Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Codec-V infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 khaake

khaake

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 17 December 2012 - 01:37 AM

I believe that I'm infected with Codec-V. The symptoms are that generally the machine CPU is quite loaded to the point where I cannot stream music or video reliably. There is a Codec-V button to the right of my address bar in Chrome.

Unfortunately, I recently purchased this machine, used, on Ebay. It is an Acer Aspire R1600 nettop. It is currently running AVG anti-virus.

Please let me know how to proceed. Thanks.

Here's the contents of the dds.txt file:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by TV at 0:24:58 on 2012-12-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.150 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0911&m=aspire_r1600
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{9EEF757A-58AC-4C36-973F-770A1A4D6528} : DHCPNameServer = 192.168.254.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-13 26984]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-12-4 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-12-4 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-12-4 58800]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-5-15 305448]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-13 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-7 594048]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-12 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-9-4 167264]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-12 24064]
.
=============== Created Last 30 ================
.
2012-12-17 05:11:10 -------- d-----w- c:\documents and settings\tv\local settings\application data\Adobe
2012-12-15 23:26:36 630272 ----a-w- c:\windows\system32\SET1D.tmp
2012-12-15 23:26:35 55296 ----a-w- c:\windows\system32\SET1C.tmp
2012-12-15 23:26:33 105984 ----a-w- c:\windows\system32\SET17.tmp
2012-12-15 23:26:31 916992 ----a-w- c:\windows\system32\SET15.tmp
2012-12-15 23:26:29 2000384 ----a-w- c:\windows\system32\SET21.tmp
2012-12-15 23:26:26 1212416 ----a-w- c:\windows\system32\SET16.tmp
2012-12-15 23:26:19 11111424 ----a-w- c:\windows\system32\SET23.tmp
2012-12-15 23:26:16 6008832 ----a-w- c:\windows\system32\SET1B.tmp
2012-12-01 04:26:15 -------- d-----w- c:\documents and settings\tv\application data\eSobi
2012-12-01 04:25:26 214256 ----a-w- c:\windows\system32\muweb.dll
2012-12-01 04:25:25 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-12-01 04:25:25 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
==================== Find3M ====================
.
2012-12-15 23:15:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-15 23:15:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 22:47:11 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
2012-10-22 08:37:31 1866368 ------w- c:\windows\system32\_000005_.tmp.dll
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 0:25:52.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 17 December 2012 - 02:16 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 khaake

khaake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 17 December 2012 - 11:41 PM

Here are the results - thank you!

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````


# AdwCleaner v2.101 - Logfile created 12/17/2012 at 22:18:21
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : TV - ACER-42041E6643
# Boot Mode : Normal
# Running from : C:\Documents and Settings\TV\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\TV\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
File Deleted : C:\DOCUME~1\TV\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\DOCUME~1\TV\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\DOCUME~1\TV\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\TV\Application Data\bflixtoolbar
Folder Deleted : C:\Program Files\bflixtoolbar

***** [Registry] *****

Key Deleted : HKCU\Software\bflixtoolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\bflixtoolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bflixtoolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bflixtoolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\TV\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3578 octets] - [17/12/2012 22:18:21]

########## EOF - C:\AdwCleaner[S1].txt - [3638 octets] ##########



RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : TV [Admin rights]
Mode : Remove -- Date : 12/17/2012 22:37:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU] HKLM\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543216L9A SCSI Disk Device +++++
--- User ---
[MBR] 8a649647a571931bd3529ab449f25f70
[BSP] 92cd2bb84851cbd5976b0b37fc4199c6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 137265 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12172012_02d2237.txt >>
RKreport[1]_S_12172012_02d2236.txt ; RKreport[2]_D_12172012_02d2237.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 18 December 2012 - 12:41 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 khaake

khaake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 18 December 2012 - 01:42 AM

Logged via another machine while ComboFix was running on the machine in question...

When I originally tried to launch Combofix, it complained about an invalid/corrupt installation, or something similar to that. A web search on Combofix suggested that I rename it, so I did, and sure enough it was then able to run.

I shutdown Vipre before launching it, but while it was running it complained that McAfee was running. As near as I can tell, it was not, although it does show up in MSCONFIG (but not services.msc). I told it to continue. I believe it downloaded the recover console.

After/during the Deleting Folders stage, a message box appeared that said "Disk Search" "A readily available replacement was not found. ComboFix needs to do an intensive search.", or something like that. It then rebooted.

It is preparing the log report now. I'll paste it next.

#6 khaake

khaake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 18 December 2012 - 01:47 AM

Here's the log report...


ComboFix 12-12-17.02 - TV 12/18/2012 0:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.581 [GMT -6:00]
Running from: c:\documents and settings\TV\Desktop\Testing.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: GFI Software VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: GFI Software VIPRE *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\067dd68286013845.fb
c:\windows\system32\Cache\075b9ec64e1b99ea.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5bedfa6d25913599.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e93f88da89baf206.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET587.tmp
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))
.
.
2012-12-17 07:11 . 2012-11-29 16:53 33408 ----a-w- c:\windows\system32\drivers\gfiark.sys
2012-12-17 07:02 . 2012-10-24 20:39 66344 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-12-17 07:02 . 2012-10-24 20:39 22064 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-12-17 07:01 . 2012-10-24 20:39 94496 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-12-17 07:01 . 2012-10-24 20:39 222368 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-12-17 07:01 . 2012-10-24 20:39 337184 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-12-17 07:01 . 2012-10-24 20:38 96288 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-12-17 07:01 . 2012-12-17 07:01 -------- d-----w- c:\windows\system32\drivers\VDD
2012-12-17 07:01 . 2012-12-17 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-12-17 07:00 . 2012-12-17 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2012-12-17 06:56 . 2012-12-17 06:56 -------- d-----w- c:\program files\GFI Software
2012-12-17 06:56 . 2012-12-17 06:56 -------- d-----w- c:\documents and settings\TV\Application Data\GFI Software
2012-12-17 05:11 . 2012-12-17 05:12 -------- d-----w- c:\documents and settings\TV\Local Settings\Application Data\Adobe
2012-12-01 04:26 . 2012-12-01 04:26 -------- d-----w- c:\documents and settings\TV\Application Data\eSobi
2012-12-01 04:25 . 2012-06-02 21:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-12-01 04:25 . 2012-06-02 21:18 275696 ----a-w- c:\windows\system32\mucltui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 23:15 . 2012-08-03 02:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-15 23:15 . 2011-09-05 05:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2009-08-13 01:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2009-08-13 01:44 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2009-08-13 01:44 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2009-08-13 01:44 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2009-08-13 01:44 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2009-08-13 01:44 385024 ------w- c:\windows\system32\html.iec
2012-10-30 04:33 . 2012-10-30 04:33 13192 ----a-w- c:\windows\system32\drivers\VDD\apvdd.dll
2012-10-30 04:33 . 2012-10-30 04:33 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-10-24 20:39 . 2012-10-24 20:39 634560 ----a-w- c:\windows\system32\XceedZip.dll
2012-10-02 18:04 . 2009-08-13 01:44 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-15 06:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-24 13758464]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2012-10-30 3149704]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 03:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2009-05-14 02:39 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-08-13 01:21 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2009-05-15 06:03 345384 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-05-24 21:05 13758464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-05-24 21:05 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-05-24 21:06 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 18:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-10-17 17:44 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-05-21 06:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [12/4/2008 7:34 PM 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [12/4/2008 7:34 PM 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [12/4/2008 7:34 PM 58800]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [12/17/2012 1:02 AM 22064]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [12/17/2012 1:01 AM 337184]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [12/17/2012 1:01 AM 222368]
R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;c:\program files\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [10/24/2012 2:50 PM 115568]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [5/15/2009 12:03 AM 305448]
R2 SBAMSvc;VIPRE Internet Security;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [10/29/2012 10:32 PM 3677000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [12/17/2012 1:02 AM 66344]
R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [10/29/2012 10:32 PM 175496]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/7/2010 10:21 AM 594048]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [12/17/2012 1:01 AM 96288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/12/2009 7:13 PM 1684736]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [12/17/2012 1:11 AM 33408]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/12/2009 7:21 PM 24064]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [12/17/2012 1:01 AM 96288]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [12/17/2012 1:01 AM 94496]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 23:15]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 02:48]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 02:48]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-18 00:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1320)
c:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(2868)
c:\windows\system32\WININET.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\XmlLite.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
.
**************************************************************************
.
Completion time: 2012-12-18 00:40:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-18 06:40
.
Pre-Run: 127,727,489,024 bytes free
Post-Run: 128,512,536,576 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F800F63B5935B63CDB7E0E9D4B49E806

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 18 December 2012 - 02:27 AM

Greetings


:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: AVG Anti-Virus Free Edition 2012
AV: GFI Software VIPRE
AV: McAfee Anti-Virus and Anti-Spyware


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.



I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 khaake

khaake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 18 December 2012 - 11:41 PM

Thank you for the head's up on the multiple anti-virus programs. I believe I have that taken care of now.

TDSSKiller identified two suspicious files, but no malicious ones. It created two log files. I will post each one below.

Here are the contents of the two reports. The first time I ran aswMBR it bluescreened shortly after the scan started. I ran it again (it already had the virus definitions) and it completed without bluescreening.

---------

22:07:26.0765 3044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:07:27.0390 3044 ============================================================
22:07:27.0390 3044 Current date / time: 2012/12/18 22:07:27.0390
22:07:27.0390 3044 SystemInfo:
22:07:27.0390 3044
22:07:27.0390 3044 OS Version: 5.1.2600 ServicePack: 3.0
22:07:27.0390 3044 Product type: Workstation
22:07:27.0390 3044 ComputerName: ACER-42041E6643
22:07:27.0390 3044 UserName: TV
22:07:27.0390 3044 Windows directory: C:\WINDOWS
22:07:27.0390 3044 System windows directory: C:\WINDOWS
22:07:27.0390 3044 Processor architecture: Intel x86
22:07:27.0390 3044 Number of processors: 2
22:07:27.0390 3044 Page size: 0x1000
22:07:27.0390 3044 Boot type: Normal boot
22:07:27.0390 3044 ============================================================
22:07:28.0421 3044 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:07:28.0421 3044 ============================================================
22:07:28.0421 3044 \Device\Harddisk0\DR0:
22:07:28.0421 3044 MBR partitions:
22:07:28.0421 3044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x10C18800
22:07:28.0421 3044 ============================================================
22:07:28.0468 3044 C: <-> \Device\Harddisk0\DR0\Partition1
22:07:28.0484 3044 ============================================================
22:07:28.0484 3044 Initialize success
22:07:28.0484 3044 ============================================================
22:07:47.0203 2320 Deinitialize success



22:09:40.0500 3384 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:09:42.0500 3384 ============================================================
22:09:42.0500 3384 Current date / time: 2012/12/18 22:09:42.0500
22:09:42.0500 3384 SystemInfo:
22:09:42.0500 3384
22:09:42.0500 3384 OS Version: 5.1.2600 ServicePack: 3.0
22:09:42.0500 3384 Product type: Workstation
22:09:42.0500 3384 ComputerName: ACER-42041E6643
22:09:42.0500 3384 UserName: TV
22:09:42.0500 3384 Windows directory: C:\WINDOWS
22:09:42.0500 3384 System windows directory: C:\WINDOWS
22:09:42.0500 3384 Processor architecture: Intel x86
22:09:42.0500 3384 Number of processors: 2
22:09:42.0500 3384 Page size: 0x1000
22:09:42.0500 3384 Boot type: Normal boot
22:09:42.0500 3384 ============================================================
22:09:42.0656 3384 BG loaded
22:09:43.0609 3384 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:09:43.0609 3384 ============================================================
22:09:43.0609 3384 \Device\Harddisk0\DR0:
22:09:43.0609 3384 MBR partitions:
22:09:43.0609 3384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x10C18800
22:09:43.0609 3384 ============================================================
22:09:43.0656 3384 C: <-> \Device\Harddisk0\DR0\Partition1
22:09:43.0656 3384 ============================================================
22:09:43.0656 3384 Initialize success
22:09:43.0656 3384 ============================================================
22:10:25.0593 2232 ============================================================
22:10:25.0593 2232 Scan started
22:10:25.0593 2232 Mode: Manual; SigCheck; TDLFS;
22:10:25.0593 2232 ============================================================
22:10:25.0765 2232 ================ Scan system memory ========================
22:10:25.0765 2232 System memory - ok
22:10:25.0781 2232 ================ Scan services =============================
22:10:26.0031 2232 Abiosdsk - ok
22:10:26.0109 2232 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:10:30.0890 2232 abp480n5 - ok
22:10:30.0953 2232 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:10:31.0218 2232 ACPI - ok
22:10:31.0250 2232 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:10:31.0484 2232 ACPIEC - ok
22:10:31.0578 2232 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:10:31.0640 2232 AdobeFlashPlayerUpdateSvc - ok
22:10:31.0703 2232 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:10:31.0937 2232 adpu160m - ok
22:10:31.0984 2232 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:10:32.0218 2232 aec - ok
22:10:32.0265 2232 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:10:32.0343 2232 AFD - ok
22:10:32.0375 2232 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:10:32.0609 2232 agp440 - ok
22:10:32.0640 2232 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:10:32.0859 2232 agpCPQ - ok
22:10:32.0890 2232 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:10:32.0984 2232 Aha154x - ok
22:10:33.0015 2232 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:10:33.0250 2232 aic78u2 - ok
22:10:33.0265 2232 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:10:33.0484 2232 aic78xx - ok
22:10:33.0531 2232 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:10:33.0765 2232 Alerter - ok
22:10:33.0796 2232 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:10:33.0937 2232 ALG - ok
22:10:33.0984 2232 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
22:10:34.0218 2232 AliIde - ok
22:10:34.0250 2232 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:10:34.0468 2232 alim1541 - ok
22:10:34.0562 2232 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
22:10:34.0828 2232 Ambfilt - ok
22:10:34.0859 2232 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:10:35.0093 2232 amdagp - ok
22:10:35.0125 2232 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
22:10:35.0234 2232 amsint - ok
22:10:35.0234 2232 AppMgmt - ok
22:10:35.0265 2232 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
22:10:35.0500 2232 asc - ok
22:10:35.0531 2232 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:10:35.0640 2232 asc3350p - ok
22:10:35.0656 2232 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:10:35.0890 2232 asc3550 - ok
22:10:36.0015 2232 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:10:36.0093 2232 aspnet_state - ok
22:10:36.0125 2232 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:10:36.0343 2232 AsyncMac - ok
22:10:36.0390 2232 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:10:36.0625 2232 atapi - ok
22:10:36.0640 2232 Atdisk - ok
22:10:36.0687 2232 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:10:36.0921 2232 Atmarpc - ok
22:10:37.0000 2232 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:10:37.0234 2232 AudioSrv - ok
22:10:37.0281 2232 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:10:37.0500 2232 audstub - ok
22:10:37.0562 2232 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:10:37.0781 2232 Beep - ok
22:10:37.0859 2232 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:10:38.0125 2232 BITS - ok
22:10:38.0218 2232 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:10:38.0281 2232 Browser - ok
22:10:38.0296 2232 catchme - ok
22:10:38.0359 2232 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:10:38.0593 2232 cbidf - ok
22:10:38.0609 2232 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:10:38.0828 2232 cbidf2k - ok
22:10:38.0890 2232 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:10:39.0031 2232 cd20xrnt - ok
22:10:39.0046 2232 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:10:39.0312 2232 Cdaudio - ok
22:10:39.0375 2232 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:10:39.0609 2232 Cdfs - ok
22:10:39.0687 2232 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:10:39.0765 2232 Cdrom - ok
22:10:39.0781 2232 Changer - ok
22:10:39.0828 2232 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:10:40.0046 2232 CiSvc - ok
22:10:40.0078 2232 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:10:40.0312 2232 ClipSrv - ok
22:10:40.0406 2232 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:10:40.0500 2232 clr_optimization_v2.0.50727_32 - ok
22:10:40.0546 2232 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:10:40.0781 2232 CmdIde - ok
22:10:40.0796 2232 COMSysApp - ok
22:10:40.0859 2232 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:10:41.0093 2232 Cpqarray - ok
22:10:41.0203 2232 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:10:41.0421 2232 CryptSvc - ok
22:10:41.0484 2232 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:10:41.0703 2232 dac2w2k - ok
22:10:41.0781 2232 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:10:42.0015 2232 dac960nt - ok
22:10:42.0093 2232 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:10:42.0171 2232 DcomLaunch - ok
22:10:42.0234 2232 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:10:42.0468 2232 Dhcp - ok
22:10:42.0531 2232 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:10:42.0765 2232 Disk - ok
22:10:42.0781 2232 dmadmin - ok
22:10:42.0859 2232 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:10:43.0156 2232 dmboot - ok
22:10:43.0171 2232 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:10:43.0421 2232 dmio - ok
22:10:43.0468 2232 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:10:43.0703 2232 dmload - ok
22:10:43.0718 2232 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:10:43.0968 2232 dmserver - ok
22:10:44.0000 2232 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:10:44.0281 2232 DMusic - ok
22:10:44.0328 2232 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:10:44.0375 2232 Dnscache - ok
22:10:44.0406 2232 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:10:44.0656 2232 Dot3svc - ok
22:10:44.0687 2232 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:10:44.0937 2232 dpti2o - ok
22:10:44.0953 2232 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:10:45.0171 2232 drmkaud - ok
22:10:45.0203 2232 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:10:45.0468 2232 EapHost - ok
22:10:45.0484 2232 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:10:45.0718 2232 ERSvc - ok
22:10:45.0765 2232 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:10:45.0796 2232 Eventlog - ok
22:10:45.0859 2232 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:10:45.0921 2232 EventSystem - ok
22:10:45.0953 2232 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:10:46.0187 2232 Fastfat - ok
22:10:46.0250 2232 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:10:46.0343 2232 FastUserSwitchingCompatibility - ok
22:10:46.0390 2232 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
22:10:46.0609 2232 Fax - ok
22:10:46.0656 2232 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:10:46.0890 2232 Fdc - ok
22:10:46.0984 2232 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:10:47.0218 2232 Fips - ok
22:10:47.0265 2232 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:10:47.0515 2232 Flpydisk - ok
22:10:47.0562 2232 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:10:47.0781 2232 FltMgr - ok
22:10:47.0937 2232 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:10:47.0984 2232 FontCache3.0.0.0 - ok
22:10:48.0140 2232 [ 34D2E12226269789BB5F292915B089D7 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
22:10:48.0359 2232 ForceWare Intelligent Application Manager (IAM) - ok
22:10:48.0406 2232 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:10:48.0640 2232 Fs_Rec - ok
22:10:48.0687 2232 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:10:48.0953 2232 Ftdisk - ok
22:10:49.0000 2232 [ 339A085C21E5078AF2936F90B9616033 ] gfiark C:\WINDOWS\system32\drivers\gfiark.sys
22:10:49.0062 2232 gfiark - ok
22:10:49.0343 2232 [ AD826942E10F8D18C29E365CE426A21B ] gfi_lanss10_attservice C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
22:10:49.0406 2232 gfi_lanss10_attservice - ok
22:10:49.0484 2232 [ A6773422A1086201F880F75BF31EC8D1 ] GoogleDesktopManager-080708-050100 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:10:49.0937 2232 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - warning
22:10:49.0937 2232 GoogleDesktopManager-080708-050100 - detected UnsignedFile.Multi.Generic (1)
22:10:50.0000 2232 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:10:50.0218 2232 Gpc - ok
22:10:50.0281 2232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:10:50.0328 2232 gupdate - ok
22:10:50.0343 2232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:10:50.0359 2232 gupdatem - ok
22:10:50.0406 2232 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:10:50.0656 2232 HDAudBus - ok
22:10:50.0750 2232 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:10:50.0968 2232 helpsvc - ok
22:10:51.0000 2232 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:10:51.0234 2232 HidServ - ok
22:10:51.0296 2232 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:10:51.0515 2232 hidusb - ok
22:10:51.0562 2232 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:10:51.0812 2232 hkmsvc - ok
22:10:51.0859 2232 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
22:10:52.0093 2232 hpn - ok
22:10:52.0187 2232 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:10:52.0250 2232 HTTP - ok
22:10:52.0296 2232 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:10:52.0515 2232 HTTPFilter - ok
22:10:52.0546 2232 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:10:52.0765 2232 i2omgmt - ok
22:10:52.0812 2232 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:10:53.0046 2232 i2omp - ok
22:10:53.0171 2232 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:10:53.0328 2232 idsvc - ok
22:10:53.0375 2232 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:10:53.0609 2232 Imapi - ok
22:10:53.0687 2232 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:10:53.0906 2232 ImapiService - ok
22:10:53.0968 2232 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:10:54.0203 2232 ini910u - ok
22:10:54.0468 2232 [ 0CACDCBBC8E6F11E2865C47BFC509848 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:10:54.0812 2232 IntcAzAudAddService - ok
22:10:54.0875 2232 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:10:55.0109 2232 IntelIde - ok
22:10:55.0140 2232 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:10:55.0359 2232 intelppm - ok
22:10:55.0453 2232 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:10:55.0703 2232 Ip6Fw - ok
22:10:55.0734 2232 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:10:55.0968 2232 IpFilterDriver - ok
22:10:56.0000 2232 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:10:56.0218 2232 IpInIp - ok
22:10:56.0281 2232 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:10:56.0515 2232 IpNat - ok
22:10:56.0546 2232 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:10:56.0781 2232 IPSec - ok
22:10:56.0843 2232 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:10:56.0953 2232 IRENUM - ok
22:10:57.0046 2232 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:10:57.0265 2232 isapnp - ok
22:10:57.0296 2232 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:10:57.0531 2232 Kbdclass - ok
22:10:57.0562 2232 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:10:57.0781 2232 kbdhid - ok
22:10:57.0875 2232 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:10:58.0109 2232 kmixer - ok
22:10:58.0156 2232 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:10:58.0250 2232 KSecDD - ok
22:10:58.0296 2232 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
22:10:58.0375 2232 LanmanServer - ok
22:10:58.0437 2232 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:10:58.0500 2232 lanmanworkstation - ok
22:10:58.0515 2232 lbrtfdc - ok
22:10:58.0578 2232 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:10:58.0796 2232 LmHosts - ok
22:10:58.0828 2232 McProxy - ok
22:10:58.0859 2232 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:10:59.0109 2232 Messenger - ok
22:10:59.0171 2232 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:10:59.0390 2232 mnmdd - ok
22:10:59.0468 2232 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:10:59.0734 2232 mnmsrvc - ok
22:10:59.0781 2232 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:11:00.0031 2232 Modem - ok
22:11:00.0109 2232 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
22:11:00.0359 2232 Monfilt - ok
22:11:00.0421 2232 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:11:00.0656 2232 Mouclass - ok
22:11:00.0703 2232 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:11:00.0937 2232 mouhid - ok
22:11:00.0953 2232 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:11:01.0171 2232 MountMgr - ok
22:11:01.0171 2232 MpfService - ok
22:11:01.0234 2232 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:11:01.0500 2232 mraid35x - ok
22:11:01.0515 2232 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:11:01.0734 2232 MRxDAV - ok
22:11:01.0796 2232 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:11:01.0890 2232 MRxSmb - ok
22:11:01.0921 2232 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:11:02.0156 2232 MSDTC - ok
22:11:02.0187 2232 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:11:02.0437 2232 Msfs - ok
22:11:02.0437 2232 MSIServer - ok
22:11:02.0468 2232 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:11:02.0703 2232 MSKSSRV - ok
22:11:02.0750 2232 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:11:02.0984 2232 MSPCLOCK - ok
22:11:03.0000 2232 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:11:03.0250 2232 MSPQM - ok
22:11:03.0281 2232 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:11:03.0500 2232 mssmbios - ok
22:11:03.0562 2232 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:11:03.0625 2232 Mup - ok
22:11:03.0656 2232 [ A4A79414483ECF56EB1664A709B4D9A5 ] mwlPSDFilter C:\WINDOWS\system32\DRIVERS\mwlPSDFilter.sys
22:11:03.0703 2232 mwlPSDFilter - ok
22:11:03.0734 2232 [ 2B535201B7EBF06653099C318066E036 ] mwlPSDNServ C:\WINDOWS\system32\DRIVERS\mwlPSDNServ.sys
22:11:03.0781 2232 mwlPSDNServ - ok
22:11:03.0796 2232 [ 8EDBA480BE33B8B3F6BBB7A4ECB21454 ] mwlPSDVDisk C:\WINDOWS\system32\DRIVERS\mwlPSDVDisk.sys
22:11:03.0843 2232 mwlPSDVDisk - ok
22:11:03.0937 2232 [ FD257CD94057D02108B954156D7B2770 ] MWLService C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
22:11:04.0015 2232 MWLService - ok
22:11:04.0046 2232 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:11:04.0296 2232 napagent - ok
22:11:04.0343 2232 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:11:04.0593 2232 NDIS - ok
22:11:04.0656 2232 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:11:04.0718 2232 NdisTapi - ok
22:11:04.0734 2232 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:11:05.0046 2232 Ndisuio - ok
22:11:05.0062 2232 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:11:05.0328 2232 NdisWan - ok
22:11:05.0359 2232 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:11:05.0437 2232 NDProxy - ok
22:11:05.0484 2232 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:11:05.0718 2232 NetBIOS - ok
22:11:05.0750 2232 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:11:05.0984 2232 NetBT - ok
22:11:06.0046 2232 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:11:06.0265 2232 NetDDE - ok
22:11:06.0281 2232 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:11:06.0500 2232 NetDDEdsdm - ok
22:11:06.0562 2232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:11:06.0796 2232 Netlogon - ok
22:11:06.0828 2232 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:11:07.0078 2232 Netman - ok
22:11:07.0156 2232 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:11:07.0203 2232 NetTcpPortSharing - ok
22:11:07.0265 2232 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:11:07.0343 2232 Nla - ok
22:11:07.0390 2232 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:11:07.0625 2232 Npfs - ok
22:11:07.0656 2232 [ 0DC1D52722CEBA645B4D460E66D58AEE ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
22:11:07.0718 2232 nSvcIp - ok
22:11:07.0781 2232 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:11:08.0046 2232 Ntfs - ok
22:11:08.0078 2232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:11:08.0296 2232 NtLmSsp - ok
22:11:08.0359 2232 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:11:08.0593 2232 NtmsSvc - ok
22:11:08.0656 2232 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:11:08.0890 2232 Null - ok
22:11:09.0203 2232 [ E2FACCAA3D194245ACDA43C531460B71 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:11:09.0625 2232 nv - ok
22:11:09.0687 2232 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:11:09.0765 2232 NVENETFD - ok
22:11:09.0812 2232 [ 75E2E77C5497F34E60491D27BF03F1CB ] nvgts C:\WINDOWS\system32\drivers\nvgts.sys
22:11:09.0843 2232 nvgts - ok
22:11:09.0890 2232 [ 422BBE63A70950440E1DB5FE7A9557A7 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
22:11:09.0937 2232 NVHDA - ok
22:11:09.0953 2232 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:11:10.0062 2232 nvnetbus - ok
22:11:10.0109 2232 [ 2A085AEC3AB2B1211611D2A7B9E22456 ] nvsmu C:\WINDOWS\system32\DRIVERS\nvsmu.sys
22:11:10.0187 2232 nvsmu - ok
22:11:10.0234 2232 [ 45F4A4D3B3170E74BA0503C8AE077112 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
22:11:12.0171 2232 nvsvc ( UnsignedFile.Multi.Generic ) - warning
22:11:12.0171 2232 nvsvc - detected UnsignedFile.Multi.Generic (1)
22:11:12.0218 2232 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:11:12.0453 2232 NwlnkFlt - ok
22:11:12.0531 2232 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:11:12.0765 2232 NwlnkFwd - ok
22:11:12.0984 2232 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:11:13.0062 2232 odserv - ok
22:11:13.0109 2232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:11:13.0156 2232 ose - ok
22:11:13.0218 2232 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
22:11:13.0484 2232 Parport - ok
22:11:13.0546 2232 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:11:13.0781 2232 PartMgr - ok
22:11:13.0812 2232 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:11:14.0046 2232 ParVdm - ok
22:11:14.0062 2232 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:11:14.0328 2232 PCI - ok
22:11:14.0328 2232 PCIDump - ok
22:11:14.0421 2232 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:11:14.0640 2232 PCIIde - ok
22:11:14.0734 2232 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:11:14.0953 2232 Pcmcia - ok
22:11:14.0968 2232 PDCOMP - ok
22:11:14.0984 2232 PDFRAME - ok
22:11:15.0000 2232 PDRELI - ok
22:11:15.0015 2232 PDRFRAME - ok
22:11:15.0062 2232 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
22:11:15.0359 2232 perc2 - ok
22:11:15.0406 2232 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:11:15.0625 2232 perc2hib - ok
22:11:15.0687 2232 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:11:15.0734 2232 PlugPlay - ok
22:11:15.0750 2232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:11:15.0968 2232 PolicyAgent - ok
22:11:16.0015 2232 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:11:16.0250 2232 PptpMiniport - ok
22:11:16.0250 2232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:11:16.0468 2232 ProtectedStorage - ok
22:11:16.0515 2232 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:11:16.0765 2232 PSched - ok
22:11:16.0781 2232 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:11:17.0000 2232 Ptilink - ok
22:11:17.0046 2232 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:11:17.0093 2232 PxHelp20 - ok
22:11:17.0125 2232 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:11:17.0343 2232 ql1080 - ok
22:11:17.0421 2232 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:11:17.0656 2232 Ql10wnt - ok
22:11:17.0718 2232 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:11:17.0937 2232 ql12160 - ok
22:11:17.0968 2232 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:11:18.0203 2232 ql1240 - ok
22:11:18.0218 2232 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:11:18.0437 2232 ql1280 - ok
22:11:18.0515 2232 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:11:18.0750 2232 RasAcd - ok
22:11:18.0781 2232 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:11:18.0984 2232 RasAuto - ok
22:11:19.0015 2232 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:11:19.0250 2232 Rasl2tp - ok
22:11:19.0281 2232 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:11:19.0515 2232 RasMan - ok
22:11:19.0531 2232 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:11:19.0750 2232 RasPppoe - ok
22:11:19.0765 2232 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:11:20.0000 2232 Raspti - ok
22:11:20.0062 2232 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:11:20.0312 2232 Rdbss - ok
22:11:20.0343 2232 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:11:20.0609 2232 RDPCDD - ok
22:11:20.0640 2232 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:11:20.0875 2232 rdpdr - ok
22:11:20.0937 2232 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:11:21.0015 2232 RDPWD - ok
22:11:21.0062 2232 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:11:21.0296 2232 RDSessMgr - ok
22:11:21.0343 2232 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:11:21.0562 2232 redbook - ok
22:11:21.0609 2232 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:11:21.0859 2232 RemoteAccess - ok
22:11:21.0906 2232 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:11:22.0140 2232 RpcLocator - ok
22:11:22.0171 2232 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:11:22.0218 2232 RpcSs - ok
22:11:22.0265 2232 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:11:22.0500 2232 RSVP - ok
22:11:22.0578 2232 [ B29EEB1EA7971BD83069EB2E2258D224 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
22:11:22.0703 2232 RTL8192su - ok
22:11:22.0718 2232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:11:22.0937 2232 SamSs - ok
22:11:23.0359 2232 [ 65EB0656904DC611A3FC86A2FF255A04 ] SBAMSvc C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
22:11:23.0593 2232 SBAMSvc - ok
22:11:23.0625 2232 [ 862EEC4DFFF55AB124C9F4C758BECC39 ] sbaphd C:\WINDOWS\system32\drivers\sbaphd.sys
22:11:23.0671 2232 sbaphd - ok
22:11:23.0718 2232 [ 87574F4C899E8AEDDDC1EDF71D3E045E ] sbapifs C:\WINDOWS\system32\drivers\sbapifs.sys
22:11:23.0765 2232 sbapifs - ok
22:11:23.0796 2232 [ C2D347618D027A0A31770831BFA86525 ] SbFw C:\WINDOWS\system32\drivers\SbFw.sys
22:11:23.0875 2232 SbFw - ok
22:11:23.0890 2232 [ 1B4ACDDFE18B30C51F624734B1D98F3A ] SBFWIMCL C:\WINDOWS\system32\DRIVERS\sbfwim.sys
22:11:23.0968 2232 SBFWIMCL - ok
22:11:23.0984 2232 [ 1B4ACDDFE18B30C51F624734B1D98F3A ] SBFWIMCLMP C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
22:11:24.0015 2232 SBFWIMCLMP - ok
22:11:24.0046 2232 [ BE4CCD4A299337CBA1CE41DB9E2C2543 ] sbhips C:\WINDOWS\system32\drivers\sbhips.sys
22:11:24.0093 2232 sbhips - ok
22:11:24.0171 2232 [ 2F237D2248C7EA1B566AA106BB834A21 ] SBPIMSvc C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
22:11:24.0250 2232 SBPIMSvc - ok
22:11:24.0281 2232 [ A1DA0C619ED8F49DD904100BA2BE04EA ] sbtis C:\WINDOWS\system32\drivers\sbtis.sys
22:11:24.0343 2232 sbtis - ok
22:11:24.0390 2232 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:11:24.0640 2232 SCardSvr - ok
22:11:24.0703 2232 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:11:24.0921 2232 Schedule - ok
22:11:24.0953 2232 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:11:25.0093 2232 Secdrv - ok
22:11:25.0125 2232 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:11:25.0343 2232 seclogon - ok
22:11:25.0343 2232 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:11:25.0671 2232 SENS - ok
22:11:25.0687 2232 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
22:11:25.0906 2232 Serial - ok
22:11:25.0968 2232 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:11:26.0187 2232 Sfloppy - ok
22:11:26.0250 2232 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:11:26.0468 2232 SharedAccess - ok
22:11:26.0500 2232 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:11:26.0531 2232 ShellHWDetection - ok
22:11:26.0546 2232 Simbad - ok
22:11:26.0593 2232 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:11:26.0828 2232 sisagp - ok
22:11:26.0906 2232 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:11:27.0000 2232 Sparrow - ok
22:11:27.0031 2232 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:11:27.0250 2232 splitter - ok
22:11:27.0296 2232 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:11:27.0328 2232 Spooler - ok
22:11:27.0390 2232 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:11:27.0500 2232 sr - ok
22:11:27.0546 2232 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:11:27.0656 2232 srservice - ok
22:11:27.0703 2232 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:11:27.0765 2232 Srv - ok
22:11:27.0796 2232 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:11:27.0890 2232 SSDPSRV - ok
22:11:27.0968 2232 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:11:28.0218 2232 stisvc - ok
22:11:28.0265 2232 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:11:28.0500 2232 swenum - ok
22:11:28.0515 2232 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:11:28.0750 2232 swmidi - ok
22:11:28.0765 2232 SwPrv - ok
22:11:28.0796 2232 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
22:11:29.0015 2232 symc810 - ok
22:11:29.0109 2232 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:11:29.0312 2232 symc8xx - ok
22:11:29.0328 2232 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:11:29.0593 2232 sym_hi - ok
22:11:29.0609 2232 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:11:29.0828 2232 sym_u3 - ok
22:11:29.0859 2232 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:11:30.0078 2232 sysaudio - ok
22:11:30.0125 2232 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:11:30.0343 2232 SysmonLog - ok
22:11:30.0437 2232 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:11:30.0656 2232 TapiSrv - ok
22:11:30.0703 2232 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:11:30.0796 2232 Tcpip - ok
22:11:30.0843 2232 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:11:31.0046 2232 TDPIPE - ok
22:11:31.0093 2232 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:11:31.0343 2232 TDTCP - ok
22:11:31.0390 2232 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:11:31.0609 2232 TermDD - ok
22:11:31.0671 2232 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:11:31.0890 2232 TermService - ok
22:11:31.0921 2232 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:11:31.0953 2232 Themes - ok
22:11:32.0015 2232 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
22:11:32.0234 2232 TosIde - ok
22:11:32.0281 2232 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:11:32.0500 2232 TrkWks - ok
22:11:32.0546 2232 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:11:32.0781 2232 Udfs - ok
22:11:32.0812 2232 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
22:11:32.0906 2232 ultra - ok
22:11:32.0968 2232 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:11:33.0218 2232 Update - ok
22:11:33.0265 2232 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:11:33.0359 2232 upnphost - ok
22:11:33.0390 2232 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:11:33.0640 2232 UPS - ok
22:11:33.0703 2232 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:11:33.0921 2232 usbccgp - ok
22:11:33.0984 2232 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:11:34.0203 2232 usbehci - ok
22:11:34.0218 2232 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:11:34.0453 2232 usbhub - ok
22:11:34.0484 2232 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:11:34.0718 2232 usbohci - ok
22:11:34.0796 2232 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:11:35.0031 2232 USBSTOR - ok
22:11:35.0109 2232 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:11:35.0343 2232 VgaSave - ok
22:11:35.0390 2232 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:11:35.0609 2232 viaagp - ok
22:11:35.0687 2232 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:11:35.0953 2232 ViaIde - ok
22:11:35.0984 2232 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:11:36.0218 2232 VolSnap - ok
22:11:36.0265 2232 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:11:36.0390 2232 VSS - ok
22:11:36.0406 2232 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:11:36.0640 2232 W32Time - ok
22:11:36.0703 2232 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:11:36.0937 2232 Wanarp - ok
22:11:36.0953 2232 WDICA - ok
22:11:36.0984 2232 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:11:37.0187 2232 wdmaud - ok
22:11:37.0234 2232 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:11:37.0453 2232 WebClient - ok
22:11:37.0531 2232 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:11:37.0750 2232 winmgmt - ok
22:11:37.0812 2232 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
22:11:38.0046 2232 WmdmPmSN - ok
22:11:38.0093 2232 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:11:38.0296 2232 WmiAcpi - ok
22:11:38.0390 2232 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:11:38.0640 2232 WmiApSrv - ok
22:11:38.0671 2232 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:11:38.0875 2232 WS2IFSL - ok
22:11:38.0921 2232 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:11:39.0140 2232 wscsvc - ok
22:11:39.0171 2232 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:11:39.0375 2232 wuauserv - ok
22:11:39.0421 2232 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:11:39.0687 2232 WZCSVC - ok
22:11:39.0718 2232 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:11:39.0968 2232 xmlprov - ok
22:11:39.0984 2232 ================ Scan global ===============================
22:11:40.0031 2232 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:11:40.0062 2232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:11:40.0078 2232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:11:40.0109 2232 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:11:40.0125 2232 [Global] - ok
22:11:40.0125 2232 ================ Scan MBR ==================================
22:11:40.0156 2232 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:11:41.0031 2232 \Device\Harddisk0\DR0 - ok
22:11:41.0046 2232 ================ Scan VBR ==================================
22:11:41.0046 2232 [ A0034B0C769E6163F2A6EADCF20B1F40 ] \Device\Harddisk0\DR0\Partition1
22:11:41.0046 2232 \Device\Harddisk0\DR0\Partition1 - ok
22:11:41.0046 2232 ================ Scan active images ========================
22:11:41.0062 2232 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
22:11:41.0062 2232 C:\WINDOWS\system32\drivers\intelppm.sys - ok
22:11:41.0078 2232 [ 2A085AEC3AB2B1211611D2A7B9E22456 ] C:\WINDOWS\system32\drivers\nvsmu.sys
22:11:41.0078 2232 C:\WINDOWS\system32\drivers\nvsmu.sys - ok
22:11:41.0093 2232 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
22:11:41.0109 2232 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
22:11:41.0125 2232 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
22:11:41.0125 2232 C:\WINDOWS\system32\drivers\usbehci.sys - ok
22:11:41.0140 2232 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
22:11:41.0140 2232 C:\WINDOWS\system32\drivers\usbohci.sys - ok
22:11:41.0156 2232 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
22:11:41.0156 2232 C:\WINDOWS\system32\drivers\usbport.sys - ok
22:11:41.0171 2232 [ C5A2952901DC5E1CC33014E809296D30 ] C:\WINDOWS\system32\drivers\nvnrm.sys
22:11:41.0171 2232 C:\WINDOWS\system32\drivers\nvnrm.sys - ok
22:11:41.0187 2232 [ B64AACEFAD2BE5BFF5353FE681253C67 ] C:\WINDOWS\system32\drivers\nvnetbus.sys
22:11:41.0187 2232 C:\WINDOWS\system32\drivers\nvnetbus.sys - ok
22:11:41.0203 2232 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
22:11:41.0203 2232 C:\WINDOWS\system32\drivers\videoprt.sys - ok
22:11:41.0218 2232 [ E2FACCAA3D194245ACDA43C531460B71 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
22:11:41.0218 2232 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
22:11:41.0234 2232 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
22:11:41.0234 2232 C:\WINDOWS\system32\drivers\audstub.sys - ok
22:11:41.0250 2232 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
22:11:41.0250 2232 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
22:11:41.0250 2232 [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
22:11:41.0250 2232 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
22:11:41.0265 2232 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
22:11:41.0265 2232 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
22:11:41.0281 2232 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
22:11:41.0281 2232 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
22:11:41.0296 2232 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
22:11:41.0296 2232 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
22:11:41.0312 2232 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
22:11:41.0312 2232 C:\WINDOWS\system32\drivers\tdi.sys - ok
22:11:41.0328 2232 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
22:11:41.0328 2232 C:\WINDOWS\system32\drivers\msgpc.sys - ok
22:11:41.0343 2232 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
22:11:41.0343 2232 C:\WINDOWS\system32\drivers\psched.sys - ok
22:11:41.0359 2232 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
22:11:41.0359 2232 C:\WINDOWS\system32\drivers\raspptp.sys - ok
22:11:41.0375 2232 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
22:11:41.0375 2232 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
22:11:41.0390 2232 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
22:11:41.0390 2232 C:\WINDOWS\system32\drivers\ptilink.sys - ok
22:11:41.0406 2232 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
22:11:41.0406 2232 C:\WINDOWS\system32\drivers\raspti.sys - ok
22:11:41.0406 2232 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
22:11:41.0406 2232 C:\WINDOWS\system32\drivers\termdd.sys - ok
22:11:41.0421 2232 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
22:11:41.0421 2232 C:\WINDOWS\system32\drivers\ks.sys - ok
22:11:41.0437 2232 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
22:11:41.0437 2232 C:\WINDOWS\system32\drivers\mouclass.sys - ok
22:11:41.0453 2232 [ 1B4ACDDFE18B30C51F624734B1D98F3A ] C:\WINDOWS\system32\drivers\SbFwIm.sys
22:11:41.0453 2232 C:\WINDOWS\system32\drivers\SbFwIm.sys - ok
22:11:41.0468 2232 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
22:11:41.0468 2232 C:\WINDOWS\system32\drivers\swenum.sys - ok
22:11:41.0484 2232 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
22:11:41.0484 2232 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
22:11:41.0500 2232 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
22:11:41.0500 2232 C:\WINDOWS\system32\drivers\update.sys - ok
22:11:41.0515 2232 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
22:11:41.0515 2232 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
22:11:41.0515 2232 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
22:11:41.0515 2232 C:\WINDOWS\system32\drivers\usbd.sys - ok
22:11:41.0531 2232 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
22:11:41.0531 2232 C:\WINDOWS\system32\drivers\usbhub.sys - ok
22:11:41.0546 2232 [ 7D275ECDA4628318912F6C945D5CF963 ] C:\WINDOWS\system32\drivers\NVENETFD.sys
22:11:41.0546 2232 C:\WINDOWS\system32\drivers\NVENETFD.sys - ok
22:11:41.0562 2232 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
22:11:41.0562 2232 C:\WINDOWS\system32\drivers\drmk.sys - ok
22:11:41.0578 2232 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
22:11:41.0578 2232 C:\WINDOWS\system32\drivers\portcls.sys - ok
22:11:41.0593 2232 [ 0CACDCBBC8E6F11E2865C47BFC509848 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:11:41.0593 2232 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
22:11:41.0593 2232 [ 422BBE63A70950440E1DB5FE7A9557A7 ] C:\WINDOWS\system32\drivers\nvhda32.sys
22:11:41.0593 2232 C:\WINDOWS\system32\drivers\nvhda32.sys - ok
22:11:41.0609 2232 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
22:11:41.0609 2232 C:\WINDOWS\system32\drivers\fdc.sys - ok
22:11:41.0625 2232 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
22:11:41.0625 2232 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
22:11:41.0640 2232 [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\system32\drivers\i2omgmt.sys
22:11:41.0640 2232 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
22:11:41.0656 2232 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
22:11:41.0656 2232 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
22:11:41.0656 2232 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] C:\WINDOWS\system32\drivers\cdrom.sys
22:11:41.0656 2232 C:\WINDOWS\system32\drivers\cdrom.sys - ok
22:11:41.0671 2232 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
22:11:41.0671 2232 C:\WINDOWS\system32\drivers\beep.sys - ok
22:11:41.0687 2232 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
22:11:41.0687 2232 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
22:11:41.0703 2232 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
22:11:41.0703 2232 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
22:11:41.0718 2232 [ A4A79414483ECF56EB1664A709B4D9A5 ] C:\WINDOWS\system32\drivers\mwlPSDFilter.sys
22:11:41.0718 2232 C:\WINDOWS\system32\drivers\mwlPSDFilter.sys - ok
22:11:41.0734 2232 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
22:11:41.0734 2232 C:\WINDOWS\system32\drivers\null.sys - ok
22:11:41.0750 2232 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
22:11:41.0750 2232 C:\WINDOWS\system32\drivers\hidparse.sys - ok
22:11:41.0750 2232 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
22:11:41.0750 2232 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
22:11:41.0765 2232 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
22:11:41.0765 2232 C:\WINDOWS\system32\drivers\vga.sys - ok
22:11:41.0781 2232 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
22:11:41.0781 2232 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
22:11:41.0796 2232 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
22:11:41.0796 2232 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
22:11:41.0812 2232 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
22:11:41.0812 2232 C:\WINDOWS\system32\drivers\msfs.sys - ok
22:11:41.0828 2232 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
22:11:41.0828 2232 C:\WINDOWS\system32\drivers\npfs.sys - ok
22:11:41.0828 2232 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
22:11:41.0828 2232 C:\WINDOWS\system32\drivers\ipsec.sys - ok
22:11:41.0843 2232 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
22:11:41.0843 2232 C:\WINDOWS\system32\drivers\rasacd.sys - ok
22:11:41.0859 2232 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
22:11:41.0859 2232 C:\WINDOWS\system32\drivers\tcpip.sys - ok
22:11:41.0875 2232 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
22:11:41.0875 2232 C:\WINDOWS\system32\drivers\ipnat.sys - ok
22:11:41.0890 2232 [ C2D347618D027A0A31770831BFA86525 ] C:\WINDOWS\system32\drivers\SbFw.sys
22:11:41.0890 2232 C:\WINDOWS\system32\drivers\SbFw.sys - ok
22:11:41.0890 2232 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
22:11:41.0890 2232 C:\WINDOWS\system32\drivers\wanarp.sys - ok
22:11:41.0906 2232 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
22:11:41.0906 2232 C:\WINDOWS\system32\drivers\netbt.sys - ok
22:11:41.0921 2232 [ A1DA0C619ED8F49DD904100BA2BE04EA ] C:\WINDOWS\system32\drivers\sbtis.sys
22:11:41.0921 2232 C:\WINDOWS\system32\drivers\sbtis.sys - ok
22:11:41.0937 2232 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
22:11:41.0937 2232 C:\WINDOWS\system32\drivers\afd.sys - ok
22:11:41.0953 2232 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
22:11:41.0953 2232 C:\WINDOWS\system32\drivers\netbios.sys - ok
22:11:41.0968 2232 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:11:41.0968 2232 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
22:11:41.0984 2232 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
22:11:41.0984 2232 C:\WINDOWS\system32\drivers\rdbss.sys - ok
22:11:41.0984 2232 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
22:11:41.0984 2232 C:\WINDOWS\system32\drivers\redbook.sys - ok
22:11:42.0000 2232 [ 862EEC4DFFF55AB124C9F4C758BECC39 ] C:\WINDOWS\system32\drivers\sbaphd.sys
22:11:42.0000 2232 C:\WINDOWS\system32\drivers\sbaphd.sys - ok
22:11:42.0015 2232 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
22:11:42.0015 2232 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
22:11:42.0031 2232 [ 2B535201B7EBF06653099C318066E036 ] C:\WINDOWS\system32\drivers\mwlPSDNserv.sys
22:11:42.0031 2232 C:\WINDOWS\system32\drivers\mwlPSDNserv.sys - ok
22:11:42.0046 2232 [ 8EDBA480BE33B8B3F6BBB7A4ECB21454 ] C:\WINDOWS\system32\drivers\mwlPSDVDisk.sys
22:11:42.0046 2232 C:\WINDOWS\system32\drivers\mwlPSDVDisk.sys - ok
22:11:42.0062 2232 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
22:11:42.0062 2232 C:\WINDOWS\system32\drivers\fips.sys - ok
22:11:42.0062 2232 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
22:11:42.0062 2232 C:\WINDOWS\system32\drivers\imapi.sys - ok
22:11:42.0078 2232 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
22:11:42.0078 2232 C:\WINDOWS\system32\smss.exe - ok
22:11:42.0093 2232 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
22:11:42.0093 2232 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
22:11:42.0109 2232 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
22:11:42.0109 2232 C:\WINDOWS\system32\ntdll.dll - ok
22:11:42.0125 2232 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
22:11:42.0125 2232 C:\WINDOWS\system32\autochk.exe - ok
22:11:42.0125 2232 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
22:11:42.0125 2232 C:\WINDOWS\system32\sfcfiles.dll - ok
22:11:42.0140 2232 [ B29EEB1EA7971BD83069EB2E2258D224 ] C:\WINDOWS\system32\drivers\RTL8192su.sys
22:11:42.0140 2232 C:\WINDOWS\system32\drivers\RTL8192su.sys - ok
22:11:42.0156 2232 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
22:11:42.0156 2232 C:\WINDOWS\system32\drivers\hidclass.sys - ok
22:11:42.0171 2232 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
22:11:42.0171 2232 C:\WINDOWS\system32\drivers\hidusb.sys - ok
22:11:42.0187 2232 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
22:11:42.0187 2232 C:\WINDOWS\system32\drivers\mouhid.sys - ok
22:11:42.0203 2232 [ E65E2353A5D74EA89971CB918EEEB2F6 ] C:\WINDOWS\system32\drivers\diskdump.sys
22:11:42.0203 2232 C:\WINDOWS\system32\drivers\diskdump.sys - ok
22:11:42.0203 2232 [ 75E2E77C5497F34E60491D27BF03F1CB ] C:\WINDOWS\system32\drivers\nvgts.sys
22:11:42.0203 2232 C:\WINDOWS\system32\drivers\nvgts.sys - ok
22:11:42.0218 2232 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
22:11:42.0218 2232 C:\WINDOWS\system32\drivers\dxapi.sys - ok
22:11:42.0234 2232 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
22:11:42.0234 2232 C:\WINDOWS\system32\watchdog.sys - ok
22:11:42.0250 2232 [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys
22:11:42.0250 2232 C:\WINDOWS\system32\win32k.sys - ok
22:11:42.0265 2232 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
22:11:42.0265 2232 C:\WINDOWS\system32\csrsrv.dll - ok
22:11:42.0281 2232 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
22:11:42.0281 2232 C:\WINDOWS\system32\csrss.exe - ok
22:11:42.0281 2232 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:11:42.0281 2232 C:\WINDOWS\system32\basesrv.dll - ok
22:11:42.0296 2232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:11:42.0296 2232 C:\WINDOWS\system32\winsrv.dll - ok
22:11:42.0312 2232 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
22:11:42.0312 2232 C:\WINDOWS\system32\gdi32.dll - ok
22:11:42.0328 2232 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
22:11:42.0328 2232 C:\WINDOWS\system32\kernel32.dll - ok
22:11:42.0343 2232 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
22:11:42.0343 2232 C:\WINDOWS\system32\user32.dll - ok
22:11:42.0343 2232 [ 012DF358CEBAA23ACB26D82077820817 ] C:\WINDOWS\system32\lpk.dll
22:11:42.0343 2232 C:\WINDOWS\system32\lpk.dll - ok
22:11:42.0359 2232 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
22:11:42.0359 2232 C:\WINDOWS\system32\usp10.dll - ok
22:11:42.0375 2232 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
22:11:42.0375 2232 C:\WINDOWS\system32\advapi32.dll - ok
22:11:42.0390 2232 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
22:11:42.0390 2232 C:\WINDOWS\system32\rpcrt4.dll - ok
22:11:42.0390 2232 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
22:11:42.0390 2232 C:\WINDOWS\system32\secur32.dll - ok
22:11:42.0406 2232 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
22:11:42.0406 2232 C:\WINDOWS\system32\drivers\dxg.sys - ok
22:11:42.0437 2232 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
22:11:42.0437 2232 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
22:11:42.0453 2232 [ C58040D6FEA190FAAF6B580FAD0C1378 ] C:\WINDOWS\system32\nv4_disp.dll
22:11:42.0453 2232 C:\WINDOWS\system32\nv4_disp.dll - ok
22:11:42.0468 2232 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
22:11:42.0468 2232 C:\WINDOWS\system32\vga.dll - ok
22:11:42.0468 2232 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
22:11:42.0484 2232 C:\WINDOWS\system32\winlogon.exe - ok
22:11:42.0484 2232 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
22:11:42.0484 2232 C:\WINDOWS\system32\authz.dll - ok
22:11:42.0500 2232 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
22:11:42.0500 2232 C:\WINDOWS\system32\msvcrt.dll - ok
22:11:42.0515 2232 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
22:11:42.0515 2232 C:\WINDOWS\system32\crypt32.dll - ok
22:11:42.0531 2232 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
22:11:42.0531 2232 C:\WINDOWS\system32\msasn1.dll - ok
22:11:42.0546 2232 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
22:11:42.0546 2232 C:\WINDOWS\system32\nddeapi.dll - ok
22:11:42.0546 2232 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
22:11:42.0546 2232 C:\WINDOWS\system32\netapi32.dll - ok
22:11:42.0562 2232 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
22:11:42.0562 2232 C:\WINDOWS\system32\profmap.dll - ok
22:11:42.0578 2232 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
22:11:42.0578 2232 C:\WINDOWS\system32\userenv.dll - ok
22:11:42.0593 2232 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
22:11:42.0593 2232 C:\WINDOWS\system32\psapi.dll - ok
22:11:42.0609 2232 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
22:11:42.0609 2232 C:\WINDOWS\system32\regapi.dll - ok
22:11:42.0625 2232 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
22:11:42.0625 2232 C:\WINDOWS\system32\setupapi.dll - ok
22:11:42.0625 2232 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
22:11:42.0625 2232 C:\WINDOWS\system32\version.dll - ok
22:11:42.0640 2232 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
22:11:42.0640 2232 C:\WINDOWS\system32\imagehlp.dll - ok
22:11:42.0656 2232 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
22:11:42.0656 2232 C:\WINDOWS\system32\winsta.dll - ok
22:11:42.0671 2232 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
22:11:42.0671 2232 C:\WINDOWS\system32\wintrust.dll - ok
22:11:42.0671 2232 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
22:11:42.0671 2232 C:\WINDOWS\system32\ws2help.dll - ok
22:11:42.0687 2232 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
22:11:42.0687 2232 C:\WINDOWS\system32\ws2_32.dll - ok
22:11:42.0703 2232 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
22:11:42.0703 2232 C:\WINDOWS\system32\imm32.dll - ok
22:11:42.0718 2232 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
22:11:42.0718 2232 C:\WINDOWS\system32\kbdus.dll - ok
22:11:42.0734 2232 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
22:11:42.0734 2232 C:\WINDOWS\system32\msgina.dll - ok
22:11:42.0734 2232 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
22:11:42.0734 2232 C:\WINDOWS\system32\comctl32.dll - ok
22:11:42.0750 2232 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
22:11:42.0750 2232 C:\WINDOWS\system32\comdlg32.dll - ok
22:11:42.0765 2232 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
22:11:42.0765 2232 C:\WINDOWS\system32\odbc32.dll - ok
22:11:42.0781 2232 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
22:11:42.0781 2232 C:\WINDOWS\system32\shell32.dll - ok
22:11:42.0796 2232 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
22:11:42.0796 2232 C:\WINDOWS\system32\shlwapi.dll - ok
22:11:42.0812 2232 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
22:11:42.0812 2232 C:\WINDOWS\system32\sxs.dll - ok
22:11:42.0828 2232 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
22:11:42.0828 2232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
22:11:42.0843 2232 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
22:11:42.0843 2232 C:\WINDOWS\system32\odbcint.dll - ok
22:11:42.0843 2232 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
22:11:42.0843 2232 C:\WINDOWS\system32\shsvcs.dll - ok
22:11:42.0859 2232 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
22:11:42.0859 2232 C:\WINDOWS\system32\ole32.dll - ok
22:11:42.0875 2232 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
22:11:42.0875 2232 C:\WINDOWS\system32\sfc.dll - ok
22:11:42.0875 2232 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
22:11:42.0875 2232 C:\WINDOWS\system32\sfc_os.dll - ok
22:11:42.0890 2232 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
22:11:42.0890 2232 C:\WINDOWS\system32\apphelp.dll - ok
22:11:42.0906 2232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
22:11:42.0906 2232 C:\WINDOWS\system32\lsass.exe - ok
22:11:42.0921 2232 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:11:42.0921 2232 C:\WINDOWS\system32\services.exe - ok
22:11:42.0937 2232 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
22:11:42.0937 2232 C:\WINDOWS\system32\lsasrv.dll - ok
22:11:42.0953 2232 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
22:11:42.0953 2232 C:\WINDOWS\system32\msvcp60.dll - ok
22:11:42.0953 2232 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
22:11:42.0953 2232 C:\WINDOWS\system32\ncobjapi.dll - ok
22:11:42.0968 2232 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
22:11:42.0968 2232 C:\WINDOWS\system32\scesrv.dll - ok
22:11:42.0984 2232 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
22:11:42.0984 2232 C:\WINDOWS\system32\mpr.dll - ok
22:11:43.0000 2232 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
22:11:43.0000 2232 C:\WINDOWS\system32\umpnpmgr.dll - ok
22:11:43.0015 2232 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
22:11:43.0015 2232 C:\WINDOWS\system32\ntdsapi.dll - ok
22:11:43.0031 2232 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
22:11:43.0031 2232 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
22:11:43.0031 2232 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
22:11:43.0031 2232 C:\WINDOWS\system32\dnsapi.dll - ok
22:11:43.0046 2232 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
22:11:43.0046 2232 C:\WINDOWS\system32\shimeng.dll - ok
22:11:43.0062 2232 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
22:11:43.0062 2232 C:\WINDOWS\system32\wldap32.dll - ok
22:11:43.0078 2232 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
22:11:43.0078 2232 C:\WINDOWS\system32\samlib.dll - ok
22:11:43.0093 2232 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
22:11:43.0093 2232 C:\WINDOWS\system32\samsrv.dll - ok
22:11:43.0093 2232 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
22:11:43.0093 2232 C:\WINDOWS\system32\cryptdll.dll - ok
22:11:43.0109 2232 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
22:11:43.0109 2232 C:\WINDOWS\AppPatch\AcGenral.dll - ok
22:11:43.0125 2232 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
22:11:43.0125 2232 C:\WINDOWS\system32\oleaut32.dll - ok
22:11:43.0140 2232 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
22:11:43.0140 2232 C:\WINDOWS\system32\winmm.dll - ok
22:11:43.0140 2232 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
22:11:43.0140 2232 C:\WINDOWS\system32\msacm32.dll - ok
22:11:43.0156 2232 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
22:11:43.0156 2232 C:\WINDOWS\system32\uxtheme.dll - ok
22:11:43.0171 2232 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
22:11:43.0171 2232 C:\WINDOWS\system32\msapsspc.dll - ok
22:11:43.0187 2232 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
22:11:43.0187 2232 C:\WINDOWS\system32\msvcrt40.dll - ok
22:11:43.0203 2232 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
22:11:43.0203 2232 C:\WINDOWS\system32\schannel.dll - ok
22:11:43.0218 2232 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
22:11:43.0218 2232 C:\WINDOWS\system32\digest.dll - ok
22:11:43.0218 2232 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
22:11:43.0218 2232 C:\WINDOWS\system32\msnsspc.dll - ok
22:11:43.0234 2232 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
22:11:43.0234 2232 C:\WINDOWS\system32\kerberos.dll - ok
22:11:43.0250 2232 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\MSCTFIME.IME
22:11:43.0250 2232 C:\WINDOWS\system32\MSCTFIME.IME - ok
22:11:43.0265 2232 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
22:11:43.0265 2232 C:\WINDOWS\system32\msprivs.dll - ok
22:11:43.0281 2232 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
22:11:43.0281 2232 C:\WINDOWS\system32\msv1_0.dll - ok
22:11:43.0296 2232 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
22:11:43.0296 2232 C:\WINDOWS\system32\iphlpapi.dll - ok
22:11:43.0296 2232 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
22:11:43.0296 2232 C:\WINDOWS\system32\netlogon.dll - ok
22:11:43.0312 2232 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
22:11:43.0312 2232 C:\WINDOWS\system32\atmfd.dll - ok
22:11:43.0328 2232 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
22:11:43.0328 2232 C:\WINDOWS\system32\w32time.dll - ok
22:11:43.0343 2232 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
22:11:43.0343 2232 C:\WINDOWS\system32\wdigest.dll - ok
22:11:43.0359 2232 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
22:11:43.0359 2232 C:\WINDOWS\system32\rsaenh.dll - ok
22:11:43.0375 2232 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
22:11:43.0375 2232 C:\WINDOWS\system32\winscard.dll - ok
22:11:43.0375 2232 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
22:11:43.0375 2232 C:\WINDOWS\system32\scecli.dll - ok
22:11:43.0390 2232 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
22:11:43.0390 2232 C:\WINDOWS\system32\wtsapi32.dll - ok
22:11:43.0406 2232 [ 87574F4C899E8AEDDDC1EDF71D3E045E ] C:\WINDOWS\system32\drivers\sbapifs.sys
22:11:43.0406 2232 C:\WINDOWS\system32\drivers\sbapifs.sys - ok
22:11:43.0421 2232 [ 45F4A4D3B3170E74BA0503C8AE077112 ] C:\WINDOWS\system32\nvsvc32.exe
22:11:43.0421 2232 C:\WINDOWS\system32\nvsvc32.exe - ok
22:11:43.0437 2232 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
22:11:43.0437 2232 C:\WINDOWS\system32\powrprof.dll - ok
22:11:43.0437 2232 [ D836B88D0E19FB783CBDD1C28135B7AD ] C:\WINDOWS\system32\nvcpl.dll
22:11:43.0437 2232 C:\WINDOWS\system32\nvcpl.dll - ok
22:11:43.0453 2232 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
22:11:43.0453 2232 C:\WINDOWS\system32\winspool.drv - ok
22:11:43.0468 2232 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
22:11:43.0468 2232 C:\WINDOWS\system32\oleacc.dll - ok
22:11:43.0484 2232 [ CBFCE45A3217A2CA6457C384CAE20367 ] C:\WINDOWS\system32\nvapi.dll
22:11:43.0484 2232 C:\WINDOWS\system32\nvapi.dll - ok
22:11:43.0500 2232 [ 136512177BEB5FFEBE4D0BF18402968C ] C:\WINDOWS\system32\nvdisps.dll
22:11:43.0500 2232 C:\WINDOWS\system32\nvdisps.dll - ok
22:11:43.0515 2232 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
22:11:43.0515 2232 C:\WINDOWS\system32\svchost.exe - ok
22:11:43.0515 2232 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
22:11:43.0515 2232 C:\WINDOWS\system32\ntmarta.dll - ok
22:11:43.0531 2232 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
22:11:43.0531 2232 C:\WINDOWS\system32\rpcss.dll - ok
22:11:43.0546 2232 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
22:11:43.0546 2232 C:\WINDOWS\system32\xpsp2res.dll - ok
22:11:43.0562 2232 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
22:11:43.0562 2232 C:\WINDOWS\system32\eventlog.dll - ok
22:11:43.0578 2232 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
22:11:43.0578 2232 C:\WINDOWS\system32\logonui.exe - ok
22:11:43.0593 2232 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
22:11:43.0593 2232 C:\WINDOWS\system32\duser.dll - ok
22:11:43.0593 2232 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
22:11:43.0593 2232 C:\WINDOWS\system32\msimg32.dll - ok
22:11:43.0609 2232 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
22:11:43.0609 2232 C:\WINDOWS\system32\clbcatq.dll - ok
22:11:43.0625 2232 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
22:11:43.0625 2232 C:\WINDOWS\system32\comres.dll - ok
22:11:43.0640 2232 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
22:11:43.0640 2232 C:\WINDOWS\system32\shgina.dll - ok
22:11:43.0640 2232 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
22:11:43.0640 2232 C:\WINDOWS\system32\mswsock.dll - ok
22:11:43.0656 2232 [ BD7C8426EF8FF342F0ECFB70E4353D18 ] C:\WINDOWS\system32\nvLsp.dll
22:11:43.0656 2232 C:\WINDOWS\system32\nvLsp.dll - ok
22:11:43.0671 2232 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
22:11:43.0671 2232 C:\WINDOWS\system32\hnetcfg.dll - ok
22:11:43.0687 2232 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
22:11:43.0687 2232 C:\WINDOWS\system32\wshtcpip.dll - ok
22:11:43.0703 2232 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
22:11:43.0703 2232 C:\WINDOWS\system32\winrnr.dll - ok
22:11:43.0718 2232 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
22:11:43.0718 2232 C:\WINDOWS\system32\rasadhlp.dll - ok
22:11:43.0718 2232 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
22:11:43.0718 2232 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
22:11:43.0734 2232 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
22:11:43.0734 2232 C:\WINDOWS\system32\dhcpcsvc.dll - ok
22:11:43.0750 2232 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
22:11:43.0750 2232 C:\WINDOWS\system32\cscdll.dll - ok
22:11:43.0765 2232 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
22:11:43.0765 2232 C:\WINDOWS\system32\dimsntfy.dll - ok
22:11:43.0781 2232 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
22:11:43.0781 2232 C:\WINDOWS\system32\wlnotify.dll - ok
22:11:43.0781 2232 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
22:11:43.0781 2232 C:\WINDOWS\system32\dnsrslvr.dll - ok
22:11:43.0796 2232 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
22:11:43.0796 2232 C:\WINDOWS\system32\lmhsvc.dll - ok
22:11:43.0812 2232 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
22:11:43.0812 2232 C:\WINDOWS\system32\wzcsvc.dll - ok
22:11:43.0828 2232 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
22:11:43.0828 2232 C:\WINDOWS\system32\rtutils.dll - ok
22:11:43.0843 2232 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
22:11:43.0843 2232 C:\WINDOWS\system32\wmi.dll - ok
22:11:43.0843 2232 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
22:11:43.0859 2232 C:\WINDOWS\system32\atl.dll - ok
22:11:43.0859 2232 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
22:11:43.0859 2232 C:\WINDOWS\system32\dot3api.dll - ok
22:11:43.0875 2232 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
22:11:43.0875 2232 C:\WINDOWS\system32\eapolqec.dll - ok
22:11:43.0890 2232 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
22:11:43.0890 2232 C:\WINDOWS\system32\esent.dll - ok
22:11:43.0890 2232 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
22:11:43.0890 2232 C:\WINDOWS\system32\qutil.dll - ok
22:11:43.0906 2232 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
22:11:43.0906 2232 C:\WINDOWS\system32\mlang.dll - ok
22:11:43.0921 2232 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
22:11:43.0921 2232 C:\WINDOWS\system32\wzcsapi.dll - ok
22:11:43.0937 2232 [ 566382CA5F2C41FEAEEEFAC908F1EB92 ] C:\WINDOWS\system32\xmlprovi.dll
22:11:43.0937 2232 C:\WINDOWS\system32\xmlprovi.dll - ok
22:11:43.0953 2232 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
22:11:43.0953 2232 C:\WINDOWS\system32\cryptui.dll - ok
22:11:43.0968 2232 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
22:11:43.0968 2232 C:\WINDOWS\system32\rastls.dll - ok
22:11:43.0968 2232 [ 9AD88EA663124336E88EB031F917CE20 ] C:\WINDOWS\system32\wininet.dll
22:11:43.0968 2232 C:\WINDOWS\system32\wininet.dll - ok
22:11:43.0984 2232 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
22:11:43.0984 2232 C:\WINDOWS\system32\normaliz.dll - ok
22:11:44.0000 2232 [ BCA608797A3E8EEC0094CD6D596D77D7 ] C:\WINDOWS\system32\urlmon.dll
22:11:44.0000 2232 C:\WINDOWS\system32\urlmon.dll - ok
22:11:44.0015 2232 [ 994B77915EA49A467CDA144806AE42D6 ] C:\WINDOWS\system32\iertutil.dll
22:11:44.0015 2232 C:\WINDOWS\system32\iertutil.dll - ok
22:11:44.0031 2232 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
22:11:44.0031 2232 C:\WINDOWS\system32\mprapi.dll - ok
22:11:44.0031 2232 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
22:11:44.0031 2232 C:\WINDOWS\system32\activeds.dll - ok
22:11:44.0046 2232 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
22:11:44.0046 2232 C:\WINDOWS\system32\adsldpc.dll - ok
22:11:44.0062 2232 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
22:11:44.0062 2232 C:\WINDOWS\system32\rasapi32.dll - ok
22:11:44.0078 2232 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
22:11:44.0078 2232 C:\WINDOWS\system32\rasman.dll - ok
22:11:44.0093 2232 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
22:11:44.0093 2232 C:\WINDOWS\system32\tapi32.dll - ok
22:11:44.0109 2232 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
22:11:44.0109 2232 C:\WINDOWS\system32\riched20.dll - ok
22:11:44.0109 2232 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
22:11:44.0109 2232 C:\WINDOWS\system32\raschap.dll - ok
22:11:44.0125 2232 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
22:11:44.0125 2232 C:\WINDOWS\system32\schedsvc.dll - ok
22:11:44.0140 2232 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
22:11:44.0140 2232 C:\WINDOWS\system32\msidle.dll - ok
22:11:44.0156 2232 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
22:11:44.0156 2232 C:\WINDOWS\system32\spoolsv.exe - ok
22:11:44.0156 2232 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
22:11:44.0156 2232 C:\WINDOWS\system32\cscui.dll - ok
22:11:44.0171 2232 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
22:11:44.0171 2232 C:\WINDOWS\system32\audiosrv.dll - ok
22:11:44.0187 2232 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
22:11:44.0187 2232 C:\WINDOWS\system32\wkssvc.dll - ok
22:11:44.0203 2232 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
22:11:44.0203 2232 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
22:11:44.0218 2232 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
22:11:44.0218 2232 C:\WINDOWS\system32\dpcdll.dll - ok
22:11:44.0218 2232 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
22:11:44.0218 2232 C:\WINDOWS\system32\wdmaud.drv - ok
22:11:44.0234 2232 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
22:11:44.0234 2232 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
22:11:44.0250 2232 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
22:11:44.0250 2232 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
22:11:44.0265 2232 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
22:11:44.0265 2232 C:\WINDOWS\system32\drivers\splitter.sys - ok
22:11:44.0281 2232 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
22:11:44.0281 2232 C:\WINDOWS\system32\userinit.exe - ok
22:11:44.0296 2232 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
22:11:44.0296 2232 C:\WINDOWS\system32\drivers\aec.sys - ok
22:11:44.0312 2232 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
22:11:44.0312 2232 C:\WINDOWS\system32\drivers\swmidi.sys - ok
22:11:44.0312 2232 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
22:11:44.0312 2232 C:\WINDOWS\system32\drivers\DMusic.sys - ok
22:11:44.0328 2232 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
22:11:44.0328 2232 C:\WINDOWS\system32\drivers\kmixer.sys - ok
22:11:44.0343 2232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
22:11:44.0343 2232 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
22:11:44.0359 2232 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
22:11:44.0359 2232 C:\WINDOWS\system32\webclnt.dll - ok
22:11:44.0375 2232 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
22:11:44.0375 2232 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
22:11:44.0375 2232 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
22:11:44.0375 2232 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
22:11:44.0390 2232 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
22:11:44.0390 2232 C:\WINDOWS\system32\msacm32.drv - ok
22:11:44.0406 2232 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
22:11:44.0406 2232 C:\WINDOWS\system32\drivers\parport.sys - ok
22:11:44.0421 2232 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
22:11:44.0421 2232 C:\WINDOWS\system32\midimap.dll - ok
22:11:44.0437 2232 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
22:11:44.0437 2232 C:\WINDOWS\explorer.exe - ok
22:11:44.0453 2232 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
22:11:44.0453 2232 C:\WINDOWS\system32\drivers\serial.sys - ok
22:11:44.0453 2232 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
22:11:44.0453 2232 C:\WINDOWS\system32\msi.dll - ok
22:11:44.0468 2232 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
22:11:44.0468 2232 C:\WINDOWS\system32\cryptsvc.dll - ok
22:11:44.0484 2232 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
22:11:44.0484 2232 C:\WINDOWS\system32\certcli.dll - ok
22:11:44.0500 2232 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
22:11:44.0500 2232 C:\WINDOWS\system32\ersvc.dll - ok
22:11:44.0515 2232 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
22:11:44.0515 2232 C:\WINDOWS\system32\es.dll - ok
22:11:44.0531 2232 [ AD826942E10F8D18C29E365CE426A21B ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
22:11:44.0531 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe - ok
22:11:44.0531 2232 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
22:11:44.0531 2232 C:\WINDOWS\system32\browseui.dll - ok
22:11:44.0546 2232 [ 72F1995653E66CBABC9332711DFF966D ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\apistrings.dll
22:11:44.0546 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\apistrings.dll - ok
22:11:44.0562 2232 [ 140B8FBF6850B61F86515470850CF972 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\gfi_log.dll
22:11:44.0562 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\gfi_log.dll - ok
22:11:44.0578 2232 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
22:11:44.0578 2232 C:\WINDOWS\system32\shdocvw.dll - ok
22:11:44.0593 2232 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
22:11:44.0593 2232 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok
22:11:44.0609 2232 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
22:11:44.0609 2232 C:\WINDOWS\system32\dbghelp.dll - ok
22:11:44.0625 2232 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
22:11:44.0625 2232 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
22:11:44.0640 2232 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
22:11:44.0640 2232 C:\WINDOWS\system32\mstask.dll - ok
22:11:44.0656 2232 [ 62D7D1BCAFBA50E9A6B577C918CD23A3 ] C:\Program Files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
22:11:44.0656 2232 C:\Program Files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll - ok
22:11:44.0656 2232 [ EF6EAEE2010BE43910AE1834D542A3F9 ] C:\Program Files\EgisTec\MyWinLocker 3\x86\sysenv.dll
22:11:44.0656 2232 C:\Program Files\EgisTec\MyWinLocker 3\x86\sysenv.dll - ok
22:11:44.0671 2232 [ 2F22E4F40CBEBB980F923D64A78FEA2B ] C:\Program Files\EgisTec\MyWinLocker 3\x86\xmllite.dll
22:11:44.0671 2232 C:\Program Files\EgisTec\MyWinLocker 3\x86\xmllite.dll - ok
22:11:44.0687 2232 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
22:11:44.0687 2232 C:\WINDOWS\system32\desk.cpl - ok
22:11:44.0703 2232 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
22:11:44.0703 2232 C:\WINDOWS\system32\themeui.dll - ok
22:11:44.0718 2232 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
22:11:44.0718 2232 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
22:11:44.0734 2232 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
22:11:44.0734 2232 C:\WINDOWS\system32\actxprxy.dll - ok
22:11:44.0750 2232 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
22:11:44.0750 2232 C:\WINDOWS\system32\cmd.exe - ok
22:11:44.0765 2232 [ 903C8C110131B8A71501514B61A17761 ] C:\WINDOWS\system32\ieframe.dll
22:11:44.0765 2232 C:\WINDOWS\system32\ieframe.dll - ok
22:11:44.0781 2232 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
22:11:44.0781 2232 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok
22:11:44.0796 2232 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
22:11:44.0796 2232 C:\WINDOWS\system32\msxml3.dll - ok
22:11:44.0812 2232 [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
22:11:44.0812 2232 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
22:11:44.0828 2232 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
22:11:44.0828 2232 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
22:11:44.0843 2232 [ F8E24EBDF519FE37D6E0E8AC45B14BCD ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\patchautodownload.dll
22:11:44.0843 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\patchautodownload.dll - ok
22:11:44.0859 2232 [ 8F354FE86D59D62AFAED5AF5D27A3388 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\modlop.dll
22:11:44.0859 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\modlop.dll - ok
22:11:44.0875 2232 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
22:11:44.0875 2232 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
22:11:44.0875 2232 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
22:11:44.0875 2232 C:\WINDOWS\system32\hidserv.dll - ok
22:11:44.0890 2232 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
22:11:44.0890 2232 C:\WINDOWS\system32\hid.dll - ok
22:11:44.0906 2232 [ FD257CD94057D02108B954156D7B2770 ] C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
22:11:44.0906 2232 C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe - ok
22:11:44.0921 2232 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
22:11:44.0921 2232 C:\WINDOWS\system32\srvsvc.dll - ok
22:11:44.0937 2232 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
22:11:44.0937 2232 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
22:11:44.0953 2232 [ 6A20199FF49DABAC81AF32D3A272B523 ] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
22:11:44.0953 2232 C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlOP.dll - ok
22:11:44.0968 2232 [ 09A8D1BEC34F490969F263EC79FEECFA ] C:\Program Files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
22:11:44.0968 2232 C:\Program Files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll - ok
22:11:44.0984 2232 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
22:11:44.0984 2232 C:\WINDOWS\system32\netmsg.dll - ok
22:11:45.0000 2232 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
22:11:45.0000 2232 C:\WINDOWS\system32\drivers\srv.sys - ok
22:11:45.0015 2232 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
22:11:45.0015 2232 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
22:11:45.0031 2232 [ A598AB5A54C5F62D7BA0850DE238B5D2 ] C:\Program Files\Common Files\System\ado\msjro.dll
22:11:45.0031 2232 C:\Program Files\Common Files\System\ado\msjro.dll - ok
22:11:45.0046 2232 [ 01F0CBEB457CAE7EF0CA52C7CCA5B0E8 ] C:\WINDOWS\system32\msdart.dll
22:11:45.0046 2232 C:\WINDOWS\system32\msdart.dll - ok
22:11:45.0046 2232 [ DC095DB6D468CB5B653E05F865487E57 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
22:11:45.0062 2232 C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok
22:11:45.0062 2232 [ F86A2C7C279C746D5C5E06941ED4C337 ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
22:11:45.0062 2232 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok
22:11:45.0078 2232 [ 9F08F7D1C9A6BB0E3626581AC7D53580 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\remediationattplugin.dll
22:11:45.0078 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\remediationattplugin.dll - ok
22:11:45.0093 2232 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
22:11:45.0093 2232 C:\WINDOWS\system32\ipsecsvc.dll - ok
22:11:45.0109 2232 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
22:11:45.0109 2232 C:\WINDOWS\system32\netman.dll - ok
22:11:45.0125 2232 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
22:11:45.0125 2232 C:\WINDOWS\system32\cryptnet.dll - ok
22:11:45.0125 2232 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
22:11:45.0125 2232 C:\WINDOWS\system32\sensapi.dll - ok
22:11:45.0140 2232 [ 65EB0656904DC611A3FC86A2FF255A04 ] C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
22:11:45.0140 2232 C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe - ok
22:11:45.0156 2232 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
22:11:45.0156 2232 C:\WINDOWS\system32\netshell.dll - ok
22:11:45.0171 2232 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
22:11:45.0171 2232 C:\WINDOWS\system32\oakley.dll - ok
22:11:45.0187 2232 [ 8C77ECF3C7DCBB926312B7ECED6ECA75 ] C:\WINDOWS\system32\winhttp.dll
22:11:45.0187 2232 C:\WINDOWS\system32\winhttp.dll - ok
22:11:45.0187 2232 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
22:11:45.0187 2232 C:\WINDOWS\system32\winipsec.dll - ok
22:11:45.0203 2232 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
22:11:45.0203 2232 C:\WINDOWS\system32\pstorsvc.dll - ok
22:11:45.0218 2232 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
22:11:45.0218 2232 C:\WINDOWS\system32\psbase.dll - ok
22:11:45.0234 2232 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
22:11:45.0234 2232 C:\WINDOWS\system32\dssenh.dll - ok
22:11:45.0250 2232 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
22:11:45.0250 2232 C:\WINDOWS\system32\cabinet.dll - ok
22:11:45.0265 2232 [ 0400CBB7558638933661984791398CA2 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\rtl120.bpl
22:11:45.0265 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\rtl120.bpl - ok
22:11:45.0265 2232 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
22:11:45.0265 2232 C:\WINDOWS\system32\credui.dll - ok
22:11:45.0281 2232 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
22:11:45.0281 2232 C:\WINDOWS\system32\wsock32.dll - ok
22:11:45.0296 2232 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
22:11:45.0296 2232 C:\WINDOWS\system32\dot3dlg.dll - ok
22:11:45.0312 2232 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
22:11:45.0312 2232 C:\WINDOWS\system32\onex.dll - ok
22:11:45.0328 2232 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
22:11:45.0328 2232 C:\WINDOWS\system32\eappcfg.dll - ok
22:11:45.0343 2232 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
22:11:45.0343 2232 C:\WINDOWS\system32\eappprxy.dll - ok
22:11:45.0343 2232 [ 066589820A4A17EA2D0A0D0C070D2E90 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\vcl120.bpl
22:11:45.0343 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\vcl120.bpl - ok
22:11:45.0359 2232 [ 7F9C8A58A4E495338F953EC7968972E8 ] C:\Program Files\GFI Software\VIPRE\SpursDownload.dll
22:11:45.0359 2232 C:\Program Files\GFI Software\VIPRE\SpursDownload.dll - ok
22:11:45.0375 2232 [ 79641D0FEB93444B95DDA9BAEFFA2B61 ] C:\Program Files\GFI Software\VIPRE\SBTE.dll
22:11:45.0375 2232 C:\Program Files\GFI Software\VIPRE\SBTE.dll - ok
22:11:45.0390 2232 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
22:11:45.0390 2232 C:\WINDOWS\system32\oledlg.dll - ok
22:11:45.0406 2232 [ 9CA322B59BB0FAE4A25BA12491821382 ] C:\Program Files\GFI Software\VIPRE\sbap.dll
22:11:45.0406 2232 C:\Program Files\GFI Software\VIPRE\sbap.dll - ok
22:11:45.0406 2232 [ C152629447732B74272D011C0B8AA20C ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\dbrtl120.bpl
22:11:45.0421 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\dbrtl120.bpl - ok
22:11:45.0437 2232 [ 23426D30875098204A22CAB404780DBE ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\adortl120.bpl
22:11:45.0437 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\adortl120.bpl - ok
22:11:45.0437 2232 [ CD7AA3744E274C2CCEFFE26FDB2B4CF9 ] C:\Program Files\GFI Software\VIPRE\SBArva.dll
22:11:45.0437 2232 C:\Program Files\GFI Software\VIPRE\SBArva.dll - ok
22:11:45.0453 2232 [ AEFB476EA69595D4C99DB7F10F6CEA18 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\xmlrtl120.bpl
22:11:45.0453 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\xmlrtl120.bpl - ok
22:11:45.0468 2232 [ 9CE7BD04EDF43A81685030FF09E7F4D7 ] C:\Program Files\GFI Software\VIPRE\mimepp.dll
22:11:45.0468 2232 C:\Program Files\GFI Software\VIPRE\mimepp.dll - ok
22:11:45.0484 2232 [ 414F0C81BC69D2BF7216B0A5432DBA7F ] C:\Program Files\GFI Software\VIPRE\SbHips.dll
22:11:45.0484 2232 C:\Program Files\GFI Software\VIPRE\SbHips.dll - ok
22:11:45.0500 2232 [ B8A6CB487E5FAF8A4610B1259CC8F44E ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\indysystem120.bpl
22:11:45.0500 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\indysystem120.bpl - ok
22:11:45.0515 2232 [ 2F237D2248C7EA1B566AA106BB834A21 ] C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
22:11:45.0515 2232 C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe - ok
22:11:45.0531 2232 [ C56ACF9672D0C0151FA8E5A6CA55A031 ] C:\Program Files\GFI Software\VIPRE\SBRES_VPP_en-US.dll
22:11:45.0531 2232 C:\Program Files\GFI Software\VIPRE\SBRES_VPP_en-US.dll - ok
22:11:45.0546 2232 [ A5FE51B8CE661A935A165803C65A4BF1 ] C:\Program Files\GFI Software\VIPRE\unrar.dll
22:11:45.0546 2232 C:\Program Files\GFI Software\VIPRE\unrar.dll - ok
22:11:45.0562 2232 [ 1D7828406C07FA2B4C90BB40CD28FFB2 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\vclx120.bpl
22:11:45.0562 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\vclx120.bpl - ok
22:11:45.0578 2232 [ 180C3FB119C94B19889935190C94F389 ] C:\Program Files\GFI Software\VIPRE\Plugins\PI_PatchMonitor.dll
22:11:45.0578 2232 C:\Program Files\GFI Software\VIPRE\Plugins\PI_PatchMonitor.dll - ok
22:11:45.0593 2232 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
22:11:45.0593 2232 C:\WINDOWS\system32\seclogon.dll - ok
22:11:45.0609 2232 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
22:11:45.0609 2232 C:\WINDOWS\system32\sens.dll - ok
22:11:45.0625 2232 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
22:11:45.0625 2232 C:\WINDOWS\system32\termsrv.dll - ok
22:11:45.0625 2232 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
22:11:45.0625 2232 C:\WINDOWS\system32\srsvc.dll - ok
22:11:45.0640 2232 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
22:11:45.0640 2232 C:\WINDOWS\system32\icaapi.dll - ok
22:11:45.0656 2232 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
22:11:45.0656 2232 C:\WINDOWS\system32\mstlsapi.dll - ok
22:11:45.0671 2232 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
22:11:45.0671 2232 C:\WINDOWS\system32\tapisrv.dll - ok
22:11:45.0687 2232 [ 0E6D77475646EA436E4EB09200D4ACD1 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\lnsslock.dll
22:11:45.0687 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\lnsslock.dll - ok
22:11:45.0703 2232 [ E4D4B86A3AD9D20EFB996129195D7B3C ] C:\Program Files\GFI Software\VIPRE\Plugins\PI_Recovery.dll
22:11:45.0703 2232 C:\Program Files\GFI Software\VIPRE\Plugins\PI_Recovery.dll - ok
22:11:45.0703 2232 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
22:11:45.0703 2232 C:\WINDOWS\system32\trkwks.dll - ok
22:11:45.0718 2232 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
22:11:45.0718 2232 C:\WINDOWS\system32\rundll32.exe - ok
22:11:45.0734 2232 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
22:11:45.0734 2232 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
22:11:45.0750 2232 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
22:11:45.0750 2232 C:\WINDOWS\system32\vssapi.dll - ok
22:11:45.0765 2232 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
22:11:45.0765 2232 C:\WINDOWS\system32\spoolss.dll - ok
22:11:45.0781 2232 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
22:11:45.0781 2232 C:\WINDOWS\system32\localspl.dll - ok
22:11:45.0781 2232 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
22:11:45.0781 2232 C:\WINDOWS\system32\wuauserv.dll - ok
22:11:45.0796 2232 [ C262C663EDEB00B77A6D0DA28364050A ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\schedcompactdb.dll
22:11:45.0796 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\schedcompactdb.dll - ok
22:11:45.0812 2232 [ 34D2E12226269789BB5F292915B089D7 ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
22:11:45.0812 2232 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe - ok
22:11:45.0828 2232 [ D96C55F999F96C91F2AA7677996F2EC9 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\scanmngsys.dll
22:11:45.0828 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\scanmngsys.dll - ok
22:11:45.0843 2232 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
22:11:45.0843 2232 C:\WINDOWS\system32\wuaueng.dll - ok
22:11:45.0859 2232 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
22:11:45.0859 2232 C:\WINDOWS\system32\cnbjmon.dll - ok
22:11:45.0875 2232 [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
22:11:45.0875 2232 C:\WINDOWS\system32\fxsmon.dll - ok
22:11:45.0875 2232 [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
22:11:45.0875 2232 C:\WINDOWS\system32\fxsevent.dll - ok
22:11:45.0890 2232 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
22:11:45.0890 2232 C:\WINDOWS\system32\pjlmon.dll - ok
22:11:45.0906 2232 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\WINDOWS\system32\msonpmon.dll
22:11:45.0906 2232 C:\WINDOWS\system32\msonpmon.dll - ok
22:11:45.0906 2232 [ 077F067C69073D1EBC84984E7FE5BA44 ] C:\WINDOWS\system32\msjetoledb40.dll
22:11:45.0921 2232 C:\WINDOWS\system32\msjetoledb40.dll - ok
22:11:45.0921 2232 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
22:11:45.0921 2232 C:\WINDOWS\system32\tcpmon.dll - ok
22:11:45.0937 2232 [ 75DF26418C83F1D33BD2FE0E0E005CB8 ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\NMI.dll
22:11:45.0937 2232 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\NMI.dll - ok
22:11:45.0953 2232 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
22:11:45.0953 2232 C:\WINDOWS\system32\usbmon.dll - ok
22:11:45.0968 2232 [ C7F7D7AE60EB740C2446CE03B8ADD252 ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
22:11:45.0968 2232 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll - ok
22:11:45.0984 2232 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
22:11:45.0984 2232 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
22:11:46.0000 2232 [ 9F97090585A7F1A503CC81C96D372FE4 ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
22:11:46.0000 2232 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll - ok
22:11:46.0015 2232 [ 9E70016C950B1F8FDEAA6F067E2E25A8 ] C:\WINDOWS\system32\msjet40.dll
22:11:46.0015 2232 C:\WINDOWS\system32\msjet40.dll - ok
22:11:46.0031 2232 [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
22:11:46.0031 2232 C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
22:11:46.0046 2232 [ 5C060C25CF2291D8AD26560F81E96376 ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common_firewall.dll
22:11:46.0046 2232 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common_firewall.dll - ok
22:11:46.0046 2232 [ 0DC1D52722CEBA645B4D460E66D58AEE ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
22:11:46.0062 2232 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe - ok
22:11:46.0062 2232 [ 300E4D86A09EFBCF38BBDFC10EBB2153 ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_resource_L1033.dll
22:11:46.0062 2232 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_resource_L1033.dll - ok
22:11:46.0078 2232 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
22:11:46.0078 2232 C:\WINDOWS\system32\win32spl.dll - ok
22:11:46.0093 2232 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
22:11:46.0093 2232 C:\WINDOWS\system32\netrap.dll - ok
22:11:46.0109 2232 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
22:11:46.0109 2232 C:\WINDOWS\system32\inetpp.dll - ok
22:11:46.0125 2232 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
22:11:46.0125 2232 C:\WINDOWS\system32\mspatcha.dll - ok
22:11:46.0125 2232 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
22:11:46.0125 2232 C:\WINDOWS\system32\wbem\fastprox.dll - ok
22:11:46.0140 2232 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
22:11:46.0140 2232 C:\WINDOWS\system32\browser.dll - ok
22:11:46.0156 2232 [ 1DA97713C483C4E000955F52224D8733 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\mantle.exe
22:11:46.0156 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\mantle.exe - ok
22:11:46.0171 2232 [ E97D6A8684466DF94FF3BC24FB787A07 ] C:\WINDOWS\system32\fxssvc.exe
22:11:46.0171 2232 C:\WINDOWS\system32\fxssvc.exe - ok
22:11:46.0187 2232 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
22:11:46.0187 2232 C:\WINDOWS\system32\ipnathlp.dll - ok
22:11:46.0203 2232 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
22:11:46.0203 2232 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
22:11:46.0234 2232 [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
22:11:46.0234 2232 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll - ok
22:11:46.0265 2232 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
22:11:46.0265 2232 C:\WINDOWS\system32\wscsvc.dll - ok
22:11:46.0281 2232 [ 1144EF6B4BB72E33B41912AE1AE4F97A ] C:\WINDOWS\system32\fxstiff.dll
22:11:46.0281 2232 C:\WINDOWS\system32\fxstiff.dll - ok
22:11:46.0296 2232 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
22:11:46.0296 2232 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
22:11:46.0312 2232 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
22:11:46.0312 2232 C:\WINDOWS\system32\comsvcs.dll - ok
22:11:46.0328 2232 [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
22:11:46.0328 2232 C:\WINDOWS\system32\fxsapi.dll - ok
22:11:46.0343 2232 [ AFDC647D16B285B9AE6140335B3B3255 ] C:\WINDOWS\system32\mswstr10.dll
22:11:46.0343 2232 C:\WINDOWS\system32\mswstr10.dll - ok
22:11:46.0359 2232 [ 0D14F07B29FBF0D750AA2495DD72B968 ] C:\WINDOWS\system32\msjter40.dll
22:11:46.0359 2232 C:\WINDOWS\system32\msjter40.dll - ok
22:11:46.0375 2232 [ 7E2B58CE8C4013287371667880B1080D ] C:\WINDOWS\system32\msjint40.dll
22:11:46.0375 2232 C:\WINDOWS\system32\msjint40.dll - ok
22:11:46.0390 2232 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
22:11:46.0390 2232 C:\WINDOWS\system32\shfolder.dll - ok
22:11:46.0406 2232 [ 88F2EC4D51D72A87D804D0E6E041F534 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\crmimodule.dll
22:11:46.0406 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\crmimodule.dll - ok
22:11:46.0421 2232 [ 0CE5F8AE9C371A965D17E3F2ED134809 ] C:\WINDOWS\system32\fxst30.dll
22:11:46.0421 2232 C:\WINDOWS\system32\fxst30.dll - ok
22:11:46.0421 2232 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
22:11:46.0421 2232 C:\WINDOWS\system32\colbact.dll - ok
22:11:46.0437 2232 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
22:11:46.0437 2232 C:\WINDOWS\system32\mtxclu.dll - ok
22:11:46.0453 2232 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
22:11:46.0453 2232 C:\WINDOWS\system32\clusapi.dll - ok
22:11:46.0468 2232 [ 2D583E2844FDD592D1629EB6B10E5702 ] C:\WINDOWS\system32\fxsroute.dll
22:11:46.0468 2232 C:\WINDOWS\system32\fxsroute.dll - ok
22:11:46.0484 2232 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
22:11:46.0484 2232 C:\WINDOWS\system32\resutils.dll - ok
22:11:46.0500 2232 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
22:11:46.0500 2232 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
22:11:46.0500 2232 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
22:11:46.0515 2232 C:\WINDOWS\system32\wbem\esscli.dll - ok
22:11:46.0515 2232 [ E5DE87DDDB8CBE4687EADF296E58452A ] C:\WINDOWS\system32\msjtes40.dll
22:11:46.0515 2232 C:\WINDOWS\system32\msjtes40.dll - ok
22:11:46.0531 2232 [ CAFBD14F56A68E6C1A55C0EAC7E487FA ] C:\WINDOWS\system32\vbajet32.dll
22:11:46.0531 2232 C:\WINDOWS\system32\vbajet32.dll - ok
22:11:46.0546 2232 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
22:11:46.0546 2232 C:\WINDOWS\system32\unimdm.tsp - ok
22:11:46.0562 2232 [ BE87245CE60329B31C94F1B4236E5832 ] C:\WINDOWS\system32\expsrv.dll
22:11:46.0562 2232 C:\WINDOWS\system32\expsrv.dll - ok
22:11:46.0578 2232 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
22:11:46.0578 2232 C:\WINDOWS\system32\uniplat.dll - ok
22:11:46.0593 2232 [ 57DD308929B669A72F4B8B6DF961F062 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\dbprocessorop.dll
22:11:46.0593 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\dbprocessorop.dll - ok
22:11:46.0593 2232 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
22:11:46.0593 2232 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
22:11:46.0609 2232 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
22:11:46.0609 2232 C:\WINDOWS\system32\wups.dll - ok
22:11:46.0625 2232 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
22:11:46.0625 2232 C:\WINDOWS\system32\wups2.dll - ok
22:11:46.0640 2232 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
22:11:46.0640 2232 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
22:11:46.0640 2232 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
22:11:46.0640 2232 C:\WINDOWS\system32\kmddsp.tsp - ok
22:11:46.0656 2232 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
22:11:46.0656 2232 C:\WINDOWS\system32\olepro32.dll - ok
22:11:46.0671 2232 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
22:11:46.0671 2232 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
22:11:46.0687 2232 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
22:11:46.0687 2232 C:\WINDOWS\system32\ndptsp.tsp - ok
22:11:46.0703 2232 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
22:11:46.0703 2232 C:\WINDOWS\system32\ipconf.tsp - ok
22:11:46.0718 2232 [ 2133B82CD52F1B62CDEA633769819A60 ] C:\Program Files\Common Files\System\ado\msado15.dll
22:11:46.0718 2232 C:\Program Files\Common Files\System\ado\msado15.dll - ok
22:11:46.0718 2232 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
22:11:46.0718 2232 C:\WINDOWS\system32\h323.tsp - ok
22:11:46.0734 2232 [ C610485022BDAF12F3836B6955470B69 ] C:\Program Files\GFI Software\VIPRE\vipre.dll
22:11:46.0734 2232 C:\Program Files\GFI Software\VIPRE\vipre.dll - ok
22:11:46.0750 2232 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
22:11:46.0750 2232 C:\WINDOWS\system32\hidphone.tsp - ok
22:11:46.0765 2232 [ 31ACFC16CB9ED1CE1B4E7BD85C835281 ] C:\Program Files\Common Files\System\ado\msadrh15.dll
22:11:46.0765 2232 C:\Program Files\Common Files\System\ado\msadrh15.dll - ok
22:11:46.0781 2232 [ BF54F8DEB39404D8CECF3DFD4DB4099E ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\lnsscomm.exe
22:11:46.0781 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\lnsscomm.exe - ok
22:11:46.0796 2232 [ 08286111E9E9892C48D8C93A6454EFAB ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\fstfstat.dll
22:11:46.0796 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\fstfstat.dll - ok
22:11:46.0812 2232 [ 142CEDECAE89E372EE347681C3FBB257 ] C:\Program Files\Common Files\System\msadc\msadce.dll
22:11:46.0812 2232 C:\Program Files\Common Files\System\msadc\msadce.dll - ok
22:11:46.0828 2232 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
22:11:46.0828 2232 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
22:11:46.0828 2232 [ C731FC78CB6546C7FE189C9A40D7EED0 ] C:\Program Files\GFI Software\VIPRE\Definitions\remediation.dll
22:11:46.0828 2232 C:\Program Files\GFI Software\VIPRE\Definitions\remediation.dll - ok
22:11:46.0843 2232 [ 81E9041DAC0983AACE5C8920AF73D64E ] C:\Program Files\Common Files\System\msadc\msadcer.dll
22:11:46.0843 2232 C:\Program Files\Common Files\System\msadc\msadcer.dll - ok
22:11:46.0859 2232 [ 637931AEA723CF557D3C072CBA9D30EF ] C:\Program Files\GFI Software\VIPRE\Definitions\vcore.dll
22:11:46.0859 2232 C:\Program Files\GFI Software\VIPRE\Definitions\vcore.dll - ok
22:11:46.0875 2232 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
22:11:46.0875 2232 C:\WINDOWS\system32\wuauclt.exe - ok
22:11:46.0890 2232 [ 31CE8AD0C4601D9032207BCA82ABDBA8 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\remediationengine.dll
22:11:46.0890 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\remediationengine.dll - ok
22:11:46.0890 2232 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
22:11:46.0890 2232 C:\WINDOWS\system32\wbem\wbemess.dll - ok
22:11:46.0906 2232 [ DCE5F5831EEA41F44F41314A0C3DBAC6 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\indycore120.bpl
22:11:46.0906 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\indycore120.bpl - ok
22:11:46.0921 2232 [ CC72F312211B45D28FF7706AFA1612D6 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\gatherlivepcsop.dll
22:11:46.0921 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\gatherlivepcsop.dll - ok
22:11:46.0937 2232 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
22:11:46.0937 2232 C:\WINDOWS\system32\wuapi.dll - ok
22:11:46.0953 2232 [ 9D5F038B35694FD77F7B42F8A4739AD8 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\enumeratecomputersop.dll
22:11:46.0953 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\enumeratecomputersop.dll - ok
22:11:46.0968 2232 [ 32F0AB0070FABE08B88ACD1EB3D1F5E9 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\tmsunicoded2009.bpl
22:11:46.0968 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\tmsunicoded2009.bpl - ok
22:11:46.0984 2232 [ C7EFCDEAE5CE3E30ACF135020D67A0A8 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\vcldb120.bpl
22:11:46.0984 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\vcldb120.bpl - ok
22:11:47.0000 2232 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
22:11:47.0000 2232 C:\WINDOWS\system32\wbem\ncprov.dll - ok
22:11:47.0015 2232 [ 4ABDEEC3316AD69B9107AAEF6193E957 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\vclactnband120.bpl
22:11:47.0015 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\vclactnband120.bpl - ok
22:11:47.0031 2232 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
22:11:47.0031 2232 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
22:11:47.0031 2232 [ D1B01B7933F26211E80EAC667A909E1B ] C:\Program Files\GFI Software\VIPRE\Definitions\patchw32.dll
22:11:47.0031 2232 C:\Program Files\GFI Software\VIPRE\Definitions\patchw32.dll - ok
22:11:47.0046 2232 [ 2FF836E6D9930D6CC2207077C6C63FDD ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\sp.dll
22:11:47.0046 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\sp.dll - ok
22:11:47.0062 2232 [ 8DB60877EBA58680DCB7872F316A5844 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\inet120.bpl
22:11:47.0062 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\inet120.bpl - ok
22:11:47.0078 2232 [ 42F3EED1F8AF606D86A1928E56CDE042 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\sengine.dll
22:11:47.0078 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\sengine.dll - ok
22:11:47.0093 2232 [ E018BC4D3BADF190403B671B12853A37 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\enable40.dll
22:11:47.0093 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\enable40.dll - ok
22:11:47.0109 2232 [ 3E8FE7E72E4C269771BC25FDAF9184C6 ] C:\Program Files\GFI Software\VIPRE\Definitions\lgpl.dll
22:11:47.0109 2232 C:\Program Files\GFI Software\VIPRE\Definitions\lgpl.dll - ok
22:11:47.0125 2232 [ 7CE69B35CE9D74EAC37901010CFB7C1F ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\python25.dll
22:11:47.0125 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\python25.dll - ok
22:11:47.0125 2232 [ 7DC7D177B59D55B1A09F3A8E14FDFB58 ] C:\Program Files\GFI Software\VIPRE\Definitions\lib7zip.dll
22:11:47.0125 2232 C:\Program Files\GFI Software\VIPRE\Definitions\lib7zip.dll - ok
22:11:47.0140 2232 [ CA2F560921B7B8BE1CF555A5A18D54C3 ] C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\msvcr71.dll
22:11:47.0140 2232 C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\msvcr71.dll - ok
22:11:47.0156 2232 [ 50BC994B5BD8A2F905A69F601FC3DC1D ] C:\Program Files\GFI Software\VIPRE\Definitions\libBase64.dll
22:11:47.0156 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libBase64.dll - ok
22:11:47.0171 2232 [ 0EFC248A61B604DC84C89F400CA1C1F0 ] C:\Program Files\GFI Software\VIPRE\Definitions\libCHM.dll
22:11:47.0171 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libCHM.dll - ok
22:11:47.0187 2232 [ C8EA2E332EC6884D08CE2D5EEFCB8440 ] C:\Program Files\GFI Software\VIPRE\Definitions\libEmail.dll
22:11:47.0187 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libEmail.dll - ok
22:11:47.0203 2232 [ BF47C9A5372E4DF8F435AB2F03BE3C32 ] C:\Program Files\GFI Software\VIPRE\Definitions\libMachoUniv.dll
22:11:47.0203 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libMachoUniv.dll - ok
22:11:47.0218 2232 [ 28188263A5D451261ECBFA6303D4D702 ] C:\Program Files\GFI Software\VIPRE\Definitions\libMsCab.dll
22:11:47.0218 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libMsCab.dll - ok
22:11:47.0234 2232 [ 3225B53B1C53672E97295861947ED3DE ] C:\Program Files\GFI Software\VIPRE\Definitions\libMsi.dll
22:11:47.0234 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libMsi.dll - ok
22:11:47.0250 2232 [ 5798D98B64240F18A012AA76F632734A ] C:\Program Files\GFI Software\VIPRE\Definitions\libNSIS.dll
22:11:47.0250 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libNSIS.dll - ok
22:11:47.0250 2232 [ 1F8A4BE6C00F689A6FE3A678B5C2B603 ] C:\Program Files\GFI Software\VIPRE\Definitions\libOleA.dll
22:11:47.0250 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libOleA.dll - ok
22:11:47.0265 2232 [ FB5C1ED6BBA79291FDA664CF142EEA4D ] C:\Program Files\GFI Software\VIPRE\Definitions\libRar.dll
22:11:47.0265 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libRar.dll - ok
22:11:47.0281 2232 [ 56DD7D9679A86EFC4C31A03A92C3237D ] C:\Program Files\GFI Software\VIPRE\Definitions\libRTF.dll
22:11:47.0281 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libRTF.dll - ok
22:11:47.0296 2232 [ 5D2638498DEA94F0D65136D49625A8DC ] C:\Program Files\GFI Software\VIPRE\Definitions\libtd.dll
22:11:47.0296 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libtd.dll - ok
22:11:47.0312 2232 [ 477E3D0DF9DC60957CB9E0C0D8B47019 ] C:\Program Files\GFI Software\VIPRE\Definitions\libVvs.dll
22:11:47.0312 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libVvs.dll - ok
22:11:47.0328 2232 [ 0E47902C881A09DC64D5DEBA611B370A ] C:\Program Files\GFI Software\VIPRE\Definitions\libZip.dll
22:11:47.0328 2232 C:\Program Files\GFI Software\VIPRE\Definitions\libZip.dll - ok
22:11:47.0343 2232 [ 967FC9D11343766707E8A3D238597018 ] C:\Program Files\GFI Software\VIPRE\gfiarksh.dll
22:11:47.0343 2232 C:\Program Files\GFI Software\VIPRE\gfiarksh.dll - ok
22:11:47.0343 2232 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
22:11:47.0343 2232 C:\WINDOWS\system32\fltlib.dll - ok
22:11:47.0359 2232 [ 75938F0CA410AC4B3FD388FD88792B8F ] C:\Program Files\GFI Software\VIPRE\cmclient1.dll
22:11:47.0359 2232 C:\Program Files\GFI Software\VIPRE\cmclient1.dll - ok
22:11:47.0375 2232 [ 6032D9E5C2C659D0A27D6C79F34687A7 ] C:\Program Files\GFI Software\VIPRE\SbFwe.dll
22:11:47.0375 2232 C:\Program Files\GFI Software\VIPRE\SbFwe.dll - ok
22:11:47.0390 2232 [ 6B59E42D12D76455E1657DF2BFD47C90 ] C:\Program Files\GFI Software\VIPRE\kbu.dll
22:11:47.0390 2232 C:\Program Files\GFI Software\VIPRE\kbu.dll - ok
22:11:47.0406 2232 [ F49CFF0FC24666549DA39CA2F346D7DE ] C:\Program Files\GFI Software\VIPRE\SbWebFilter.dll
22:11:47.0406 2232 C:\Program Files\GFI Software\VIPRE\SbWebFilter.dll - ok
22:11:47.0421 2232 [ 9BA9F1AFE93C1EA09F96FDB497F6C653 ] C:\Program Files\GFI Software\VIPRE\SBTIS.dll
22:11:47.0421 2232 C:\Program Files\GFI Software\VIPRE\SBTIS.dll - ok
22:11:47.0421 2232 [ 0DFA4D5E8205614EDA53394E637812E4 ] C:\WINDOWS\system32\vdmdbg.dll
22:11:47.0421 2232 C:\WINDOWS\system32\vdmdbg.dll - ok
22:11:47.0437 2232 [ 5C7AD425D2EF2306673506541FBCD56D ] C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
22:11:47.0437 2232 C:\Program Files\GFI Software\VIPRE\SBAMTray.exe - ok
22:11:47.0453 2232 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
22:11:47.0453 2232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
22:11:47.0468 2232 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
22:11:47.0468 2232 C:\WINDOWS\system32\alg.exe - ok
22:11:47.0484 2232 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
22:11:47.0484 2232 C:\WINDOWS\system32\netcfgx.dll - ok
22:11:47.0500 2232 [ 30CEFD6D6B164533987C13862FF180F6 ] C:\Program Files\GFI Software\VIPRE\SBAMSvcPS.dll
22:11:47.0500 2232 C:\Program Files\GFI Software\VIPRE\SBAMSvcPS.dll - ok
22:11:47.0515 2232 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\TV\LOCALS~1\temp\49C574DC-232F-4023-8769-2B45845F3173.exe
22:11:47.0515 2232 C:\DOCUME~1\TV\LOCALS~1\temp\49C574DC-232F-4023-8769-2B45845F3173.exe - ok
22:11:47.0531 2232 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\04836830.sys
22:11:47.0531 2232 C:\WINDOWS\system32\drivers\04836830.sys - ok
22:11:47.0546 2232 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
22:11:47.0546 2232 C:\WINDOWS\system32\msutb.dll - ok
22:11:47.0562 2232 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\MSCTF.dll
22:11:47.0562 2232 C:\WINDOWS\system32\MSCTF.dll - ok
22:11:47.0562 2232 [ 40223619F5F94611549E162B9A7C82C3 ] C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll
22:11:47.0562 2232 C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll - ok
22:11:47.0578 2232 [ 9C3C7C7E3DE34CB3064BE4B0BA522F25 ] C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
22:11:47.0578 2232 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll - ok
22:11:47.0593 2232 [ 97C9F0C3AECEAE65F00B777800A53B1D ] C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll
22:11:47.0593 2232 C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll - ok
22:11:47.0609 2232 [ 69EE0CB3B05F619EFF7E46F978BBFEEA ] C:\WINDOWS\system32\asycfilt.dll
22:11:47.0609 2232 C:\WINDOWS\system32\asycfilt.dll - ok
22:11:47.0625 2232 [ 83025036EEDB7B22918251486CAC43D1 ] C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
22:11:47.0625 2232 C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll - ok
22:11:47.0625 2232 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
22:11:47.0625 2232 C:\WINDOWS\system32\linkinfo.dll - ok
22:11:47.0640 2232 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
22:11:47.0640 2232 C:\WINDOWS\system32\ntshrui.dll - ok
22:11:47.0656 2232 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
22:11:47.0656 2232 C:\WINDOWS\system32\verclsid.exe - ok
22:11:47.0671 2232 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
22:11:47.0671 2232 C:\WINDOWS\system32\upnp.dll - ok
22:11:47.0687 2232 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
22:11:47.0687 2232 C:\WINDOWS\system32\ctfmon.exe - ok
22:11:47.0703 2232 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
22:11:47.0703 2232 C:\WINDOWS\system32\ssdpapi.dll - ok
22:11:47.0703 2232 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
22:11:47.0703 2232 C:\WINDOWS\system32\drivers\http.sys - ok
22:11:47.0718 2232 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
22:11:47.0718 2232 C:\WINDOWS\system32\ssdpsrv.dll - ok
22:11:47.0734 2232 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\SPTIP.dll
22:11:47.0734 2232 C:\WINDOWS\ime\SPTIP.dll - ok
22:11:47.0750 2232 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
22:11:47.0750 2232 C:\WINDOWS\system32\webcheck.dll - ok
22:11:47.0765 2232 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
22:11:47.0765 2232 C:\WINDOWS\system32\batmeter.dll - ok
22:11:47.0781 2232 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
22:11:47.0781 2232 C:\WINDOWS\system32\stobject.dll - ok
22:11:47.0781 2232 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
22:11:47.0781 2232 C:\WINDOWS\system32\rasdlg.dll - ok
22:11:47.0796 2232 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
22:11:47.0796 2232 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
22:11:47.0812 2232 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
22:11:47.0812 2232 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
22:11:47.0828 2232 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
22:11:47.0828 2232 C:\WINDOWS\system32\wbem\framedyn.dll - ok
22:11:47.0843 2232 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
22:11:47.0843 2232 C:\WINDOWS\system32\security.dll - ok
22:11:47.0859 2232 [ 90A9B542C9300E540864D9FE1C42A130 ] C:\WINDOWS\system32\fxsst.dll
22:11:47.0859 2232 C:\WINDOWS\system32\fxsst.dll - ok
22:11:47.0859 2232 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
22:11:47.0859 2232 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
22:11:47.0875 2232 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
22:11:47.0875 2232 C:\WINDOWS\system32\cfgmgr32.dll - ok
22:11:47.0890 2232 [ C88C65DF1ED4DFD34CFBD11CDFE519A3 ] C:\WINDOWS\system32\wucltui.dll
22:11:47.0890 2232 C:\WINDOWS\system32\wucltui.dll - ok
22:11:47.0906 2232 [ C31DD4CEC06D2908AE5F212A0B13805B ] C:\WINDOWS\system32\wuaucpl.cpl
22:11:47.0906 2232 C:\WINDOWS\system32\wuaucpl.cpl - ok
22:11:47.0906 2232 [ BBDFDBEAD1B7A1CFD44BFFFD177FB627 ] C:\WINDOWS\system32\mucltui.dll
22:11:47.0906 2232 C:\WINDOWS\system32\mucltui.dll - ok
22:11:47.0921 2232 ============================================================
22:11:47.0921 2232 Scan finished
22:11:47.0921 2232 ============================================================
22:11:48.0046 2224 Detected object count: 2
22:11:48.0046 2224 Actual detected object count: 2
22:12:55.0234 2224 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:55.0234 2224 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:55.0234 2224 nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:55.0234 2224 nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:13:28.0859 3372 Deinitialize success



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-18 22:25:06
-----------------------------
22:25:06.687 OS Version: Windows 5.1.2600 Service Pack 3
22:25:06.687 Number of processors: 2 586 0x1C02
22:25:06.687 ComputerName: ACER-42041E6643 UserName: TV
22:25:08.062 Initialize success
22:25:42.656 AVAST engine defs: 12121801
22:25:49.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port0Path1Target1Lun0
22:25:49.812 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
22:25:49.828 Disk 0 MBR read successfully
22:25:49.828 Disk 0 MBR scan
22:25:49.890 Disk 0 Windows VISTA default MBR code
22:25:49.906 Disk 0 Partition 1 00 12 Compaq diag NTFS 15360 MB offset 2048
22:25:49.937 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 137265 MB offset 31459328
22:25:49.953 Disk 0 scanning sectors +312578048
22:25:50.046 Disk 0 scanning C:\WINDOWS\system32\drivers
22:26:05.328 Service scanning
22:26:33.890 Modules scanning
22:26:43.468 Disk 0 trace - called modules:
22:26:43.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
22:26:44.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85054030]
22:26:44.062 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x850bf920]
22:26:44.078 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port0Path1Target1Lun0[0x850bfa38]
22:26:44.609 AVAST engine scan C:\WINDOWS
22:27:12.875 AVAST engine scan C:\WINDOWS\system32
22:31:57.296 AVAST engine scan C:\WINDOWS\system32\drivers
22:32:19.875 AVAST engine scan C:\Documents and Settings\TV
22:35:57.046 AVAST engine scan C:\Documents and Settings\All Users
22:37:31.093 Scan finished successfully
22:38:12.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TV\Desktop\Temp\MBR.dat"
22:38:12.984 The log file has been saved successfully to "C:\Documents and Settings\TV\Desktop\Temp\aswMBR.txt"

Thank you.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 20 December 2012 - 02:26 PM

Hello khaake


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 khaake

khaake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 21 December 2012 - 02:39 AM

I ended up doing your above instructions twice. I'll paste both logs below. The first time it ran extremely slow as it was clearing out the java cache, but I realize about 1/2 through that process that I still had vipre running so I stopped it. It was still slow but eventually finished the java step and then complained about McAfee running again. I looked on the microsoft security center tool and sure enough it was reporting that McAfee antivirus was running, even though it is not present on the machine. I did a search online and saw that if you force WMI to rebuild the Windows WMI repository that common reporting problem can be fixed. Anyway, I did that, rebooted, and now the security center does not report McAfee any longer. I then relaunched Combofix by the drag-and-drop method you outlined above.

The machine itself seems to be doing much better now. It is not a speed demon, but the atom processor is likely the cause of that. It is doing much better than what it was originally. Thanks! Let me know if the logs show a problem.


ComboFix 12-12-20.02 - TV 12/21/2012 0:41.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.593 [GMT -6:00]
Running from: c:\documents and settings\TV\Desktop\Testing.exe
Command switches used :: c:\documents and settings\TV\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: GFI Software VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: GFI Software VIPRE *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 06:25 . 2012-12-21 06:25 -------- d-----w- c:\documents and settings\TV\Application Data\McAfee
2012-12-19 03:30 . 2012-12-19 03:30 -------- d-----w- c:\program files\MSXML 4.0
2012-12-17 07:11 . 2012-12-17 12:43 33616 ----a-w- c:\windows\system32\drivers\gfiark.sys
2012-12-17 07:02 . 2012-10-24 20:39 66344 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-12-17 07:02 . 2012-10-24 20:39 22064 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-12-17 07:01 . 2012-10-24 20:39 94496 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-12-17 07:01 . 2012-10-24 20:39 222368 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-12-17 07:01 . 2012-10-24 20:39 337184 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-12-17 07:01 . 2012-10-24 20:38 96288 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-12-17 07:01 . 2012-12-17 07:01 -------- d-----w- c:\windows\system32\drivers\VDD
2012-12-17 07:01 . 2012-12-17 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-12-17 07:00 . 2012-12-17 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2012-12-17 06:56 . 2012-12-17 06:56 -------- d-----w- c:\program files\GFI Software
2012-12-17 06:56 . 2012-12-17 06:56 -------- d-----w- c:\documents and settings\TV\Application Data\GFI Software
2012-12-17 05:11 . 2012-12-17 05:12 -------- d-----w- c:\documents and settings\TV\Local Settings\Application Data\Adobe
2012-12-01 04:26 . 2012-12-01 04:26 -------- d-----w- c:\documents and settings\TV\Application Data\eSobi
2012-12-01 04:25 . 2012-06-02 21:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-12-01 04:25 . 2012-06-02 21:18 275696 ----a-w- c:\windows\system32\mucltui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 23:15 . 2012-08-03 02:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-15 23:15 . 2011-09-05 05:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2009-08-13 01:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2009-08-13 01:44 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2009-08-13 01:44 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2009-08-13 01:44 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2009-08-13 01:44 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2009-08-13 01:44 385024 ------w- c:\windows\system32\html.iec
2012-10-30 04:33 . 2012-10-30 04:33 13192 ----a-w- c:\windows\system32\drivers\VDD\apvdd.dll
2012-10-30 04:33 . 2012-10-30 04:33 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-10-24 20:39 . 2012-10-24 20:39 634560 ----a-w- c:\windows\system32\XceedZip.dll
2012-10-02 18:04 . 2009-08-13 01:44 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-15 06:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-24 13758464]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2012-10-30 3149704]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 03:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2009-05-14 02:39 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-08-13 01:21 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2009-05-15 06:03 345384 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-05-24 21:05 13758464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-05-24 21:05 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-05-24 21:06 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 18:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-10-17 17:44 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-05-21 06:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [12/4/2008 7:34 PM 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [12/4/2008 7:34 PM 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [12/4/2008 7:34 PM 58800]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [12/17/2012 1:02 AM 22064]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [12/17/2012 1:01 AM 337184]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [12/17/2012 1:01 AM 222368]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [5/15/2009 12:03 AM 305448]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [12/17/2012 1:02 AM 66344]
R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [10/29/2012 10:32 PM 175496]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/7/2010 10:21 AM 594048]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [12/17/2012 1:01 AM 96288]
S2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;c:\program files\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [10/24/2012 2:50 PM 115568]
S2 SBAMSvc;VIPRE Internet Security;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [10/29/2012 10:32 PM 3677000]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/12/2009 7:13 PM 1684736]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [12/17/2012 1:11 AM 33616]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/12/2009 7:21 PM 24064]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [12/17/2012 1:01 AM 96288]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [12/17/2012 1:01 AM 94496]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 23:15]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 02:48]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 02:48]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-69632590.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-21 00:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1312)
c:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(2832)
c:\windows\system32\WININET.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\XmlLite.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-12-21 00:49:52
ComboFix-quarantined-files.txt 2012-12-21 06:49
ComboFix2.txt 2012-12-18 06:40
.
Pre-Run: 127,676,243,968 bytes free
Post-Run: 127,939,866,624 bytes free
.
- - End Of File - - 78E9A2605D6092FD29091557418AFEB8


ComboFix 12-12-20.02 - TV 12/21/2012 1:03.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.586 [GMT -6:00]
Running from: c:\documents and settings\TV\Desktop\Testing.exe
Command switches used :: c:\documents and settings\TV\Desktop\CFScript.txt
AV: GFI Software VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: GFI Software VIPRE *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 06:56 . 2012-12-21 06:56 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-21 06:25 . 2012-12-21 06:25 -------- d-----w- c:\documents and settings\TV\Application Data\McAfee
2012-12-19 03:30 . 2012-12-19 03:30 -------- d-----w- c:\program files\MSXML 4.0
2012-12-17 07:11 . 2012-12-17 12:43 33616 ----a-w- c:\windows\system32\drivers\gfiark.sys
2012-12-17 07:02 . 2012-10-24 20:39 66344 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-12-17 07:02 . 2012-10-24 20:39 22064 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-12-17 07:01 . 2012-10-24 20:39 94496 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-12-17 07:01 . 2012-10-24 20:39 222368 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-12-17 07:01 . 2012-10-24 20:39 337184 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-12-17 07:01 . 2012-10-24 20:38 96288 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-12-17 07:01 . 2012-12-17 07:01 -------- d-----w- c:\windows\system32\drivers\VDD
2012-12-17 07:01 . 2012-12-17 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-12-17 07:00 . 2012-12-17 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2012-12-17 06:56 . 2012-12-17 06:56 -------- d-----w- c:\program files\GFI Software
2012-12-17 06:56 . 2012-12-17 06:56 -------- d-----w- c:\documents and settings\TV\Application Data\GFI Software
2012-12-17 05:11 . 2012-12-17 05:12 -------- d-----w- c:\documents and settings\TV\Local Settings\Application Data\Adobe
2012-12-01 04:26 . 2012-12-01 04:26 -------- d-----w- c:\documents and settings\TV\Application Data\eSobi
2012-12-01 04:25 . 2012-06-02 21:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-12-01 04:25 . 2012-06-02 21:18 275696 ----a-w- c:\windows\system32\mucltui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 23:15 . 2012-08-03 02:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-15 23:15 . 2011-09-05 05:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2009-08-13 01:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2009-08-13 01:44 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2009-08-13 01:44 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2009-08-13 01:44 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2009-08-13 01:44 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2009-08-13 01:44 385024 ------w- c:\windows\system32\html.iec
2012-10-30 04:33 . 2012-10-30 04:33 13192 ----a-w- c:\windows\system32\drivers\VDD\apvdd.dll
2012-10-30 04:33 . 2012-10-30 04:33 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-10-24 20:39 . 2012-10-24 20:39 634560 ----a-w- c:\windows\system32\XceedZip.dll
2012-10-02 18:04 . 2009-08-13 01:44 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-15 06:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-24 13758464]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2012-10-30 3149704]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 03:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2009-05-14 02:39 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-08-13 01:21 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2009-05-15 06:03 345384 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-05-24 21:05 13758464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-05-24 21:05 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-05-24 21:06 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 18:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-10-17 17:44 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-05-21 06:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [12/4/2008 7:34 PM 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [12/4/2008 7:34 PM 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [12/4/2008 7:34 PM 58800]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [12/17/2012 1:02 AM 22064]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [12/17/2012 1:01 AM 337184]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [12/17/2012 1:01 AM 222368]
R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;c:\program files\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [10/24/2012 2:50 PM 115568]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [5/15/2009 12:03 AM 305448]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [12/17/2012 1:02 AM 66344]
R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [10/29/2012 10:32 PM 175496]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/7/2010 10:21 AM 594048]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [12/17/2012 1:01 AM 96288]
S2 SBAMSvc;VIPRE Internet Security;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [10/29/2012 10:32 PM 3677000]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/12/2009 7:13 PM 1684736]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [12/17/2012 1:11 AM 33616]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/12/2009 7:21 PM 24064]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [12/17/2012 1:01 AM 96288]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [12/17/2012 1:01 AM 94496]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 23:15]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 02:48]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 02:48]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.254.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-21 01:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1312)
c:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\WININET.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\XmlLite.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-12-21 01:11:57
ComboFix-quarantined-files.txt 2012-12-21 07:11
ComboFix2.txt 2012-12-21 06:49
ComboFix3.txt 2012-12-18 06:40
.
Pre-Run: 128,077,950,976 bytes free
Post-Run: 128,068,882,432 bytes free
.
- - End Of File - - 3954454391D7AB555BFE1424AA57F086

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 21 December 2012 - 10:15 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9
BFlix Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 khaake

khaake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 22 December 2012 - 02:47 AM

Hello - I uninstalled Adobe Reader 9, but was unable to uninstall BFlix toolbar since it does not show up in Add/Remove Programs or in Revo. I installed Java without an issue. Malwarebytes took a long time to scan. I got impatient the first time (I mistakingly thought it was hung up) and I ended up killing it via the task manager and then rebooting. I then ran it again and after an hour or so it completed. The two logs you requested follow.

The computer seems to be doing well.


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.22.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
TV :: ACER-42041E6643 [administrator]

12/22/2012 12:23:00 AM
mbam-log-2012-12-22 (00-23-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190504
Time elapsed: 59 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:35:24 AM, on 12/22/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TV\Desktop\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\GFI Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GFI LanGuard 10 Attendant Service (gfi_lanss10_attservice) - GFI Software Development Ltd. - C:\Program Files\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VIPRE Internet Security (SBAMSvc) - GFI Software - C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - GFI Software - C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe

--
End of file - 6419 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 22 December 2012 - 09:10 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 khaake

khaake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 23 December 2012 - 12:14 AM

Hello - I removed the two unneeded startup entries and ran ESET. No problems were found. Computer seems to be working well - thanks!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 23 December 2012 - 09:20 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users