok
15:40:53.0203 2076 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
15:40:53.0203 2076 dmboot - ok
15:40:53.0234 2076 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
15:40:53.0234 2076 dmio - ok
15:40:53.0250 2076 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
15:40:53.0250 2076 dmload - ok
15:40:53.0250 2076 dmserver (76f7e7922f428be040f800920bb8ff3b) C:\WINDOWS\System32\dmserver.dll
15:40:53.0250 2076 dmserver - ok
15:40:53.0281 2076 Dnscache (19c1612c4f5d828935d2270c7af13e6e) C:\WINDOWS\System32\dnsrslvr.dll
15:40:53.0281 2076 Dnscache - ok
15:40:53.0296 2076 dpti2o - ok
15:40:53.0328 2076 E1000 (9ddcc35ae7dce7fc0ed9c2b6f6d522ea) C:\WINDOWS\system32\DRIVERS\e1G5132e.sys
15:40:53.0328 2076 E1000 - ok
15:40:53.0343 2076 elxstor - ok
15:40:53.0359 2076 ERSvc (b063a36e4e027a9dbe2b019ebbbeae86) C:\WINDOWS\System32\ersvc.dll
15:40:53.0375 2076 ERSvc - ok
15:40:53.0406 2076 Eventlog (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
15:40:53.0406 2076 Eventlog - ok
15:40:53.0437 2076 EventSystem (cdef30a1dcffcaf6a4e8b7812ae79c95) C:\WINDOWS\system32\es.dll
15:40:53.0437 2076 EventSystem - ok
15:40:53.0468 2076 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
15:40:53.0468 2076 Fastfat - ok
15:40:53.0484 2076 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:40:53.0500 2076 Fdc - ok
15:40:53.0515 2076 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
15:40:53.0515 2076 Fips - ok
15:40:53.0531 2076 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:40:53.0531 2076 Flpydisk - ok
15:40:53.0578 2076 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\drivers\fltmgr.sys
15:40:53.0578 2076 FltMgr - ok
15:40:53.0593 2076 FontCache3.0.0.0 (8a4dcd28d2be12946f6d5d308b0942a6) c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:53.0593 2076 FontCache3.0.0.0 - ok
15:40:53.0609 2076 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:40:53.0609 2076 Fs_Rec - ok
15:40:53.0640 2076 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:40:53.0640 2076 Ftdisk - ok
15:40:53.0640 2076 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:40:53.0656 2076 Gpc - ok
15:40:53.0687 2076 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:40:53.0687 2076 HDAudBus - ok
15:40:53.0703 2076 helpsvc (40e274b64843813a81c42687592339d7) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:40:53.0703 2076 helpsvc - ok
15:40:53.0703 2076 HidServ - ok
15:40:53.0718 2076 HidUsb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:40:53.0718 2076 HidUsb - ok
15:40:53.0734 2076 hpcisss - ok
15:40:53.0765 2076 HTTP (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
15:40:53.0781 2076 HTTP - ok
15:40:53.0796 2076 HTTPFilter (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\System32\lsass.exe
15:40:53.0796 2076 HTTPFilter - ok
15:40:53.0828 2076 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:40:53.0828 2076 i8042prt - ok
15:40:53.0828 2076 IASJet - ok
15:40:53.0875 2076 idsvc (501cf65702d7f64c38db360f7eb07adc) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:40:53.0875 2076 idsvc - ok
15:40:53.0875 2076 iirsp - ok
15:40:53.0906 2076 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:40:53.0906 2076 imapi - ok
15:40:53.0968 2076 ImapiService (9014c144cd95eee1f5884664a4bfb4d8) C:\WINDOWS\system32\imapi.exe
15:40:53.0968 2076 ImapiService - ok
15:40:53.0984 2076 IntelIde (06b7acd0e67bda504dfd0340663f9b78) C:\WINDOWS\system32\drivers\intelide.sys
15:40:53.0984 2076 IntelIde - ok
15:40:54.0000 2076 intelppm (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:40:54.0000 2076 intelppm - ok
15:40:54.0015 2076 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\drivers\ip6fw.sys
15:40:54.0015 2076 Ip6Fw - ok
15:40:54.0015 2076 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:40:54.0015 2076 IpFilterDriver - ok
15:40:54.0031 2076 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:40:54.0031 2076 IpNat - ok
15:40:54.0046 2076 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:40:54.0062 2076 IPSec - ok
15:40:54.0062 2076 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:40:54.0078 2076 IRENUM - ok
15:40:54.0078 2076 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:40:54.0078 2076 isapnp - ok
15:40:54.0109 2076 IsmServ (88a21bbc522a757d5f60f194add773df) C:\WINDOWS\System32\ismserv.exe
15:40:54.0109 2076 IsmServ - ok
15:40:54.0125 2076 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files (x86)\Java\jre6\bin\jqs.exe
15:40:54.0125 2076 JavaQuickStarterService - ok
15:40:54.0140 2076 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:40:54.0140 2076 Kbdclass - ok
15:40:54.0140 2076 kdc (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\System32\lsass.exe
15:40:54.0140 2076 kdc - ok
15:40:54.0171 2076 KSecDD (e9bc44a069593b8bfce33610a0196d6b) C:\WINDOWS\system32\drivers\KSecDD.sys
15:40:54.0171 2076 KSecDD - ok
15:40:54.0187 2076 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
15:40:54.0187 2076 ksthunk - ok
15:40:54.0218 2076 lanmanserver (4d8e9a805add244b5c511147a5d9bb8c) C:\WINDOWS\System32\srvsvc.dll
15:40:54.0218 2076 lanmanserver - ok
15:40:54.0250 2076 lanmanworkstation (bf4105d3eb357652a4ea73f170715acd) C:\WINDOWS\System32\wkssvc.dll
15:40:54.0250 2076 lanmanworkstation - ok
15:40:54.0281 2076 LicenseService (4bd65b218147b549851272dedaead7e9) C:\WINDOWS\System32\llssrv.exe
15:40:54.0281 2076 LicenseService - ok
15:40:54.0296 2076 LmHosts (80db42573f8ef6cbb6a7a0ff6966a352) C:\WINDOWS\System32\lmhsvc.dll
15:40:54.0296 2076 LmHosts - ok
15:40:54.0312 2076 lp6nds35 - ok
15:40:54.0328 2076 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
15:40:54.0328 2076 mbamchameleon - ok
15:40:54.0343 2076 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\WINDOWS\system32\drivers\mbam.sys
15:40:54.0343 2076 MBAMProtector - ok
15:40:54.0343 2076 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:40:54.0359 2076 MBAMService - ok
15:40:54.0375 2076 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\WINDOWS\system32\31.tmp
15:40:54.0375 2076 MEMSWEEP2 - ok
15:40:54.0375 2076 Messenger (34ef8cbea95ef5108a1349fc22d87513) C:\WINDOWS\System32\msgsvc.dll
15:40:54.0375 2076 Messenger - ok
15:40:54.0406 2076 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
15:40:54.0406 2076 mnmdd - ok
15:40:54.0406 2076 mnmsrvc - ok
15:40:54.0437 2076 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
15:40:54.0437 2076 Modem - ok
15:40:54.0453 2076 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:40:54.0453 2076 Mouclass - ok
15:40:54.0468 2076 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:40:54.0468 2076 mouhid - ok
15:40:54.0515 2076 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
15:40:54.0515 2076 MountMgr - ok
15:40:54.0515 2076 mraid35x - ok
15:40:54.0578 2076 MRxDAV (3d33208e5a7414d8633d34d24f119173) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:40:54.0578 2076 MRxDAV - ok
15:40:54.0593 2076 MRxSmb (9385e695b33068b90cf419186ecaa3de) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:40:54.0609 2076 MRxSmb - ok
15:40:54.0625 2076 MSDTC (d42976785ba169c2361f97cc6a20681f) C:\WINDOWS\system32\msdtc.exe
15:40:54.0625 2076 MSDTC - ok
15:40:54.0640 2076 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
15:40:54.0640 2076 Msfs - ok
15:40:54.0656 2076 MSIServer - ok
15:40:54.0671 2076 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:40:54.0671 2076 mssmbios - ok
15:40:54.0703 2076 Mup (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
15:40:54.0703 2076 Mup - ok
15:40:54.0734 2076 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
15:40:54.0734 2076 NDIS - ok
15:40:54.0765 2076 NdisTapi (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:40:54.0765 2076 NdisTapi - ok
15:40:54.0781 2076 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:40:54.0781 2076 Ndisuio - ok
15:40:54.0812 2076 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:40:54.0812 2076 NdisWan - ok
15:40:54.0828 2076 NDProxy (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
15:40:54.0828 2076 NDProxy - ok
15:40:54.0843 2076 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:40:54.0843 2076 NetBIOS - ok
15:40:54.0875 2076 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:40:54.0875 2076 NetBT - ok
15:40:54.0906 2076 NetDDE (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
15:40:54.0906 2076 NetDDE - ok
15:40:54.0921 2076 NetDDEdsdm (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
15:40:54.0921 2076 NetDDEdsdm - ok
15:40:54.0953 2076 Netlogon (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
15:40:54.0953 2076 Netlogon - ok
15:40:55.0000 2076 Netman (f28fd9dba68a85d6ee4225a83f127d2b) C:\WINDOWS\System32\netman.dll
15:40:55.0015 2076 Netman - ok
15:40:55.0015 2076 NetTcpPortSharing (8bc776595238ab62072aa6beb17ddf59) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:40:55.0015 2076 NetTcpPortSharing - ok
15:40:55.0031 2076 nfrd960 - ok
15:40:55.0078 2076 Nla (ba13c3c32a69dc37653c9543e065950e) C:\WINDOWS\System32\mswsock.dll
15:40:55.0093 2076 Nla - ok
15:40:55.0109 2076 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
15:40:55.0109 2076 Npfs - ok
15:40:55.0171 2076 NtFrs (0feee91d3e2db7161ea030609d2cd6a6) C:\WINDOWS\system32\ntfrs.exe
15:40:55.0187 2076 NtFrs - ok
15:40:55.0234 2076 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
15:40:55.0234 2076 Ntfs - ok
15:40:55.0250 2076 NtLmSsp (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
15:40:55.0250 2076 NtLmSsp - ok
15:40:55.0281 2076 NtmsSvc (a398462077f68a41b4dff9fb7e8fc7b8) C:\WINDOWS\system32\ntmssvc.dll
15:40:55.0296 2076 NtmsSvc - ok
15:40:55.0296 2076 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
15:40:55.0296 2076 Null - ok
15:40:55.0296 2076 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:40:55.0296 2076 ose - ok
15:40:55.0328 2076 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\DRIVERS\parport.sys
15:40:55.0343 2076 Parport - ok
15:40:55.0343 2076 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
15:40:55.0359 2076 PartMgr - ok
15:40:55.0375 2076 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
15:40:55.0375 2076 PCI - ok
15:40:55.0390 2076 PCIIde - ok
15:40:55.0406 2076 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:40:55.0406 2076 Pcmcia - ok
15:40:55.0421 2076 PGKey - ok
15:40:55.0421 2076 PlugPlay (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
15:40:55.0437 2076 PlugPlay - ok
15:40:55.0453 2076 Pml Driver HPZ12 (403f8d707515a6aae46ccc5dbfe8408c) C:\WINDOWS\system32\HPZipm12.dll
15:40:55.0453 2076 Pml Driver HPZ12 - ok
15:40:55.0468 2076 PolicyAgent (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
15:40:55.0468 2076 PolicyAgent - ok
15:40:55.0468 2076 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:40:55.0468 2076 PptpMiniport - ok
15:40:55.0500 2076 Processor (1f6afb4d9ccf57ff90eb4932b672d1e6) C:\WINDOWS\system32\DRIVERS\processr.sys
15:40:55.0500 2076 Processor - ok
15:40:55.0500 2076 ProtectedStorage (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
15:40:55.0500 2076 ProtectedStorage - ok
15:40:55.0515 2076 ql2300 - ok
15:40:55.0515 2076 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:40:55.0515 2076 RasAcd - ok
15:40:55.0546 2076 RasAuto (3f573d0c001b982c3180860366783bc0) C:\WINDOWS\System32\rasauto.dll
15:40:55.0546 2076 RasAuto - ok
15:40:55.0546 2076 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:40:55.0546 2076 Rasl2tp - ok
15:40:55.0578 2076 RasMan (47f7838f77a42f85c763899ab1b77d14) C:\WINDOWS\System32\rasmans.dll
15:40:55.0578 2076 RasMan - ok
15:40:55.0593 2076 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:40:55.0593 2076 RasPppoe - ok
15:40:55.0593 2076 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:40:55.0593 2076 Raspti - ok
15:40:55.0640 2076 Rdbss (f1c8347f0e437e145b2e30a6f29e45bd) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:40:55.0640 2076 Rdbss - ok
15:40:55.0640 2076 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:40:55.0640 2076 RDPCDD - ok
15:40:55.0687 2076 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:40:55.0687 2076 rdpdr - ok
15:40:55.0718 2076 RDPWD (e87df32229d27afbd9ea4efc70bd0daa) C:\WINDOWS\system32\drivers\RDPWD.sys
15:40:55.0718 2076 RDPWD - ok
15:40:55.0765 2076 RDSessMgr (a72be0b07655141ab4eabecf0d66528a) C:\WINDOWS\system32\sessmgr.exe
15:40:55.0765 2076 RDSessMgr - ok
15:40:55.0781 2076 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:40:55.0781 2076 redbook - ok
15:40:55.0812 2076 RemoteAccess (60c8a5d4954cce7d280369dff5068019) C:\WINDOWS\System32\mprdim.dll
15:40:55.0812 2076 RemoteAccess - ok
15:40:55.0828 2076 RemoteRegistry (b2d55ce8c7c946c625b687f75040ad3f) C:\WINDOWS\system32\regsvc.dll
15:40:55.0828 2076 RemoteRegistry - ok
15:40:55.0875 2076 RpcLocator (809785cf7be1b857f3b52d9b1af10817) C:\WINDOWS\system32\locator.exe
15:40:55.0875 2076 RpcLocator - ok
15:40:55.0890 2076 RpcSs (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
15:40:55.0890 2076 RpcSs - ok
15:40:55.0906 2076 RSoPProv (eb263a67fc049f7470dab483cc9f3357) C:\WINDOWS\system32\RSoPProv.exe
15:40:55.0906 2076 RSoPProv - ok
15:40:55.0984 2076 sacdrv (a0dcb2872f64fbc5d953e1903889d9ce) C:\WINDOWS\system32\drivers\sacdrv.sys
15:40:55.0984 2076 sacdrv - ok
15:40:56.0000 2076 sacsvr (aac760c9280eedf1114c11cb6b69d0e4) C:\WINDOWS\system32\sacsvr.dll
15:40:56.0000 2076 sacsvr - ok
15:40:56.0000 2076 SamSs (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
15:40:56.0000 2076 SamSs - ok
15:40:56.0015 2076 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:40:56.0015 2076 SASDIFSV - ok
15:40:56.0031 2076 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:40:56.0031 2076 SASKUTIL - ok
15:40:56.0031 2076 SCardSvr (a2069ffa2a6febb3818f180373c84a89) C:\WINDOWS\System32\SCardSvr.exe
15:40:56.0031 2076 SCardSvr - ok
15:40:56.0062 2076 Schedule (71cd398385835c08613c65e5bf91e7fa) C:\WINDOWS\system32\schedsvc.dll
15:40:56.0078 2076 Schedule - ok
15:40:56.0093 2076 seclogon (b4e054549321372d995e4db9a5304e77) C:\WINDOWS\System32\seclogon.dll
15:40:56.0093 2076 seclogon - ok
15:40:56.0109 2076 SENS (222c0a6c354d6a90700956c60574a09a) C:\WINDOWS\system32\sens.dll
15:40:56.0109 2076 SENS - ok
15:40:56.0125 2076 serenum (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:40:56.0125 2076 serenum - ok
15:40:56.0156 2076 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
15:40:56.0156 2076 Serial - ok
15:40:56.0171 2076 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:40:56.0171 2076 Sfloppy - ok
15:40:56.0203 2076 SharedAccess (d71a8153d3cf0ed527f6ba1f087faa22) C:\WINDOWS\system32\ipnathlp.dll
15:40:56.0218 2076 SharedAccess - ok
15:40:56.0250 2076 ShellHWDetection (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
15:40:56.0250 2076 ShellHWDetection - ok
15:40:56.0265 2076 Simbad - ok
15:40:56.0281 2076 Spooler (206fd327b4aad3aeaa8e0d7d03f2044a) C:\WINDOWS\system32\spoolsv.exe
15:40:56.0281 2076 Spooler - ok
15:40:56.0312 2076 Srv (2a08328562d0ba596b699eeb90b511d1) C:\WINDOWS\system32\DRIVERS\srv.sys
15:40:56.0328 2076 Srv - ok
15:40:56.0359 2076 stisvc (f6d4f452db507820f726525a1425f0cc) C:\WINDOWS\system32\wiaservc.dll
15:40:56.0375 2076 stisvc - ok
15:40:56.0375 2076 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:40:56.0375 2076 swenum - ok
15:40:56.0453 2076 swprv (7a1cb4f6e3ea316d6204d4f42c5b6dd8) C:\WINDOWS\System32\swprv.dll
15:40:56.0453 2076 swprv - ok
15:40:56.0468 2076 symc8xx - ok
15:40:56.0484 2076 symmpi (d3b52787f40ddb43acafa01583b079fe) C:\WINDOWS\system32\DRIVERS\symmpi.sys
15:40:56.0484 2076 symmpi - ok
15:40:56.0484 2076 sym_hi - ok
15:40:56.0500 2076 sym_u3 - ok
15:40:56.0531 2076 SysmonLog (d3fffea8c94ba3c1ceac9694ac390472) C:\WINDOWS\system32\smlogsvc.exe
15:40:56.0531 2076 SysmonLog - ok
15:40:56.0562 2076 TapiSrv (fafefc85fc929b81571bff315c93e299) C:\WINDOWS\System32\tapisrv.dll
15:40:56.0578 2076 TapiSrv - ok
15:40:56.0609 2076 Tcpip (63bdedb15b038c45b94079cef3147a8d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:40:56.0609 2076 Tcpip - ok
15:40:56.0640 2076 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:40:56.0640 2076 TDPIPE - ok
15:40:56.0671 2076 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
15:40:56.0671 2076 TDTCP - ok
15:40:56.0687 2076 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:40:56.0687 2076 TermDD - ok
15:40:56.0718 2076 TermService (f4849a4962779132b02ca4bbf696f434) C:\WINDOWS\System32\termsrv.dll
15:40:56.0718 2076 TermService - ok
15:40:56.0734 2076 Themes (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
15:40:56.0734 2076 Themes - ok
15:40:56.0765 2076 TlntSvr (0fdf294d30ca53391485132854151b26) C:\WINDOWS\system32\tlntsvr.exe
15:40:56.0765 2076 TlntSvr - ok
15:40:56.0765 2076 TosIde - ok
15:40:56.0781 2076 TrkSvr (aa90633e518c3965bc6a0674713ff813) C:\WINDOWS\system32\trksvr.dll
15:40:56.0781 2076 TrkSvr - ok
15:40:56.0812 2076 TrkWks (483ffcd8e5080198d87eeed44246e6a9) C:\WINDOWS\system32\trkwks.dll
15:40:56.0812 2076 TrkWks - ok
15:40:56.0828 2076 Tssdis (d1a12e9fcfc1ff30a1fd05867486b9d5) C:\WINDOWS\System32\tssdis.exe
15:40:56.0843 2076 Tssdis - ok
15:40:56.0859 2076 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
15:40:56.0859 2076 Udfs - ok
15:40:56.0859 2076 ultra - ok
15:40:56.0875 2076 UMWdf (c306cea0f1477240a5d9a7e61db2f3e1) C:\WINDOWS\system32\wdfmgr.exe
15:40:56.0875 2076 UMWdf - ok
15:40:56.0906 2076 Update (1446762923434d2a9c315325cf4770c8) C:\WINDOWS\system32\DRIVERS\update.sys
15:40:56.0906 2076 Update - ok
15:40:56.0906 2076 UPHClean (b31f0d885e0387346c8a0e855224b172) C:\Program Files\uphclean\uphclean.dll
15:40:56.0921 2076 UPHClean - ok
15:40:56.0953 2076 UPS (3ec1501aa03cecd66ed093428fbc8b0e) C:\WINDOWS\System32\ups.exe
15:40:56.0953 2076 UPS - ok
15:40:56.0953 2076 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:40:56.0953 2076 usbccgp - ok
15:40:56.0968 2076 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:40:56.0968 2076 usbehci - ok
15:40:56.0984 2076 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:40:56.0984 2076 usbhub - ok
15:40:57.0000 2076 usbohci (fa9c0d7c2dc899d3e7c2a8721d17a3f8) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:40:57.0000 2076 usbohci - ok
15:40:57.0015 2076 usbuhci (4b7b4a2cc997c482a0aa7ca663af62a0) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:40:57.0015 2076 usbuhci - ok
15:40:57.0031 2076 VBoxGuest (02748cbf144930d937beb6e912845d24) C:\WINDOWS\system32\DRIVERS\VBoxGuest.sys
15:40:57.0031 2076 VBoxGuest - ok
15:40:57.0046 2076 VBoxMouse (aa11dd0086d79440c8d9124803493b8b) C:\WINDOWS\system32\DRIVERS\VBoxMouse.sys
15:40:57.0046 2076 VBoxMouse - ok
15:40:57.0187 2076 VBoxService (a3acd8fd986ebcb3e00e6ce3567c3ff6) C:\WINDOWS\system32\VBoxService.exe
15:40:57.0203 2076 VBoxService - ok
15:40:57.0265 2076 VBoxSF (7e55c91b07f6002b762a0469f4d1577e) C:\WINDOWS\system32\drivers\VBoxSF.sys
15:40:57.0265 2076 VBoxSF - ok
15:40:57.0296 2076 VBoxVideo (6ce432f6a8cc5ed3168f86dff7b3e314) C:\WINDOWS\system32\DRIVERS\VBoxVideo.sys
15:40:57.0296 2076 VBoxVideo - ok
15:40:57.0312 2076 vds (b1e327aea4ecf42ddf7c579b0fb0de4c) C:\WINDOWS\System32\vds.exe
15:40:57.0328 2076 vds - ok
15:40:57.0343 2076 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
15:40:57.0343 2076 vga - ok
15:40:57.0359 2076 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
15:40:57.0359 2076 VgaSave - ok
15:40:57.0359 2076 ViaIde - ok
15:40:57.0375 2076 vmware-converter-agent (e66272e338ad5d6906207c163871ee55) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone Agent\vmware-converter-a.exe
15:40:57.0375 2076 vmware-converter-agent - ok
15:40:57.0406 2076 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
15:40:57.0406 2076 VolSnap - ok
15:40:57.0500 2076 VSS (0a05de966b412d6289632ac05fc6ada2) C:\WINDOWS\System32\vssvc.exe
15:40:57.0531 2076 VSS - ok
15:40:57.0562 2076 W32Time (6fe371026674baf189f7a81746a67c87) C:\WINDOWS\system32\w32time.dll
15:40:57.0562 2076 W32Time - ok
15:40:57.0562 2076 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:40:57.0562 2076 Wanarp - ok
15:40:57.0578 2076 WebClient (fe8590fa0367a29bc7ed7bfc4962ad1c) C:\WINDOWS\System32\webclnt.dll
15:40:57.0593 2076 WebClient - ok
15:40:57.0593 2076 WinHttpAutoProxySvc - ok
15:40:57.0625 2076 winmgmt (881271d649e778690a365d73b8958509) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:40:57.0640 2076 winmgmt - ok
15:40:57.0640 2076 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
15:40:57.0656 2076 WinVNC4 - ok
15:40:57.0687 2076 WLBS (569b89351cb7b7147f157ff5cd709aae) C:\WINDOWS\system32\DRIVERS\wlbs.sys
15:40:57.0703 2076 WLBS - ok
15:40:57.0718 2076 WmdmPmSN (81e883ce0157b97e9d762e449e50d69f) C:\WINDOWS\system32\mspmsnsv.dll
15:40:57.0718 2076 WmdmPmSN - ok
15:40:57.0765 2076 Wmi (8a330a6e09959f0db0ea44a79153d8df) C:\WINDOWS\System32\advapi32.dll
15:40:57.0781 2076 Wmi - ok
15:40:57.0812 2076 WmiApSrv (56980be8b5a6861b5d9175eaba8ac7dc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:40:57.0812 2076 WmiApSrv - ok
15:40:57.0843 2076 WS2IFSL (13c901a30b4c248d640c4f32919cb920) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:40:57.0843 2076 WS2IFSL - ok
15:40:57.0859 2076 wuauserv (ef7576af44b484f7a3e6072d633bab34) C:\WINDOWS\system32\wuauserv.dll
15:40:57.0859 2076 wuauserv - ok
15:40:57.0890 2076 WZCSVC (f4ec5c736bba9a27f9c36412c930b386) C:\WINDOWS\System32\wzcsvc.dll
15:40:57.0906 2076 WZCSVC - ok
15:40:58.0031 2076 xmlprov (a1aba5a0b4f1ff9b83c50f92f8c080a2) C:\WINDOWS\System32\xmlprov.dll
15:40:58.0031 2076 xmlprov - ok
15:40:58.0046 2076 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:40:58.0250 2076 \Device\Harddisk0\DR0 - ok
15:40:58.0265 2076 Boot (0x1200) (0ff6a16ef019ac81b989f8a1f6f29747) \Device\Harddisk0\DR0\Partition0
15:40:58.0265 2076 \Device\Harddisk0\DR0\Partition0 - ok
15:40:58.0265 2076 ============================================================
15:40:58.0265 2076 Scan finished
15:40:58.0265 2076 ============================================================
15:40:58.0265 0560 Detected object count: 0
15:40:58.0265 0560 Actual detected object count: 0
15:41:04.0656 2136 ============================================================
15:41:04.0656 2136 Scan started
15:41:04.0656 2136 Mode: Manual; SigCheck; TDLFS;
15:41:04.0656 2136 ============================================================
15:41:05.0015 2136 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:41:05.0062 2136 !SASCORE - ok
15:41:05.0062 2136 Abiosdsk - ok
15:41:05.0062 2136 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:41:06.0015 2136 ACPI - ok
15:41:06.0015 2136 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:41:06.0078 2136 ACPIEC - ok
15:41:06.0078 2136 adpu160m - ok
15:41:06.0093 2136 adpu320 - ok
15:41:06.0093 2136 AeLookupSvc (ac7010dde9111a1c65d7391ada5c7257) C:\WINDOWS\System32\aelupsvc.dll
15:41:06.0140 2136 AeLookupSvc - ok
15:41:06.0156 2136 AFD (886c37d055020d0d02c35ac5b84e76ab) C:\WINDOWS\System32\drivers\afd.sys
15:41:06.0171 2136 AFD - ok
15:41:06.0171 2136 aic78u2 - ok
15:41:06.0187 2136 aic78xx - ok
15:41:06.0187 2136 Alerter (afa2cf7cb731ca177cccffffe5d88776) C:\WINDOWS\system32\alrsvc.dll
15:41:06.0234 2136 Alerter - ok
15:41:06.0234 2136 ALG (2d21ff6d4cd30e679f1a294d5ba3d97b) C:\WINDOWS\System32\alg.exe
15:41:06.0281 2136 ALG - ok
15:41:06.0281 2136 AliIde - ok
15:41:06.0296 2136 AmdIde - ok
15:41:06.0296 2136 AppMgmt (4f6b2de8bc199c542f174844bb64485a) C:\WINDOWS\System32\appmgmts.dll
15:41:06.0343 2136 AppMgmt - ok
15:41:06.0343 2136 arc - ok
15:41:06.0359 2136 aspnet_state (f9f0f095586009e5da0c32e648aa99fa) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
15:41:06.0359 2136 aspnet_state - ok
15:41:06.0359 2136 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:41:06.0406 2136 AsyncMac - ok
15:41:06.0421 2136 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:41:06.0468 2136 atapi - ok
15:41:06.0468 2136 Atdisk - ok
15:41:06.0468 2136 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:41:06.0515 2136 Atmarpc - ok
15:41:06.0515 2136 AudioSrv (0da015ab1ee54988572cfc4b7644556a) C:\WINDOWS\System32\audiosrv.dll
15:41:06.0562 2136 AudioSrv - ok
15:41:06.0578 2136 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:41:06.0609 2136 audstub - ok
15:41:06.0625 2136 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
15:41:06.0656 2136 Beep - ok
15:41:06.0671 2136 BetterCareerSearch_2bService - ok
15:41:06.0671 2136 BITS (749c15323919984a6e08bad427d89936) C:\WINDOWS\system32\qmgr.dll
15:41:06.0765 2136 BITS - ok
15:41:06.0765 2136 bmdrvr (49fdfd4cb5b326cf2ceed08d3d159cdf) C:\WINDOWS\syswow64\drivers\bmdrvr.sys
15:41:06.0781 2136 bmdrvr - ok
15:41:06.0781 2136 Browser (3a8e1df1a159df863af4e5b84019a2bc) C:\WINDOWS\System32\browser.dll
15:41:06.0828 2136 Browser - ok
15:41:06.0828 2136 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
15:41:06.0875 2136 Cdfs - ok
15:41:06.0890 2136 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:41:06.0937 2136 Cdrom - ok
15:41:06.0953 2136 CiSvc (46c54f209031afa0f100d0703fc346da) C:\WINDOWS\system32\cisvc.exe
15:41:06.0984 2136 CiSvc - ok
15:41:07.0000 2136 ClipSrv (74f11d0323666d9f615a2d3692590122) C:\WINDOWS\system32\clipsrv.exe
15:41:07.0031 2136 ClipSrv - ok
15:41:07.0046 2136 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:41:07.0046 2136 clr_optimization_v2.0.50727_32 - ok
15:41:07.0046 2136 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:41:07.0062 2136 clr_optimization_v2.0.50727_64 - ok
15:41:07.0062 2136 ClusDisk (12a9958fba322146cf415ea7e065c1e9) C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
15:41:07.0109 2136 ClusDisk - ok
15:41:07.0109 2136 CmBatt (2bde819fca7370ad84aecbd76520eaf9) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:41:07.0171 2136 CmBatt - ok
15:41:07.0171 2136 CmdIde - ok
15:41:07.0171 2136 Compbatt (35f6977863f97d80d3e30f8ff0c293a4) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:41:07.0218 2136 Compbatt - ok
15:41:07.0218 2136 COMSysApp - ok
15:41:07.0218 2136 cpqcissm - ok
15:41:07.0234 2136 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
15:41:07.0265 2136 crcdisk - ok
15:41:07.0281 2136 CryptSvc (8b0b3744c60936acae31012799db3982) C:\WINDOWS\System32\cryptsvc.dll
15:41:07.0328 2136 CryptSvc - ok
15:41:07.0328 2136 DcomLaunch (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
15:41:07.0421 2136 DcomLaunch - ok
15:41:07.0437 2136 Dfs (f59a8ec4ede700be463fc198ab00b49f) C:\WINDOWS\system32\Dfssvc.exe
15:41:07.0515 2136 Dfs - ok
15:41:07.0515 2136 DfsDriver (37309ced300998e8e2faf19c7d755dcd) C:\WINDOWS\system32\drivers\Dfs.sys
15:41:07.0562 2136 DfsDriver - ok
15:41:07.0562 2136 Dhcp (de4c841dda8d5800515a5ca908580a36) C:\WINDOWS\System32\dhcpcsvc.dll
15:41:07.0609 2136 Dhcp - ok
15:41:07.0609 2136 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
15:41:07.0656 2136 Disk - ok
15:41:07.0656 2136 dmadmin - ok
15:41:07.0671 2136 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
15:41:07.0734 2136 dmboot - ok
15:41:07.0734 2136 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
15:41:07.0781 2136 dmio - ok
15:41:07.0796 2136 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
15:41:07.0828 2136 dmload - ok
15:41:07.0843 2136 dmserver (76f7e7922f428be040f800920bb8ff3b) C:\WINDOWS\System32\dmserver.dll
15:41:07.0890 2136 dmserver - ok
15:41:07.0890 2136 Dnscache (19c1612c4f5d828935d2270c7af13e6e) C:\WINDOWS\System32\dnsrslvr.dll
15:41:07.0937 2136 Dnscache - ok
15:41:07.0953 2136 dpti2o - ok
15:41:07.0953 2136 E1000 (9ddcc35ae7dce7fc0ed9c2b6f6d522ea) C:\WINDOWS\system32\DRIVERS\e1G5132e.sys
15:41:08.0015 2136 E1000 - ok
15:41:08.0015 2136 elxstor - ok
15:41:08.0015 2136 ERSvc (b063a36e4e027a9dbe2b019ebbbeae86) C:\WINDOWS\System32\ersvc.dll
15:41:08.0062 2136 ERSvc - ok
15:41:08.0078 2136 Eventlog (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
15:41:08.0078 2136 Eventlog - ok
15:41:08.0093 2136 EventSystem (cdef30a1dcffcaf6a4e8b7812ae79c95) C:\WINDOWS\system32\es.dll
15:41:08.0140 2136 EventSystem - ok
15:41:08.0140 2136 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
15:41:08.0218 2136 Fastfat - ok
15:41:08.0218 2136 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:41:08.0265 2136 Fdc - ok
15:41:08.0265 2136 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
15:41:08.0312 2136 Fips - ok
15:41:08.0312 2136 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:41:08.0359 2136 Flpydisk - ok
15:41:08.0359 2136 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\drivers\fltmgr.sys
15:41:08.0406 2136 FltMgr - ok
15:41:08.0406 2136 FontCache3.0.0.0 (8a4dcd28d2be12946f6d5d308b0942a6) c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
15:41:08.0421 2136 FontCache3.0.0.0 - ok
15:41:08.0421 2136 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:41:08.0468 2136 Fs_Rec - ok
15:41:08.0468 2136 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:41:08.0515 2136 Ftdisk - ok
15:41:08.0515 2136 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:41:08.0562 2136 Gpc - ok
15:41:08.0578 2136 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:41:08.0625 2136 HDAudBus - ok
15:41:08.0625 2136 helpsvc (40e274b64843813a81c42687592339d7) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:41:08.0671 2136 helpsvc - ok
15:41:08.0671 2136 HidServ - ok
15:41:08.0671 2136 HidUsb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:41:08.0718 2136 HidUsb - ok
15:41:08.0718 2136 hpcisss - ok
15:41:08.0734 2136 HTTP (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
15:41:08.0781 2136 HTTP - ok
15:41:08.0781 2136 HTTPFilter (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\System32\lsass.exe
15:41:08.0828 2136 HTTPFilter - ok
15:41:08.0828 2136 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:41:08.0875 2136 i8042prt - ok
15:41:08.0875 2136 IASJet - ok
15:41:08.0890 2136 idsvc (501cf65702d7f64c38db360f7eb07adc) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:41:08.0968 2136 idsvc - ok
15:41:08.0984 2136 iirsp - ok
15:41:08.0984 2136 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:41:09.0031 2136 imapi - ok
15:41:09.0031 2136 ImapiService (9014c144cd95eee1f5884664a4bfb4d8) C:\WINDOWS\system32\imapi.exe
15:41:09.0078 2136 ImapiService - ok
15:41:09.0093 2136 IntelIde (06b7acd0e67bda504dfd0340663f9b78) C:\WINDOWS\system32\drivers\intelide.sys
15:41:09.0125 2136 IntelIde - ok
15:41:09.0140 2136 intelppm (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:41:09.0171 2136 intelppm - ok
15:41:09.0187 2136 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\drivers\ip6fw.sys
15:41:09.0234 2136 Ip6Fw - ok
15:41:09.0234 2136 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:41:09.0296 2136 IpFilterDriver - ok
15:41:09.0296 2136 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys

#8 ajafar

ajafar
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 March 2012 - 05:51 PM

An odd thing happens everytime I run Malwarebytes Anti-Malware. It will consume close to 800megs of memory, and then kick up an error stating that the database is corrupt and prompts me to redownload. I do and it does the same thing again. I went ahead and uninstalled it, ran the mbm-clean utility to get rid of all traces of it, then reinstalled it and same thing. I then went ahead and ran the Chameleon version of it, and it updated just fine and started to scan but was still utilizing something to the effect of 900megs of ram. Something is still running in the background. No errors in the event log other than active directory issues but I've since removed the server from the domain for testing purposes.

#9 ajafar

ajafar
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 March 2012 - 05:57 PM

Kaspersky Virus Removal Tool

Automatic Scan: completed 1 minute ago (events: 2315, objects: 2312, time: 00:05:48)
3/30/2012 3:45:26 PM Task started
3/30/2012 3:51:14 PM Task completed
3/30/2012 3:46:04 PM Password protected C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/#
3/30/2012 3:46:00 PM Password protected C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/0174072rar.exe
3/30/2012 3:46:10 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\svchost.exe
3/30/2012 3:46:10 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\xpsp2res.dll
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\msv1_0.dll
3/30/2012 3:46:10 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\version.dll
3/30/2012 3:46:10 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\activeds.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\adsldpc.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\msv1_0.dll
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\regapi.dll
3/30/2012 3:46:10 PM OK svchost.exe\ntmarta.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\authz.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\imagehlp.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\credui.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\cryptdll.dll
3/30/2012 3:46:10 PM OK svchost.exe\regapi.dll
3/30/2012 3:46:10 PM OK svchost.exe\atl.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\cryptdll.dll
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\termsrv.dll
3/30/2012 3:46:10 PM OK svchost.exe\crypt32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\msasn1.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\mstlsapi.dll
3/30/2012 3:46:10 PM OK svchost.exe\termsrv.dll
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\icaapi.dll
3/30/2012 3:46:10 PM OK svchost.exe\mstlsapi.dll
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\winspool.drv
3/30/2012 3:46:10 PM OK svchost.exe\icaapi.dll
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\rdpwsx.dll
3/30/2012 3:46:10 PM OK svchost.exe\winspool.drv
3/30/2012 3:46:10 PM OK svchost.exe\rdpwsx.dll
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\rsaenh.dll
3/30/2012 3:46:10 PM OK svchost.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\samlib.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\iphlpapi.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\svchost.exe Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\rsaenh.dll
3/30/2012 3:46:10 PM OK svchost.exe\xpsp2res.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\dnsapi.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\version.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\comres.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\clbcatq.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\ntmarta.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\dnsapi.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\ntmarta.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\authz.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\authz.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\wmi.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\ntdsapi.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\wmi.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\wbem\fastprox.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\ntdsapi.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\setupapi.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\winsta.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\wbem\esscli.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\fastprox.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\wbem\wbemcomn.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\esscli.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\wbem\wmiutils.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\wbemcomn.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\wmiutils.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\wbem\wbemprox.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\wbem\wbemsvc.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\wbem\wmiprov.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\wbemprox.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\wbemsvc.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\wmiprov.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\faultrep.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\samlib.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\wbem\mofd.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\ncobjapi.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\faultrep.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\mofd.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\ncobjapi.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\wbem\wmiprvse.exe
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\msvcp60.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\wmiprvse.exe
3/30/2012 3:46:09 PM OK wmiprvse.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK wmiprvse.exe\xpsp2res.dll
3/30/2012 3:46:09 PM OK wmiprvse.exe\msvcp60.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\activeds.dll
3/30/2012 3:46:09 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\adsldpc.dll
3/30/2012 3:46:09 PM OK svchost.exe\activeds.dll
3/30/2012 3:46:09 PM OK svchost.exe\adsldpc.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\tapisrv.dll
3/30/2012 3:46:09 PM OK svchost.exe\rtutils.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\imagehlp.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\wintrust.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\credui.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\winmm.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\atl.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\setupapi.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\crypt32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\msasn1.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\uniplat.dll
3/30/2012 3:46:09 PM OK svchost.exe\tapisrv.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\mswsock.dll
3/30/2012 3:46:09 PM OK svchost.exe\uniplat.dll
3/30/2012 3:46:09 PM OK svchost.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\hid.dll
3/30/2012 3:46:09 PM OK svchost.exe\mswsock.dll
3/30/2012 3:46:09 PM OK C:\WINDOWS\system32\h323.tsp
3/30/2012 3:46:09 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:09 PM OK svchost.exe\hid.dll
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\hidphone.tsp
3/30/2012 3:46:08 PM OK svchost.exe\h323.tsp
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\ipconf.tsp
3/30/2012 3:46:08 PM OK svchost.exe\hidphone.tsp
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\kmddsp.tsp
3/30/2012 3:46:08 PM OK svchost.exe\ipconf.tsp
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\unimdm.tsp
3/30/2012 3:46:08 PM OK svchost.exe\kmddsp.tsp
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\svchost.exe
3/30/2012 3:46:08 PM OK svchost.exe\unimdm.tsp
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\ndptsp.tsp
3/30/2012 3:46:08 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK svchost.exe\svchost.exe
3/30/2012 3:46:08 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK svchost.exe\ndptsp.tsp
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\oleaut32.dll
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\version.dll
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\comres.dll
3/30/2012 3:46:08 PM OK explorer.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK explorer.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK explorer.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK explorer.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK explorer.exe\version.dll
3/30/2012 3:46:08 PM OK explorer.exe\shell32.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK explorer.exe\comctl32.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK explorer.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK explorer.exe\oleaut32.dll
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\clbcatq.dll
3/30/2012 3:46:08 PM OK explorer.exe\comres.dll
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\wldap32.dll
3/30/2012 3:46:08 PM OK explorer.exe\clbcatq.dll
3/30/2012 3:46:08 PM OK explorer.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK explorer.exe\wldap32.dll
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\imagehlp.dll
3/30/2012 3:46:08 PM OK C:\WINDOWS\system32\wintrust.dll
3/30/2012 3:46:08 PM OK explorer.exe\wtsapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK explorer.exe\rtutils.dll Object was not changed (iChecker)
3/30/2012 3:46:08 PM OK explorer.exe\imagehlp.dll
3/30/2012 3:46:07 PM OK explorer.exe\wintrust.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\credui.dll
3/30/2012 3:46:07 PM OK explorer.exe\credui.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\atl.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\shdocvw.dll
3/30/2012 3:46:07 PM OK explorer.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:07 PM OK explorer.exe\atl.dll
3/30/2012 3:46:07 PM OK explorer.exe\shdocvw.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\ntshrui.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\linkinfo.dll
3/30/2012 3:46:07 PM OK explorer.exe\ntshrui.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\cscui.dll
3/30/2012 3:46:07 PM OK explorer.exe\linkinfo.dll
3/30/2012 3:46:07 PM OK explorer.exe\setupapi.dll Object was not changed (iChecker)
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\cscdll.dll
3/30/2012 3:46:07 PM OK explorer.exe\cscui.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\crypt32.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\browseui.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\msasn1.dll
3/30/2012 3:46:07 PM OK explorer.exe\cscdll.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\msimg32.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\davclnt.dll
3/30/2012 3:46:07 PM OK explorer.exe\winsta.dll Object was not changed (iChecker)
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\apphelp.dll
3/30/2012 3:46:07 PM OK explorer.exe\crypt32.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\netshell.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\ieframe.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\sxs.dll
3/30/2012 3:46:07 PM OK explorer.exe\msasn1.dll
3/30/2012 3:46:07 PM OK explorer.exe\msimg32.dll
3/30/2012 3:46:07 PM OK explorer.exe\browseui.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\userenv.dll
3/30/2012 3:46:07 PM OK C:\WINDOWS\system32\cryptui.dll
3/30/2012 3:46:07 PM OK explorer.exe\davclnt.dll
3/30/2012 3:46:07 PM OK explorer.exe\apphelp.dll
3/30/2012 3:46:06 PM OK explorer.exe\sxs.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\clusapi.dll
3/30/2012 3:46:06 PM OK explorer.exe\netshell.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\stobject.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\batmeter.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\mlang.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\powrprof.dll
3/30/2012 3:46:06 PM OK explorer.exe\userenv.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\MSCTF.dll
3/30/2012 3:46:06 PM OK explorer.exe\cryptui.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\actxprxy.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\mpr.dll
3/30/2012 3:46:06 PM OK explorer.exe\clusapi.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\samlib.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\msi.dll
3/30/2012 3:46:06 PM OK explorer.exe\stobject.dll
3/30/2012 3:46:06 PM OK explorer.exe\batmeter.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\msutb.dll
3/30/2012 3:46:06 PM OK explorer.exe\powrprof.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\netui0.dll
3/30/2012 3:46:06 PM OK explorer.exe\mlang.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\netui1.dll
3/30/2012 3:46:06 PM OK explorer.exe\MSCTF.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\ntlanman.dll
3/30/2012 3:46:06 PM OK explorer.exe\actxprxy.dll
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\themeui.dll
3/30/2012 3:46:06 PM OK explorer.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:06 PM OK explorer.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wshqos.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wzcsvc.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\iphlpapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\iertutil.dll
3/30/2012 3:46:16 PM OK svchost.exe\urlmon.dll
3/30/2012 3:46:16 PM OK svchost.exe\wininet.dll
3/30/2012 3:46:16 PM OK svchost.exe\svchost.exe
3/30/2012 3:46:16 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rsaenh.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\normaliz.dll
3/30/2012 3:46:16 PM OK svchost.exe\wmi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\w32time.dll
3/30/2012 3:46:16 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ntmarta.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\lmhsvc.dll
3/30/2012 3:46:16 PM OK svchost.exe\w32time.dll
3/30/2012 3:46:16 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\alrsvc.dll
3/30/2012 3:46:16 PM OK svchost.exe\lmhsvc.dll
3/30/2012 3:46:16 PM OK svchost.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\mswsock.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wshtcpip.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\samlib.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\alrsvc.dll
3/30/2012 3:46:16 PM OK svchost.exe\hnetcfg.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wshqos.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\iphlpapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\svchost.exe
3/30/2012 3:46:16 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\msvcp60.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\xpsp2res.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\rasapi32.dll
3/30/2012 3:46:16 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\version.dll
3/30/2012 3:46:16 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\comres.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\clbcatq.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rasadhlp.dll
3/30/2012 3:46:16 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wtsapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\dnsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\rasman.dll
3/30/2012 3:46:16 PM OK svchost.exe\rasapi32.dll
3/30/2012 3:46:16 PM OK svchost.exe\tapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rasman.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\netman.dll
3/30/2012 3:46:16 PM OK svchost.exe\activeds.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\adsldpc.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\dhcpcsvc.dll
3/30/2012 3:46:16 PM OK svchost.exe\netman.dll
3/30/2012 3:46:16 PM OK svchost.exe\rtutils.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\mprapi.dll
3/30/2012 3:46:16 PM OK svchost.exe\dhcpcsvc.dll
3/30/2012 3:46:16 PM OK svchost.exe\mprapi.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\shsvcs.dll
3/30/2012 3:46:16 PM OK svchost.exe\msv1_0.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ntmarta.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\authz.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\imagehlp.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\sfc_os.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wintrust.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\es.dll
3/30/2012 3:46:16 PM OK svchost.exe\credui.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\netcfgx.dll
3/30/2012 3:46:16 PM OK svchost.exe\shsvcs.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\rasdlg.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\sfc.dll
3/30/2012 3:46:16 PM OK svchost.exe\es.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\shfolder.dll
3/30/2012 3:46:16 PM OK svchost.exe\winmm.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\atl.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\sfc.dll
3/30/2012 3:46:16 PM OK svchost.exe\ntdsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\cryptdll.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\setupapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\wbem\wbemcore.dll
3/30/2012 3:46:16 PM OK svchost.exe\shfolder.dll
3/30/2012 3:46:16 PM OK svchost.exe\winsta.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\crypt32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\msasn1.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\apphelp.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\sxs.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\netshell.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\fastprox.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\netcfgx.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\wbem\wbemess.dll
3/30/2012 3:46:15 PM OK svchost.exe\rasdlg.dll
3/30/2012 3:46:15 PM OK svchost.exe\cryptui.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK svchost.exe\wbemcore.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\certcli.dll
3/30/2012 3:46:15 PM OK svchost.exe\wbemess.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\wbem\repdrvfs.dll
3/30/2012 3:46:15 PM OK svchost.exe\certcli.dll
3/30/2012 3:46:15 PM OK svchost.exe\esscli.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK svchost.exe\wbemcomn.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\schedsvc.dll
3/30/2012 3:46:15 PM OK svchost.exe\repdrvfs.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\wkssvc.dll
3/30/2012 3:46:15 PM OK svchost.exe\schedsvc.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\cabinet.dll
3/30/2012 3:46:15 PM OK svchost.exe\wkssvc.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\srvsvc.dll
3/30/2012 3:46:15 PM OK svchost.exe\cabinet.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\trkwks.dll
3/30/2012 3:46:15 PM OK svchost.exe\srvsvc.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\browser.dll
3/30/2012 3:46:15 PM OK svchost.exe\trkwks.dll
3/30/2012 3:46:15 PM OK svchost.exe\wmiutils.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\cryptsvc.dll
3/30/2012 3:46:15 PM OK svchost.exe\browser.dll
3/30/2012 3:46:15 PM OK svchost.exe\clusapi.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\dmserver.dll
3/30/2012 3:46:15 PM OK svchost.exe\cryptsvc.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
3/30/2012 3:46:15 PM OK svchost.exe\dmserver.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\raschap.dll
3/30/2012 3:46:15 PM OK svchost.exe\pchsvc.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\rastls.dll
3/30/2012 3:46:15 PM OK svchost.exe\raschap.dll
3/30/2012 3:46:15 PM OK svchost.exe\rastls.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\msidle.dll
3/30/2012 3:46:15 PM OK svchost.exe\msidle.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\winipsec.dll
3/30/2012 3:46:15 PM OK svchost.exe\wbemsvc.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\seclogon.dll
3/30/2012 3:46:15 PM OK svchost.exe\winipsec.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\wbem\wbemcons.dll
3/30/2012 3:46:15 PM OK svchost.exe\seclogon.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\wzcsapi.dll
3/30/2012 3:46:15 PM OK svchost.exe\wbemcons.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\rasmans.dll
3/30/2012 3:46:15 PM OK svchost.exe\wzcsapi.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\winscard.dll
3/30/2012 3:46:15 PM OK svchost.exe\winspool.drv Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK svchost.exe\rasmans.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\ntlsapi.dll
3/30/2012 3:46:15 PM OK svchost.exe\winscard.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\sens.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\rasppp.dll
3/30/2012 3:46:15 PM OK svchost.exe\ntlsapi.dll
3/30/2012 3:46:15 PM OK svchost.exe\sens.dll
3/30/2012 3:46:15 PM OK svchost.exe\rasppp.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\rastapi.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\kerberos.dll
3/30/2012 3:46:15 PM OK svchost.exe\rastapi.dll
3/30/2012 3:46:15 PM OK svchost.exe\actxprxy.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK svchost.exe\kerberos.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\aelupsvc.dll
3/30/2012 3:46:15 PM OK svchost.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK svchost.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK svchost.exe\mpr.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK svchost.exe\mswsock.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK svchost.exe\wshtcpip.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK svchost.exe\samlib.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK C:\WINDOWS\WinSxS\amd64_Microsoft.Windows.WinHTTP_6595b64144ccf1df_5.1.3790.4929_x-ww_32307663\winhttp.dll
3/30/2012 3:46:15 PM OK svchost.exe\aelupsvc.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\WinSxS\amd64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.4770_x-ww_D89390E2\comctl32.dll
3/30/2012 3:46:15 PM OK svchost.exe\winhttp.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\esent.dll
3/30/2012 3:46:15 PM OK svchost.exe\comctl32.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\ipbootp.dll
3/30/2012 3:46:15 PM OK svchost.exe\esent.dll
3/30/2012 3:46:15 PM OK svchost.exe\hnetcfg.dll Object was not changed (iChecker)
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\mspatcha.dll
3/30/2012 3:46:15 PM OK svchost.exe\ipbootp.dll
3/30/2012 3:46:15 PM OK C:\WINDOWS\system32\wbem\ncprov.dll
3/30/2012 3:46:15 PM OK svchost.exe\mspatcha.dll
3/30/2012 3:46:14 PM OK svchost.exe\ncobjapi.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\qmgr.dll
3/30/2012 3:46:14 PM OK svchost.exe\ncprov.dll
3/30/2012 3:46:14 PM OK svchost.exe\netrap.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\qmgrprxy.dll
3/30/2012 3:46:14 PM OK svchost.exe\qmgr.dll
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\vssapi.dll
3/30/2012 3:46:14 PM OK svchost.exe\qmgrprxy.dll
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\wiarpc.dll
3/30/2012 3:46:14 PM OK svchost.exe\vssapi.dll
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\wbem\wmisvc.dll
3/30/2012 3:46:14 PM OK svchost.exe\wiarpc.dll
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\comsvcs.dll
3/30/2012 3:46:14 PM OK svchost.exe\wmisvc.dll
3/30/2012 3:46:14 PM OK svchost.exe\wshqos.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\wzcsvc.dll
3/30/2012 3:46:14 PM OK svchost.exe\comsvcs.dll
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\wbem\wmiprvsd.dll
3/30/2012 3:46:14 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK svchost.exe\wzcsvc.dll
3/30/2012 3:46:14 PM OK svchost.exe\iphlpapi.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK svchost.exe\wmiprvsd.dll
3/30/2012 3:46:14 PM OK svchost.exe\iertutil.dll
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\wuaueng.dll
3/30/2012 3:46:14 PM OK svchost.exe\urlmon.dll
3/30/2012 3:46:14 PM OK svchost.exe\wininet.dll
3/30/2012 3:46:14 PM OK svchost.exe\wuaueng.dll
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\wuauserv.dll
3/30/2012 3:46:14 PM OK svchost.exe\svchost.exe
3/30/2012 3:46:14 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK svchost.exe\rsaenh.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK svchost.exe\wuauserv.dll
3/30/2012 3:46:14 PM OK svchost.exe\msvcp60.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK svchost.exe\normaliz.dll
3/30/2012 3:46:14 PM OK svchost.exe\wmi.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK svchost.exe\xpsp2res.dll
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\rasadhlp.dll
3/30/2012 3:46:14 PM OK spoolsv.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\version.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\winrnr.dll
3/30/2012 3:46:14 PM OK spoolsv.exe\rasadhlp.dll
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\sfc_os.dll
3/30/2012 3:46:14 PM OK spoolsv.exe\winrnr.dll
3/30/2012 3:46:14 PM OK spoolsv.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\dnsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\imagehlp.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK C:\WINDOWS\system32\localspl.dll
3/30/2012 3:46:14 PM OK spoolsv.exe\sfc_os.dll
3/30/2012 3:46:14 PM OK spoolsv.exe\wintrust.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\ntdsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\crypt32.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\msasn1.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\clusapi.dll Object was not changed (iChecker)
3/30/2012 3:46:14 PM OK spoolsv.exe\resutils.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\localspl.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\inetpp.dll
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\tlntsvr.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\termdd.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\tdtcp.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\tdpipe.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\tcpip.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\smlogsvc.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\symmpi.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\swenum.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\srv.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\spoolsv.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\sfloppy.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\serial.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\serenum.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\scsiport.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\scardsvr.exe
3/30/2012 3:47:40 PM OK C:\Program Files\SUPERAntiSpyware\saskutil64.sys
3/30/2012 3:47:40 PM OK C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\sacdrv.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\rsopprov.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\locator.exe
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\redbook.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\sessmgr.exe
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\rdpwd.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\rdpdr.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\rdpcdd.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\rdbss.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\raspti.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\raspppoe.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\rasl2tp.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\rasacd.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\processr.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\raspptp.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\pcmcia.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\pci.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\partmgr.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\parport.sys
3/30/2012 3:47:39 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\null.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\ntfs.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\ntfrs.exe
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\npfs.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\netdde.exe
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\netbt.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\netbios.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\ndproxy.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\ndiswan.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\ndisuio.sys
3/30/2012 3:47:39 PM OK C:\WINDOWS\system32\drivers\ndistapi.sys
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\drivers\ndis.sys
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\drivers\mup.sys
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\drivers\mssmbios.sys
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\msiexec.exe
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\drivers\msfs.sys
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\msdtc.exe
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\drivers\mrxsmb.sys
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\drivers\mrxdav.sys
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\drivers\mountmgr.sys
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\drivers\mouhid.sys
3/30/2012 3:47:38 PM OK C:\WINDOWS\system32\drivers\mouclass.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\modem.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\mnmdd.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\31.tmp
3/30/2012 3:47:37 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\mbam.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\mbamchameleon.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\llssrv.exe
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\ksthunk.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\ksecdd.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\kbdclass.sys
3/30/2012 3:47:37 PM OK C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\jqs.conf
3/30/2012 3:47:37 PM OK C:\Program Files (x86)\Java\jre6\bin\jqs.exe
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\ismserv.exe
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\isapnp.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\irenum.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\ipsec.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\ipnat.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\ipfltdrv.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\ip6fw.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\intelppm.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\intelide.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\imapi.exe
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\imapi.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
3/30/2012 3:47:37 PM OK C:\WINDOWS\SysWOW64\svchost.exe
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\i8042prt.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\http.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\hidusb.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\hdaudbus.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\msgpc.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\ftdisk.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\fltMgr.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\flpydisk.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\fips.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\fdc.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\fastfat.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\services.exe
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\e1G5132e.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\dmload.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\dmio.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\drivers\dmboot.sys
3/30/2012 3:47:37 PM OK C:\WINDOWS\system32\dmadmin.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\disk.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\dfs.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\dfssvc.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\crcdisk.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\dllhost.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\compbatt.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\CmBatt.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\ClusDisk.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\clipsrv.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\cisvc.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\cdrom.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\cdfs.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\SysWOW64\Drivers\bmdrvr.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\beep.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\audstub.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\atmarpc.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\atapi.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\asyncmac.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\alg.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\afd.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\svchost.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\acpiec.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\acpi.sys
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\drivers\64161619.sys
3/30/2012 3:47:36 PM OK C:\Program Files\SUPERAntiSpyware\SASCore64.exe
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\xmlprov.dll
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\wzcsvc.dll
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\wuauserv.dll
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\advapi32.dll
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\mspmsnsv.dll
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\wbem\wmisvc.dll
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\webclnt.dll
3/30/2012 3:47:36 PM OK C:\WINDOWS\system32\w32time.dll
3/30/2012 3:47:35 PM OK C:\Program Files\uphclean\uphclean.dll
3/30/2012 3:47:35 PM OK C:\Program Files\uphclean\uphclean.dll/data0009.res
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\trkwks.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\trksvr.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\termsrv.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\tapisrv.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\swprv.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\wiaservc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\shsvcs.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\ipnathlp.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\sens.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\seclogon.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\schedsvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\sacsvr.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\regsvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\mprdim.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\rasmans.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\rasauto.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\HPZIPM12.DLL
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\ntmssvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\mswsock.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\netman.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\msgsvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\lmhsvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\wkssvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\srvsvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\SysWOW64\iasrecst.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\w3ssl.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\es.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\ersvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\dnsrslvr.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\dmserver.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\dhcpcsvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\rpcss.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\cryptsvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\browser.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\qmgr.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\audiosrv.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\appmgmts.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\alrsvc.dll
3/30/2012 3:47:35 PM OK C:\WINDOWS\system32\aelupsvc.dll
3/30/2012 3:47:26 PM OK C:\WINDOWS\system32\rundll32.exe
3/30/2012 3:47:21 PM OK C:\Program Files (x86)\QuickTime\QTTask.exe
3/30/2012 3:47:19 PM OK C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3/30/2012 3:47:18 PM OK C:\WINDOWS\system32\ctfmon.exe
3/30/2012 3:47:18 PM OK C:\WINDOWS\system32\cmd.exe
3/30/2012 3:47:18 PM OK C:\WINDOWS\system32\tscupgrd.exe
3/30/2012 3:47:18 PM OK C:\WINDOWS\system32\dumprep.exe
3/30/2012 3:47:18 PM OK C:\WINDOWS\SysWOW64\grpconv.exe
3/30/2012 3:47:18 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3/30/2012 3:47:16 PM OK C:\WINDOWS\system32\dimsntfy.dll
3/30/2012 3:47:16 PM OK C:\WINDOWS\system32\cscdll.dll
3/30/2012 3:47:16 PM OK C:\WINDOWS\system32\cryptnet.dll
3/30/2012 3:47:15 PM OK C:\WINDOWS\system32\crypt32.dll
3/30/2012 3:47:15 PM OK C:\WINDOWS\system32\sclgntfy.dll
3/30/2012 3:47:15 PM OK C:\WINDOWS\system32\wlnotify.dll
3/30/2012 3:47:15 PM OK C:\WINDOWS\SysWOW64\sclgntfy.dll
3/30/2012 3:47:15 PM OK C:\WINDOWS\SysWOW64\dimsntfy.dll
3/30/2012 3:47:15 PM OK C:\WINDOWS\SysWOW64\cscdll.dll
3/30/2012 3:47:15 PM OK C:\WINDOWS\SysWOW64\cryptnet.dll
3/30/2012 3:47:15 PM OK C:\WINDOWS\SysWOW64\crypt32.dll
3/30/2012 3:47:14 PM OK C:\WINDOWS\system32\lsass.exe
3/30/2012 3:46:49 PM OK C:\WINDOWS\system\ter.exe
3/30/2012 3:46:38 PM OK C:\WINDOWS\system32\userinit.exe
3/30/2012 3:46:38 PM OK C:\WINDOWS\SysWOW64\userinit.exe
3/30/2012 3:46:33 PM OK C:\WINDOWS\explorer.exe
3/30/2012 3:46:32 PM OK C:\WINDOWS\SysWOW64\explorer.exe
3/30/2012 3:46:25 PM OK C:\WINDOWS\system32\drwtsn32.exe
3/30/2012 3:46:25 PM OK C:\WINDOWS\SysWOW64\drwtsn32.exe
3/30/2012 3:46:25 PM OK C:\WINDOWS\system.ini
3/30/2012 3:46:25 PM OK C:\WINDOWS\win.ini
3/30/2012 3:46:25 PM OK C:\CONFIG.SYS Object was not changed (iChecker)
3/30/2012 3:46:25 PM OK C:\AUTOEXEC.BAT
3/30/2012 3:46:18 PM OK C:\WINDOWS\SysWOW64\es.dll
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\es.dll Object was not changed (iSwift 3)
3/30/2012 3:46:18 PM OK pid:4\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\smss.exe
3/30/2012 3:46:18 PM OK smss.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK smss.exe\smss.exe
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\winsrv.dll
3/30/2012 3:46:18 PM OK csrss.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK csrss.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK csrss.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK csrss.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK csrss.exe\sxs.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK csrss.exe\winsrv.dll
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\basesrv.dll
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\csrsrv.dll
3/30/2012 3:46:18 PM OK csrss.exe\basesrv.dll
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\csrss.exe
3/30/2012 3:46:18 PM OK csrss.exe\csrsrv.dll
3/30/2012 3:46:18 PM OK csrss.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK csrss.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK csrss.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK csrss.exe\csrss.exe
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\msgina.dll
3/30/2012 3:46:18 PM OK winlogon.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\version.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\shell32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\comctl32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\comres.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\clbcatq.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\wtsapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\dnsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\rasapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\tapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\rasman.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\rtutils.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\msv1_0.dll Object was not changed (iChecker)
3/30/2012 3:51:02 PM OK C:\documents and settings\bac-membership\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\bac-gm\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\bac-fitness\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\bac-childcare\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\bac-frontdesk\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\bac-fdstaff\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\tsousa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\rac-childcare\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\rac-frontdesk\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\rac-gm\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\mfajardo\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\rac-membership\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\lwentland\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\kwagner\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\kolsen\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\kberg\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\jkeyes\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\jharsch\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\rac-fitness\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\ehamann\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\cmatney\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\rac-chef\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\rac-businessoffice\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\rac-aquatics\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\bworden\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\hsourbeer\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\bac-aquastaff\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\oac-spa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\bac-fd\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\RAC-FD\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\avoulk\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\alopez\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\jtingey\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\bactrain03\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\bactrain02\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\HFAC-Childcare.SIVERS\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\bac-membership3\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\bac-spadesk\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\hfac-spadesk\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\motionsoft\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\hfac-aquatics\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\sql\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\jpestana\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\hfac-membership3\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\hfac-membership2\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\oac-janitorial\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\epierce\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\sebastiao\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\afusaro\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\BAC-Triathlon\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\agravseth\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\oac-sales\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\mharteloo\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\RAC-Facilities\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\hfac-triathlon\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\rsawyer\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:01 PM OK C:\documents and settings\BAC-HVAC\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\RAC-Spadesk\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\racspadesk\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\hfac-spa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\RAC-Childcare.SIVERS\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\mlaw\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\jaquino\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\rac-common\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\RAC-Spa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\rac-bistro\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\kurt\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\hfac-events\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\bacbstrm\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\bac-event\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\rac-office1\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\bac-office1\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\hfac-office2\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\hfac-office1\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\BAC-Bistro\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\siversservice\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\oac.hr\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\equon\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\ayoung\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\mmoreno\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\hfac-childcare\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\ncauston\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\jsuppes\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\jhorst\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\jruiz\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\dnelson\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\cwilliams\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\hfac-cafe\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\hfac-fdstaff\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\HFAC-facilities\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\hfac-businessoffice\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\HFAC-GM\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\hfac-fitness\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:00 PM OK C:\documents and settings\hfac-membership\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\hfac-frontdesk\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\jyost\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\sbovero\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\dcaldwell\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\bac-aquatics\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\jsmirl\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\carriets\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\carrie\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\Josh Vance\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\kyleand\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\hfacfit02\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\racspaprep\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\bacspaprep\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\office\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\judy\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\gm\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\IanTS\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\KirstenTS\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\bactrain\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\baccommon\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\baccc\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\bacspa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\bacfdspa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\bacfd01\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\peggyTS\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\brynts\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\ben\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\jasonts\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\jason\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\bacgm\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\racfdspa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\raccc\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\racbstr\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\hfacfdspa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\hfacgrp\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\hfacfit\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\hfacbstr\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\hfacom\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:59 PM OK C:\documents and settings\hfacfd02\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\hfacfd01\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\hfacbus02\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\hfacbus01\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\racfd01\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\ruthts\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\mariah\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\ruth\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\robin\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\peggy\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\bryn\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\dennis\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\rob\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\anne\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\test\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\ali\local settings\temp\_uninst_64161619.bat
3/30/2012 3:50:58 PM OK C:\documents and settings\ali\Start Menu\Programs\Startup\_uninst_64161619.lnk
3/30/2012 3:50:58 PM OK C:\documents and settings\ali\local settings\temp\4985889\0174072.exe
3/30/2012 3:50:58 PM OK C:\documents and settings\ali\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\wdcfj\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\ASPNET\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\Administrator\Start Menu\Programs\Startup\_uninst_14236367.lnk
3/30/2012 3:50:58 PM OK C:\documents and settings\Administrator\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:50:58 PM OK C:\WINDOWS\system32\winrnr.dll
3/30/2012 3:50:58 PM OK C:\WINDOWS\SysWOW64\winrnr.dll
3/30/2012 3:50:58 PM OK C:\WINDOWS\SysWOW64\mswsock.dll
3/30/2012 3:50:58 PM OK C:\WINDOWS\system32\msfeedssync.exe
3/30/2012 3:50:57 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\wldap32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\wldap32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\wininet.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\wininet.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\version.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\version.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\user32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\user32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\url.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\url.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\rpcrt4.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\rpcrt4.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\olesvr32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\olesvr32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\olecnv32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\olecnv32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\olecli32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\olecli32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\oleaut32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\oleaut32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\ole32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\ole32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\lz32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\lz32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\kernel32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\kernel32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\imagehlp.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\imagehlp.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\gdi32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\gdi32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\SysWOW64\comdlg32.dll
3/30/2012 3:50:57 PM OK C:\WINDOWS\system32\comdlg32.dll
3/30/2012 3:50:56 PM OK C:\WINDOWS\SysWOW64\advapi32.dll
3/30/2012 3:50:38 PM OK C:\WINDOWS\regedit.exe
3/30/2012 3:50:38 PM OK C:\WINDOWS\SysWOW64\regedit.exe
3/30/2012 3:50:35 PM OK C:\WINDOWS\system32\notepad.exe
3/30/2012 3:50:35 PM OK C:\WINDOWS\SysWOW64\notepad.exe
3/30/2012 3:50:29 PM OK C:\WINDOWS\SysWOW64\mshta.exe
3/30/2012 3:50:18 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
3/30/2012 3:50:16 PM OK C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL
3/30/2012 3:50:15 PM OK C:\WINDOWS\system32\winsrv.dll
3/30/2012 3:50:15 PM OK C:\WINDOWS\system32\basesrv.dll
3/30/2012 3:50:15 PM OK C:\WINDOWS\system32\csrss.exe
3/30/2012 3:50:14 PM OK C:\WINDOWS\system32\kbdus.dll
3/30/2012 3:50:14 PM OK C:\WINDOWS\system32\digest.dll
3/30/2012 3:50:14 PM OK C:\WINDOWS\system32\schannel.dll
3/30/2012 3:50:14 PM OK C:\WINDOWS\system32\iprtrmgr.dll
3/30/2012 3:50:13 PM OK C:\WINDOWS\system32\dskquota.dll
3/30/2012 3:50:13 PM OK C:\WINDOWS\system32\fdeploy.dll
3/30/2012 3:50:13 PM OK C:\WINDOWS\system32\gpprefcl.dll
3/30/2012 3:50:13 PM OK C:\WINDOWS\SysWOW64\appmgmts.dll
3/30/2012 3:50:13 PM OK C:\WINDOWS\SysWOW64\cscui.dll
3/30/2012 3:50:13 PM OK C:\WINDOWS\SysWOW64\scecli.dll
3/30/2012 3:50:13 PM OK C:\WINDOWS\system32\gptext.dll
3/30/2012 3:50:13 PM OK C:\WINDOWS\SysWOW64\dskquota.dll
3/30/2012 3:50:13 PM OK C:\WINDOWS\SysWOW64\fdeploy.dll
3/30/2012 3:50:13 PM OK C:\WINDOWS\SysWOW64\gptext.dll
3/30/2012 3:50:03 PM OK C:\WINDOWS\system32\sysdm.cpl
3/30/2012 3:50:03 PM OK C:\WINDOWS\SysWOW64\sysdm.cpl
3/30/2012 3:50:03 PM OK C:\WINDOWS\system32\usrlogon.cmd
3/30/2012 3:50:03 PM OK C:\WINDOWS\system32\subst.exe
3/30/2012 3:50:03 PM OK C:\WINDOWS\system32\net.exe
3/30/2012 3:50:03 PM OK C:\WINDOWS\Application Compatibility Scripts\setpaths.cmd
3/30/2012 3:50:03 PM OK C:\WINDOWS\system32\more.com
3/30/2012 3:50:03 PM OK C:\WINDOWS\Application Compatibility Scripts\acregl.exe
3/30/2012 3:50:00 PM OK C:\WINDOWS\system32\logonui.exe
3/30/2012 3:50:00 PM OK C:\WINDOWS\SysWOW64\logonui.exe
3/30/2012 3:50:00 PM OK C:\WINDOWS\system32\wiascr.dll
3/30/2012 3:50:00 PM OK C:\WINDOWS\SysWOW64\wiascr.dll
3/30/2012 3:50:00 PM OK C:\WINDOWS\SysWOW64\mshtml.dll
3/30/2012 3:50:00 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
3/30/2012 3:49:59 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
3/30/2012 3:49:59 PM OK C:\WINDOWS\system32\inetcomm.dll
3/30/2012 3:49:58 PM OK C:\WINDOWS\SysWOW64\inetcomm.dll
3/30/2012 3:49:58 PM OK C:\WINDOWS\system32\itss.dll
3/30/2012 3:49:58 PM OK C:\WINDOWS\SysWOW64\itss.dll
3/30/2012 3:49:58 PM OK C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL
3/30/2012 3:49:58 PM OK C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL/#
3/30/2012 3:49:58 PM OK C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL/#
3/30/2012 3:49:57 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
3/30/2012 3:49:57 PM OK C:\WINDOWS\system32\rdpclip.exe
3/30/2012 3:49:49 PM OK C:\Program Files (x86)\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll
3/30/2012 3:49:49 PM OK C:\WINDOWS\system32\Macromed\Flash\Flash64_11_1_102.ocx
3/30/2012 3:49:49 PM OK C:\WINDOWS\SysWOW64\Macromed\Flash\Flash11g.ocx
3/30/2012 3:49:33 PM OK C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
3/30/2012 3:49:33 PM OK C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll
3/30/2012 3:49:33 PM OK C:\WINDOWS\system32\muweb.dll
3/30/2012 3:49:33 PM OK C:\WINDOWS\system32\wuweb.dll
3/30/2012 3:49:33 PM OK C:\WINDOWS\Downloaded Program Files\RACtrl.dll
3/30/2012 3:49:32 PM OK C:\WINDOWS\Downloaded Program Files\RACtrl.dll/data0577.res
3/30/2012 3:49:32 PM OK C:\WINDOWS\SysWOW64\ractrlkeyhook.dll
3/30/2012 3:49:32 PM OK C:\WINDOWS\Downloaded Program Files\LMIProxyHelper.exe
3/30/2012 3:49:32 PM OK C:\WINDOWS\Downloaded Program Files\LMIGuardian.exe
3/30/2012 3:49:32 PM OK C:\WINDOWS\Downloaded Program Files\LMIGuardianDll.dll
3/30/2012 3:49:32 PM OK C:\WINDOWS\Downloaded Program Files\LMIGuardianEvt.dll
3/30/2012 3:51:14 PM OK \Device\Harddisk0\DR0
3/30/2012 3:51:13 PM OK \Device\HarddiskVolume1
3/30/2012 3:51:13 PM OK C
3/30/2012 3:51:13 PM OK Unknown application
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\xpsp2res.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wtsapi32.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\ws2help.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\ws2_32.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wow64win.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wow64cpu.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wow64.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wintrust.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\winsta.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\winmm.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wbem\wmiadap.exe
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wbem\wbemsvc.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wbem\wbemprox.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wbem\wbemcomn.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wbem\mofd.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\wbem\fastprox.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\uxtheme.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\utildll.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\userenv.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\tsappcmp.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\taskmgr.exe
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\tapi32.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\setupapi.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\samlib.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\runonce.exe
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\rtutils.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\rsaenh.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\psapi.dll
3/30/2012 3:51:13 PM OK C:\WINDOWS\system32\ntmarta.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\ntdsapi.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\netapi32.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\net1.exe
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\msvcp60.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\msasn1.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\loadperf.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\iphlpapi.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\grpconv.exe
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\dnsapi.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\comres.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\clbcatq.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\cabinet.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\system32\browselc.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\WindowsShell.Manifest
3/30/2012 3:51:12 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.4770_x-ww_A689AB02\comctl32.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\WinSxS\amd64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_3807D667\comctl32.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\WinSxS\amd64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.4770_x-ww_D89390E2\comctl32.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\xpsp2res.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\xmllite.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\wzcsvc.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\wzcsapi.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\wtsapi32.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\wsock32.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\wshtcpip.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\ws2help.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\ws2_32.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\wmi.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\wintrust.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\winsta.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\winspool.drv
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\winmm.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\uxtheme.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\userenv.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\tsappcmp.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\tapi32.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\sxs.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\shimeng.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\shfolder.dll
3/30/2012 3:51:12 PM OK C:\WINDOWS\SysWOW64\setupapi.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\sensapi.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\schannel.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\samlib.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\rtutils.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\rsaenh.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\riched32.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\riched20.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\rasman.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\rasapi32.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\rasadhlp.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\psapi.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\pngfilt.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\oleacc.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\ntshrui.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\ntdsapi.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\netrap.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\netmsg.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\netman.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\netapi32.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\net1.exe
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\net.exe
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\msxml3r.dll
3/30/2012 3:51:11 PM OK C:\WINDOWS\SysWOW64\msxml3.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\msv1_0.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\msls31.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\msimg32.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\msi.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\msasn1.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\mprapi.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\mlang.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\mapi32.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\linkinfo.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\jscript.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\iphlpapi.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\imm32.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\imgutil.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\ieui.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\iepeers.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\hnetcfg.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\fltlib.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\esent.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\dssenh.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\dnsapi.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\digest.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\dhcpcsvc.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\dbgeng.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\cryptdll.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\credui.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\comres.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\clusapi.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\clbcatq.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\apphelp.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\adsldpc.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\actxprxy.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\activeds.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\MSIMTF.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\SysWOW64\MSCTF.dll
3/30/2012 3:51:08 PM OK C:\WINDOWS\AppPatch\acwow64.dll
3/30/2012 3:51:08 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLLIB.DLL
3/30/2012 3:51:08 PM OK C:\Program Files (x86)\Internet Explorer\xpshims.dll
3/30/2012 3:51:08 PM OK C:\Program Files (x86)\Internet Explorer\sqmapi.dll
3/30/2012 3:51:08 PM OK C:\Program Files (x86)\Internet Explorer\ieproxy.dll
3/30/2012 3:51:08 PM OK C:\documents and settings\ali\local settings\temp\rarsfx0\helper64.exe
3/30/2012 3:51:08 PM OK C:\documents and settings\ali\local settings\temp\rarsfx0\0174072rar.exe
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\wmihlpr.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\winreg.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\wdiskio.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\volenum.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\ushata.dll
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\updater.dll
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\uniarc.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\tm.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\timer.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\thpimpl.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\sfdb.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\schedule.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\reportdb.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\report.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\regmap.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\qb.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\pxstub.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\prtransp.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\prremote.dll
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\proxydet.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\propmap.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\procmon.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\prloader.dll
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\params.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\ods.ppl
3/30/2012 3:51:07 PM OK C:\documents and settings\ali\local settings\temp\4985889\nfio.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\ndetect.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\msoe.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\mkavio.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\minizip.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\memscan.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\memmodsc.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\memmng.dll
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\memmng.dll
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\mdb.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\mailmsg.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\klsrlsvc.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\icheck3.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\hashsha1.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\hashmd5.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\fssync.dll
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\fsdrvplg.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\filemap.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\dtreg.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\dmap.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\diffs.dll
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\crpthlpr.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\clldr.dll
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\clldr.dll
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\btdisk.ppl
3/30/2012 3:51:06 PM OK C:\documents and settings\ali\local settings\temp\4985889\bl.ppl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\bases\vlns.kdl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\bases\qscan.kdl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\bases\pbs.kdl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\bases\mark.kdl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\bases\klavemu.kdl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\bases\kjim.kdl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\bases\kavsys.kdl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\bases\kavbase.kdl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\bases\avpcure.kdl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\basegui.ppl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\avzkrnl.dll
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\avspm.ppl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\avs.ppl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\avpgui.ppl
3/30/2012 3:51:05 PM OK C:\documents and settings\ali\local settings\temp\4985889\avlib.ppl
3/30/2012 3:51:05 PM OK C:\ntldr
3/30/2012 3:51:05 PM OK C:\WINDOWS\system32\drivers\etc\hosts
3/30/2012 3:51:04 PM OK C:\documents and settings\Default User\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:04 PM OK C:\documents and settings\administrator.SIVERS\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:04 PM OK C:\documents and settings\jpatton\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:04 PM OK C:\documents and settings\npartridge\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:04 PM OK C:\documents and settings\RAC-Temp\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:04 PM OK C:\documents and settings\rac-fdspa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:04 PM OK C:\documents and settings\hfac-fdspa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:04 PM OK C:\documents and settings\bac-fdspa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\rac-event\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\oactest\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\rac-kclead\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\hfac-spatech\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\rac-spatech\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\bac-spatech\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\espontak\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\hfac-membership4\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\mabernathy\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\mmorioka\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\ian dite\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\lbell\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\BAC-Membership4\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\dhuber\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\szerbe\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\office3\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\office2\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\office1\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\lsinclair\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\bac-spa\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\egallagher\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\oac-promo\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\rac-membership3\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\gvillarreal\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\rac-office2\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\bherrerapfrehm\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\oac-communication\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\rac-membership2\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\OAC-copier\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\jstein.SIVERS\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\rac-triathlon\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\bac-membership2\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\oac-weightloss\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:03 PM OK C:\documents and settings\jmcfarland\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\infooac\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\lmooney\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\bbaldessari\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\sgatt\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\ekarrigan\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\dhaun\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\info\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\jdorn\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\rac-fdstaff\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\bac-family\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\hfac-family\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\rac-family\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\sloughney\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\kgeist\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\hfac-tri\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\bac-youth\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:51:02 PM OK C:\documents and settings\BAC-Businessoffice\Start Menu\Programs\Startup\desktop.ini
3/30/2012 3:49:32 PM OK C:\WINDOWS\Downloaded Program Files\gp.ocx
3/30/2012 3:49:31 PM OK C:\WINDOWS\SysWOW64\atl.dll
3/30/2012 3:49:31 PM OK C:\WINDOWS\Downloaded Program Files\ieatgpc.dll
3/30/2012 3:49:31 PM OK C:\WINDOWS\Downloaded Program Files\PtDownloader.dll
3/30/2012 3:49:31 PM OK C:\WINDOWS\Downloaded Program Files\PtBrkr.exe
3/30/2012 3:49:31 PM OK C:\WINDOWS\SysWOW64\muweb.dll
3/30/2012 3:49:31 PM OK C:\WINDOWS\SysWOW64\muweb.dll/data0013.res
3/30/2012 3:49:31 PM OK C:\WINDOWS\SysWOW64\wuweb.dll
3/30/2012 3:49:31 PM OK C:\WINDOWS\SysWOW64\LegitCheckControl.DLL
3/30/2012 3:49:31 PM OK C:\WINDOWS\Downloaded Program Files\MSDcode.dll
3/30/2012 3:49:31 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\IEAWSDC.DLL
3/30/2012 3:49:31 PM OK C:\WINDOWS\system32\ntsd.exe
3/30/2012 3:49:31 PM OK C:\WINDOWS\SysWOW64\ntsd.exe
3/30/2012 3:49:31 PM OK C:\Program Files\Outlook Express\wabmig.exe
3/30/2012 3:49:31 PM OK C:\Program Files\Outlook Express\wab.exe
3/30/2012 3:49:31 PM OK C:\Program Files\Recuva\Recuva64.exe
3/30/2012 3:49:30 PM OK C:\WINDOWS\system32\mspaint.exe
3/30/2012 3:49:30 PM OK C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
3/30/2012 3:49:30 PM OK C:\Program Files\Outlook Express\msimn.exe
3/30/2012 3:49:30 PM OK C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
3/30/2012 3:49:30 PM OK C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe
3/30/2012 3:49:30 PM OK C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
3/30/2012 3:49:30 PM OK C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
3/30/2012 3:49:30 PM OK C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
3/30/2012 3:49:30 PM OK C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
3/30/2012 3:49:30 PM OK C:\WINDOWS\Cluster\CluAdmin.exe
3/30/2012 3:49:30 PM OK C:\Program Files\CCleaner\CCleaner64.exe
3/30/2012 3:49:29 PM OK C:\WINDOWS\SysWOW64\XPSViewer\XPSViewer.exe
3/30/2012 3:49:29 PM OK C:\Program Files (x86)\Windows Media Player\wmplayer.exe
3/30/2012 3:49:29 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
3/30/2012 3:49:28 PM OK C:\Program Files (x86)\Outlook Express\wabmig.exe
3/30/2012 3:49:28 PM OK C:\Program Files (x86)\Outlook Express\wab.exe
3/30/2012 3:49:28 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\1033\SCHDPL32.EXE
3/30/2012 3:49:28 PM OK C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
3/30/2012 3:49:28 PM OK C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
3/30/2012 3:49:27 PM OK C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
3/30/2012 3:49:26 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\POWERPNT.EXE
3/30/2012 3:49:26 PM OK C:\Program Files (x86)\QuickTime\PictureViewer.exe
3/30/2012 3:49:26 PM OK C:\WINDOWS\SysWOW64\mspaint.exe
3/30/2012 3:49:26 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
3/30/2012 3:49:26 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\OIS.EXE
3/30/2012 3:49:26 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE
3/30/2012 3:49:25 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\MSPUB.EXE
3/30/2012 3:49:25 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE
3/30/2012 3:49:25 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
3/30/2012 3:49:25 PM OK C:\Program Files (x86)\Outlook Express\msimn.exe
3/30/2012 3:49:25 PM OK C:\Program Files (x86)\Windows Media Player\mplayer2.exe
3/30/2012 3:49:25 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
3/30/2012 3:49:23 PM OK C:\Program Files (x86)\Java\jre6\bin\javaws.exe
3/30/2012 3:49:23 PM OK C:\Program Files (x86)\Internet Explorer\Connection Wizard\isignup.exe
3/30/2012 3:49:23 PM OK C:\Program Files (x86)\Internet Explorer\Connection Wizard\inetwiz.exe
3/30/2012 3:49:23 PM OK C:\Program Files (x86)\Internet Explorer\iexplore.exe
3/30/2012 3:49:23 PM OK C:\Program Files (x86)\Internet Explorer\Connection Wizard\icwconn2.exe
3/30/2012 3:49:23 PM OK C:\Program Files (x86)\Internet Explorer\Connection Wizard\icwconn1.exe
3/30/2012 3:49:23 PM OK C:\WINDOWS\dialer.exe
3/30/2012 3:49:23 PM OK C:\Program Files (x86)\NetMeeting\conf.exe
3/30/2012 3:49:23 PM OK C:\WINDOWS\SysWOW64\cmcfg32.dll
3/30/2012 3:49:23 PM OK C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
3/30/2012 3:49:15 PM OK C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
3/30/2012 3:49:15 PM OK C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
3/30/2012 3:49:15 PM OK C:\Program Files (x86)\Java\jre6\bin\ssv.dll
3/30/2012 3:49:15 PM OK C:\WINDOWS\system32\mscoree.dll
3/30/2012 3:49:14 PM OK C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
3/30/2012 3:49:04 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
3/30/2012 3:48:52 PM OK C:\WINDOWS\system32\xpsshhdr.dll
3/30/2012 3:48:52 PM OK C:\WINDOWS\system32\vssui.dll
3/30/2012 3:48:52 PM OK C:\WINDOWS\system32\wuaucpl.cpl
3/30/2012 3:48:52 PM OK C:\WINDOWS\system32\remotepg.dll
3/30/2012 3:48:51 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\msoshext.dll
3/30/2012 3:48:50 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\MSOHEV.DLL
3/30/2012 3:48:50 PM OK C:\WINDOWS\system32\mshtml.dll
3/30/2012 3:48:49 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\OLKFSTUB.DLL
3/30/2012 3:48:49 PM OK C:\Program Files (x86)\Microsoft Office\OFFICE11\MLSHEXT.DLL
3/30/2012 3:48:49 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
3/30/2012 3:48:49 PM OK C:\WINDOWS\system32\dfshim.dll
3/30/2012 3:48:49 PM OK C:\WINDOWS\SysWOW64\dfshim.dll
3/30/2012 3:48:49 PM OK C:\WINDOWS\system32\wmpshell.dll
3/30/2012 3:48:49 PM OK C:\WINDOWS\SysWOW64\wmpshell.dll
3/30/2012 3:48:48 PM OK C:\WINDOWS\SysWOW64\audiodev.dll
3/30/2012 3:48:48 PM OK C:\Program Files\Outlook Express\wabfind.dll
3/30/2012 3:48:48 PM OK C:\Program Files (x86)\Outlook Express\wabfind.dll
3/30/2012 3:48:48 PM OK C:\WINDOWS\system32\cabview.dll
3/30/2012 3:48:48 PM OK C:\WINDOWS\system32\mmcshext.dll
3/30/2012 3:48:48 PM OK C:\WINDOWS\SysWOW64\mmcshext.dll
3/30/2012 3:48:48 PM OK C:\WINDOWS\system32\photowiz.dll
3/30/2012 3:48:48 PM OK C:\WINDOWS\SysWOW64\photowiz.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\wiashext.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\dfsshlex.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\SysWOW64\dfsshlex.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\msagent64\agentpsh.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\msagent\agentpsh.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\cscui.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\mydocs.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\SysWOW64\mydocs.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\dsuiext.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\SysWOW64\dsuiext.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\dsquery.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\SysWOW64\dsquery.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\docprop2.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\SysWOW64\docprop2.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\msieftp.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\SysWOW64\msieftp.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\twext.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\SysWOW64\twext.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\extmgr.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\SysWOW64\extmgr.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\system32\zipfldr.dll
3/30/2012 3:48:47 PM OK C:\WINDOWS\SysWOW64\zipfldr.dll
3/30/2012 3:48:46 PM OK C:\WINDOWS\system32\netplwiz.dll
3/30/2012 3:48:46 PM OK C:\WINDOWS\SysWOW64\netplwiz.dll
3/30/2012 3:48:45 PM OK C:\WINDOWS\system32\shimgvw.dll
3/30/2012 3:48:45 PM OK C:\WINDOWS\SysWOW64\shimgvw.dll
3/30/2012 3:48:45 PM OK C:\WINDOWS\system32\appwiz.cpl
3/30/2012 3:48:45 PM OK C:\WINDOWS\SysWOW64\appwiz.cpl
3/30/2012 3:48:45 PM OK C:\WINDOWS\SysWOW64\webcheck.dll
3/30/2012 3:48:45 PM OK C:\WINDOWS\system32\occache.dll
3/30/2012 3:48:45 PM OK C:\WINDOWS\system32\sendmail.dll
3/30/2012 3:48:45 PM OK C:\WINDOWS\SysWOW64\sendmail.dll
3/30/2012 3:48:45 PM OK C:\WINDOWS\SysWOW64\ieframe.dll
3/30/2012 3:48:42 PM OK C:\WINDOWS\SysWOW64\shdocvw.dll
3/30/2012 3:48:42 PM OK C:\WINDOWS\system32\ieframe.dll
3/30/2012 3:48:42 PM OK C:\WINDOWS\system32\shmedia.dll
3/30/2012 3:48:42 PM OK C:\WINDOWS\SysWOW64\shmedia.dll
3/30/2012 3:48:41 PM OK C:\WINDOWS\system32\shdocvw.dll
3/30/2012 3:48:41 PM OK C:\WINDOWS\system32\mstask.dll
3/30/2012 3:48:41 PM OK C:\WINDOWS\SysWOW64\mstask.dll
3/30/2012 3:48:41 PM OK C:\Program Files\Common Files\System\Ole DB\oledb32.dll
3/30/2012 3:48:41 PM OK C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
3/30/2012 3:48:41 PM OK C:\WINDOWS\system32\wshext.dll
3/30/2012 3:48:41 PM OK C:\WINDOWS\SysWOW64\wshext.dll
3/30/2012 3:48:41 PM OK C:\WINDOWS\system32\netshell.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\SysWOW64\netshell.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\system32\cryptext.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\SysWOW64\cryptext.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\system32\deskperf.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\system32\fontext.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\system32\syncui.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\system32\dskquoui.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\system32\printui.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\system32\ntlanui2.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\system32\diskcopy.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\system32\shscrap.dll
3/30/2012 3:48:40 PM OK C:\WINDOWS\system32\slayerxp.dll
3/30/2012 3:48:39 PM OK C:\WINDOWS\system32\dssec.dll
3/30/2012 3:48:39 PM OK C:\WINDOWS\system32\deskmon.dll
3/30/2012 3:48:39 PM OK C:\WINDOWS\system32\deskadp.dll
3/30/2012 3:48:39 PM OK C:\WINDOWS\system32\ntshrui.dll
3/30/2012 3:48:39 PM OK C:\WINDOWS\system32\docprop.dll
3/30/2012 3:48:38 PM OK C:\WINDOWS\system32\rshx32.dll
3/30/2012 3:48:38 PM OK C:\WINDOWS\system32\icmui.dll
3/30/2012 3:48:38 PM OK C:\WINDOWS\system32\mmsys.cpl
3/30/2012 3:48:27 PM OK C:\WINDOWS\system32\setup.exe
3/30/2012 3:48:27 PM OK C:\WINDOWS\system32\telnet.exe
3/30/2012 3:48:27 PM OK C:\WINDOWS\system32\login.cmd
3/30/2012 3:48:17 PM OK C:\WINDOWS\system32\browseui.dll
3/30/2012 3:48:17 PM OK C:\WINDOWS\SysWOW64\browseui.dll
3/30/2012 3:48:12 PM OK C:\WINDOWS\system32\logon.scr
3/30/2012 3:48:10 PM OK C:\WINDOWS\system32\stobject.dll
3/30/2012 3:48:10 PM OK C:\WINDOWS\SysWOW64\stobject.dll
3/30/2012 3:48:10 PM OK C:\WINDOWS\system32\webcheck.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\msacm32.drv
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\tsbyuv.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\msvidc32.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\msrle32.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\msgsm32.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\msg711.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\msadp32.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\imaadp32.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\midimap.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\l3codeca.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msh261.drv
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msg723.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\sl_anet.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msaud32.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msacm32.drv
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\tsbyuv.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\msyuv.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msyuv.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msvidc32.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msrle32.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\iyuv_32.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msh263.drv
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\tssoft32.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msgsm32.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msg711.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\msadp32.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\imaadp32.acm
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\midimap.dll
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\timer.drv
3/30/2012 3:48:04 PM OK C:\WINDOWS\system32\progman.exe
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\sound.drv
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\progman.exe
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\keyboard.drv
3/30/2012 3:48:04 PM OK C:\WINDOWS\SysWOW64\mmsystem.dll
3/30/2012 3:47:46 PM OK C:\WINDOWS\system32\mscories.dll
3/30/2012 3:47:45 PM OK C:\WINDOWS\system32\shell32.dll
3/30/2012 3:47:45 PM OK C:\WINDOWS\system32\urlmon.dll
3/30/2012 3:47:45 PM OK C:\WINDOWS\system32\themeui.dll
3/30/2012 3:47:45 PM OK C:\WINDOWS\system32\regsvr32.exe
3/30/2012 3:47:45 PM OK C:\WINDOWS\SysWOW64\urlmon.dll
3/30/2012 3:47:45 PM OK C:\WINDOWS\system32\iedkcs32.dll
3/30/2012 3:47:45 PM OK C:\WINDOWS\system32\ie4uinit.exe
3/30/2012 3:47:45 PM OK C:\WINDOWS\system32\ieudinit.exe
3/30/2012 3:47:45 PM OK C:\WINDOWS\system32\iesetup.dll
3/30/2012 3:47:45 PM OK C:\WINDOWS\SysWOW64\iesetup.dll
3/30/2012 3:47:45 PM OK C:\WINDOWS\SysWOW64\mscories.dll
3/30/2012 3:47:45 PM OK C:\WINDOWS\SysWOW64\shell32.dll
3/30/2012 3:47:45 PM OK C:\WINDOWS\inf\wmp.inf
3/30/2012 3:47:44 PM OK C:\WINDOWS\inf\msnetmtg.inf
3/30/2012 3:47:44 PM OK C:\WINDOWS\system32\advpack.dll
3/30/2012 3:47:44 PM OK C:\WINDOWS\SysWOW64\user.exe
3/30/2012 3:47:44 PM OK C:\Program Files (x86)\Outlook Express\setup50.exe
3/30/2012 3:47:44 PM OK C:\Program Files (x86)\Outlook Express\setup50.exe/#
3/30/2012 3:47:44 PM OK C:\WINDOWS\SysWOW64\themeui.dll
3/30/2012 3:47:44 PM OK C:\WINDOWS\SysWOW64\regsvr32.exe
3/30/2012 3:47:44 PM OK C:\WINDOWS\inf\mplayer2.inf
3/30/2012 3:47:44 PM OK C:\WINDOWS\SysWOW64\advpack.dll
3/30/2012 3:47:44 PM OK C:\WINDOWS\SysWOW64\iedkcs32.dll
3/30/2012 3:47:44 PM OK C:\WINDOWS\SysWOW64\rundll32.exe
3/30/2012 3:47:43 PM OK C:\WINDOWS\SysWOW64\ie4uinit.exe
3/30/2012 3:47:43 PM OK C:\WINDOWS\inf\unregmp2.exe
3/30/2012 3:47:43 PM OK C:\WINDOWS\inf\unregmp2.exe/#
3/30/2012 3:47:42 PM OK C:\WINDOWS\SysWOW64\ieudinit.exe
3/30/2012 3:47:42 PM OK C:\WINDOWS\system32\scecli.dll
3/30/2012 3:47:42 PM OK C:\WINDOWS\system32\wdigest.dll
3/30/2012 3:47:42 PM OK C:\WINDOWS\system32\kdcsvc.dll
3/30/2012 3:47:42 PM OK C:\WINDOWS\system32\rassfm.dll
3/30/2012 3:47:41 PM OK C:\WINDOWS\system32\bootdelete.exe
3/30/2012 3:47:41 PM OK C:\WINDOWS\system32\autochk.exe
3/30/2012 3:47:41 PM OK C:\WINDOWS\system32\drivers\ws2ifsl.sys
3/30/2012 3:47:41 PM OK C:\WINDOWS\system32\wbem\wmiapsrv.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\wlbs.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\wanarp.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\vssvc.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\volsnap.sys
3/30/2012 3:47:40 PM OK C:\documents and settings\All Users\Application Data\VMware\VMware vCenter Converter Standalone Agent\converter-agent.xml
3/30/2012 3:47:40 PM OK C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone Agent\vmware-converter-a.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\vga.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\vgapnp.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\vds.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\VBoxVideo.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\VBoxSF.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\VBoxService.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\VBoxMouse.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\VBoxGuest.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\usbuhci.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\usbohci.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\usbhub.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\usbehci.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\usbccgp.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\ups.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\update.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\wdfmgr.exe
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\drivers\udfs.sys
3/30/2012 3:47:40 PM OK C:\WINDOWS\system32\tssdis.exe
3/30/2012 3:46:18 PM OK winlogon.exe\ntmarta.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\authz.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\imagehlp.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\sfc_os.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\wintrust.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\shsvcs.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\regapi.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\es.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\winmm.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\sfc.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\ntdsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\cryptdll.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\setupapi.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\cscui.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\cscdll.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\winsta.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\crypt32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\msasn1.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\davclnt.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\sxs.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\wlnotify.dll
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\nddeapi.dll
3/30/2012 3:46:18 PM OK winlogon.exe\msgina.dll
3/30/2012 3:46:18 PM OK winlogon.exe\wlnotify.dll
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\profmap.dll
3/30/2012 3:46:18 PM OK winlogon.exe\nddeapi.dll
3/30/2012 3:46:18 PM OK winlogon.exe\profmap.dll
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\cryptnet.dll
3/30/2012 3:46:18 PM OK winlogon.exe\fastprox.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\wbemcomn.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\wbemprox.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\wbemsvc.dll
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\sensapi.dll
3/30/2012 3:46:18 PM OK winlogon.exe\cryptnet.dll
3/30/2012 3:46:18 PM OK winlogon.exe\winspool.drv Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\winscard.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\tsappcmp.dll
3/30/2012 3:46:18 PM OK winlogon.exe\sensapi.dll
3/30/2012 3:46:18 PM OK winlogon.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\dimsntfy.dll
3/30/2012 3:46:18 PM OK winlogon.exe\tsappcmp.dll
3/30/2012 3:46:18 PM OK winlogon.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\mpr.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\uxtheme.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\samlib.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\comctl32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\sclgntfy.dll
3/30/2012 3:46:18 PM OK winlogon.exe\dimsntfy.dll
3/30/2012 3:46:18 PM OK winlogon.exe\netui0.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\netui1.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\ntlanman.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK C:\WINDOWS\system32\winlogon.exe
3/30/2012 3:46:18 PM OK winlogon.exe\sclgntfy.dll
3/30/2012 3:46:18 PM OK winlogon.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\iphlpapi.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\VBoxMRXNP.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\winlogon.exe
3/30/2012 3:46:18 PM OK winlogon.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\rsaenh.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\xpsp2res.dll
3/30/2012 3:46:18 PM OK winlogon.exe\msvcp60.dll Object was not changed (iChecker)
3/30/2012 3:46:18 PM OK winlogon.exe\drprov.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\scesrv.dll
3/30/2012 3:46:17 PM OK services.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\wtsapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\authz.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\winsta.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\umpnpmgr.dll
3/30/2012 3:46:17 PM OK services.exe\scesrv.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\eventlog.dll
3/30/2012 3:46:17 PM OK services.exe\umpnpmgr.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\services.exe
3/30/2012 3:46:17 PM OK services.exe\eventlog.dll
3/30/2012 3:46:17 PM OK services.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\ncobjapi.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\services.exe
3/30/2012 3:46:17 PM OK services.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK services.exe\msvcp60.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\schannel.dll
3/30/2012 3:46:17 PM OK lsass.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\dnsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\msv1_0.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\authz.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\schannel.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\oakley.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\lsasrv.dll
3/30/2012 3:46:17 PM OK lsass.exe\w32time.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\ntdsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\cryptdll.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\setupapi.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\crypt32.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\msasn1.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:17 PM OK lsass.exe\oakley.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\netlogon.dll
3/30/2012 3:46:17 PM OK lsass.exe\lsasrv.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\samsrv.dll
3/30/2012 3:46:17 PM OK lsass.exe\netlogon.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\scecli.dll
3/30/2012 3:46:17 PM OK lsass.exe\samsrv.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\ipsecsvc.dll
3/30/2012 3:46:17 PM OK lsass.exe\scecli.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\psbase.dll
3/30/2012 3:46:17 PM OK lsass.exe\ipsecsvc.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\pstorsvc.dll
3/30/2012 3:46:17 PM OK lsass.exe\psbase.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\wdigest.dll
3/30/2012 3:46:17 PM OK lsass.exe\pstorsvc.dll
3/30/2012 3:46:17 PM OK lsass.exe\wdigest.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\msprivs.dll
3/30/2012 3:46:17 PM OK lsass.exe\winipsec.dll
3/30/2012 3:46:17 PM OK C:\WINDOWS\system32\ntdsa.dll
3/30/2012 3:46:17 PM OK lsass.exe\msprivs.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\ntdsatq.dll
3/30/2012 3:46:16 PM OK lsass.exe\ntdsa.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\kdcsvc.dll
3/30/2012 3:46:16 PM OK lsass.exe\ntdsatq.dll
3/30/2012 3:46:16 PM OK lsass.exe\kerberos.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\mpr.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\mswsock.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\wshtcpip.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\samlib.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\esent.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\hnetcfg.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\kdcsvc.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\rassfm.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\wlbsctrl.dll
3/30/2012 3:46:16 PM OK lsass.exe\rassfm.dll
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\lsass.exe
3/30/2012 3:46:16 PM OK lsass.exe\wlbsctrl.dll
3/30/2012 3:46:16 PM OK lsass.exe\wshqos.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\iphlpapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\dssenh.dll
3/30/2012 3:46:16 PM OK lsass.exe\lsass.exe
3/30/2012 3:46:16 PM OK lsass.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\ws03res.dll
3/30/2012 3:46:16 PM OK lsass.exe\dssenh.dll
3/30/2012 3:46:16 PM OK lsass.exe\rsaenh.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK lsass.exe\ws03res.dll
3/30/2012 3:46:16 PM OK lsass.exe\msvcp60.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\version.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\comres.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\clbcatq.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rpcss.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\svchost.exe Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rsaenh.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\xpsp2res.dll
3/30/2012 3:46:16 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\version.dll
3/30/2012 3:46:16 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\rpcss.dll
3/30/2012 3:46:16 PM OK svchost.exe\comres.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\clbcatq.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\mswsock.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wshtcpip.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\hnetcfg.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wshqos.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\iphlpapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rpcss.dll
3/30/2012 3:46:16 PM OK svchost.exe\svchost.exe Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rsaenh.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\xpsp2res.dll
3/30/2012 3:46:16 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wtsapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\dnsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rasapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\tapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rasman.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK C:\WINDOWS\system32\dnsrslvr.dll
3/30/2012 3:46:16 PM OK svchost.exe\activeds.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\adsldpc.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\netman.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\rtutils.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\dhcpcsvc.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\mprapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\credui.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\psapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\winmm.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\atl.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\dnsrslvr.dll
3/30/2012 3:46:16 PM OK svchost.exe\setupapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\winsta.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\crypt32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\msasn1.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\netshell.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\clusapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wzcsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\mswsock.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\wshtcpip.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\samlib.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\esent.dll Object was not changed (iChecker)
3/30/2012 3:46:16 PM OK svchost.exe\hnetcfg.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\spoolss.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\inetpp.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\win32spl.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\spoolss.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\cnbjmon.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\win32spl.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\icmp.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\cnbjmon.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\pjlmon.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\icmp.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\tcpmon.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\pjlmon.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\winspool.drv Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\usbmon.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\tcpmon.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\tcpmib.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\usbmon.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\mgmtapi.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\tcpmib.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\wsnmp32.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\mgmtapi.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\wsnmp32.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\snmpapi.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\wshtcpip.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\snmpapi.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\hnetcfg.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\mswsock.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\wshtcpip.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\samlib.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\wsock32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\netrap.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\hnetcfg.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\netrap.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\wshqos.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\spoolsv.exe
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\spool\prtprocs\x64\DKABJ74C.DLL
3/30/2012 3:46:13 PM OK spoolsv.exe\wshqos.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\iphlpapi.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\spoolsv.exe
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\spool\prtprocs\x64\TPWinPrn.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK spoolsv.exe\DKABJ74C.DLL
3/30/2012 3:46:13 PM OK spoolsv.exe\TPWinPrn.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\spool\prtprocs\x64\hpzpp5in.DLL
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\spool\prtprocs\x64\hpzpp054.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\filterpipelineprintproc.dll
3/30/2012 3:46:13 PM OK spoolsv.exe\hpzpp5in.DLL
3/30/2012 3:46:13 PM OK spoolsv.exe\hpzpp054.dll
3/30/2012 3:46:13 PM OK msdtc.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\mtxclu.dll
3/30/2012 3:46:13 PM OK msdtc.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\version.dll
3/30/2012 3:46:13 PM OK msdtc.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\comres.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\clbcatq.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\dnsapi.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\ntmarta.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\winmm.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\mtxoci.dll
3/30/2012 3:46:13 PM OK msdtc.exe\mtxclu.dll
3/30/2012 3:46:13 PM OK msdtc.exe\mtxoci.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\resutils.dll
3/30/2012 3:46:13 PM OK msdtc.exe\clusapi.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\resutils.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\wsock32.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\msdtclog.dll
3/30/2012 3:46:13 PM OK msdtc.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\ws2_32.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\mswsock.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\samlib.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:13 PM OK msdtc.exe\wsock32.dll
3/30/2012 3:46:13 PM OK C:\WINDOWS\system32\msdtcprx.dll
3/30/2012 3:46:12 PM OK msdtc.exe\msdtclog.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\system32\msdtctm.dll
3/30/2012 3:46:12 PM OK msdtc.exe\msdtcprx.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\system32\xolehlp.dll
3/30/2012 3:46:12 PM OK msdtc.exe\xolehlp.dll
3/30/2012 3:46:12 PM OK msdtc.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK msdtc.exe\msdtctm.dll
3/30/2012 3:46:12 PM OK msdtc.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK msdtc.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK C:\WINDOWS\system32\msdtc.exe
3/30/2012 3:46:12 PM OK msdtc.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK msdtc.exe\msdtc.exe
3/30/2012 3:46:12 PM OK msdtc.exe\msvcp60.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK C:\Program Files\SUPERAntiSpyware\SASCore64.exe
3/30/2012 3:46:12 PM OK SASCore64.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\version.dll
3/30/2012 3:46:12 PM OK SASCore64.exe\shell32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\comctl32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\ntmarta.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\samlib.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\SASCore64.exe
3/30/2012 3:46:12 PM OK SASCore64.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK SASCore64.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\netman.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\samlib.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\mswsock.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\samlib.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\comctl32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\mswsock.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\shell32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\wow64cpu.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\version.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\winsta.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\netman.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\rasadhlp.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\winsta.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\setupapi.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\winrnr.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\rasadhlp.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\wtsapi32.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\winrnr.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\wldap32.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\dnsapi.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\wtsapi32.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\rasapi32.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\dnsapi.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\tapi32.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\rasapi32.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\rasman.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\tapi32.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\rtutils.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\rasman.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\activeds.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\rtutils.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\adsldpc.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\activeds.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\dhcpcsvc.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\adsldpc.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\iphlpapi.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\dhcpcsvc.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\mprapi.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\iphlpapi.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\wmi.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\mprapi.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\credui.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\wmi.dll
3/30/2012 3:46:12 PM OK mbamservice.exe\imagehlp.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\wintrust.dll Object was not changed (iChecker)
3/30/2012 3:46:12 PM OK mbamservice.exe\credui.dll
3/30/2012 3:46:12 PM OK C:\WINDOWS\SysWOW64\winmm.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\psapi.dll
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\atl.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\winmm.dll
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\netshell.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\atl.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\clusapi.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\netshell.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\crypt32.dll Object was not changed (iChecker)
3/30/2012 3:46:11 PM OK mbamservice.exe\msasn1.dll Object was not changed (iChecker)
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\wzcsapi.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\clusapi.dll
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\ws2_32.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\wzcsapi.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\ws2help.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\ws2_32.dll
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\mpr.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\ws2help.dll
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\wshtcpip.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\mpr.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\wshtcpip.dll
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\hnetcfg.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\urlmon.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\wow64win.dll Object was not changed (iChecker)
3/30/2012 3:46:11 PM OK mbamservice.exe\wow64.dll Object was not changed (iChecker)
3/30/2012 3:46:11 PM OK mbamservice.exe\rsaenh.dll Object was not changed (iChecker)
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\esent.dll
3/30/2012 3:46:11 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\hnetcfg.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\esent.dll
3/30/2012 3:46:11 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll/data0001.res
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\wininet.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\iertutil.dll
3/30/2012 3:46:11 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll/data0000.res
3/30/2012 3:46:11 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\wininet.dll
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\normaliz.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\mbamcore.dll
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\wzcsvc.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\normaliz.dll
3/30/2012 3:46:11 PM OK C:\WINDOWS\SysWOW64\ntmarta.dll
3/30/2012 3:46:11 PM OK mbamservice.exe\wzcsvc.dll
3/30/2012 3:46:10 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
3/30/2012 3:46:10 PM OK mbamservice.exe\ntmarta.dll
3/30/2012 3:46:10 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3/30/2012 3:46:10 PM OK mbamservice.exe\mbamnet.dll
3/30/2012 3:46:10 PM OK mbamservice.exe\mbam.dll
3/30/2012 3:46:10 PM OK mbamservice.exe\mbamservice.exe
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\regsvc.dll
3/30/2012 3:46:10 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\regsvc.dll
3/30/2012 3:46:10 PM OK svchost.exe\svchost.exe
3/30/2012 3:46:10 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\version.dll
3/30/2012 3:46:10 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\comres.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\clbcatq.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\imagehlp.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\mscms.dll
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\cfgmgr32.dll
3/30/2012 3:46:10 PM OK svchost.exe\wintrust.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\setupapi.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\crypt32.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\msasn1.dll Object was not changed (iChecker)
3/30/2012 3:46:10 PM OK svchost.exe\cfgmgr32.dll
3/30/2012 3:46:10 PM OK C:\WINDOWS\system32\wiaservc.dll
3/30/2012 3:46:10 PM OK svchost.exe\mscms.dll
3/30/2012 3:46:10 PM OK svchost.exe\wiaservc.dll
3/30/2012 3:46:10 PM OK svchost.exe\winspool.drv Object was not changed (iChecker)
3/30/2012 3:46:06 PM OK explorer.exe\mpr.dll
3/30/2012 3:46:06 PM OK explorer.exe\uxtheme.dll Object was not changed (iChecker)
3/30/2012 3:46:06 PM OK C:\WINDOWS\system32\ole32.dll
3/30/2012 3:46:06 PM OK explorer.exe\samlib.dll
3/30/2012 3:46:06 PM OK explorer.exe\ws2help.dll Object was not changed (iChecker)
3/30/2012 3:46:06 PM OK explorer.exe\msutb.dll
3/30/2012 3:46:06 PM OK explorer.exe\netui0.dll
3/30/2012 3:46:05 PM OK C:\WINDOWS\system32\iertutil.dll
3/30/2012 3:46:05 PM OK explorer.exe\netui1.dll
3/30/2012 3:46:05 PM OK C:\WINDOWS\system32\wininet.dll
3/30/2012 3:46:05 PM OK C:\WINDOWS\system32\urlmon.dll
3/30/2012 3:46:05 PM OK explorer.exe\ntlanman.dll
3/30/2012 3:46:05 PM OK C:\WINDOWS\system32\VBoxMRXNP.dll
3/30/2012 3:46:05 PM OK explorer.exe\themeui.dll
3/30/2012 3:46:05 PM OK explorer.exe\ole32.dll
3/30/2012 3:46:05 PM OK C:\WINDOWS\system32\xpsp2res.dll
3/30/2012 3:46:05 PM OK explorer.exe\iphlpapi.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK C:\WINDOWS\explorer.exe
3/30/2012 3:46:05 PM OK explorer.exe\msi.dll
3/30/2012 3:46:05 PM OK explorer.exe\ieframe.dll
3/30/2012 3:46:05 PM OK explorer.exe\iertutil.dll
3/30/2012 3:46:05 PM OK explorer.exe\urlmon.dll
3/30/2012 3:46:05 PM OK explorer.exe\wininet.dll
3/30/2012 3:46:05 PM OK explorer.exe\VBoxMRXNP.dll
3/30/2012 3:46:05 PM OK C:\WINDOWS\system32\webcheck.dll
3/30/2012 3:46:05 PM OK explorer.exe\explorer.exe
3/30/2012 3:46:05 PM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
3/30/2012 3:46:05 PM OK explorer.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK explorer.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK explorer.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK C:\WINDOWS\system32\drprov.dll
3/30/2012 3:46:05 PM OK C:\WINDOWS\system32\normaliz.dll
3/30/2012 3:46:05 PM OK explorer.exe\webcheck.dll
3/30/2012 3:46:05 PM OK explorer.exe\mbamext.dll
3/30/2012 3:46:05 PM OK explorer.exe\drprov.dll
3/30/2012 3:46:05 PM OK explorer.exe\normaliz.dll
3/30/2012 3:46:05 PM OK explorer.exe\xpsp2res.dll
3/30/2012 3:46:05 PM OK C:\WINDOWS\SysWOW64\msutb.dll
3/30/2012 3:46:05 PM OK ctfmon.exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\wow64cpu.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\wow64win.dll Object was not changed (iChecker)

3/30/2012 3:46:05 PM OK ctfmon.exe\wow64.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK C:\WINDOWS\SysWOW64\ctfmon.exe
3/30/2012 3:46:05 PM OK ctfmon.exe\msutb.dll
3/30/2012 3:46:05 PM OK ctfmon.exe\MSCTF.dll Object was not changed (iChecker)
3/30/2012 3:46:05 PM OK ctfmon.exe\ctfmon.exe
3/30/2012 3:46:05 PM OK C:\WINDOWS\SysWOW64\comdlg32.dll
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\uxtheme.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\comctl32.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\rpcrt4.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\user32.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\secur32.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\gdi32.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\kernel32.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK C:\WINDOWS\SysWOW64\riched20.dll
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\advapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\shlwapi.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\oleaut32.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\shell32.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\wow64cpu.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\msvcrt.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\version.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\clbcatq.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\ole32.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\setupapi.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\comres.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\userenv.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\comdlg32.dll
3/30/2012 3:46:04 PM OK C:\WINDOWS\SysWOW64\riched32.dll
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\riched20.dll
3/30/2012 3:46:04 PM OK C:\WINDOWS\SysWOW64\urlmon.dll
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\riched32.dll
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\netapi32.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\tsappcmp.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK C:\WINDOWS\SysWOW64\iertutil.dll
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\urlmon.dll
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\wow64win.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\wow64.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\MSCTF.dll Object was not changed (iChecker)
3/30/2012 3:46:04 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\iertutil.dll
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/#
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/#
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/helper64.prg
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/helper64.exe
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win64/2/600/0174072drv.sys
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win64/2/600/0174072drv.inf
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win64/2/600/0174072drv.cat
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win64/2/501/0174072drv.sys
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win64/2/501/0174072drv.inf
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win64/2/501/0174072drv.cat
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win64/1/kl1.sys
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win64/1/kl1.inf
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win64/1/kl1.cat
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win32/2/600/0174072drv.sys
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win32/2/600/0174072drv.inf
3/30/2012 3:46:02 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win32/2/600/0174072drv.cat
3/30/2012 3:46:01 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win32/2/501/0174072drv.sys
3/30/2012 3:46:01 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win32/2/501/0174072drv.inf
3/30/2012 3:46:01 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win32/2/501/0174072drv.cat
3/30/2012 3:46:01 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win32/1/kl1.sys
3/30/2012 3:46:01 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win32/1/kl1.inf
3/30/2012 3:46:01 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/Drivers/Win32/1/kl1.cat
3/30/2012 3:46:01 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/background.png
3/30/2012 3:46:01 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/0174072rar.prg
3/30/2012 3:45:59 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/0174072.prg
3/30/2012 3:45:59 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/0174072.exe Object was not changed (iChecker)
3/30/2012 3:45:59 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/archive comment
3/30/2012 3:45:59 PM OK C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe:Zone.Identifier
3/30/2012 3:45:59 PM OK setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\uxtheme.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll
3/30/2012 3:45:59 PM OK 0174072.exe\uxtheme.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\rpcrt4.dll
3/30/2012 3:45:59 PM OK 0174072.exe\comctl32.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\user32.dll
3/30/2012 3:45:59 PM OK 0174072.exe\rpcrt4.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\secur32.dll
3/30/2012 3:45:59 PM OK 0174072.exe\user32.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\gdi32.dll
3/30/2012 3:45:59 PM OK 0174072.exe\secur32.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\ntdll.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\kernel32.dll
3/30/2012 3:45:59 PM OK 0174072.exe\gdi32.dll
3/30/2012 3:45:59 PM OK 0174072.exe\ntdll.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\shlwapi.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\advapi32.dll
3/30/2012 3:45:59 PM OK 0174072.exe\kernel32.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\shell32.dll
3/30/2012 3:45:59 PM OK 0174072.exe\advapi32.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\oleaut32.dll
3/30/2012 3:45:59 PM OK 0174072.exe\shlwapi.dll
3/30/2012 3:45:59 PM OK 0174072.exe\oleaut32.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\system32\wow64cpu.dll
3/30/2012 3:45:59 PM OK 0174072.exe\shell32.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\msvcrt.dll
3/30/2012 3:45:59 PM OK 0174072.exe\wow64cpu.dll
3/30/2012 3:45:59 PM OK 0174072.exe\ntdll.dll Object was not changed (iChecker)
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\version.dll
3/30/2012 3:45:59 PM OK 0174072.exe\msvcrt.dll
3/30/2012 3:45:59 PM OK C:\WINDOWS\SysWOW64\clbcatq.dll
3/30/2012 3:45:58 PM OK 0174072.exe\version.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\ole32.dll
3/30/2012 3:45:58 PM OK 0174072.exe\clbcatq.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\setupapi.dll
3/30/2012 3:45:58 PM OK 0174072.exe\ole32.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\comres.dll
3/30/2012 3:45:58 PM OK 0174072.exe\setupapi.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\wldap32.dll
3/30/2012 3:45:58 PM OK 0174072.exe\comres.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\imagehlp.dll
3/30/2012 3:45:58 PM OK 0174072.exe\wldap32.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\wintrust.dll
3/30/2012 3:45:58 PM OK 0174072.exe\imagehlp.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\psapi.dll
3/30/2012 3:45:58 PM OK 0174072.exe\wintrust.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\userenv.dll
3/30/2012 3:45:58 PM OK 0174072.exe\psapi.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\ntshrui.dll
3/30/2012 3:45:58 PM OK 0174072.exe\userenv.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\linkinfo.dll
3/30/2012 3:45:58 PM OK 0174072.exe\ntshrui.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\crypt32.dll
3/30/2012 3:45:58 PM OK 0174072.exe\linkinfo.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\msasn1.dll
3/30/2012 3:45:58 PM OK 0174072.exe\crypt32.dll
3/30/2012 3:45:58 PM OK C:\WINDOWS\SysWOW64\cryptnet.dll
3/30/2012 3:45:58 PM OK 0174072.exe\msasn1.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\SysWOW64\dciman32.dll
3/30/2012 3:45:57 PM OK 0174072.exe\cryptnet.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\SysWOW64\sensapi.dll
3/30/2012 3:45:57 PM OK 0174072.exe\dciman32.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\SysWOW64\netapi32.dll
3/30/2012 3:45:57 PM OK 0174072.exe\sensapi.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\SysWOW64\tsappcmp.dll
3/30/2012 3:45:57 PM OK 0174072.exe\netapi32.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\system32\wow64win.dll
3/30/2012 3:45:57 PM OK 0174072.exe\tsappcmp.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\system32\wow64.dll
3/30/2012 3:45:57 PM OK 0174072.exe\wow64win.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\SysWOW64\rsaenh.dll
3/30/2012 3:45:57 PM OK 0174072.exe\wow64.dll
3/30/2012 3:45:57 PM OK C:\documents and settings\ali\local settings\temp\rarsfx0\0174072.exe
3/30/2012 3:45:57 PM OK C:\documents and settings\ali\local settings\temp\rarsfx0\0174072.exe/#
3/30/2012 3:45:57 PM OK C:\WINDOWS\SysWOW64\fltlib.dll
3/30/2012 3:45:57 PM OK 0174072.exe\rsaenh.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22507_x-ww_C7DAD021\GdiPlus.dll
3/30/2012 3:45:57 PM OK 0174072.exe\fltlib.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\SysWOW64\MSCTF.dll
3/30/2012 3:45:57 PM OK 0174072.exe\GdiPlus.dll
3/30/2012 3:45:57 PM OK 0174072.exe\MSCTF.dll
3/30/2012 3:45:57 PM OK 0174072.exe\0174072.exe
3/30/2012 3:45:57 PM OK C:\WINDOWS\system32\shell32.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\system32\advapi32.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\system32\rpcrt4.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\system32\gdi32.dll
3/30/2012 3:45:57 PM OK taskmgr.exe\advapi32.dll
3/30/2012 3:45:57 PM OK taskmgr.exe\rpcrt4.dll
3/30/2012 3:45:57 PM OK C:\WINDOWS\system32\msvcrt.dll
3/30/2012 3:45:57 PM OK taskmgr.exe\gdi32.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\msvcrt.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\WinSxS\amd64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_3807D667\comctl32.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\shell32.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\shlwapi.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\comctl32.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\shlwapi.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\secur32.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\tapi32.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\wtsapi32.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\secur32.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\wtsapi32.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\rtutils.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\tapi32.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\psapi.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\setupapi.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\rtutils.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\winmm.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\psapi.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\winmm.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\winsta.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\setupapi.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\netapi32.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\winsta.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\ws2_32.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\netapi32.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\uxtheme.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\ws2_32.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\ws2help.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\iphlpapi.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\utildll.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\uxtheme.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\kernel32.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\user32.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\ws2help.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\taskmgr.exe
3/30/2012 3:45:56 PM OK taskmgr.exe\utildll.dll
3/30/2012 3:45:56 PM OK C:\WINDOWS\system32\ntdll.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\iphlpapi.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\taskmgr.exe
3/30/2012 3:45:56 PM OK taskmgr.exe\ntdll.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\kernel32.dll
3/30/2012 3:45:56 PM OK taskmgr.exe\user32.dll
3/30/2012 3:45:56 PM OK System Memory
3/30/2012 3:47:40 PM Detected not-a-virus:RemoteAdmin.Win32.WinVNC.ad C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe Information
3/30/2012 3:46:04 PM Archive RAR C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/#
3/30/2012 3:46:00 PM Archive RAR C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe/0174072rar.exe
3/30/2012 3:45:59 PM Archive RAR C:\documents and settings\ali\local settings\Temporary Internet Files\Content.IE5\1HTPU3W1\setup_11.0.0.1245.x01_2012_03_31_01_21[1].exe

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:40 PM

Posted 30 March 2012 - 06:25 PM

Is Spybot currently running on the machine?

#11 ajafar

ajafar
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 March 2012 - 06:26 PM

Installed but not running.

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:40 PM

Posted 30 March 2012 - 06:27 PM

Remove it, and try Mbam again.

#13 ajafar

ajafar
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 March 2012 - 06:35 PM

Removed, same behavior. Ignore the Spybot shortcut on the desktop, it doesn't go to anything.

Posted Image

Posted Image

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:40 PM

Posted 30 March 2012 - 06:59 PM

I ma seeing no signs of any lingering infection.

Can you create another account, and see if the log offs are slow?

#15 ajafar

ajafar
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 March 2012 - 07:05 PM

So here's what I've done so far.

Created new admin account, same behaviour.

Deleted every printer, 3rd party shell extension, non-essential driver, disabled print spooler, enabled userenv logging, worked with microsoft for the past 2 weeks trying every single hotfix, registry tweak, system file replacement, etc. The only lingering issue is when logging off, especially from the console session, it will hang and during the hang process, every other user will hang till the console session either times out or we force restart the server.

I've brought this machine back to the basics and it acts like there's something that's hanging during logoff. It's odd because sometimes it will log off quickly, but other times it will hang, the end task process will show up for whatever was the last running program (internet explorer, command, process explorer, etc), even if that program was closed prior to the logoff process.

I'm thinking there's a lingering rootkit and I just haven't figure out how to go about scanning for something like that on an 64bit 2003 server installation.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users