Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJAN:WIN32/SIREFEF


  • This topic is locked This topic is locked
10 replies to this topic

#1 keeta

keeta

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 09 October 2012 - 08:25 PM

I ended up with TROJAN:WIN32/SIREFEF and TROJAN:WIN32/SIREFEF.AL and TROJAN:WIN32/SIREFEF.AQ on my pc, probably from a bad website. I have Microsoft Security Essentials running and it found them and quarantined them and I then deleted them. Or so I thought. I also have Malwarebytes installed (the free version) and when I ran it, it also found trojans although it didn't name them. I still have those logs.

When I run MS Security Essentials now it says my pc is clean and Malwarebytes says the same thing. However...

My Windows Firewall is now turned off (I did not do that) and I can't turn it back on. When I try to launch the Security Center (through msconfig --> Tools), I get a message saying that "The Security Center is currently unavailable because the "Security Center" service has not started or was stopped. Please close this window, restart the computer (or start the "Security Center" service), and then open the Security Center again." (I tried all of that.) If I try to get to the Firewall through the Control Panel, I get a message saying "Due to an unidentified problem, Windows cannot display Windows Firewall settings."

MS Security Essentials cannot receive updates. When I try to, I get this message: "Virus and spyware definitions update failed. Security Essentials couldn't check for virus and spyware definition updates. Check your Internet or network connection and try again. Click Help for more information about this problem. Error code: 0x80070424. Error description: Security Essentials couldn't install the definition updates. Please try again later." The weird thing is that behind that error message, the bar that indicates progress moves about 1/3 of the way before it stops. I am able to uninstall MS Security Essentials and then download it from Microsoft again and that way get the definition updates, but it still says my p.c. is clean.

I am also not able to obtain any Windows updates from Microsoft. It complains about an unidentified error.

This may not be related, but I have noticed that when I open Internet Explorer, Citrix Receiver loads almost immediately. When I stop it by right-clicking on the icon in my system tray (bottom right hand corner of my screen) and selecting "Exit", it comes back again within seconds. (I use Opera most of the time and it doesn't start in Opera.)

I run XP Media Center Edition, Windows 5.1 SP3.

Note that the ark.txt that GMER produced, is without "Files". I had to deselect "Files" because GMER ran just over 7 hours and then my monitor went black and there was nothing I could do to bring it back. I tried this twice. PC is still running, but the screen is completely black.

I see from the DDS.txt that Rogers Online Protection Anti-Virus appears to be enabled. I used to run that, but deinstalled it a couple of years ago (or so I thought).

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 21:43:05 on 2012-10-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2439 [GMT -4:00]
.
AV: Rogers Online Protection Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Rogers Online Protection Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Computer Updater\ComputerUp-daterService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
svchost.exe
c:\program files\idt\intelxpv_v83\wdm\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\Opera.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=bf2&s={searchTerms}&f=4
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CtxIEInterceptorBHO Class: {2c4631ff-5cc8-4ebc-a0df-34c92291759e} - c:\program files\citrix\ica client\IEInterceptor.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\rogers online protection\rogers online protection\pkR.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
{c324639e-f811-468a-99f4-d770b964b613}
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - hxxp://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213301708671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341162830462
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: Interfaces\{27654648-CDB7-464D-8084-53DD036EBD83} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{6F6B5F83-A93D-4030-90A5-2872E5F09081} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{D4B73545-2C24-47F4-A209-22E74B4A9277} : DhcpNameServer = 64.71.255.198
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\meyiyezi.dll kppiot.dll c:\windows\system32\nobiyaki.dll, c:\progra~1\citrix\icacli~1\RSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\meyiyezi.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-6-29 66776]
R1 MpKsl1d4e8aa2;MpKsl1d4e8aa2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a7d6fd9-dbc3-43b9-8ac2-2deac52009d8}\MpKsl1d4e8aa2.sys [2012-10-8 29904]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
R2 ComputerUpdater Service;ComputerUpdater Service;c:\program files\computer updater\ComputerUp-daterService.exe [2011-6-15 81920]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-14 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S0 KL1;KL1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 Radialpoint Security Services;Rogers Online Protection;"c:\program files\rogers online protection\rogers online protection\rpssecurityawarer.exe" --> c:\program files\rogers online protection\rogers online protection\RpsSecurityAwareR.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
.
=============== Created Last 30 ================
.
2012-10-08 18:31:23 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a7d6fd9-dbc3-43b9-8ac2-2deac52009d8}\offreg.dll
2012-10-08 18:31:23 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a7d6fd9-dbc3-43b9-8ac2-2deac52009d8}\MpKsl1d4e8aa2.sys
2012-10-08 18:26:29 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a7d6fd9-dbc3-43b9-8ac2-2deac52009d8}\mpengine.dll
2012-10-08 18:22:18 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-06 00:56:23 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-10-05 23:47:13 -------- d-----w- c:\documents and settings\user\application data\ElevatedDiagnostics
2012-10-03 01:31:58 -------- d-----w- c:\documents and settings\all users\application data\BAA418F08CA01D5E0034BAA3E46A3ABC
2012-09-20 12:27:57 -------- d-----w- c:\program files\iPod
2012-09-20 12:27:52 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-13 22:42:43 -------- d-----w- c:\documents and settings\user\local settings\application data\Downloaded Installations
.
==================== Find3M ====================
.
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-01 00:32:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-01 00:32:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-07-16 14:00:36 445 ----a-w- c:\program files\0716201010003668.bat
.
============= FINISH: 21:44:58.44 ===============

Attached Files


Edited by keeta, 09 October 2012 - 08:39 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:55 AM

Posted 10 October 2012 - 08:50 PM

Hello keeta,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TDssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 keeta

keeta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 11 October 2012 - 05:26 PM

TDSSKiller log:

18:20:04.0890 3716 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:20:05.0406 3716 ============================================================
18:20:05.0406 3716 Current date / time: 2012/10/11 18:20:05.0406
18:20:05.0406 3716 SystemInfo:
18:20:05.0406 3716
18:20:05.0406 3716 OS Version: 5.1.2600 ServicePack: 3.0
18:20:05.0406 3716 Product type: Workstation
18:20:05.0406 3716 ComputerName: MYCOMPUTER
18:20:05.0406 3716 UserName: user
18:20:05.0406 3716 Windows directory: C:\WINDOWS
18:20:05.0406 3716 System windows directory: C:\WINDOWS
18:20:05.0406 3716 Processor architecture: Intel x86
18:20:05.0406 3716 Number of processors: 2
18:20:05.0406 3716 Page size: 0x1000
18:20:05.0406 3716 Boot type: Normal boot
18:20:05.0406 3716 ============================================================
18:20:10.0718 3716 BG loaded
18:20:11.0218 3716 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:20:11.0375 3716 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:20:11.0734 3716 ============================================================
18:20:11.0734 3716 \Device\Harddisk0\DR0:
18:20:11.0750 3716 MBR partitions:
18:20:11.0750 3716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
18:20:11.0750 3716 \Device\Harddisk1\DR1:
18:20:11.0781 3716 MBR partitions:
18:20:11.0781 3716 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
18:20:11.0781 3716 ============================================================
18:20:14.0156 3716 C: <-> \Device\Harddisk1\DR1\Partition1
18:20:14.0281 3716 D: <-> \Device\Harddisk0\DR0\Partition1
18:20:14.0281 3716 ============================================================
18:20:14.0281 3716 Initialize success
18:20:14.0281 3716 ============================================================
18:20:52.0343 3004 ============================================================
18:20:52.0343 3004 Scan started
18:20:52.0343 3004 Mode: Manual; SigCheck; TDLFS;
18:20:52.0343 3004 ============================================================
18:20:52.0640 3004 ================ Scan system memory ========================
18:20:52.0640 3004 System memory - ok
18:20:52.0640 3004 ================ Scan services =============================
18:20:52.0781 3004 Abiosdsk - ok
18:20:52.0796 3004 abp480n5 - ok
18:20:52.0859 3004 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:20:54.0281 3004 ACPI - ok
18:20:54.0312 3004 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:20:54.0406 3004 ACPIEC - ok
18:20:54.0406 3004 adpu160m - ok
18:20:54.0468 3004 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:20:54.0562 3004 aec - ok
18:20:54.0625 3004 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:20:54.0703 3004 AFD - ok
18:20:54.0703 3004 Aha154x - ok
18:20:54.0734 3004 aic78u2 - ok
18:20:54.0765 3004 aic78xx - ok
18:20:55.0046 3004 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
18:20:55.0046 3004 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
18:20:55.0062 3004 Akamai ( HiddenFile.Multi.Generic ) - warning
18:20:55.0062 3004 Akamai - detected HiddenFile.Multi.Generic (1)
18:20:55.0109 3004 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:20:55.0218 3004 Alerter - ok
18:20:55.0234 3004 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:20:55.0312 3004 ALG - ok
18:20:55.0312 3004 AliIde - ok
18:20:55.0343 3004 amsint - ok
18:20:55.0453 3004 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:20:55.0468 3004 Apple Mobile Device - ok
18:20:55.0515 3004 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:20:55.0562 3004 AppMgmt - ok
18:20:55.0578 3004 asc - ok
18:20:55.0609 3004 asc3350p - ok
18:20:55.0640 3004 asc3550 - ok
18:20:55.0843 3004 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:20:55.0890 3004 aspnet_state - ok
18:20:55.0937 3004 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:20:56.0000 3004 AsyncMac - ok
18:20:56.0046 3004 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:20:56.0156 3004 atapi - ok
18:20:56.0156 3004 Atdisk - ok
18:20:56.0218 3004 [ 3E47191DDAFFCDD9B28CBC50FB6499B5 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:20:56.0312 3004 Ati HotKey Poller - ok
18:20:56.0359 3004 [ 096C9955485F2B3F910F4C503C318D74 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
18:20:56.0390 3004 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
18:20:56.0390 3004 ATI Smart - detected UnsignedFile.Multi.Generic (1)
18:20:56.0500 3004 [ E51AA5ADF535C847072C0AED3E642912 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:20:56.0640 3004 ati2mtag - ok
18:20:56.0703 3004 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:20:56.0765 3004 AtiHdmiService - ok
18:20:56.0781 3004 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:20:56.0875 3004 Atmarpc - ok
18:20:56.0906 3004 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:20:57.0015 3004 AudioSrv - ok
18:20:57.0046 3004 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:20:57.0140 3004 audstub - ok
18:20:57.0187 3004 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:20:57.0265 3004 Beep - ok
18:20:57.0328 3004 [ ED910B63A75863A89AAB65F2763D5B71 ] BLKWGU(Belkin) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
18:20:57.0359 3004 BLKWGU(Belkin) ( UnsignedFile.Multi.Generic ) - warning
18:20:57.0359 3004 BLKWGU(Belkin) - detected UnsignedFile.Multi.Generic (1)
18:20:57.0468 3004 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:20:57.0484 3004 Bonjour Service - ok
18:20:57.0562 3004 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:20:57.0687 3004 Browser - ok
18:20:57.0718 3004 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:20:57.0812 3004 cbidf2k - ok
18:20:57.0906 3004 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
18:20:58.0000 3004 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
18:20:58.0000 3004 CCALib8 - detected UnsignedFile.Multi.Generic (1)
18:20:58.0015 3004 cd20xrnt - ok
18:20:58.0093 3004 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:20:58.0187 3004 Cdaudio - ok
18:20:58.0234 3004 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:20:58.0343 3004 Cdfs - ok
18:20:58.0375 3004 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:20:58.0484 3004 Cdrom - ok
18:20:58.0484 3004 Changer - ok
18:20:58.0562 3004 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:20:58.0656 3004 CiSvc - ok
18:20:58.0703 3004 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:20:58.0781 3004 ClipSrv - ok
18:20:58.0890 3004 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:58.0984 3004 clr_optimization_v2.0.50727_32 - ok
18:20:59.0046 3004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:59.0093 3004 clr_optimization_v4.0.30319_32 - ok
18:20:59.0109 3004 CmdIde - ok
18:20:59.0218 3004 [ CE17986AE169D67E6905DBAC2D4E2FFB ] ComputerUpdater Service C:\Program Files\Computer Updater\ComputerUp-daterService.exe
18:20:59.0250 3004 ComputerUpdater Service ( UnsignedFile.Multi.Generic ) - warning
18:20:59.0250 3004 ComputerUpdater Service - detected UnsignedFile.Multi.Generic (1)
18:20:59.0250 3004 COMSysApp - ok
18:20:59.0281 3004 Cpqarray - ok
18:20:59.0296 3004 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:20:59.0390 3004 CryptSvc - ok
18:20:59.0437 3004 [ 4E08A98DBA0B1249C2EB4B191978A9A4 ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
18:21:00.0703 3004 ctxusbm - ok
18:21:00.0718 3004 dac2w2k - ok
18:21:00.0750 3004 dac960nt - ok
18:21:00.0828 3004 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:21:01.0015 3004 DcomLaunch - ok
18:21:01.0015 3004 DefragFS - ok
18:21:01.0093 3004 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:21:01.0187 3004 Dhcp - ok
18:21:01.0234 3004 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:21:01.0328 3004 Disk - ok
18:21:01.0343 3004 dmadmin - ok
18:21:01.0390 3004 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:21:01.0515 3004 dmboot - ok
18:21:01.0562 3004 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:21:01.0656 3004 dmio - ok
18:21:01.0687 3004 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:21:01.0781 3004 dmload - ok
18:21:01.0828 3004 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:21:01.0937 3004 dmserver - ok
18:21:01.0968 3004 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:21:02.0046 3004 DMusic - ok
18:21:02.0078 3004 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:21:02.0250 3004 Dnscache - ok
18:21:02.0281 3004 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:21:02.0390 3004 Dot3svc - ok
18:21:02.0390 3004 dpti2o - ok
18:21:02.0437 3004 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:21:02.0515 3004 drmkaud - ok
18:21:02.0578 3004 [ 83403675CAB29E7A4B885B11E7C855D8 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:21:02.0687 3004 E100B - ok
18:21:02.0687 3004 EagleNT - ok
18:21:02.0718 3004 EagleXNt - ok
18:21:02.0781 3004 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:21:02.0875 3004 EapHost - ok
18:21:02.0984 3004 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
18:21:03.0046 3004 ehRecvr - ok
18:21:03.0140 3004 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
18:21:03.0234 3004 ehSched - ok
18:21:03.0265 3004 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:21:03.0359 3004 ERSvc - ok
18:21:03.0406 3004 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:21:03.0453 3004 Eventlog - ok
18:21:03.0500 3004 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:21:03.0546 3004 EventSystem - ok
18:21:03.0593 3004 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:21:03.0687 3004 Fastfat - ok
18:21:03.0765 3004 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:21:03.0921 3004 FastUserSwitchingCompatibility - ok
18:21:03.0953 3004 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:21:04.0062 3004 Fdc - ok
18:21:04.0109 3004 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:21:04.0203 3004 Fips - ok
18:21:04.0234 3004 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:21:04.0343 3004 Flpydisk - ok
18:21:04.0390 3004 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:21:04.0484 3004 FltMgr - ok
18:21:04.0593 3004 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:21:04.0609 3004 FontCache3.0.0.0 - ok
18:21:04.0687 3004 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:21:04.0703 3004 fssfltr - ok
18:21:04.0859 3004 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:21:04.0921 3004 fsssvc - ok
18:21:04.0953 3004 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:21:05.0031 3004 Fs_Rec - ok
18:21:05.0046 3004 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:21:05.0140 3004 Ftdisk - ok
18:21:05.0171 3004 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:21:05.0187 3004 GEARAspiWDM - ok
18:21:05.0218 3004 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:21:05.0296 3004 Gpc - ok
18:21:05.0406 3004 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:21:05.0421 3004 gupdate - ok
18:21:05.0437 3004 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:21:05.0453 3004 gupdatem - ok
18:21:05.0515 3004 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:21:05.0531 3004 gusvc - ok
18:21:05.0562 3004 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
18:21:05.0578 3004 hamachi - ok
18:21:05.0703 3004 [ DA1B48FDE74125128D0D846A3701D344 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:21:05.0796 3004 Hamachi2Svc - ok
18:21:05.0812 3004 [ 56BF27D7A539F9E6BBC1DE201ABA0EDF ] HdAudAddService C:\WINDOWS\system32\drivers\AtiHdAud.sys
18:21:05.0875 3004 HdAudAddService - ok
18:21:05.0921 3004 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:21:06.0015 3004 HDAudBus - ok
18:21:06.0109 3004 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:21:06.0218 3004 helpsvc - ok
18:21:06.0281 3004 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:21:06.0375 3004 HidServ - ok
18:21:06.0437 3004 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:21:06.0500 3004 hidusb - ok
18:21:06.0562 3004 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:21:06.0656 3004 hkmsvc - ok
18:21:06.0656 3004 hpn - ok
18:21:06.0718 3004 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:21:06.0765 3004 HTTP - ok
18:21:06.0796 3004 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:21:06.0921 3004 HTTPFilter - ok
18:21:06.0937 3004 i2omgmt - ok
18:21:06.0968 3004 i2omp - ok
18:21:07.0046 3004 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:21:07.0140 3004 i8042prt - ok
18:21:07.0187 3004 [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:21:07.0281 3004 ialm - ok
18:21:07.0343 3004 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:21:07.0390 3004 idsvc - ok
18:21:07.0421 3004 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:21:07.0531 3004 Imapi - ok
18:21:07.0578 3004 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:21:07.0687 3004 ImapiService - ok
18:21:07.0734 3004 [ B02A8A25192EE1C5E653628637AB6AAA ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
18:21:07.0750 3004 InCDfs - ok
18:21:07.0750 3004 [ B49BD5B663E1AF9BF3233B782B70D865 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
18:21:07.0765 3004 InCDPass - ok
18:21:07.0796 3004 [ 8FD364EDBD97983575CEE3E8909E62B4 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
18:21:07.0796 3004 InCDrec - ok
18:21:07.0812 3004 [ FC04E827133D54AB79CA254708F76CD0 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
18:21:07.0812 3004 incdrm - ok
18:21:07.0968 3004 [ 067020BB8ABF1F6B80361051B2806C90 ] InCDsrv C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
18:21:08.0093 3004 InCDsrv - ok
18:21:08.0109 3004 ini910u - ok
18:21:08.0156 3004 IntelIde - ok
18:21:08.0203 3004 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:21:08.0296 3004 intelppm - ok
18:21:08.0328 3004 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:21:08.0421 3004 Ip6Fw - ok
18:21:08.0453 3004 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:21:08.0531 3004 IpFilterDriver - ok
18:21:08.0562 3004 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:21:08.0656 3004 IpInIp - ok
18:21:08.0671 3004 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:21:08.0781 3004 IpNat - ok
18:21:08.0859 3004 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:21:08.0953 3004 iPod Service - ok
18:21:09.0015 3004 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:21:09.0093 3004 IPSec - ok
18:21:09.0109 3004 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:21:09.0156 3004 IRENUM - ok
18:21:09.0218 3004 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:21:09.0312 3004 isapnp - ok
18:21:09.0421 3004 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:21:09.0437 3004 JavaQuickStarterService - ok
18:21:09.0453 3004 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:21:09.0546 3004 Kbdclass - ok
18:21:09.0578 3004 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:21:09.0656 3004 kbdhid - ok
18:21:09.0656 3004 KL1 - ok
18:21:09.0671 3004 KLIF - ok
18:21:09.0703 3004 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:21:09.0781 3004 kmixer - ok
18:21:09.0812 3004 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:21:09.0906 3004 KSecDD - ok
18:21:09.0953 3004 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:21:10.0015 3004 lanmanserver - ok
18:21:10.0062 3004 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:21:10.0125 3004 lanmanworkstation - ok
18:21:10.0125 3004 lbrtfdc - ok
18:21:10.0203 3004 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:21:10.0296 3004 LmHosts - ok
18:21:10.0343 3004 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
18:21:10.0453 3004 LPDSVC - ok
18:21:10.0453 3004 lxcz_device - ok
18:21:10.0531 3004 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
18:21:10.0578 3004 McrdSvc - ok
18:21:10.0625 3004 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:21:10.0703 3004 Messenger - ok
18:21:10.0718 3004 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
18:21:10.0734 3004 MHN ( UnsignedFile.Multi.Generic ) - warning
18:21:10.0734 3004 MHN - detected UnsignedFile.Multi.Generic (1)
18:21:10.0734 3004 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:21:10.0750 3004 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
18:21:10.0750 3004 MHNDRV - detected UnsignedFile.Multi.Generic (1)
18:21:10.0796 3004 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:21:10.0906 3004 mnmdd - ok
18:21:10.0937 3004 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:21:11.0031 3004 mnmsrvc - ok
18:21:11.0062 3004 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:21:11.0125 3004 Modem - ok
18:21:11.0156 3004 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:21:11.0265 3004 Mouclass - ok
18:21:11.0296 3004 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:21:11.0390 3004 mouhid - ok
18:21:11.0421 3004 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:21:11.0531 3004 MountMgr - ok
18:21:11.0578 3004 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:21:11.0593 3004 MpFilter - ok
18:21:11.0593 3004 mraid35x - ok
18:21:11.0656 3004 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:21:11.0750 3004 MRxDAV - ok
18:21:11.0812 3004 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:21:11.0890 3004 MRxSmb - ok
18:21:11.0953 3004 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:21:12.0062 3004 MSDTC - ok
18:21:12.0125 3004 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:21:12.0187 3004 Msfs - ok
18:21:12.0187 3004 MSIServer - ok
18:21:12.0218 3004 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:21:12.0296 3004 MSKSSRV - ok
18:21:12.0343 3004 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:21:12.0359 3004 MsMpSvc - ok
18:21:12.0390 3004 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:21:12.0453 3004 MSPCLOCK - ok
18:21:12.0484 3004 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:21:12.0578 3004 MSPQM - ok
18:21:12.0609 3004 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:21:12.0687 3004 mssmbios - ok
18:21:12.0718 3004 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:21:12.0765 3004 Mup - ok
18:21:12.0812 3004 [ 16EA7D22102B952621EF4D4F87E3463B ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
18:21:12.0875 3004 NAL ( UnsignedFile.Multi.Generic ) - warning
18:21:12.0875 3004 NAL - detected UnsignedFile.Multi.Generic (1)
18:21:12.0906 3004 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:21:13.0000 3004 napagent - ok
18:21:13.0140 3004 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:21:13.0171 3004 NBService - ok
18:21:13.0250 3004 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:21:13.0343 3004 NDIS - ok
18:21:13.0390 3004 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:21:13.0468 3004 NdisTapi - ok
18:21:13.0484 3004 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:21:13.0578 3004 Ndisuio - ok
18:21:13.0640 3004 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:21:13.0734 3004 NdisWan - ok
18:21:13.0781 3004 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:21:13.0843 3004 NDProxy - ok
18:21:13.0859 3004 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:21:13.0953 3004 NetBIOS - ok
18:21:13.0984 3004 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:21:14.0093 3004 NetBT - ok
18:21:14.0125 3004 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:21:14.0218 3004 NetDDE - ok
18:21:14.0218 3004 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:21:14.0296 3004 NetDDEdsdm - ok
18:21:14.0343 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:21:14.0421 3004 Netlogon - ok
18:21:14.0437 3004 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:21:14.0531 3004 Netman - ok
18:21:14.0578 3004 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:21:14.0578 3004 NetTcpPortSharing - ok
18:21:14.0656 3004 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:21:14.0671 3004 Nla - ok
18:21:14.0765 3004 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:21:14.0796 3004 NMIndexingService - ok
18:21:14.0843 3004 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:21:14.0937 3004 Npfs - ok
18:21:14.0953 3004 npkcusb - ok
18:21:15.0015 3004 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:21:15.0140 3004 Ntfs - ok
18:21:15.0171 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:21:15.0250 3004 NtLmSsp - ok
18:21:15.0296 3004 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:21:15.0406 3004 NtmsSvc - ok
18:21:15.0437 3004 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:21:15.0453 3004 NuidFltr - ok
18:21:15.0453 3004 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:21:15.0546 3004 Null - ok
18:21:15.0609 3004 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:21:15.0703 3004 NwlnkFlt - ok
18:21:15.0718 3004 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:21:15.0796 3004 NwlnkFwd - ok
18:21:15.0921 3004 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:21:15.0937 3004 odserv - ok
18:21:15.0984 3004 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:21:16.0000 3004 ose - ok
18:21:16.0062 3004 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:21:16.0156 3004 Parport - ok
18:21:16.0187 3004 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:21:16.0296 3004 PartMgr - ok
18:21:16.0343 3004 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:21:16.0421 3004 ParVdm - ok
18:21:16.0421 3004 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:21:16.0515 3004 PCI - ok
18:21:16.0531 3004 PCIDump - ok
18:21:16.0546 3004 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:21:16.0640 3004 PCIIde - ok
18:21:16.0671 3004 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:21:16.0734 3004 Pcmcia - ok
18:21:16.0750 3004 PDAgent - ok
18:21:16.0781 3004 PDCOMP - ok
18:21:16.0812 3004 PDEngine - ok
18:21:16.0843 3004 PDFRAME - ok
18:21:16.0859 3004 PDRELI - ok
18:21:16.0875 3004 PDRFRAME - ok
18:21:16.0875 3004 perc2 - ok
18:21:16.0890 3004 perc2hib - ok
18:21:16.0953 3004 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:21:16.0984 3004 PlugPlay - ok
18:21:17.0031 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:21:17.0109 3004 PolicyAgent - ok
18:21:17.0140 3004 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:21:17.0234 3004 PptpMiniport - ok
18:21:17.0250 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:21:17.0328 3004 ProtectedStorage - ok
18:21:17.0328 3004 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:21:17.0406 3004 PSched - ok
18:21:17.0421 3004 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:21:17.0515 3004 Ptilink - ok
18:21:17.0546 3004 [ 617ACCADA2E0A0F43EC6030BBAC49513 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:21:17.0562 3004 PxHelp20 - ok
18:21:17.0578 3004 ql1080 - ok
18:21:17.0593 3004 Ql10wnt - ok
18:21:17.0640 3004 ql12160 - ok
18:21:17.0656 3004 ql1240 - ok
18:21:17.0671 3004 ql1280 - ok
18:21:17.0718 3004 Radialpoint Security Services - ok
18:21:17.0750 3004 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:21:17.0812 3004 RasAcd - ok
18:21:17.0859 3004 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:21:17.0953 3004 RasAuto - ok
18:21:17.0984 3004 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:21:18.0062 3004 Rasl2tp - ok
18:21:18.0109 3004 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:21:18.0187 3004 RasMan - ok
18:21:18.0203 3004 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:21:18.0296 3004 RasPppoe - ok
18:21:18.0296 3004 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:21:18.0375 3004 Raspti - ok
18:21:18.0406 3004 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:21:18.0515 3004 Rdbss - ok
18:21:18.0531 3004 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:21:18.0609 3004 RDPCDD - ok
18:21:18.0640 3004 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:21:18.0734 3004 rdpdr - ok
18:21:18.0781 3004 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:21:18.0828 3004 RDPWD - ok
18:21:18.0859 3004 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:21:18.0937 3004 RDSessMgr - ok
18:21:18.0937 3004 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:21:19.0046 3004 redbook - ok
18:21:19.0093 3004 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:21:19.0171 3004 RemoteAccess - ok
18:21:19.0218 3004 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:21:19.0312 3004 RemoteRegistry - ok
18:21:19.0453 3004 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:21:19.0468 3004 RichVideo - ok
18:21:19.0500 3004 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:21:19.0578 3004 RpcLocator - ok
18:21:19.0609 3004 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:21:19.0656 3004 RpcSs - ok
18:21:19.0703 3004 [ B7E136986BB3DAC249A00E760281F0A9 ] RPPKT C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
18:21:19.0718 3004 RPPKT - ok
18:21:19.0781 3004 [ 358034FE7995F80B0ED8900AEA70B8CB ] RPSKT C:\WINDOWS\system32\DRIVERS\rp_skt32.sys
18:21:19.0796 3004 RPSKT - ok
18:21:19.0796 3004 RP_FWS - ok
18:21:19.0828 3004 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:21:19.0937 3004 RSVP - ok
18:21:19.0953 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:21:20.0031 3004 SamSs - ok
18:21:20.0109 3004 [ AAF28AB6EFFD8990BFE20398E92F101E ] SbcpHid C:\WINDOWS\system32\Drivers\SbcpHid.sys
18:21:20.0218 3004 SbcpHid ( UnsignedFile.Multi.Generic ) - warning
18:21:20.0218 3004 SbcpHid - detected UnsignedFile.Multi.Generic (1)
18:21:20.0234 3004 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:21:20.0312 3004 SCardSvr - ok
18:21:20.0359 3004 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:21:20.0437 3004 Schedule - ok
18:21:20.0500 3004 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:21:20.0546 3004 Secdrv - ok
18:21:20.0593 3004 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:21:20.0687 3004 seclogon - ok
18:21:20.0734 3004 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:21:20.0843 3004 SENS - ok
18:21:20.0875 3004 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:21:20.0968 3004 serenum - ok
18:21:21.0000 3004 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:21:21.0093 3004 Serial - ok
18:21:21.0187 3004 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:21:21.0281 3004 Sfloppy - ok
18:21:21.0312 3004 [ 5FE18FFF6FBCF218290042009EAB023D ] sfng32 C:\WINDOWS\system32\drivers\sfng32.sys
18:21:21.0343 3004 sfng32 ( UnsignedFile.Multi.Generic ) - warning
18:21:21.0343 3004 sfng32 - detected UnsignedFile.Multi.Generic (1)
18:21:21.0390 3004 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:21:21.0390 3004 ShellHWDetection - ok
18:21:21.0406 3004 Simbad - ok
18:21:21.0734 3004 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:21:21.0921 3004 Skype C2C Service - ok
18:21:22.0000 3004 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:21:22.0000 3004 SkypeUpdate - ok
18:21:22.0031 3004 Sparrow - ok
18:21:22.0046 3004 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:21:22.0125 3004 splitter - ok
18:21:22.0187 3004 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:21:22.0250 3004 Spooler - ok
18:21:22.0265 3004 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:21:22.0328 3004 sr - ok
18:21:22.0375 3004 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:21:22.0421 3004 srservice - ok
18:21:22.0484 3004 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:21:22.0531 3004 Srv - ok
18:21:22.0578 3004 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:21:22.0609 3004 SSDPSRV - ok
18:21:22.0734 3004 [ 5673F51DDE81937631D559A8919F4141 ] STacSV c:\program files\idt\intelxpv_v83\wdm\STacSV.exe
18:21:22.0781 3004 STacSV - ok
18:21:22.0781 3004 StarOpen - ok
18:21:22.0859 3004 [ 8E70F2575740232409B03DD86A255043 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
18:21:22.0921 3004 STHDA - ok
18:21:22.0984 3004 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:21:23.0078 3004 stisvc - ok
18:21:23.0140 3004 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:21:23.0250 3004 swenum - ok
18:21:23.0281 3004 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:21:23.0359 3004 swmidi - ok
18:21:23.0359 3004 SwPrv - ok
18:21:23.0406 3004 symc810 - ok
18:21:23.0406 3004 symc8xx - ok
18:21:23.0453 3004 [ 5C76A63FAC8A5580C5A1C4A4ED827782 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:21:23.0468 3004 SymEvent - ok
18:21:23.0468 3004 sym_hi - ok
18:21:23.0484 3004 sym_u3 - ok
18:21:23.0531 3004 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:21:23.0625 3004 sysaudio - ok
18:21:23.0656 3004 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:21:23.0750 3004 SysmonLog - ok
18:21:23.0781 3004 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:21:23.0859 3004 TapiSrv - ok
18:21:23.0921 3004 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:21:23.0968 3004 Tcpip - ok
18:21:24.0000 3004 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:21:24.0093 3004 TDPIPE - ok
18:21:24.0125 3004 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:21:24.0203 3004 TDTCP - ok
18:21:24.0234 3004 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:21:24.0328 3004 TermDD - ok
18:21:24.0375 3004 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:21:24.0468 3004 TermService - ok
18:21:24.0500 3004 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:21:24.0515 3004 Themes - ok
18:21:24.0562 3004 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:21:24.0609 3004 TlntSvr - ok
18:21:24.0750 3004 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
18:21:24.0781 3004 TomTomHOMEService - ok
18:21:24.0781 3004 TosIde - ok
18:21:24.0843 3004 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:21:24.0937 3004 TrkWks - ok
18:21:24.0968 3004 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:21:25.0078 3004 Udfs - ok
18:21:25.0078 3004 ultra - ok
18:21:25.0171 3004 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:21:25.0265 3004 Update - ok
18:21:25.0312 3004 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:21:25.0375 3004 upnphost - ok
18:21:25.0406 3004 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:21:25.0515 3004 UPS - ok
18:21:25.0546 3004 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
18:21:25.0609 3004 USBAAPL - ok
18:21:25.0671 3004 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:21:25.0765 3004 usbccgp - ok
18:21:25.0812 3004 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:21:25.0906 3004 usbehci - ok
18:21:25.0953 3004 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:21:26.0015 3004 usbhub - ok
18:21:26.0062 3004 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:21:26.0156 3004 usbprint - ok
18:21:26.0187 3004 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:21:26.0281 3004 usbscan - ok
18:21:26.0328 3004 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:21:26.0406 3004 USBSTOR - ok
18:21:26.0421 3004 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:21:26.0500 3004 usbuhci - ok
18:21:26.0562 3004 [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI C:\WINDOWS\system32\UTSCSI.EXE
18:21:26.0593 3004 UTSCSI ( UnsignedFile.Multi.Generic ) - warning
18:21:26.0593 3004 UTSCSI - detected UnsignedFile.Multi.Generic (1)
18:21:26.0625 3004 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:21:26.0718 3004 VgaSave - ok
18:21:26.0718 3004 ViaIde - ok
18:21:26.0781 3004 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:21:26.0859 3004 VolSnap - ok
18:21:26.0921 3004 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:21:27.0000 3004 VSS - ok
18:21:27.0031 3004 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:21:27.0140 3004 W32Time - ok
18:21:27.0156 3004 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:21:27.0234 3004 Wanarp - ok
18:21:27.0296 3004 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:21:27.0312 3004 Wdf01000 - ok
18:21:27.0312 3004 WDICA - ok
18:21:27.0359 3004 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:21:27.0453 3004 wdmaud - ok
18:21:27.0500 3004 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:21:27.0593 3004 WebClient - ok
18:21:27.0734 3004 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:21:27.0828 3004 winmgmt - ok
18:21:27.0906 3004 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:21:27.0968 3004 WmdmPmSN - ok
18:21:28.0015 3004 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:21:28.0031 3004 Wmi - ok
18:21:28.0109 3004 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:21:28.0203 3004 WmiApSrv - ok
18:21:28.0281 3004 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:21:28.0359 3004 WMPNetworkSvc - ok
18:21:28.0390 3004 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:21:28.0406 3004 WpdUsb - ok
18:21:28.0578 3004 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:21:28.0609 3004 WPFFontCache_v0400 - ok
18:21:28.0687 3004 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:21:28.0734 3004 WudfPf - ok
18:21:28.0750 3004 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:21:28.0781 3004 WudfRd - ok
18:21:28.0812 3004 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:21:28.0875 3004 WudfSvc - ok
18:21:28.0937 3004 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:21:29.0046 3004 WZCSVC - ok
18:21:29.0078 3004 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:21:29.0203 3004 xmlprov - ok
18:21:29.0234 3004 [ 00AE175B903D45ED4A62384D3315DC2A ] ZDPSp50 C:\WINDOWS\system32\Drivers\ZDPSp50.sys
18:21:29.0234 3004 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
18:21:29.0234 3004 ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
18:21:29.0281 3004 ================ Scan global ===============================
18:21:29.0312 3004 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:21:29.0359 3004 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:21:29.0375 3004 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:21:29.0390 3004 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:21:29.0390 3004 [Global] - ok
18:21:29.0390 3004 ================ Scan MBR ==================================
18:21:29.0390 3004 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:21:29.0593 3004 \Device\Harddisk0\DR0 - ok
18:21:29.0609 3004 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:21:29.0875 3004 \Device\Harddisk1\DR1 - ok
18:21:29.0875 3004 ================ Scan VBR ==================================
18:21:29.0875 3004 [ 38201B46C2C2951900509E73587AF24F ] \Device\Harddisk0\DR0\Partition1
18:21:29.0875 3004 \Device\Harddisk0\DR0\Partition1 - ok
18:21:29.0890 3004 [ E7674507B61E307670C13C0AFB46D98A ] \Device\Harddisk1\DR1\Partition1
18:21:29.0890 3004 \Device\Harddisk1\DR1\Partition1 - ok
18:21:29.0921 3004 ================ Scan active images ========================
18:21:29.0921 3004 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
18:21:29.0921 3004 C:\WINDOWS\system32\drivers\intelppm.sys - ok
18:21:29.0953 3004 [ E51AA5ADF535C847072C0AED3E642912 ] C:\WINDOWS\system32\drivers\ati2mtag.sys
18:21:29.0953 3004 C:\WINDOWS\system32\drivers\ati2mtag.sys - ok
18:21:29.0968 3004 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
18:21:29.0968 3004 C:\WINDOWS\system32\drivers\videoprt.sys - ok
18:21:29.0984 3004 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
18:21:29.0984 3004 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
18:21:29.0984 3004 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
18:21:29.0984 3004 C:\WINDOWS\system32\drivers\usbport.sys - ok
18:21:30.0000 3004 [ 83403675CAB29E7A4B885B11E7C855D8 ] C:\WINDOWS\system32\drivers\e100b325.sys
18:21:30.0000 3004 C:\WINDOWS\system32\drivers\e100b325.sys - ok
18:21:30.0015 3004 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
18:21:30.0015 3004 C:\WINDOWS\system32\drivers\usbehci.sys - ok
18:21:30.0031 3004 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
18:21:30.0031 3004 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
18:21:30.0031 3004 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
18:21:30.0031 3004 C:\WINDOWS\system32\drivers\parport.sys - ok
18:21:30.0046 3004 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
18:21:30.0046 3004 C:\WINDOWS\system32\drivers\serial.sys - ok
18:21:30.0062 3004 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
18:21:30.0062 3004 C:\WINDOWS\system32\drivers\serenum.sys - ok
18:21:30.0078 3004 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
18:21:30.0078 3004 C:\WINDOWS\system32\drivers\imapi.sys - ok
18:21:30.0093 3004 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
18:21:30.0093 3004 C:\WINDOWS\system32\drivers\cdrom.sys - ok
18:21:30.0093 3004 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
18:21:30.0093 3004 C:\WINDOWS\system32\drivers\ks.sys - ok
18:21:30.0093 3004 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
18:21:30.0093 3004 C:\WINDOWS\system32\drivers\redbook.sys - ok
18:21:30.0109 3004 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
18:21:30.0109 3004 C:\WINDOWS\system32\drivers\audstub.sys - ok
18:21:30.0109 3004 [ 185ADA973B5020655CEE342059A86CBB ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
18:21:30.0109 3004 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
18:21:30.0125 3004 [ B49BD5B663E1AF9BF3233B782B70D865 ] C:\WINDOWS\system32\drivers\InCDPass.sys
18:21:30.0125 3004 C:\WINDOWS\system32\drivers\InCDPass.sys - ok
18:21:30.0125 3004 [ FC04E827133D54AB79CA254708F76CD0 ] C:\WINDOWS\system32\drivers\InCDRm.sys
18:21:30.0125 3004 C:\WINDOWS\system32\drivers\InCDRm.sys - ok
18:21:30.0125 3004 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
18:21:30.0125 3004 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
18:21:30.0140 3004 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
18:21:30.0140 3004 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
18:21:30.0140 3004 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
18:21:30.0140 3004 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
18:21:30.0140 3004 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
18:21:30.0140 3004 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
18:21:30.0156 3004 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
18:21:30.0156 3004 C:\WINDOWS\system32\drivers\tdi.sys - ok
18:21:30.0156 3004 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
18:21:30.0156 3004 C:\WINDOWS\system32\drivers\msgpc.sys - ok
18:21:30.0171 3004 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
18:21:30.0171 3004 C:\WINDOWS\system32\drivers\psched.sys - ok
18:21:30.0171 3004 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
18:21:30.0171 3004 C:\WINDOWS\system32\drivers\raspptp.sys - ok
18:21:30.0171 3004 [ 833051C6C6C42117191935F734CFBD97 ] C:\WINDOWS\system32\drivers\hamachi.sys
18:21:30.0171 3004 C:\WINDOWS\system32\drivers\hamachi.sys - ok
18:21:30.0187 3004 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
18:21:30.0187 3004 C:\WINDOWS\system32\drivers\ptilink.sys - ok
18:21:30.0187 3004 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
18:21:30.0187 3004 C:\WINDOWS\system32\drivers\raspti.sys - ok
18:21:30.0203 3004 [ 358034FE7995F80B0ED8900AEA70B8CB ] C:\WINDOWS\system32\drivers\rp_skt32.sys
18:21:30.0203 3004 C:\WINDOWS\system32\drivers\rp_skt32.sys - ok
18:21:30.0203 3004 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
18:21:30.0203 3004 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
18:21:30.0203 3004 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
18:21:30.0203 3004 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
18:21:30.0218 3004 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
18:21:30.0218 3004 C:\WINDOWS\system32\drivers\mouclass.sys - ok
18:21:30.0218 3004 [ B7E136986BB3DAC249A00E760281F0A9 ] C:\WINDOWS\system32\drivers\rp_pkt32.sys
18:21:30.0218 3004 C:\WINDOWS\system32\drivers\rp_pkt32.sys - ok
18:21:30.0234 3004 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
18:21:30.0234 3004 C:\WINDOWS\system32\drivers\termdd.sys - ok
18:21:30.0234 3004 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
18:21:30.0234 3004 C:\WINDOWS\system32\drivers\swenum.sys - ok
18:21:30.0234 3004 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
18:21:30.0234 3004 C:\WINDOWS\system32\drivers\update.sys - ok
18:21:30.0250 3004 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
18:21:30.0250 3004 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
18:21:30.0250 3004 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
18:21:30.0250 3004 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
18:21:30.0265 3004 [ DC6957811FF95F2DD3004361B20D8D3F ] C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:21:30.0265 3004 C:\WINDOWS\system32\drivers\AtiHdmi.sys - ok
18:21:30.0265 3004 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
18:21:30.0265 3004 C:\WINDOWS\system32\drivers\drmk.sys - ok
18:21:30.0265 3004 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
18:21:30.0265 3004 C:\WINDOWS\system32\drivers\portcls.sys - ok
18:21:30.0281 3004 [ 8E70F2575740232409B03DD86A255043 ] C:\WINDOWS\system32\drivers\sthda.sys
18:21:30.0281 3004 C:\WINDOWS\system32\drivers\sthda.sys - ok
18:21:30.0281 3004 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
18:21:30.0281 3004 C:\WINDOWS\system32\drivers\usbd.sys - ok
18:21:30.0296 3004 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
18:21:30.0296 3004 C:\WINDOWS\system32\drivers\usbhub.sys - ok
18:21:30.0296 3004 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
18:21:30.0296 3004 C:\WINDOWS\system32\drivers\fdc.sys - ok
18:21:30.0296 3004 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
18:21:30.0296 3004 C:\WINDOWS\system32\drivers\beep.sys - ok
18:21:30.0312 3004 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
18:21:30.0312 3004 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
18:21:30.0312 3004 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
18:21:30.0312 3004 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
18:21:30.0328 3004 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
18:21:30.0328 3004 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
18:21:30.0328 3004 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
18:21:30.0328 3004 C:\WINDOWS\system32\drivers\null.sys - ok
18:21:30.0328 3004 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
18:21:30.0328 3004 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
18:21:30.0343 3004 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
18:21:30.0343 3004 C:\WINDOWS\system32\drivers\hidparse.sys - ok
18:21:30.0343 3004 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
18:21:30.0343 3004 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
18:21:30.0359 3004 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
18:21:30.0359 3004 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
18:21:30.0359 3004 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
18:21:30.0359 3004 C:\WINDOWS\system32\drivers\vga.sys - ok
18:21:30.0359 3004 [ B02A8A25192EE1C5E653628637AB6AAA ] C:\WINDOWS\system32\drivers\InCDfs.sys
18:21:30.0359 3004 C:\WINDOWS\system32\drivers\InCDfs.sys - ok
18:21:30.0375 3004 [ 8FD364EDBD97983575CEE3E8909E62B4 ] C:\WINDOWS\system32\drivers\InCDrec.sys
18:21:30.0375 3004 C:\WINDOWS\system32\drivers\InCDrec.sys - ok
18:21:30.0375 3004 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
18:21:30.0375 3004 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
18:21:30.0390 3004 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
18:21:30.0390 3004 C:\WINDOWS\system32\drivers\msfs.sys - ok
18:21:30.0390 3004 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
18:21:30.0390 3004 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
18:21:30.0390 3004 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
18:21:30.0390 3004 C:\WINDOWS\system32\drivers\ipsec.sys - ok
18:21:30.0406 3004 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
18:21:30.0406 3004 C:\WINDOWS\system32\drivers\npfs.sys - ok
18:21:30.0406 3004 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
18:21:30.0406 3004 C:\WINDOWS\system32\drivers\rasacd.sys - ok
18:21:30.0421 3004 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
18:21:30.0421 3004 C:\WINDOWS\system32\drivers\tcpip.sys - ok
18:21:30.0421 3004 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
18:21:30.0421 3004 C:\WINDOWS\system32\drivers\netbt.sys - ok
18:21:30.0421 3004 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
18:21:30.0421 3004 C:\WINDOWS\system32\drivers\afd.sys - ok
18:21:30.0437 3004 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
18:21:30.0437 3004 C:\WINDOWS\system32\drivers\netbios.sys - ok
18:21:30.0437 3004 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
18:21:30.0437 3004 C:\WINDOWS\system32\drivers\rdbss.sys - ok
18:21:30.0453 3004 [ AAF28AB6EFFD8990BFE20398E92F101E ] C:\WINDOWS\system32\drivers\SbcpHid.sys
18:21:30.0453 3004 C:\WINDOWS\system32\drivers\SbcpHid.sys - ok
18:21:30.0453 3004 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
18:21:30.0453 3004 C:\WINDOWS\system32\drivers\wanarp.sys - ok
18:21:30.0453 3004 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
18:21:30.0453 3004 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
18:21:30.0468 3004 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
18:21:30.0468 3004 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
18:21:30.0468 3004 [ 4E08A98DBA0B1249C2EB4B191978A9A4 ] C:\WINDOWS\system32\drivers\ctxusbm.sys
18:21:30.0468 3004 C:\WINDOWS\system32\drivers\ctxusbm.sys - ok
18:21:30.0484 3004 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
18:21:30.0484 3004 C:\WINDOWS\system32\drivers\fips.sys - ok
18:21:30.0484 3004 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
18:21:30.0484 3004 C:\WINDOWS\system32\smss.exe - ok
18:21:30.0484 3004 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
18:21:30.0484 3004 C:\WINDOWS\system32\ntdll.dll - ok
18:21:30.0500 3004 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
18:21:30.0500 3004 C:\WINDOWS\system32\autochk.exe - ok
18:21:30.0500 3004 [ ED910B63A75863A89AAB65F2763D5B71 ] C:\WINDOWS\system32\drivers\BLKWGU.sys
18:21:30.0500 3004 C:\WINDOWS\system32\drivers\BLKWGU.sys - ok
18:21:30.0515 3004 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
18:21:30.0515 3004 C:\WINDOWS\system32\drivers\cdfs.sys - ok
18:21:30.0515 3004 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
18:21:30.0515 3004 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
18:21:30.0515 3004 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] C:\WINDOWS\system32\drivers\usbscan.sys
18:21:30.0515 3004 C:\WINDOWS\system32\drivers\usbscan.sys - ok
18:21:30.0531 3004 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
18:21:30.0531 3004 C:\WINDOWS\system32\drivers\usbprint.sys - ok
18:21:30.0531 3004 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
18:21:30.0531 3004 C:\WINDOWS\system32\drivers\hidclass.sys - ok
18:21:30.0546 3004 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
18:21:30.0546 3004 C:\WINDOWS\system32\drivers\hidusb.sys - ok
18:21:30.0546 3004 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
18:21:30.0546 3004 C:\WINDOWS\system32\drivers\mouhid.sys - ok
18:21:30.0546 3004 [ CF7E041663119E09D2E118521ADA9300 ] C:\WINDOWS\system32\drivers\nuidfltr.sys
18:21:30.0546 3004 C:\WINDOWS\system32\drivers\nuidfltr.sys - ok
18:21:30.0562 3004 [ FD47474BD21794508AF449D9D91AF6E6 ] C:\WINDOWS\system32\drivers\wdf01000.sys
18:21:30.0562 3004 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
18:21:30.0562 3004 [ DED98A3E466251CCAB93D579144B048C ] C:\WINDOWS\system32\drivers\wdfldr.sys
18:21:30.0562 3004 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
18:21:30.0578 3004 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
18:21:30.0578 3004 C:\WINDOWS\system32\drivers\dxapi.sys - ok
18:21:30.0578 3004 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
18:21:30.0578 3004 C:\WINDOWS\system32\watchdog.sys - ok
18:21:30.0578 3004 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:21:30.0578 3004 C:\WINDOWS\system32\basesrv.dll - ok
18:21:30.0593 3004 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
18:21:30.0593 3004 C:\WINDOWS\system32\csrsrv.dll - ok
18:21:30.0593 3004 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
18:21:30.0593 3004 C:\WINDOWS\system32\csrss.exe - ok
18:21:30.0609 3004 [ D6F934A361D7F0BE8271673988D4E7FD ] C:\WINDOWS\system32\win32k.sys
18:21:30.0609 3004 C:\WINDOWS\system32\win32k.sys - ok
18:21:30.0609 3004 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:21:30.0609 3004 C:\WINDOWS\system32\winsrv.dll - ok
18:21:30.0609 3004 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
18:21:30.0609 3004 C:\WINDOWS\system32\gdi32.dll - ok
18:21:30.0625 3004 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
18:21:30.0625 3004 C:\WINDOWS\system32\kernel32.dll - ok
18:21:30.0625 3004 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
18:21:30.0625 3004 C:\WINDOWS\system32\user32.dll - ok
18:21:30.0640 3004 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
18:21:30.0640 3004 C:\WINDOWS\system32\drivers\dxg.sys - ok
18:21:30.0640 3004 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
18:21:30.0640 3004 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
18:21:30.0640 3004 [ 5C9AD3B9FF8A024AB44A23E88E02AA12 ] C:\WINDOWS\system32\ati2cqag.dll
18:21:30.0640 3004 C:\WINDOWS\system32\ati2cqag.dll - ok
18:21:30.0656 3004 [ EDE354AA631F8664E59CCE0E22E0244F ] C:\WINDOWS\system32\ati2dvag.dll
18:21:30.0656 3004 C:\WINDOWS\system32\ati2dvag.dll - ok
18:21:30.0656 3004 [ D7CFE817AE431E313EFEE3ADE129A175 ] C:\WINDOWS\system32\atikvmag.dll
18:21:30.0656 3004 C:\WINDOWS\system32\atikvmag.dll - ok
18:21:30.0671 3004 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
18:21:30.0671 3004 C:\WINDOWS\system32\vga.dll - ok
18:21:30.0671 3004 [ BF6410AA8BC877C1AFF2AE9FFD36D78B ] C:\WINDOWS\system32\atiok3x2.dll
18:21:30.0671 3004 C:\WINDOWS\system32\atiok3x2.dll - ok
18:21:30.0671 3004 [ F10807DDAEE359BC262435036A559407 ] C:\WINDOWS\system32\ati3duag.dll
18:21:30.0671 3004 C:\WINDOWS\system32\ati3duag.dll - ok
18:21:30.0687 3004 [ 687DAD9F28DCCD39657E95EE4E91EE75 ] C:\WINDOWS\system32\ativvaxx.dll
18:21:30.0687 3004 C:\WINDOWS\system32\ativvaxx.dll - ok
18:21:30.0687 3004 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
18:21:30.0687 3004 C:\WINDOWS\system32\winlogon.exe - ok
18:21:30.0703 3004 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
18:21:30.0703 3004 C:\WINDOWS\system32\advapi32.dll - ok
18:21:30.0703 3004 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
18:21:30.0703 3004 C:\WINDOWS\system32\rpcrt4.dll - ok
18:21:30.0703 3004 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
18:21:30.0703 3004 C:\WINDOWS\system32\secur32.dll - ok
18:21:30.0718 3004 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
18:21:30.0718 3004 C:\WINDOWS\system32\authz.dll - ok
18:21:30.0718 3004 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
18:21:30.0718 3004 C:\WINDOWS\system32\msvcrt.dll - ok
18:21:30.0734 3004 [ 64416C6E07606720C1ECE6DD374BDFFD ] C:\WINDOWS\system32\crypt32.dll
18:21:30.0734 3004 C:\WINDOWS\system32\crypt32.dll - ok
18:21:30.0734 3004 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
18:21:30.0734 3004 C:\WINDOWS\system32\msasn1.dll - ok
18:21:30.0734 3004 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
18:21:30.0734 3004 C:\WINDOWS\system32\nddeapi.dll - ok
18:21:30.0750 3004 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
18:21:30.0750 3004 C:\WINDOWS\system32\netapi32.dll - ok
18:21:30.0750 3004 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
18:21:30.0750 3004 C:\WINDOWS\system32\profmap.dll - ok
18:21:30.0765 3004 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
18:21:30.0765 3004 C:\WINDOWS\system32\userenv.dll - ok
18:21:30.0765 3004 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
18:21:30.0765 3004 C:\WINDOWS\system32\psapi.dll - ok
18:21:30.0765 3004 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
18:21:30.0765 3004 C:\WINDOWS\system32\regapi.dll - ok
18:21:30.0781 3004 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
18:21:30.0781 3004 C:\WINDOWS\system32\setupapi.dll - ok
18:21:30.0781 3004 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
18:21:30.0781 3004 C:\WINDOWS\system32\version.dll - ok
18:21:30.0781 3004 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
18:21:30.0796 3004 C:\WINDOWS\system32\winsta.dll - ok
18:21:30.0796 3004 [ 95F5C420E9BDD4C3569602911420A774 ] C:\WINDOWS\system32\wintrust.dll
18:21:30.0796 3004 C:\WINDOWS\system32\wintrust.dll - ok
18:21:30.0796 3004 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
18:21:30.0796 3004 C:\WINDOWS\system32\imagehlp.dll - ok
18:21:30.0812 3004 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
18:21:30.0812 3004 C:\WINDOWS\system32\ws2_32.dll - ok
18:21:30.0812 3004 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
18:21:30.0812 3004 C:\WINDOWS\system32\imm32.dll - ok
18:21:30.0812 3004 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
18:21:30.0812 3004 C:\WINDOWS\system32\ws2help.dll - ok
18:21:30.0828 3004 [ EE957431BDB5679DC748BB0A284ED990 ] C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll
18:21:30.0828 3004 C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll - ok
18:21:30.0828 3004 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
18:21:30.0828 3004 C:\WINDOWS\system32\sxs.dll - ok
18:21:30.0843 3004 [ C56F564A6E212662F168A30999A0F8A6 ] C:\Program Files\Citrix\ICA Client\ShellHook.dll
18:21:30.0843 3004 C:\Program Files\Citrix\ICA Client\ShellHook.dll - ok
18:21:30.0843 3004 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
18:21:30.0843 3004 C:\WINDOWS\system32\ole32.dll - ok
18:21:30.0843 3004 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
18:21:30.0843 3004 C:\WINDOWS\system32\shlwapi.dll - ok
18:21:30.0859 3004 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
18:21:30.0859 3004 C:\WINDOWS\system32\shell32.dll - ok
18:21:30.0859 3004 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
18:21:30.0859 3004 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
18:21:30.0875 3004 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
18:21:30.0875 3004 C:\WINDOWS\system32\comctl32.dll - ok
18:21:30.0875 3004 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
18:21:30.0875 3004 C:\WINDOWS\system32\kbdus.dll - ok
18:21:30.0875 3004 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
18:21:30.0875 3004 C:\WINDOWS\system32\msgina.dll - ok
18:21:30.0890 3004 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
18:21:30.0890 3004 C:\WINDOWS\system32\odbc32.dll - ok
18:21:30.0890 3004 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
18:21:30.0890 3004 C:\WINDOWS\system32\comdlg32.dll - ok
18:21:30.0890 3004 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
18:21:30.0890 3004 C:\WINDOWS\system32\odbcint.dll - ok
18:21:30.0906 3004 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
18:21:30.0906 3004 C:\WINDOWS\system32\shsvcs.dll - ok
18:21:30.0906 3004 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
18:21:30.0906 3004 C:\WINDOWS\system32\sfc.dll - ok
18:21:30.0921 3004 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
18:21:30.0921 3004 C:\WINDOWS\system32\sfc_os.dll - ok
18:21:30.0921 3004 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
18:21:30.0921 3004 C:\WINDOWS\system32\apphelp.dll - ok
18:21:30.0921 3004 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
18:21:30.0921 3004 C:\WINDOWS\system32\lsasrv.dll - ok
18:21:30.0937 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
18:21:30.0937 3004 C:\WINDOWS\system32\lsass.exe - ok
18:21:30.0937 3004 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
18:21:30.0937 3004 C:\WINDOWS\system32\ncobjapi.dll - ok
18:21:30.0953 3004 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:21:30.0953 3004 C:\WINDOWS\system32\services.exe - ok
18:21:30.0953 3004 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
18:21:30.0953 3004 C:\WINDOWS\system32\msvcp60.dll - ok
18:21:30.0953 3004 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
18:21:30.0953 3004 C:\WINDOWS\system32\scesrv.dll - ok
18:21:30.0968 3004 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
18:21:30.0968 3004 C:\WINDOWS\system32\mpr.dll - ok
18:21:30.0968 3004 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
18:21:30.0968 3004 C:\WINDOWS\system32\ntdsapi.dll - ok
18:21:30.0984 3004 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
18:21:30.0984 3004 C:\WINDOWS\system32\umpnpmgr.dll - ok
18:21:30.0984 3004 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
18:21:30.0984 3004 C:\WINDOWS\system32\dnsapi.dll - ok
18:21:30.0984 3004 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
18:21:30.0984 3004 C:\WINDOWS\system32\shimeng.dll - ok
18:21:31.0000 3004 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
18:21:31.0000 3004 C:\WINDOWS\AppPatch\acadproc.dll - ok
18:21:31.0000 3004 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
18:21:31.0000 3004 C:\WINDOWS\system32\wldap32.dll - ok
18:21:31.0015 3004 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
18:21:31.0015 3004 C:\WINDOWS\system32\samlib.dll - ok
18:21:31.0015 3004 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
18:21:31.0015 3004 C:\WINDOWS\system32\samsrv.dll - ok
18:21:31.0015 3004 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
18:21:31.0015 3004 C:\WINDOWS\system32\cryptdll.dll - ok
18:21:31.0031 3004 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
18:21:31.0031 3004 C:\WINDOWS\AppPatch\acgenral.dll - ok
18:21:31.0031 3004 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
18:21:31.0031 3004 C:\WINDOWS\system32\winmm.dll - ok
18:21:31.0046 3004 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
18:21:31.0046 3004 C:\WINDOWS\system32\oleaut32.dll - ok
18:21:31.0046 3004 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
18:21:31.0046 3004 C:\WINDOWS\system32\msacm32.dll - ok
18:21:31.0046 3004 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
18:21:31.0046 3004 C:\WINDOWS\system32\uxtheme.dll - ok
18:21:31.0062 3004 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
18:21:31.0062 3004 C:\WINDOWS\system32\msapsspc.dll - ok
18:21:31.0062 3004 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
18:21:31.0062 3004 C:\WINDOWS\system32\msvcrt40.dll - ok
18:21:31.0078 3004 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
18:21:31.0078 3004 C:\WINDOWS\system32\digest.dll - ok
18:21:31.0078 3004 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
18:21:31.0078 3004 C:\WINDOWS\system32\schannel.dll - ok
18:21:31.0078 3004 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
18:21:31.0078 3004 C:\WINDOWS\system32\msnsspc.dll - ok
18:21:31.0093 3004 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
18:21:31.0093 3004 C:\WINDOWS\system32\kerberos.dll - ok
18:21:31.0093 3004 [ 3F790874A85819E94574F3E7AF9C5806 ] C:\WINDOWS\system32\msctfime.ime
18:21:31.0093 3004 C:\WINDOWS\system32\msctfime.ime - ok
18:21:31.0109 3004 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
18:21:31.0109 3004 C:\WINDOWS\system32\msprivs.dll - ok
18:21:31.0109 3004 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
18:21:31.0109 3004 C:\WINDOWS\system32\sfcfiles.dll - ok
18:21:31.0109 3004 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
18:21:31.0109 3004 C:\WINDOWS\system32\atmfd.dll - ok
18:21:31.0125 3004 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
18:21:31.0125 3004 C:\WINDOWS\system32\iphlpapi.dll - ok
18:21:31.0125 3004 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
18:21:31.0125 3004 C:\WINDOWS\system32\msv1_0.dll - ok
18:21:31.0140 3004 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
18:21:31.0140 3004 C:\WINDOWS\system32\netlogon.dll - ok
18:21:31.0140 3004 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
18:21:31.0140 3004 C:\WINDOWS\system32\w32time.dll - ok
18:21:31.0140 3004 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
18:21:31.0140 3004 C:\WINDOWS\system32\rsaenh.dll - ok
18:21:31.0156 3004 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
18:21:31.0156 3004 C:\WINDOWS\system32\wdigest.dll - ok
18:21:31.0156 3004 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
18:21:31.0156 3004 C:\WINDOWS\system32\winscard.dll - ok
18:21:31.0171 3004 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
18:21:31.0171 3004 C:\WINDOWS\system32\wtsapi32.dll - ok
18:21:31.0171 3004 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
18:21:31.0171 3004 C:\WINDOWS\system32\scecli.dll - ok
18:21:31.0171 3004 [ 3E47191DDAFFCDD9B28CBC50FB6499B5 ] C:\WINDOWS\system32\ati2evxx.exe
18:21:31.0171 3004 C:\WINDOWS\system32\ati2evxx.exe - ok
18:21:31.0187 3004 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
18:21:31.0187 3004 C:\WINDOWS\system32\cfgmgr32.dll - ok
18:21:31.0187 3004 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
18:21:31.0187 3004 C:\WINDOWS\system32\powrprof.dll - ok
18:21:31.0203 3004 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
18:21:31.0203 3004 C:\WINDOWS\system32\svchost.exe - ok
18:21:31.0203 3004 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
18:21:31.0203 3004 C:\WINDOWS\system32\ntmarta.dll - ok
18:21:31.0203 3004 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
18:21:31.0203 3004 C:\WINDOWS\system32\rpcss.dll - ok
18:21:31.0218 3004 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
18:21:31.0218 3004 C:\WINDOWS\system32\xpsp2res.dll - ok
18:21:31.0218 3004 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
18:21:31.0218 3004 C:\WINDOWS\system32\eventlog.dll - ok
18:21:31.0234 3004 [ 5F9031EF8EAEE880104999D11C6A154D ] C:\WINDOWS\system32\ati2edxx.dll
18:21:31.0234 3004 C:\WINDOWS\system32\ati2edxx.dll - ok
18:21:31.0234 3004 [ 5AB9C462CC34528C7E8D9DAC10212456 ] C:\WINDOWS\system32\atipdlxx.dll
18:21:31.0234 3004 C:\WINDOWS\system32\atipdlxx.dll - ok
18:21:31.0234 3004 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
18:21:31.0234 3004 C:\WINDOWS\system32\mswsock.dll - ok
18:21:31.0250 3004 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
18:21:31.0250 3004 C:\WINDOWS\system32\hnetcfg.dll - ok
18:21:31.0250 3004 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
18:21:31.0250 3004 C:\Program Files\Bonjour\mdnsNSP.dll - ok
18:21:31.0265 3004 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
18:21:31.0265 3004 C:\WINDOWS\system32\winrnr.dll - ok
18:21:31.0265 3004 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
18:21:31.0265 3004 C:\WINDOWS\system32\wshtcpip.dll - ok
18:21:31.0265 3004 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
18:21:31.0265 3004 C:\WINDOWS\system32\rasadhlp.dll - ok
18:21:31.0281 3004 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:21:31.0281 3004 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
18:21:31.0281 3004 [ 9AC7F31404F784753C4C04296E48CFAB ] C:\Program Files\Microsoft Security Client\MpSvc.dll
18:21:31.0281 3004 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
18:21:31.0296 3004 [ 84204FDA617A3611D510A1DCBAE64004 ] C:\Program Files\Microsoft Security Client\MpClient.dll
18:21:31.0296 3004 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
18:21:31.0296 3004 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
18:21:31.0296 3004 C:\WINDOWS\system32\logonui.exe - ok
18:21:31.0296 3004 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
18:21:31.0296 3004 C:\WINDOWS\system32\duser.dll - ok
18:21:31.0312 3004 [ 6C253F61D585CFA2B57CBD95464EC208 ] C:\WINDOWS\system32\ati2evxx.dll
18:21:31.0312 3004 C:\WINDOWS\system32\ati2evxx.dll - ok
18:21:31.0312 3004 [ 05231C04253C5BC30B26CBAAE680ED89 ] C:\WINDOWS\system32\WudfSvc.dll
18:21:31.0312 3004 C:\WINDOWS\system32\WudfSvc.dll - ok
18:21:31.0328 3004 [ 5CAF91E865FE0C85048A233E594544D2 ] C:\WINDOWS\system32\WudfPlatform.dll
18:21:31.0328 3004 C:\WINDOWS\system32\WudfPlatform.dll - ok
18:21:31.0328 3004 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
18:21:31.0328 3004 C:\WINDOWS\system32\cscdll.dll - ok
18:21:31.0328 3004 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
18:21:31.0328 3004 C:\WINDOWS\system32\msimg32.dll - ok
18:21:31.0343 3004 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
18:21:31.0343 3004 C:\WINDOWS\system32\oleacc.dll - ok
18:21:31.0343 3004 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
18:21:31.0343 3004 C:\WINDOWS\system32\dimsntfy.dll - ok
18:21:31.0359 3004 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
18:21:31.0359 3004 C:\WINDOWS\system32\wlnotify.dll - ok
18:21:31.0359 3004 [ 7C29BC74635524E13FAA556A5FD48968 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
18:21:31.0359 3004 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
18:21:31.0359 3004 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
18:21:31.0359 3004 C:\WINDOWS\system32\winspool.drv - ok
18:21:31.0375 3004 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
18:21:31.0375 3004 C:\WINDOWS\system32\clbcatq.dll - ok
18:21:31.0375 3004 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
18:21:31.0375 3004 C:\WINDOWS\system32\drivers\fssfltr_tdi.sys - ok
18:21:31.0390 3004 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
18:21:31.0390 3004 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
18:21:31.0390 3004 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
18:21:31.0390 3004 C:\WINDOWS\system32\dhcpcsvc.dll - ok
18:21:31.0390 3004 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
18:21:31.0390 3004 C:\WINDOWS\system32\fltlib.dll - ok
18:21:31.0406 3004 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
18:21:31.0406 3004 C:\WINDOWS\system32\comres.dll - ok
18:21:31.0406 3004 [ 70B253713FC33CC7DBE304693C4FE9A3 ] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A7D6FD9-DBC3-43B9-8AC2-2DEAC52009D8}\mpengine.dll
18:21:31.0406 3004 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A7D6FD9-DBC3-43B9-8AC2-2DEAC52009D8}\mpengine.dll - ok
18:21:31.0421 3004 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
18:21:31.0421 3004 C:\WINDOWS\system32\lmhsvc.dll - ok
18:21:31.0421 3004 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
18:21:31.0421 3004 C:\WINDOWS\system32\wzcsvc.dll - ok
18:21:31.0421 3004 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
18:21:31.0421 3004 C:\WINDOWS\system32\shgina.dll - ok
18:21:31.0437 3004 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
18:21:31.0437 3004 C:\WINDOWS\system32\rtutils.dll - ok
18:21:31.0437 3004 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
18:21:31.0437 3004 C:\WINDOWS\system32\wmi.dll - ok
18:21:31.0453 3004 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
18:21:31.0453 3004 C:\WINDOWS\system32\eapolqec.dll - ok
18:21:31.0453 3004 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
18:21:31.0453 3004 C:\WINDOWS\system32\atl.dll - ok
18:21:31.0453 3004 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
18:21:31.0453 3004 C:\WINDOWS\system32\qutil.dll - ok
18:21:31.0468 3004 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
18:21:31.0468 3004 C:\WINDOWS\system32\dot3api.dll - ok
18:21:31.0468 3004 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
18:21:31.0468 3004 C:\WINDOWS\system32\esent.dll - ok
18:21:31.0484 3004 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
18:21:31.0484 3004 C:\WINDOWS\system32\rastls.dll - ok
18:21:31.0484 3004 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
18:21:31.0484 3004 C:\WINDOWS\system32\cryptui.dll - ok
18:21:31.0484 3004 [ FF1C14BCA1A797CE45DD359FA2C9EDA8 ] C:\WINDOWS\system32\wininet.dll
18:21:31.0484 3004 C:\WINDOWS\system32\wininet.dll - ok
18:21:31.0500 3004 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
18:21:31.0500 3004 C:\WINDOWS\system32\normaliz.dll - ok
18:21:31.0500 3004 [ 9371862D37E8F0AF21E4DEA95E867C39 ] C:\WINDOWS\system32\urlmon.dll
18:21:31.0500 3004 C:\WINDOWS\system32\urlmon.dll - ok
18:21:31.0515 3004 [ 0579CC3B95EDD1CE664A35E016F3DD58 ] C:\WINDOWS\system32\iertutil.dll
18:21:31.0515 3004 C:\WINDOWS\system32\iertutil.dll - ok
18:21:31.0515 3004 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
18:21:31.0515 3004 C:\WINDOWS\system32\mprapi.dll - ok
18:21:31.0515 3004 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
18:21:31.0515 3004 C:\WINDOWS\system32\activeds.dll - ok
18:21:31.0531 3004 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
18:21:31.0531 3004 C:\WINDOWS\system32\adsldpc.dll - ok
18:21:31.0531 3004 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
18:21:31.0531 3004 C:\WINDOWS\system32\rasapi32.dll - ok
18:21:31.0546 3004 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
18:21:31.0546 3004 C:\WINDOWS\system32\rasman.dll - ok
18:21:31.0546 3004 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
18:21:31.0546 3004 C:\WINDOWS\system32\tapi32.dll - ok
18:21:31.0546 3004 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
18:21:31.0546 3004 C:\WINDOWS\system32\riched20.dll - ok
18:21:31.0562 3004 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
18:21:31.0562 3004 C:\WINDOWS\system32\mlang.dll - ok
18:21:31.0562 3004 [ 566382CA5F2C41FEAEEEFAC908F1EB92 ] C:\WINDOWS\system32\xmlprovi.dll
18:21:31.0562 3004 C:\WINDOWS\system32\xmlprovi.dll - ok
18:21:31.0578 3004 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
18:21:31.0578 3004 C:\WINDOWS\system32\wzcsapi.dll - ok
18:21:31.0578 3004 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
18:21:31.0578 3004 C:\WINDOWS\system32\raschap.dll - ok
18:21:31.0578 3004 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
18:21:31.0578 3004 C:\WINDOWS\system32\schedsvc.dll - ok
18:21:31.0593 3004 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
18:21:31.0593 3004 C:\WINDOWS\system32\msidle.dll - ok
18:21:31.0593 3004 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
18:21:31.0593 3004 C:\WINDOWS\system32\spoolsv.exe - ok
18:21:31.0609 3004 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
18:21:31.0609 3004 C:\WINDOWS\system32\audiosrv.dll - ok
18:21:31.0609 3004 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
18:21:31.0609 3004 C:\WINDOWS\system32\wkssvc.dll - ok
18:21:31.0609 3004 [ FC5372FD2DEB28E847C8394C58BC76FA ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
18:21:31.0609 3004 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
18:21:31.0625 3004 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
18:21:31.0625 3004 C:\WINDOWS\system32\cabinet.dll - ok
18:21:31.0625 3004 [ 3B47E60E1012B23873ED2E4A9B4F2310 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
18:21:31.0625 3004 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
18:21:31.0640 3004 [ A26E0A6A7EBB45815A3583E170C27031 ] C:\Program Files\Microsoft Security Client\LegitLib.dll
18:21:31.0640 3004 C:\Program Files\Microsoft Security Client\LegitLib.dll - ok
18:21:31.0640 3004 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
18:21:31.0640 3004 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
18:21:31.0640 3004 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
18:21:31.0640 3004 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
18:21:31.0656 3004 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
18:21:31.0656 3004 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
18:21:31.0656 3004 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
18:21:31.0656 3004 C:\WINDOWS\system32\webclnt.dll - ok
18:21:31.0656 3004 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
18:21:31.0656 3004 C:\WINDOWS\system32\drivers\parvdm.sys - ok
18:21:31.0671 3004 [ 0923671CF87CD511E46D4668B53F5E76 ] C:\Program Files\Common Files\Akamai\netsession_win_5891ae0.dll
18:21:31.0671 3004 C:\Program Files\Common Files\Akamai\netsession_win_5891ae0.dll - ok
18:21:31.0671 3004 [ A9A3DAA780CA6C9671A19D52456705B4 ] C:\WINDOWS\system32\alrsvc.dll
18:21:31.0671 3004 C:\WINDOWS\system32\alrsvc.dll - ok
18:21:31.0687 3004 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
18:21:31.0687 3004 C:\WINDOWS\system32\odbcbcp.dll - ok
18:21:31.0687 3004 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
18:21:31.0687 3004 C:\WINDOWS\system32\pdh.dll - ok
18:21:31.0687 3004 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
18:21:31.0687 3004 C:\WINDOWS\system32\winhttp.dll - ok
18:21:31.0703 3004 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
18:21:31.0703 3004 C:\WINDOWS\system32\security.dll - ok
18:21:31.0703 3004 [ 096C9955485F2B3F910F4C503C318D74 ] C:\WINDOWS\system32\ati2sgag.exe
18:21:31.0703 3004 C:\WINDOWS\system32\ati2sgag.exe - ok
18:21:31.0718 3004 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:21:31.0718 3004 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
18:21:31.0718 3004 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
18:21:31.0718 3004 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
18:21:31.0718 3004 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
18:21:31.0718 3004 C:\WINDOWS\system32\mscoree.dll - ok
18:21:31.0734 3004 [ CE17986AE169D67E6905DBAC2D4E2FFB ] C:\Program Files\Computer Updater\ComputerUp-daterService.exe
18:21:31.0734 3004 C:\Program Files\Computer Updater\ComputerUp-daterService.exe - ok
18:21:31.0734 3004 [ 64B33CC5BF131DEF2721394CF9B3F8ED ] C:\WINDOWS\system32\msvbvm60.dll
18:21:31.0734 3004 C:\WINDOWS\system32\msvbvm60.dll - ok
18:21:31.0750 3004 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
18:21:31.0750 3004 C:\WINDOWS\system32\perfos.dll - ok
18:21:31.0750 3004 [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
18:21:31.0750 3004 C:\WINDOWS\system32\mfc42.dll - ok
18:21:31.0750 3004 [ FAE8AAFC5AF74E012343AB1D6C5ABEF9 ] C:\WINDOWS\system32\NTSVC.ocx
18:21:31.0750 3004 C:\WINDOWS\system32\NTSVC.ocx - ok
18:21:31.0765 3004 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
18:21:31.0765 3004 C:\WINDOWS\system32\shfolder.dll - ok
18:21:31.0765 3004 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
18:21:31.0765 3004 C:\WINDOWS\system32\cryptsvc.dll - ok
18:21:31.0781 3004 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] C:\WINDOWS\ehome\ehrecvr.exe
18:21:31.0781 3004 C:\WINDOWS\ehome\ehrecvr.exe - ok
18:21:31.0781 3004 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
18:21:31.0781 3004 C:\WINDOWS\system32\certcli.dll - ok
18:21:31.0781 3004 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
18:21:31.0781 3004 C:\WINDOWS\system32\dmserver.dll - ok
18:21:31.0796 3004 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
18:21:31.0796 3004 C:\WINDOWS\system32\faultrep.dll - ok
18:21:31.0796 3004 [ 6D280BC969218AE4A72180F907C32913 ] C:\WINDOWS\ehome\ehTrace.dll
18:21:31.0796 3004 C:\WINDOWS\ehome\ehTrace.dll - ok
18:21:31.0812 3004 [ A53243709439AC2A4C216B817F8D7411 ] C:\WINDOWS\ehome\ehSched.exe
18:21:31.0812 3004 C:\WINDOWS\ehome\ehSched.exe - ok
18:21:31.0812 3004 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
18:21:31.0812 3004 C:\WINDOWS\system32\es.dll - ok
18:21:31.0812 3004 [ 926AFC4848FF3297BB264333BF51E21F ] C:\WINDOWS\system32\sbe.dll
18:21:31.0812 3004 C:\WINDOWS\system32\sbe.dll - ok
18:21:31.0828 3004 [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
18:21:31.0828 3004 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
18:21:31.0828 3004 [ E325BCDBB6DED6C89F679B8AE89E975C ] C:\WINDOWS\system32\msvidctl.dll
18:21:31.0828 3004 C:\WINDOWS\system32\msvidctl.dll - ok
18:21:31.0843 3004 [ 008DF0C9D81BD814480DD9C052893E8C ] C:\WINDOWS\ehome\ehRec.exe
18:21:31.0843 3004 C:\WINDOWS\ehome\ehRec.exe - ok
18:21:31.0843 3004 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
18:21:31.0843 3004 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
18:21:31.0843 3004 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
18:21:31.0843 3004 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
18:21:31.0859 3004 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
18:21:31.0859 3004 C:\WINDOWS\system32\msi.dll - ok
18:21:31.0859 3004 [ 34FFB6ABA2DA398BB33422E1E9275BA9 ] C:\WINDOWS\system32\quartz.dll
18:21:31.0859 3004 C:\WINDOWS\system32\quartz.dll - ok
18:21:31.0875 3004 [ 7C87A5FB95777E4132B11FC3D92CAAF5 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
18:21:31.0875 3004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll - ok
18:21:31.0875 3004 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
18:21:31.0875 3004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll - ok
18:21:31.0875 3004 [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll
18:21:31.0875 3004 C:\WINDOWS\system32\devenum.dll - ok
18:21:31.0890 3004 [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
18:21:31.0890 3004 C:\WINDOWS\system32\msdmo.dll - ok
18:21:31.0890 3004 [ 8310CE948F142D8B734FD181213FA15B ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
18:21:31.0890 3004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - ok
18:21:31.0890 3004 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
18:21:31.0890 3004 C:\WINDOWS\system32\dbghelp.dll - ok
18:21:31.0906 3004 [ 408DDD80EEDE47175F6844817B90213E ] C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:21:31.0906 3004 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - ok
18:21:31.0906 3004 [ 3DA977851FE3013741091ED584EE7658 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
18:21:31.0906 3004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - ok
18:21:31.0921 3004 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
18:21:31.0921 3004 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
18:21:31.0921 3004 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
18:21:31.0921 3004 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
18:21:31.0921 3004 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
18:21:31.0921 3004 C:\WINDOWS\system32\mstask.dll - ok
18:21:31.0937 3004 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
18:21:31.0937 3004 C:\WINDOWS\system32\drivers\http.sys - ok
18:21:31.0937 3004 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
18:21:31.0937 3004 C:\WINDOWS\system32\hidserv.dll - ok
18:21:31.0953 3004 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
18:21:31.0953 3004 C:\WINDOWS\system32\hid.dll - ok
18:21:31.0953 3004 [ 5E06A9D23727DAF96FAA796F1135FDCD ] C:\Program Files\Java\jre6\bin\jqs.exe
18:21:31.0953 3004 C:\Program Files\Java\jre6\bin\jqs.exe - ok
18:21:31.0953 3004 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
18:21:31.0953 3004 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
18:21:31.0968 3004 [ 721D3AFFD2E0C649927D9F6CD10A6D87 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a275d745\mscorlib.dll
18:21:31.0968 3004 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a275d745\mscorlib.dll - ok
18:21:31.0968 3004 [ 425FDBF3C4F268ED0543BE2E747684B7 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
18:21:31.0968 3004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - ok
18:21:31.0984 3004 [ 19BB484CF7518749B20DF7760D43656A ] C:\WINDOWS\system32\lxczcoms.exe
18:21:31.0984 3004 C:\WINDOWS\system32\lxczcoms.exe - ok
18:21:31.0984 3004 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
18:21:31.0984 3004 C:\WINDOWS\system32\srvsvc.dll - ok
18:21:31.0984 3004 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
18:21:31.0984 3004 C:\WINDOWS\system32\netmsg.dll - ok
18:21:32.0000 3004 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
18:21:32.0000 3004 C:\WINDOWS\system32\perfdisk.dll - ok
18:21:32.0000 3004 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
18:21:32.0000 3004 C:\WINDOWS\system32\drivers\srv.sys - ok
18:21:32.0015 3004 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
18:21:32.0015 3004 C:\WINDOWS\system32\ipsecsvc.dll - ok
18:21:32.0015 3004 [ D1844AD9D6D4AE52B7C76D1610C5E22E ] C:\WINDOWS\system32\lxczserv.dll
18:21:32.0015 3004 C:\WINDOWS\system32\lxczserv.dll - ok
18:21:32.0015 3004 [ 06A49B7BDC36CFBF97DD90804F833369 ] C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:21:32.0015 3004 C:\Program Files\CyberLink\Shared Files\RichVideo.exe - ok
18:21:32.0031 3004 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
18:21:32.0031 3004 C:\WINDOWS\system32\oakley.dll - ok
18:21:32.0031 3004 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
18:21:32.0031 3004 C:\WINDOWS\system32\winipsec.dll - ok
18:21:32.0046 3004 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
18:21:32.0046 3004 C:\WINDOWS\system32\pstorsvc.dll - ok
18:21:32.0046 3004 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
18:21:32.0046 3004 C:\WINDOWS\system32\psbase.dll - ok
18:21:32.0046 3004 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
18:21:32.0046 3004 C:\WINDOWS\system32\seclogon.dll - ok
18:21:32.0062 3004 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
18:21:32.0062 3004 C:\WINDOWS\system32\sens.dll - ok
18:21:32.0062 3004 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
18:21:32.0062 3004 C:\WINDOWS\system32\dssenh.dll - ok
18:21:32.0078 3004 [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files\Skype\Updater\Updater.exe
18:21:32.0078 3004 C:\Program Files\Skype\Updater\Updater.exe - ok
18:21:32.0078 3004 [ 4ADF36502EADF4A67101AEFB0A7C393B ] C:\WINDOWS\system32\lxczinpa.dll
18:21:32.0078 3004 C:\WINDOWS\system32\lxczinpa.dll - ok
18:21:32.0078 3004 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
18:21:32.0078 3004 C:\WINDOWS\system32\spoolss.dll - ok
18:21:32.0093 3004 [ 6306F5C04E4F18E851CCAEA5D58AEE82 ] C:\WINDOWS\system32\lxcziesc.dll
18:21:32.0093 3004 C:\WINDOWS\system32\lxcziesc.dll - ok
18:21:32.0093 3004 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
18:21:32.0093 3004 C:\WINDOWS\system32\srsvc.dll - ok
18:21:32.0109 3004 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
18:21:32.0109 3004 C:\WINDOWS\system32\localspl.dll - ok
18:21:32.0109 3004 [ ABEC6AD92EDE64CFD3E63CF846248EB2 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
18:21:32.0109 3004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - ok
18:21:32.0109 3004 [ 06C878A8527BC5829C87AFE85E0605C2 ] C:\WINDOWS\system32\lxczusb1.dll
18:21:32.0109 3004 C:\WINDOWS\system32\lxczusb1.dll - ok
18:21:32.0125 3004 [ 5673F51DDE81937631D559A8919F4141 ] C:\Program Files\IDT\IntelXPV_v83\WDM\stacsv.exe
18:21:32.0125 3004 C:\Program Files\IDT\IntelXPV_v83\WDM\stacsv.exe - ok
18:21:32.0125 3004 [ 73B44FE5423982B2709D6EA2F674B807 ] C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
18:21:32.0125 3004 C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll - ok
18:21:32.0140 3004 [ 07B801F4067C1D33490305A7BB6E9F15 ] C:\WINDOWS\system32\lxczlmpm.dll
18:21:32.0140 3004 C:\WINDOWS\system32\lxczlmpm.dll - ok
18:21:32.0140 3004 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
18:21:32.0140 3004 C:\WINDOWS\system32\ssdpsrv.dll - ok
18:21:32.0140 3004 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
18:21:32.0140 3004 C:\WINDOWS\system32\dsound.dll - ok
18:21:32.0156 3004 [ 8C90575CF19F570448DE845F6A403445 ] C:\WINDOWS\system32\lxczcomc.dll
18:21:32.0156 3004 C:\WINDOWS\system32\lxczcomc.dll - ok
18:21:32.0156 3004 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
18:21:32.0156 3004 C:\WINDOWS\system32\cnbjmon.dll - ok
18:21:32.0171 3004 [ CA75C883EA05A05B592EE3C562CFAE10 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
18:21:32.0171 3004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - ok
18:21:32.0171 3004 [ 3DA1B54341E7E0FBAC7FCF87367453CA ] C:\WINDOWS\system32\CNMLM38.DLL
18:21:32.0171 3004 C:\WINDOWS\system32\CNMLM38.DLL - ok
18:21:32.0171 3004 [ CF9EEA7F51101A281B99FCA7AFFA2524 ] C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
18:21:32.0171 3004 C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll - ok
18:21:32.0187 3004 [ 86C5AAC31EA7909121327701045F74BD ] C:\WINDOWS\system32\IMGMAN32.DLL
18:21:32.0187 3004 C:\WINDOWS\system32\IMGMAN32.DLL - ok
18:21:32.0187 3004 [ 20F6678F35F9FDD10C4F10A3C675A3C9 ] C:\WINDOWS\system32\LXPRMON.DLL
18:21:32.0187 3004 C:\WINDOWS\system32\LXPRMON.DLL - ok
18:21:32.0203 3004 [ 8BA39E5F79366F45AF9759C1DAE346AE ] C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
18:21:32.0203 3004 C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll - ok
18:21:32.0203 3004 [ B6335A2EFBF0B4B7D4080E8B933A9F9B ] C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
18:21:32.0203 3004 C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll - ok
18:21:32.0203 3004 [ 9F22E3CE1639917EB07DCC730CD0D410 ] C:\WINDOWS\system32\IM31IMG.DIL
18:21:32.0203 3004 C:\WINDOWS\system32\IM31IMG.DIL - ok
18:21:32.0218 3004 [ 0967D9749326622FA8FDE688CA126736 ] C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
18:21:32.0218 3004 C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll - ok
18:21:32.0218 3004 [ 79F4250E099096C25797F1BAD35921FE ] C:\WINDOWS\system32\IM31XPNG.DEL
18:21:32.0218 3004 C:\WINDOWS\system32\IM31XPNG.DEL - ok
18:21:32.0234 3004 [ 6A858BCA55DBAB2E5884A1592B4EAEBB ] C:\WINDOWS\system32\IM31XTIF.DEL
18:21:32.0234 3004 C:\WINDOWS\system32\IM31XTIF.DEL - ok
18:21:32.0234 3004 [ ED4558869C7D2251F86CC24B90F15976 ] C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
18:21:32.0234 3004 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - ok
18:21:32.0234 3004 [ 232565D4769CE44745A87CF466E91952 ] C:\WINDOWS\system32\IMHOST32.DLL
18:21:32.0234 3004 C:\WINDOWS\system32\IMHOST32.DLL - ok
18:21:32.0250 3004 [ C5C39333DE3112A7BBCB72A9B36FFBE7 ] C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll
18:21:32.0250 3004 C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll - ok
18:21:32.0250 3004 [ 80141D4DA3968530BCF8E9053F589D02 ] C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
18:21:32.0250 3004 C:\Program Files\Lexmark Fax Solutions\ipcmt.dll - ok
18:21:32.0265 3004 [ 036E0FC24621BC09DF288016BEEB1015 ] C:\WINDOWS\system32\LXPMONRC.DLL
18:21:32.0265 3004 C:\WINDOWS\system32\LXPMONRC.DLL - ok
18:21:32.0265 3004 [ ECFF42413E9744A6F80BA8F2A77704AF ] C:\WINDOWS\system32\lprmon.dll
18:21:32.0265 3004 C:\WINDOWS\system32\lprmon.dll - ok
18:21:32.0265 3004 [ 7BD2D27143F94B2103AC694EBBB7CE10 ] C:\WINDOWS\system32\lprhelp.dll
18:21:32.0265 3004 C:\WINDOWS\system32\lprhelp.dll - ok
18:21:32.0281 3004 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
18:21:32.0281 3004 C:\WINDOWS\system32\pjlmon.dll - ok
18:21:32.0281 3004 [ 52ABC8C57DFEE5A7AAA210CE2E9DFE73 ] C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
18:21:32.0281 3004 C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll - ok
18:21:32.0296 3004 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\WINDOWS\system32\msonpmon.dll
18:21:32.0296 3004 C:\WINDOWS\system32\msonpmon.dll - ok
18:21:32.0296 3004 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
18:21:32.0296 3004 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
18:21:32.0296 3004 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
18:21:32.0296 3004 C:\WINDOWS\system32\tcpmon.dll - ok
18:21:32.0312 3004 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
18:21:32.0312 3004 C:\WINDOWS\system32\usbmon.dll - ok
18:21:32.0312 3004 [ 01583E36CEC01E876CB358ECE03B8F93 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e45d0b82\System.dll
18:21:32.0312 3004 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e45d0b82\System.dll - ok
18:21:32.0328 3004 [ 66946DE593185983B6D05F837D452262 ] C:\WINDOWS\ehome\ehui.dll
18:21:32.0328 3004 C:\WINDOWS\ehome\ehui.dll - ok
18:21:32.0328 3004 [ F7B30F70FD9D7C4BF01448B18190CC4F ] C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD38.DLL
18:21:32.0328 3004 C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD38.DLL - ok
18:21:32.0328 3004 [ 377B06E4D94687D149084CFC592C17BB ] C:\WINDOWS\system32\spool\prtprocs\w32x86\lxczpp5c.dll
18:21:32.0328 3004 C:\WINDOWS\system32\spool\prtprocs\w32x86\lxczpp5c.dll - ok
18:21:32.0343 3004 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
18:21:32.0343 3004 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
18:21:32.0343 3004 [ 855F6333E3A4DFC6F3C8B0520C261FCD ] C:\WINDOWS\system32\msftedit.dll
18:21:32.0343 3004 C:\WINDOWS\system32\msftedit.dll - ok
18:21:32.0359 3004 [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
18:21:32.0359 3004 C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
18:21:32.0359 3004 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
18:21:32.0359 3004 C:\WINDOWS\system32\win32spl.dll - ok
18:21:32.0359 3004 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
18:21:32.0359 3004 C:\WINDOWS\system32\netrap.dll - ok
18:21:32.0375 3004 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
18:21:32.0375 3004 C:\WINDOWS\system32\inetpp.dll - ok
18:21:32.0375 3004 [ 64199338575C86C26E311DD608484FE6 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
18:21:32.0375 3004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll - ok
18:21:32.0390 3004 [ 7AC813E17BD960987C5DA788AF295361 ] C:\WINDOWS\ehome\ehdebug.dll
18:21:32.0390 3004 C:\WINDOWS\ehome\ehdebug.dll - ok
18:21:32.0390 3004 [ A5205B3AF85B1477AB2C2A1E12201598 ] C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
18:21:32.0390 3004 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll - ok
18:21:32.0390 3004 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
18:21:32.0390 3004 C:\WINDOWS\system32\wdmaud.drv - ok
18:21:32.0406 3004 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
18:21:32.0406 3004 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
18:21:32.0406 3004 [ BA74D02ECDB4E9F4F3C3401607901FDB ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4d89da9b\System.Xml.dll
18:21:32.0406 3004 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4d89da9b\System.Xml.dll - ok
18:21:32.0421 3004 [ 3550DFA6FFFBD7604DABB28DF4ABF096 ] C:\WINDOWS\ehome\custsat.dll
18:21:32.0421 3004 C:\WINDOWS\ehome\custsat.dll - ok
18:21:32.0421 3004 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
18:21:32.0421 3004 C:\WINDOWS\system32\drivers\splitter.sys - ok
18:21:32.0421 3004 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
18:21:32.0421 3004 C:\WINDOWS\system32\drivers\aec.sys - ok
18:21:32.0437 3004 [ 576FF75D51B79536C3AE7659B482B7D5 ] C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
18:21:32.0437 3004 C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll - ok
18:21:32.0437 3004 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
18:21:32.0437 3004 C:\WINDOWS\system32\drivers\swmidi.sys - ok
18:21:32.0453 3004 [ 0F0F5B564C5A3C9B38A6220230252567 ] C:\WINDOWS\ehome\ehProxy.dll
18:21:32.0453 3004 C:\WINDOWS\ehome\ehProxy.dll - ok
18:21:32.0453 3004 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
18:21:32.0453 3004 C:\WINDOWS\system32\drivers\dmusic.sys - ok
18:21:32.0453 3004 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
18:21:32.0453 3004 C:\WINDOWS\system32\drivers\kmixer.sys - ok
18:21:32.0468 3004 [ 6F640DC052CF77161A23E29261593793 ] C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
18:21:32.0468 3004 C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll - ok
18:21:32.0468 3004 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
18:21:32.0468 3004 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
18:21:32.0484 3004 [ 30D9CFDDDE206082A5A3CF71AAB6C9C3 ] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
18:21:32.0484 3004 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - ok
18:21:32.0484 3004 [ EA08C74D9BE05E53D3C92456413AA656 ] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
18:21:32.0484 3004 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll - ok
18:21:32.0484 3004 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
18:21:32.0484 3004 C:\WINDOWS\system32\comsvcs.dll - ok
18:21:32.0500 3004 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
18:21:32.0500 3004 C:\WINDOWS\system32\msacm32.drv - ok
18:21:32.0500 3004 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
18:21:32.0500 3004 C:\WINDOWS\system32\midimap.dll - ok
18:21:32.0515 3004 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
18:21:32.0515 3004 C:\WINDOWS\system32\colbact.dll - ok
18:21:32.0515 3004 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
18:21:32.0515 3004 C:\WINDOWS\system32\mtxclu.dll - ok
18:21:32.0515 3004 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
18:21:32.0515 3004 C:\WINDOWS\system32\clusapi.dll - ok
18:21:32.0531 3004 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
18:21:32.0531 3004 C:\WINDOWS\system32\wsock32.dll - ok
18:21:32.0531 3004 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
18:21:32.0531 3004 C:\WINDOWS\system32\resutils.dll - ok
18:21:32.0546 3004 [ 0AA7F3C3B777CD5D4D953AE65D7C850E ] C:\WINDOWS\system32\stacapi.dll
18:21:32.0546 3004 C:\WINDOWS\system32\stacapi.dll - ok
18:21:32.0546 3004 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
18:21:32.0546 3004 C:\WINDOWS\system32\trkwks.dll - ok
18:21:32.0546 3004 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
18:21:32.0546 3004 C:\WINDOWS\system32\wiaservc.dll - ok
18:21:32.0562 3004 [ DF0A511F38F16016BF658FCA0090CB87 ] C:\WINDOWS\ehome\mcrdsvc.exe
18:21:32.0562 3004 C:\WINDOWS\ehome\mcrdsvc.exe - ok
18:21:32.0562 3004 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
18:21:32.0562 3004 C:\WINDOWS\system32\browser.dll - ok
18:21:32.0578 3004 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
18:21:32.0578 3004 C:\WINDOWS\system32\mscms.dll - ok
18:21:32.0578 3004 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
18:21:32.0578 3004 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
18:21:32.0578 3004 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
18:21:32.0578 3004 C:\WINDOWS\system32\ssdpapi.dll - ok
18:21:32.0593 3004 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
18:21:32.0593 3004 C:\WINDOWS\system32\vssapi.dll - ok
18:21:32.0593 3004 [ C123ED509DD563E0020DB4CA68D3B43B ] C:\WINDOWS\system32\wiafbdrv.dll
18:21:32.0593 3004 C:\WINDOWS\system32\wiafbdrv.dll - ok
18:21:32.0609 3004 [ 9AE050A6BEB2047EE5DB8C8E2B776780 ] C:\WINDOWS\system32\lxczdrs.dll
18:21:32.0609 3004 C:\WINDOWS\system32\lxczdrs.dll - ok
18:21:32.0609 3004 [ A66B5D97A251BF79C8921132441947F0 ] C:\WINDOWS\system32\LXCZcfg.dll
18:21:32.0609 3004 C:\WINDOWS\system32\LXCZcfg.dll - ok
18:21:32.0609 3004 [ 8BB4A77E97EF226C76146CAEB4665E50 ] C:\WINDOWS\system32\lxczcnv4.dll
18:21:32.0609 3004 C:\WINDOWS\system32\lxczcnv4.dll - ok
18:21:32.0625 3004 [ 1405366BE32B866645DA48D05E62F222 ] C:\WINDOWS\system32\rtscan.dll
18:21:32.0625 3004 C:\WINDOWS\system32\rtscan.dll - ok
18:21:32.0625 3004 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
18:21:32.0625 3004 C:\WINDOWS\system32\actxprxy.dll - ok
18:21:32.0640 3004 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
18:21:32.0640 3004 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
18:21:32.0640 3004 [ 0A9BA6AF531AFE7FA5E4FB973852D863 ] C:\WINDOWS\system32\dllhost.exe
18:21:32.0640 3004 C:\WINDOWS\system32\dllhost.exe - ok
18:21:32.0640 3004 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
18:21:32.0640 3004 C:\WINDOWS\system32\wbem\esscli.dll - ok
18:21:32.0656 3004 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
18:21:32.0656 3004 C:\WINDOWS\system32\wbem\fastprox.dll - ok
18:21:32.0656 3004 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
18:21:32.0656 3004 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
18:21:32.0656 3004 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
18:21:32.0656 3004 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
18:21:32.0671 3004 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
18:21:32.0671 3004 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
18:21:32.0671 3004 [ 17E0CF9C8CBB717D05948656BCD86EFA ] C:\WINDOWS\system32\txflog.dll
18:21:32.0671 3004 C:\WINDOWS\system32\txflog.dll - ok
18:21:32.0687 3004 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
18:21:32.0687 3004 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
18:21:32.0687 3004 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
18:21:32.0687 3004 C:\WINDOWS\system32\wbem\wbemess.dll - ok
18:21:32.0687 3004 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
18:21:32.0687 3004 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
18:21:32.0703 3004 [ 9627EE26C7F3FD023D87DB50C62F5111 ] C:\WINDOWS\ehome\sqldb20.dll
18:21:32.0703 3004 C:\WINDOWS\ehome\sqldb20.dll - ok
18:21:32.0703 3004 [ 160762386084A0BB69F91BB694114D14 ] C:\WINDOWS\ehome\sqlse20.dll
18:21:32.0703 3004 C:\WINDOWS\ehome\sqlse20.dll - ok
18:21:32.0718 3004 [ A3AE51C21160328EA11F734392A0F269 ] C:\WINDOWS\ehome\sqlqp20.dll
18:21:32.0718 3004 C:\WINDOWS\ehome\sqlqp20.dll - ok
18:21:32.0718 3004 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
18:21:32.0718 3004 C:\WINDOWS\system32\licwmi.dll - ok
18:21:32.0718 3004 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
18:21:32.0718 3004 C:\WINDOWS\system32\wbem\framedyn.dll - ok
18:21:32.0734 3004 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
18:21:32.0734 3004 C:\WINDOWS\system32\licdll.dll - ok
18:21:32.0734 3004 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
18:21:32.0734 3004 C:\WINDOWS\system32\dpcdll.dll - ok
18:21:32.0750 3004 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
18:21:32.0750 3004 C:\WINDOWS\system32\msxml3.dll - ok
18:21:32.0750 3004 [ 212C148C76782BC473D6101FD51A4E4A ] C:\Program Files\Java\jre6\bin\awt.dll
18:21:32.0750 3004 C:\Program Files\Java\jre6\bin\awt.dll - ok
18:21:32.0750 3004 [ 9567E1E9A68672811127E183F383CFEC ] C:\Program Files\Java\jre6\bin\client\jvm.dll
18:21:32.0750 3004 C:\Program Files\Java\jre6\bin\client\jvm.dll - ok
18:21:32.0765 3004 [ 4CBFDE6ABBBF24A6D0D189A21823950C ] C:\Program Files\Java\jre6\bin\dcpr.dll
18:21:32.0765 3004 C:\Program Files\Java\jre6\bin\dcpr.dll - ok
18:21:32.0765 3004 [ CA571F57633E79FEDDADE78FF881A485 ] C:\Program Files\Java\jre6\bin\deploy.dll
18:21:32.0765 3004 C:\Program Files\Java\jre6\bin\deploy.dll - ok
18:21:32.0781 3004 [ 4F7E879C844611883748534CCE70990C ] C:\Program Files\Java\jre6\bin\fontmanager.dll
18:21:32.0781 3004 C:\Program Files\Java\jre6\bin\fontmanager.dll - ok
18:21:32.0781 3004 [ D9960580D80026E2204BB5A894FE032B ] C:\Program Files\Java\jre6\bin\hpi.dll
18:21:32.0781 3004 C:\Program Files\Java\jre6\bin\hpi.dll - ok
18:21:32.0781 3004 [ 8D62D13D2F1FBAEB3EAFEE4CA8FDE383 ] C:\Program Files\Java\jre6\bin\java.dll
18:21:32.0781 3004 C:\Program Files\Java\jre6\bin\java.dll - ok
18:21:32.0796 3004 [ 5BF8BA1B854D7DFCE1F47E58852B3D8F ] C:\Program Files\Java\jre6\bin\javaw.exe
18:21:32.0796 3004 C:\Program Files\Java\jre6\bin\javaw.exe - ok
18:21:32.0796 3004 [ 5FB067C58377A36203A6CB90F2AE3504 ] C:\Program Files\Java\jre6\bin\jp2native.dll
18:21:32.0796 3004 C:\Program Files\Java\jre6\bin\jp2native.dll - ok
18:21:32.0812 3004 [ 5B979219C8F8E5D9BF26F9EB488E2548 ] C:\Program Files\Java\jre6\bin\jpeg.dll
18:21:32.0812 3004 C:\Program Files\Java\jre6\bin\jpeg.dll - ok
18:21:32.0812 3004 [ 943789E953C9710EE22C7512E15D1E4F ] C:\Program Files\Java\jre6\bin\net.dll
18:21:32.0812 3004 C:\Program Files\Java\jre6\bin\net.dll - ok
18:21:32.0812 3004 [ F5AFCC4F34530DCFAF69EAB3578F3FED ] C:\Program Files\Java\jre6\bin\nio.dll
18:21:32.0812 3004 C:\Program Files\Java\jre6\bin\nio.dll - ok
18:21:32.0828 3004 [ E2DA1D1B069A1AEDEF08369B8458D10B ] C:\Program Files\Java\jre6\bin\regutils.dll
18:21:32.0828 3004 C:\Program Files\Java\jre6\bin\regutils.dll - ok
18:21:32.0828 3004 [ 613195AF25136C645DD0139CBC03B22C ] C:\Program Files\Java\jre6\bin\verify.dll
18:21:32.0828 3004 C:\Program Files\Java\jre6\bin\verify.dll - ok
18:21:32.0843 3004 [ E295D3249D42A0C7EAEF15A8E614BDC3 ] C:\Program Files\Java\jre6\bin\zip.dll
18:21:32.0843 3004 C:\Program Files\Java\jre6\bin\zip.dll - ok
18:21:32.0843 3004 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
18:21:32.0843 3004 C:\WINDOWS\system32\icaapi.dll - ok
18:21:32.0843 3004 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
18:21:32.0843 3004 C:\WINDOWS\system32\termsrv.dll - ok
18:21:32.0859 3004 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
18:21:32.0859 3004 C:\WINDOWS\system32\mstlsapi.dll - ok
18:21:32.0859 3004 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
18:21:32.0859 3004 C:\WINDOWS\system32\wbem\ncprov.dll - ok
18:21:32.0875 3004 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
18:21:32.0875 3004 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
18:21:32.0875 3004 [ 6FC7C2503F3D43B8F493DDA15AA1BC50 ] C:\WINDOWS\system32\kbdcan.dll
18:21:32.0875 3004 C:\WINDOWS\system32\kbdcan.dll - ok
18:21:32.0875 3004 [ B6AB131E6F77563A74465F5972EF900F ] C:\WINDOWS\system32\kbdda.dll
18:21:32.0875 3004 C:\WINDOWS\system32\kbdda.dll - ok
18:21:32.0890 3004 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
18:21:32.0890 3004 C:\WINDOWS\system32\cscui.dll - ok
18:21:32.0890 3004 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
18:21:32.0890 3004 C:\WINDOWS\system32\userinit.exe - ok
18:21:32.0890 3004 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
18:21:32.0890 3004 C:\WINDOWS\explorer.exe - ok
18:21:32.0906 3004 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
18:21:32.0906 3004 C:\WINDOWS\system32\browseui.dll - ok
18:21:32.0906 3004 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
18:21:32.0906 3004 C:\WINDOWS\system32\shdocvw.dll - ok
18:21:32.0921 3004 [ 6D74290856347CF8682277A54B433D4B ] C:\Documents and Settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
18:21:32.0921 3004 C:\Documents and Settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll - ok
18:21:32.0921 3004 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Documents and Settings\user\Application Data\Dropbox\bin\msvcp71.dll
18:21:32.0921 3004 C:\Documents and Settings\user\Application Data\Dropbox\bin\msvcp71.dll - ok
18:21:32.0921 3004 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Documents and Settings\user\Application Data\Dropbox\bin\msvcr71.dll
18:21:32.0921 3004 C:\Documents and Settings\user\Application Data\Dropbox\bin\msvcr71.dll - ok
18:21:32.0937 3004 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
18:21:32.0937 3004 C:\WINDOWS\system32\desk.cpl - ok
18:21:32.0937 3004 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
18:21:32.0937 3004 C:\WINDOWS\system32\themeui.dll - ok
18:21:32.0953 3004 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
18:21:32.0953 3004 C:\WINDOWS\system32\cmd.exe - ok
18:21:32.0953 3004 [ D573DEB87CB2DF4E5116D2A4E284EAB4 ] C:\WINDOWS\system32\ieframe.dll
18:21:32.0953 3004 C:\WINDOWS\system32\ieframe.dll - ok
18:21:32.0953 3004 [ 9ED9F21D73F9D71E30EAB71835E656EB ] C:\DOCUME~1\user\LOCALS~1\Temp\26BB7D52-185E-496B-9868-A451B58F1A22.exe
18:21:32.0953 3004 C:\DOCUME~1\user\LOCALS~1\Temp\26BB7D52-185E-496B-9868-A451B58F1A22.exe - ok
18:21:32.0968 3004 [ 0E3D30F8CDD82E7E64938459CA90D9F0 ] C:\PROGRA~1\WINDOW~3\wmpband.dll
18:21:32.0968 3004 C:\PROGRA~1\WINDOW~3\wmpband.dll - ok
18:21:32.0968 3004 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
18:21:32.0968 3004 C:\WINDOWS\system32\msctf.dll - ok
18:21:32.0984 3004 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
18:21:32.0984 3004 C:\WINDOWS\system32\msutb.dll - ok
18:21:32.0984 3004 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
18:21:32.0984 3004 C:\WINDOWS\system32\linkinfo.dll - ok
18:21:32.0984 3004 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
18:21:32.0984 3004 C:\WINDOWS\system32\ntshrui.dll - ok
18:21:33.0000 3004 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
18:21:33.0000 3004 C:\WINDOWS\system32\verclsid.exe - ok
18:21:33.0000 3004 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
18:21:33.0000 3004 C:\WINDOWS\system32\webcheck.dll - ok
18:21:33.0015 3004 [ 7BBE4CF421AECC7F0226EDD75F12079F ] C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
18:21:33.0015 3004 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe - ok
18:21:33.0015 3004 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
18:21:33.0015 3004 C:\WINDOWS\system32\stobject.dll - ok
18:21:33.0015 3004 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
18:21:33.0015 3004 C:\WINDOWS\system32\batmeter.dll - ok
18:21:33.0031 3004 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\29139620.sys
18:21:33.0031 3004 C:\WINDOWS\system32\drivers\29139620.sys - ok
18:21:33.0031 3004 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
18:21:33.0031 3004 C:\WINDOWS\system32\netshell.dll - ok
18:21:33.0046 3004 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
18:21:33.0046 3004 C:\WINDOWS\system32\credui.dll - ok
18:21:33.0046 3004 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
18:21:33.0046 3004 C:\WINDOWS\system32\dot3dlg.dll - ok
18:21:33.0046 3004 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
18:21:33.0046 3004 C:\WINDOWS\system32\onex.dll - ok
18:21:33.0062 3004 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
18:21:33.0062 3004 C:\WINDOWS\system32\eappcfg.dll - ok
18:21:33.0062 3004 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
18:21:33.0062 3004 C:\WINDOWS\system32\eappprxy.dll - ok
18:21:33.0078 3004 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
18:21:33.0078 3004 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
18:21:33.0078 3004 [ 5C4ADB808B54126C1ED2FBA0EAE06C63 ] C:\WINDOWS\system32\upnpui.dll
18:21:33.0078 3004 C:\WINDOWS\system32\upnpui.dll - ok
18:21:33.0078 3004 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
18:21:33.0078 3004 C:\WINDOWS\system32\netman.dll - ok
18:21:33.0093 3004 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
18:21:33.0093 3004 C:\WINDOWS\system32\upnp.dll - ok
18:21:33.0093 3004 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
18:21:33.0093 3004 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE - ok
18:21:33.0093 3004 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
18:21:33.0109 3004 C:\WINDOWS\system32\mydocs.dll - ok
18:21:33.0109 3004 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
18:21:33.0109 3004 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
18:21:33.0109 3004 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
18:21:33.0109 3004 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
18:21:33.0125 3004 [ 7A21E06385E748E9CB0252F1BBC493F1 ] C:\WINDOWS\ehome\ehtray.exe
18:21:33.0125 3004 C:\WINDOWS\ehome\ehtray.exe - ok
18:21:33.0125 3004 [ E05FA08A2887D8EAF8C2E8D35591D0FE ] C:\Program Files\IDT\WDM\sttray.exe
18:21:33.0125 3004 C:\Program Files\IDT\WDM\sttray.exe - ok
18:21:33.0125 3004 [ 73355C98FB1F78876061A8B16E87FCD4 ] C:\WINDOWS\system32\hkcmd.exe
18:21:33.0125 3004 C:\WINDOWS\system32\hkcmd.exe - ok
18:21:33.0140 3004 [ FBE91A94539DF386E815B5E0DEF31011 ] C:\WINDOWS\system32\igfxpers.exe
18:21:33.0140 3004 C:\WINDOWS\system32\igfxpers.exe - ok
18:21:33.0140 3004 [ E29EB82BF05F07197230DEC401897CBC ] C:\WINDOWS\system32\igfxtray.exe
18:21:33.0140 3004 C:\WINDOWS\system32\igfxtray.exe - ok
18:21:33.0140 3004 [ 7E1B0C85B7347D9391FE60F6DADFDDF0 ] C:\Program Files\Microsoft Security Client\msseces.exe
18:21:33.0140 3004 C:\Program Files\Microsoft Security Client\msseces.exe - ok
18:21:33.0156 3004 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
18:21:33.0156 3004 C:\WINDOWS\system32\ctfmon.exe - ok
18:21:33.0156 3004 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
18:21:33.0156 3004 C:\WINDOWS\system32\msisip.dll - ok
18:21:33.0171 3004 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
18:21:33.0171 3004 C:\WINDOWS\system32\netcfgx.dll - ok
18:21:33.0171 3004 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
18:21:33.0171 3004 C:\WINDOWS\system32\wshext.dll - ok
18:21:33.0171 3004 [ 471E5E5E3833660B447B6CF295FB35A8 ] C:\WINDOWS\system32\igfxsrvc.exe
18:21:33.0171 3004 C:\WINDOWS\system32\igfxsrvc.exe - ok
18:21:33.0187 3004 [ FC1D69310EF5201672B963465372BC75 ] C:\WINDOWS\system32\hccutils.dll
18:21:33.0187 3004 C:\WINDOWS\system32\hccutils.dll - ok
18:21:33.0187 3004 [ C52F98275FDF844589B71291019844C3 ] C:\Program Files\IDT\WDM\stlang.dll
18:21:33.0187 3004 C:\Program Files\IDT\WDM\stlang.dll - ok
18:21:33.0203 3004 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
18:21:33.0203 3004 C:\WINDOWS\ime\sptip.dll - ok
18:21:33.0203 3004 [ F3AD8EA144F411A6292775FA2B230DE5 ] C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll
18:21:33.0203 3004 C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll - ok
18:21:33.0203 3004 [ 03A905FBA1D62317087DB5C21C0F8F62 ] C:\WINDOWS\ehome\ehmsas.exe
18:21:33.0203 3004 C:\WINDOWS\ehome\ehmsas.exe - ok
18:21:33.0218 3004 [ 96DE3BAE61521EB1EC26A6330356AE3A ] C:\WINDOWS\system32\igfxsrvc.dll
18:21:33.0218 3004 C:\WINDOWS\system32\igfxsrvc.dll - ok
18:21:33.0218 3004 [ 54FF1B134D9EE889258665AE9115CE66 ] C:\WINDOWS\system32\igfxdev.dll
18:21:33.0218 3004 C:\WINDOWS\system32\igfxdev.dll - ok
18:21:33.0234 3004 [ 559D9CBFC29DEE2773B28D38851683BA ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
18:21:33.0234 3004 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
18:21:33.0234 3004 [ F6F2BFC17069EB335ACCEEF7595F9302 ] C:\WINDOWS\system32\mfc42u.dll
18:21:33.0234 3004 C:\WINDOWS\system32\mfc42u.dll - ok
18:21:33.0234 3004 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
18:21:33.0234 3004 C:\WINDOWS\system32\rasmans.dll - ok
18:21:33.0250 3004 [ 17C728284201152664751E21FD95E131 ] C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe
18:21:33.0250 3004 C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe - ok
18:21:33.0250 3004 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
18:21:33.0250 3004 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
18:21:33.0265 3004 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
18:21:33.0265 3004 C:\WINDOWS\system32\tapisrv.dll - ok
18:21:33.0265 3004 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
18:21:33.0265 3004 C:\WINDOWS\system32\rastapi.dll - ok
18:21:33.0265 3004 [ 3F8411328E808A8794A41DA9ACB22DD9 ] C:\WINDOWS\system32\tapi3.dll
18:21:33.0265 3004 C:\WINDOWS\system32\tapi3.dll - ok
18:21:33.0281 3004 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
18:21:33.0281 3004 C:\WINDOWS\system32\unimdm.tsp - ok
18:21:33.0281 3004 [ 0DBEE38060475A4C3E04D3B908AEC0B9 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
18:21:33.0281 3004 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
18:21:33.0296 3004 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
18:21:33.0296 3004 C:\WINDOWS\system32\uniplat.dll - ok
18:21:33.0296 3004 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
18:21:33.0296 3004 C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
18:21:33.0296 3004 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
18:21:33.0296 3004 C:\WINDOWS\system32\kmddsp.tsp - ok
18:21:33.0312 3004 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
18:21:33.0312 3004 C:\WINDOWS\system32\sensapi.dll - ok
18:21:33.0312 3004 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
18:21:33.0312 3004 C:\WINDOWS\system32\ndptsp.tsp - ok
18:21:33.0328 3004 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
18:21:33.0328 3004 C:\WINDOWS\system32\ipconf.tsp - ok
18:21:33.0328 3004 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
18:21:33.0328 3004 C:\WINDOWS\system32\h323.tsp - ok
18:21:33.0328 3004 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
18:21:33.0328 3004 C:\WINDOWS\system32\hidphone.tsp - ok
18:21:33.0343 3004 [ F5430B03E141E098C78D5DB46B00F8FC ] C:\WINDOWS\system32\confmsp.dll
18:21:33.0343 3004 C:\WINDOWS\system32\confmsp.dll - ok
18:21:33.0343 3004 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
18:21:33.0343 3004 C:\WINDOWS\system32\rasppp.dll - ok
18:21:33.0359 3004 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
18:21:33.0359 3004 C:\WINDOWS\system32\ntlsapi.dll - ok
18:21:33.0359 3004 [ 8EDD9DCD5196B6C54A622E9549F667B8 ] C:\WINDOWS\system32\termmgr.dll
18:21:33.0359 3004 C:\WINDOWS\system32\termmgr.dll - ok
18:21:33.0359 3004 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
18:21:33.0359 3004 C:\WINDOWS\system32\rasqec.dll - ok
18:21:33.0375 3004 [ CE8C3BC1377B83DBCD7304AB2D0A4735 ] C:\WINDOWS\system32\h323msp.dll
18:21:33.0375 3004 C:\WINDOWS\system32\h323msp.dll - ok
18:21:33.0375 3004 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
18:21:33.0375 3004 C:\WINDOWS\system32\rasdlg.dll - ok
18:21:33.0390 3004 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
18:21:33.0390 3004 C:\WINDOWS\system32\cryptnet.dll - ok
18:21:33.0390 3004 ============================================================
18:21:33.0390 3004 Scan finished
18:21:33.0390 3004 ============================================================
18:21:33.0500 2828 Detected object count: 12
18:21:33.0500 2828 Actual detected object count: 12
18:23:18.0125 2828 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:23:18.0125 2828 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
18:23:18.0140 2828 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0140 2828 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:18.0156 2828 BLKWGU(Belkin) ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0156 2828 BLKWGU(Belkin) ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:18.0156 2828 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0156 2828 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:18.0156 2828 ComputerUpdater Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0156 2828 ComputerUpdater Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:18.0171 2828 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0171 2828 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:18.0171 2828 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0171 2828 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:18.0171 2828 NAL ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0171 2828 NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:18.0171 2828 SbcpHid ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0171 2828 SbcpHid ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:18.0171 2828 sfng32 ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0171 2828 sfng32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:18.0187 2828 UTSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0187 2828 UTSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:18.0187 2828 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:18.0187 2828 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:57.0593 3676 Deinitialize success

#4 keeta

keeta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 11 October 2012 - 06:34 PM

My machine now seems better: The firewall is up and running and MSE is able to download updates.

I did receive a warning from Combofix. It detected that "Rogers Online Protection Anti-virus" was still active, but I was not able to find out how deactivate it and ComboFix did not allow me to cancel out and ask you so I had no choice but to proceed. It seems to have gone ok, though. Rogers Online Protection Anti-virus was something that came for free from my service provider, but it was a hog so I replaced it with MSE. I uninstalled it at the time, but apparently it left traces behind.

Does everything look ok to you now?

ComboFix log:

ComboFix 12-10-11.03 - user 10/11/2012 19:03:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2524 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Rogers Online Protection Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Rogers Online Protection Firewall *Enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\shs_setup_4059-354328.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\user\Recent\Mia's Pictures!.pif
C:\restore
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\system32\akosugat.ini
c:\windows\system32\iharetuy.ini
c:\windows\system32\ihiyeyem.ini
c:\windows\system32\SET13C.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\udeduges.ini
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-08 18:31 . 2012-10-08 18:31 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A7D6FD9-DBC3-43B9-8AC2-2DEAC52009D8}\offreg.dll
2012-10-08 18:31 . 2012-10-08 18:31 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A7D6FD9-DBC3-43B9-8AC2-2DEAC52009D8}\MpKsl1d4e8aa2.sys
2012-10-08 18:26 . 2012-09-19 04:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A7D6FD9-DBC3-43B9-8AC2-2DEAC52009D8}\mpengine.dll
2012-10-08 18:22 . 2012-10-08 18:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-06 00:56 . 2012-10-06 00:56 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-10-05 23:47 . 2012-10-05 23:47 -------- d-----w- c:\documents and settings\user\Application Data\ElevatedDiagnostics
2012-10-03 01:34 . 2012-10-03 01:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-10-03 01:31 . 2012-10-03 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\BAA418F08CA01D5E0034BAA3E46A3ABC
2012-09-20 12:27 . 2012-09-20 12:27 -------- d-----w- c:\program files\iPod
2012-09-20 12:27 . 2012-09-20 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-13 22:42 . 2012-09-13 22:42 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 21:47 . 2012-04-09 17:08 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 21:47 . 2011-05-15 23:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2012-04-17 23:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2004-08-10 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-21 17:01 . 2008-01-29 16:02 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 17:01 . 2008-01-29 16:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-16 14:00 . 2010-07-16 14:00 445 ----a-w- c:\program files\0716201010003668.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-02-01 141616]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-02-01 19:58 1499440 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 413696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\user\Application Data\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Karen\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Karen\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mia^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Mia\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-05-26 10:32 4327744 ----a-w- c:\documents and settings\Karen\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-03-30 23:55 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Updater]
2011-06-15 16:34 3436544 ----a-w- c:\program files\Computer Updater\ComputerUp-dater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2011-12-22 16:37 128960 ----a-w- c:\program files\Citrix\ICA Client\redirector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-02-08 22:56 295856 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2010-04-28 12:44 647528 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2011-09-15 21:59 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-11-26 18:54 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 02:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2007-02-26 14:40 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 16:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]
2007-02-08 22:52 74672 ----a-w- c:\program files\Lexmark 1200 Series\LXCZbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-01-21 21:01 3082320 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 01:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-11-26 18:54 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 16:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2011-06-02 19:56 114992 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-08-28 11:41 247768 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"Skype C2C Service"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"InCDsrv"=2 (0x2)
"RP_FWS"=2 (0x2)
"Radialpoint Security Services"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [6/29/2011 6:18 AM 66776]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 8:00 AM 14336]
R2 ComputerUpdater Service;ComputerUpdater Service;c:\program files\Computer Updater\ComputerUp-daterService.exe [6/15/2011 12:34 PM 81920]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 12:16 AM 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 12:16 AM 135664]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [8/29/2012 12:03 PM 1385896]
S4 Radialpoint Security Services;Rogers Online Protection;"c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe" --> c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [?]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/28/2012 7:41 AM 92632]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 04:14]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 04:14]
.
2012-10-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.71.255.198
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{c324639e-f811-468a-99f4-d770b964b613} - (no file)
SafeBoot-11410651.sys
MSConfigStartUp-34861df1 - c:\windows\system32\meyeyihi.dll
MSConfigStartUp-aueav - c:\documents and settings\Karen\Application Data\aueav.dll
MSConfigStartUp-CPM37b52e6d - c:\windows\system32\nobiyaki.dll
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-etcat - c:\documents and settings\Karen\Application Data\etcat.dll
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
MSConfigStartUp-Itibiti - c:\program files\Itibiti Soft Phone\Itibiti.exe
MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-rafuvizuna - c:\windows\system32\fupikeke.dll
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-Rogers SHS - c:\program files\Rogers\SelfHealing\shs.exe
MSConfigStartUp-RogersServicepointAgent - c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
MSConfigStartUp-Starter - c:\program files\Driver-Soft\DriverGenius\StarterW3i.exe
MSConfigStartUp-TaskTray - c:\program files\Driver-Soft\DriverGenius\TaskTray.exe
MSConfigStartUp-Yahoo! Pager - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-11 19:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1376)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2216)
c:\windows\system32\WININET.dll
c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\idt\intelxpv_v83\wdm\STacSV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-10-11 19:18:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-11 23:18
.
Pre-Run: 119,049,150,464 bytes free
Post-Run: 119,566,155,776 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9A5CF43404CC488026D635276073A89A

#5 keeta

keeta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 11 October 2012 - 07:02 PM

fireman4it,

Pardon my poor manners! Thank you very much for stepping up to the plate!

Cheers,
keeta

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:55 AM

Posted 11 October 2012 - 08:53 PM

Please run the following to check for any leftovers.

1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Things to include in your next reply::
MABM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 keeta

keeta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 12 October 2012 - 05:31 PM

mbam log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.12.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: MYCOMPUTER [administrator]

10/12/2012 5:57:24 PM
mbam-log-2012-10-12 (17-57-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 342010
Time elapsed: 31 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 keeta

keeta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 12 October 2012 - 08:51 PM

ESET log:

C:\Documents and Settings\Astrid\Local Settings\Temp\mia1D0.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\Astrid\Local Settings\Temp\mia1D0.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\Astrid\Local Settings\Temp\mia1D0.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\Astrid\Local Settings\Temp\mia1D0.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\Astrid\Local Settings\Temp\mia1D0.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\Astrid\Local Settings\Temp\mia1D0.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\Astrid\Local Settings\Temporary Internet Files\Content.IE5\TZSG6ZSF\index-functions[1].js Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\Karen\Application Data\Sun\Java\Deployment\cache\6.0\8\3a2aef48-4b860af9 Java/Exploit.Agent.NAP trojan deleted - quarantined
C:\Documents and Settings\Mia\Desktop\Stuff I don't use\Downloads\TheMysteryoftheCrystalPortal-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined
C:\Documents and Settings\user\Local Settings\Application Data\Opera\Opera\cache\turbo\g_0041\opr04E4V.tmp HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3GUAEMLV\iLividSetupV1[1].exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NZYO1NJ7\iLividSetupV1[1].exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\akosugat.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\iharetuy.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\ihiyeyem.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\udeduges.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{0B415365-AAF3-4C95-AC60-A1A4AE5E640D}\RP1322\A0265811.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{0B415365-AAF3-4C95-AC60-A1A4AE5E640D}\RP1322\A0265812.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{0B415365-AAF3-4C95-AC60-A1A4AE5E640D}\RP1322\A0265813.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{0B415365-AAF3-4C95-AC60-A1A4AE5E640D}\RP1322\A0265814.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{0B415365-AAF3-4C95-AC60-A1A4AE5E640D}\RP1324\A0266031.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined


My machine seems to be running fine now.

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:55 AM

Posted 12 October 2012 - 10:53 PM

Hello, keeta.
Congratulations! You now appear clean! :cool:


Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.





Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 keeta

keeta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 13 October 2012 - 03:53 PM

Hi fireman4it,

I was surprised that you asked me to run Combofix again without wanting to see the log afterwards. I ran Combofix again and when I then ran OTC to clean up, the Combofix log got wiped out. But everything seems to be running fine.

Thank you very much for your help.

Cheers,
keeta

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:55 AM

Posted 13 October 2012 - 07:49 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users