Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have clean FBI Warning per instruction on Web


  • This topic is locked This topic is locked
47 replies to this topic

#1 to6cess

to6cess

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 05 January 2013 - 05:49 PM

Hi,
I have a FBI Warning and have done the instruction on virus removal.
When I used IE, I put in my ID and password, and press enter or sign in and nothing happen, I can't get into Yahoo mail.
Another problem is when I do ESET online scan:
Eset says:
"You are trying to launch ESET Online Scanner in a different browser than Internet Explorer. Please agree to the download of ESET Smart Installer - an application which installs and launches ESET Online Scanner in a separate window. At the end of the scan, there will be an option to uninstall ESET Online Scanner and all its components."

Please help. I greatly apperciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 07 January 2013 - 03:58 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 to6cess

to6cess
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 08 January 2013 - 07:46 PM

Hi Gringo,
I ran DeFogger and it is fine, but reboot hangs. So, I have to do a hard reboot.
Security Check and DDS ran fine.

Reports:
dds:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by BILL at 18:22:09 on 2013-01-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2383 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120626182728.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SSBkgdUpdate] G -BOOT
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\scansoft\pdf professional 3.0\IEShellExt.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://192.168.1.2/cab/OCXChecker_6110.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3F932FFA-F092-4FDB-92C5-1285978614D2} - hxxp://74.175.80.98:82/WATCH_16R.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292880919923
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1D6B5682-5405-42BD-B5C6-AEF2A91824AF} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 565352]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-7-13 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2012-7-13 83392]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2013-1-5 17904]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-14 91168]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2013-1-5 3084688]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-14 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-14 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-14 167784]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-14 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-14 203400]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-14 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-14 167344]
R2 MSSQL$SS;SQL Server (SS);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2010-1-21 23200]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2011-6-30 845808]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-14 60480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-14 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-14 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-14 84432]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-8-25 157776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 kudrww;kudrww;c:\documents and settings\bill\application data\ljzgm.bat --> c:\documents and settings\bill\application data\ljzgm.bat [?]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2013-1-5 54072]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-27 146872]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-14 65488]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-14 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-14 92192]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2011-1-21 24880]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-01-05 18:46:05 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-12-31 21:53:58 -------- d-----w- c:\windows\pss
2012-12-31 18:41:51 -------- d-sha-r- C:\cmdcons
2012-12-31 18:38:34 98816 ----a-w- c:\windows\sed.exe
2012-12-31 18:38:34 256000 ----a-w- c:\windows\PEV.exe
2012-12-31 18:38:34 208896 ----a-w- c:\windows\MBR.exe
2012-12-30 19:16:47 1754528 ----a-w- C:\rkill.com
2012-12-14 09:09:21 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
.
==================== Find3M ====================
.
2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 14:49:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 14:49:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-16 18:11:00 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-11-09 12:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 12:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 12:53:02 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 12:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 12:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 12:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 12:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 12:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 12:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 12:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-31 21:10:14 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 21:10:14 138056 ----a-w- c:\windows\system32\atl100.dll
.
============= FINISH: 18:22:52.29 ===============

dds attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/19/2010 6:24:17 PM
System Uptime: 1/8/2013 6:14:47 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WG855
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 244 GiB total, 70.515 GiB free.
D: is FIXED (NTFS) - 454 GiB total, 3.405 GiB free.
E: is CDROM ()
F: is CDROM ()
I: is FIXED (NTFS) - 1863 GiB total, 1455.385 GiB free.
P: is FIXED (NTFS) - 1397 GiB total, 6.016 GiB free.
U: is NetworkDisk (NTFS) - 120 GiB total, 32.473 GiB free.
Y: is NetworkDisk (NTFS) - 70 GiB total, 45.544 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP900: 8/24/2012 7:43:31 PM - System Checkpoint
RP901: 8/25/2012 7:46:43 PM - System Checkpoint
RP902: 8/26/2012 8:46:06 PM - System Checkpoint
RP903: 8/27/2012 10:01:32 PM - System Checkpoint
RP904: 8/28/2012 10:34:42 PM - System Checkpoint
RP905: 8/29/2012 11:34:42 PM - System Checkpoint
RP906: 8/31/2012 12:34:42 AM - System Checkpoint
RP907: 9/1/2012 12:46:42 AM - System Checkpoint
RP908: 9/2/2012 12:46:50 AM - System Checkpoint
RP909: 9/3/2012 1:34:50 AM - System Checkpoint
RP910: 9/4/2012 2:34:50 AM - System Checkpoint
RP911: 9/5/2012 3:34:50 AM - System Checkpoint
RP912: 9/6/2012 3:46:50 AM - System Checkpoint
RP913: 9/7/2012 4:34:50 AM - System Checkpoint
RP914: 9/8/2012 4:46:50 AM - System Checkpoint
RP915: 9/9/2012 4:47:06 AM - System Checkpoint
RP916: 9/10/2012 5:35:06 AM - System Checkpoint
RP917: 9/11/2012 5:47:06 AM - System Checkpoint
RP918: 9/12/2012 6:47:06 AM - System Checkpoint
RP919: 9/13/2012 7:47:06 AM - System Checkpoint
RP920: 9/14/2012 8:47:06 AM - System Checkpoint
RP921: 9/15/2012 9:41:37 AM - System Checkpoint
RP922: 9/16/2012 9:47:15 AM - System Checkpoint
RP923: 9/17/2012 10:42:14 AM - System Checkpoint
RP924: 9/18/2012 11:26:35 AM - System Checkpoint
RP925: 9/19/2012 11:53:56 AM - System Checkpoint
RP926: 9/19/2012 3:52:16 PM - Installed Windows XP KB942288-v3.
RP927: 9/19/2012 3:52:34 PM - Installed Windows XP KB958655-v2.
RP928: 9/20/2012 5:18:44 PM - System Checkpoint
RP929: 9/21/2012 6:00:44 PM - System Checkpoint
RP930: 9/22/2012 6:12:46 PM - System Checkpoint
RP931: 9/23/2012 7:00:45 PM - System Checkpoint
RP932: 9/24/2012 8:00:43 PM - System Checkpoint
RP933: 9/25/2012 8:12:44 PM - System Checkpoint
RP934: 10/1/2012 12:47:28 PM - System Checkpoint
RP935: 10/2/2012 1:40:02 PM - System Checkpoint
RP936: 10/3/2012 1:52:02 PM - System Checkpoint
RP937: 10/4/2012 2:40:01 PM - System Checkpoint
RP938: 10/5/2012 2:52:01 PM - System Checkpoint
RP939: 10/6/2012 3:05:03 PM - System Checkpoint
RP940: 10/7/2012 3:52:04 PM - System Checkpoint
RP941: 10/8/2012 6:06:21 PM - System Checkpoint
RP942: 10/9/2012 7:07:05 PM - System Checkpoint
RP943: 10/10/2012 8:11:45 PM - System Checkpoint
RP944: 10/11/2012 9:27:15 PM - System Checkpoint
RP945: 10/12/2012 10:13:15 PM - System Checkpoint
RP946: 10/13/2012 10:58:52 PM - System Checkpoint
RP947: 10/15/2012 12:27:24 AM - System Checkpoint
RP948: 10/16/2012 1:37:23 AM - System Checkpoint
RP949: 10/17/2012 1:58:53 AM - System Checkpoint
RP950: 10/18/2012 2:12:56 AM - System Checkpoint
RP951: 10/19/2012 2:58:53 AM - System Checkpoint
RP952: 10/20/2012 3:58:52 AM - System Checkpoint
RP953: 10/21/2012 4:58:52 AM - System Checkpoint
RP954: 10/22/2012 6:00:22 AM - System Checkpoint
RP955: 10/23/2012 6:46:36 AM - System Checkpoint
RP956: 10/24/2012 7:34:36 AM - System Checkpoint
RP957: 10/25/2012 8:34:35 AM - System Checkpoint
RP958: 10/26/2012 9:34:45 AM - System Checkpoint
RP959: 10/27/2012 11:13:04 AM - System Checkpoint
RP960: 10/28/2012 11:34:37 AM - System Checkpoint
RP961: 10/29/2012 1:42:19 PM - System Checkpoint
RP962: 10/30/2012 2:36:00 PM - System Checkpoint
RP963: 10/31/2012 2:46:54 PM - System Checkpoint
RP964: 11/1/2012 3:46:46 PM - System Checkpoint
RP965: 11/2/2012 6:45:12 PM - System Checkpoint
RP966: 11/3/2012 6:46:47 PM - System Checkpoint
RP967: 11/4/2012 7:14:17 PM - System Checkpoint
RP968: 11/5/2012 7:34:53 PM - System Checkpoint
RP969: 11/6/2012 8:10:58 PM - System Checkpoint
RP970: 11/7/2012 8:47:25 PM - System Checkpoint
RP971: 11/8/2012 9:09:05 PM - System Checkpoint
RP972: 11/9/2012 9:11:05 PM - System Checkpoint
RP973: 11/11/2012 3:26:33 PM - System Checkpoint
RP974: 11/12/2012 6:10:29 PM - System Checkpoint
RP975: 11/13/2012 6:34:41 PM - System Checkpoint
RP976: 11/14/2012 7:32:13 PM - System Checkpoint
RP977: 11/15/2012 7:34:44 PM - System Checkpoint
RP978: 11/19/2012 11:36:46 AM - System Checkpoint
RP979: 11/20/2012 1:24:36 PM - System Checkpoint
RP980: 11/21/2012 2:18:47 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AnswerWorks 5.0 English Runtime
ArcGIS Desktop 10
ATT-RC Self Support Tool
Brother Driver Deployment Wizard
Dell Digital Jukebox Driver
Dell Media Experience
Dell Resource CD
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Emsisoft Anti-Malware
ESET Online Scanner v3
File Splitter and Joiner (FFSJ v3.3)
foobar2000 v1.1.13
Free Audio Converter version 5.0.11.508
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIS Tutorial 2 - Student Resources
GoToMeeting 4.5.0.457
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB976098-v2)
Intel® PRO Network Connections
Java Auto Updater
Java™ 6 Update 27
K-Lite Mega Codec Pack 5.7.0
LightScribe 1.4.89.1
Magic ISO Maker v5.5 (build 0274)
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Office 2000 SR-1 Premium
Microsoft Office Live Meeting 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Monkey's Audio
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nero Suite
NVIDIA Drivers
OneTouch Version 3.0
PaperPort
PMB
Python 2.3 combined Win32 extensions
Python 2.5 numpy-1.0.3
Python 2.5.1
Python 2.6 comtypes-0.6.2
Python 2.6 pywin32-215
Python 2.6 xlrd-0.7.1
Python 3.2
Quicken 2011
RemoteComms External Disk Access
Sandboxie 3.74 (32-bit)
ScanSoft PDF Professional 3.0
Seagate DiscWizard
SeaTools for Windows
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Service Pack 1 for SQL Server 2008 (KB968369)
Shared C Run-time for x86
SigmaTel Audio
Sql Server Customer Experience Improvement Program
swMSM
System Requirements Lab CYRI
TKaraoke
TradeStation 8.7 (Build 3085)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
WebFldrs XP
Windows Internet Explorer 8
Windows XP Service Pack 3
WinRAR archiver
Youtube Downloader HD v. 2.8 Chinese Edition
.
==== Event Viewer Messages From Past Week ========
.
1/8/2013 6:16:18 PM, error: Service Control Manager [7023] - The SharedAccess service terminated with the following error: The specified service does not exist as an installed service.
1/8/2013 6:15:43 PM, error: Service Control Manager [7023] - The WebClient service terminated with the following error: The system cannot find the file specified.
1/8/2013 6:15:43 PM, error: Service Control Manager [7000] - The helpsvc service failed to start due to the following error: The system cannot find the file specified.
1/8/2013 6:15:38 PM, error: W32Time [4] - The time provider 'NtpClient' failed to start due to the following error: The system cannot find the file specified. (0x80070002)
1/8/2013 6:15:38 PM, error: W32Time [21] - The time service is configured to use one or more input providers, however, none of the input providers are available. The time service has no source of accurate time.
.
==== End Of File ===========================

Security Check:
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
ESET Online Scanner v3
McAfee SecurityCenter
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 27
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Emsisoft Anti-Malware a2service.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

Defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:10 on 08/01/2013 (BILL)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 08 January 2013 - 09:05 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 to6cess

to6cess
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 10 January 2013 - 08:50 AM

Hi Gringo,
I ran both programs and RogueKiller found 3 virus, and I deleted it.
So I did a cold re-boot and my computer hangs, then I did a hard re-boot.
I still have the same problems as above.
At Yahoo mail when after I put in my Id and PW, click sign in, at bottom it says "error on page".
Thanks.

Report:
RogueKiller V8.4.3 [Jan 8 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : BILL [Admin rights]
Mode : Remove -- Date : 01/10/2013 07:24:43

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\59853085 (C:\WINDOWS\system32\drivers\45057792.sys) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0xBA7BDCA0)
_INLINE_ : NtRequestWaitReplyPort -> HOOKED (Unknown @ 0xBA7BDD40)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0xBA7BDC00)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500AADS-00M2B0 +++++
--- User ---
[MBR] d7430342f6f07b0e264a00f7f6e9636b
[BSP] 55b7b1f14c808cc75f96e2a58641d657 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 250003 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 512007615 | Size: 465390 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST2000DM001-9YN164 +++++
--- User ---
[MBR] ef75e37719d553f67ef720233532552c
[BSP] 09306ff2edfbb7d4b59c8f1241697fc1 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST31500341AS +++++
--- User ---
[MBR] eb81add98092f03aff04c61d9e2996f0
[BSP] 42a1a50c1ad857cb8fe514b69bd8c79c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01102013_02d0724.txt >>
RKreport[1]_S_01092013_02d0815.txt ; RKreport[2]_D_01102013_02d0724.txt



# AdwCleaner v2.105 - Logfile created 01/09/2013 at 08:05:43
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : BILL - BILLDELL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\BILL\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [655 octets] - [31/12/2012 13:17:15]
AdwCleaner[R2].txt - [773 octets] - [09/01/2013 08:03:21]
AdwCleaner[R3].txt - [832 octets] - [09/01/2013 08:05:02]
AdwCleaner[S1].txt - [716 octets] - [31/12/2012 13:17:55]
AdwCleaner[S2].txt - [764 octets] - [09/01/2013 08:05:43]

########## EOF - C:\AdwCleaner[S2].txt - [823 octets] ##########

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 10 January 2013 - 01:08 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 to6cess

to6cess
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 10 January 2013 - 08:02 PM

Hi Gringo,
After ran Combofix with no problem. I use Internet Explorer and still the same problems.
Here is the post from Combofix:

ComboFix 13-01-08.01 - BILL 01/10/2013 18:28:41.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2464 [GMT -6:00]
Running from: c:\documents and settings\BILL\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-09 18:49 . 2013-01-09 18:49 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-05 18:46 . 2013-01-09 14:08 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-12-30 19:16 . 2012-12-24 23:19 1754528 ----a-w- C:\rkill.com
2012-12-20 15:38 . 2012-12-20 15:38 -------- d-----w- c:\documents and settings\Hoa
2012-12-14 09:09 . 2012-11-09 12:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 18:49 . 2012-07-25 18:43 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 18:49 . 2012-07-25 18:43 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 22:49 . 2011-10-07 15:32 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 18:11 . 2012-11-16 18:11 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-11-09 12:56 . 2011-03-14 13:39 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 12:53 . 2011-03-14 13:31 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 12:53 . 2011-03-14 13:39 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 12:52 . 2011-03-14 13:39 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 12:52 . 2011-03-14 13:39 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 12:51 . 2010-10-14 03:28 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 12:50 . 2011-03-14 13:39 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 12:50 . 2011-03-14 13:39 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 12:49 . 2011-03-14 13:39 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 12:49 . 2010-10-14 03:28 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-31 21:10 . 2012-10-31 21:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 21:10 . 2012-10-31 21:10 138056 ----a-w- c:\windows\system32\atl100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="G -BOOT" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2012-10-17 3364264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [7/13/2012 3:32 PM 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [7/13/2012 3:32 PM 83392]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [1/5/2013 12:46 PM 17904]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/14/2011 7:39 AM 91168]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [1/5/2013 12:46 PM 3084688]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/14/2011 7:39 AM 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/14/2011 7:39 AM 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/14/2011 7:39 AM 167784]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/14/2011 7:39 AM 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/14/2011 7:31 AM 167344]
R2 MSSQL$SS;SQL Server (SS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 2:18 AM 360224]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [1/21/2010 5:38 PM 23200]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/30/2011 1:48 PM 845808]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/14/2011 7:39 AM 60480]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/14/2011 7:39 AM 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/14/2012 3:09 AM 84432]
S2 kudrww;kudrww;c:\documents and settings\BILL\Application Data\ljzgm.bat --> c:\documents and settings\BILL\Application Data\ljzgm.bat [?]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [1/5/2013 12:46 PM 54072]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/27/2012 10:07 PM 146872]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 8:18 AM 24216]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/14/2012 3:09 AM 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/14/2011 7:39 AM 92192]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [9/28/2009 9:55 AM 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [1/21/2011 10:54 AM 24880]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 9:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 18:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
TCP: DhcpNameServer = 192.168.1.254
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://192.168.1.2/cab/OCXChecker_6110.cab
DPF: {3F932FFA-F092-4FDB-92C5-1285978614D2} - hxxp://74.175.80.98:82/WATCH_16R.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-10 18:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kudrww]
"ImagePath"="c:\documents and settings\BILL\Application Data\ljzgm.bat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1160)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-01-10 18:38:57
ComboFix-quarantined-files.txt 2013-01-11 00:38
ComboFix2.txt 2012-12-31 19:14
.
Pre-Run: 75,200,385,024 bytes free
Post-Run: 75,229,724,672 bytes free
.
- - End Of File - - 5D01757DD0EBF1DD21ACEAD5F14CCC7A

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 11 January 2013 - 01:57 PM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 to6cess

to6cess
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 12 January 2013 - 10:31 AM

Hi Gringo,
Both program ran fine without a problem, but I still have the same problems as above.
Thanks for your help.
To6cess.

Report:

18:37:08.0406 3132 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:37:09.0187 3132 ============================================================
18:37:09.0187 3132 Current date / time: 2013/01/11 18:37:09.0187
18:37:09.0187 3132 SystemInfo:
18:37:09.0187 3132
18:37:09.0187 3132 OS Version: 5.1.2600 ServicePack: 3.0
18:37:09.0187 3132 Product type: Workstation
18:37:09.0187 3132 ComputerName: BILLDELL
18:37:09.0187 3132 UserName: BILL
18:37:09.0187 3132 Windows directory: C:\WINDOWS
18:37:09.0187 3132 System windows directory: C:\WINDOWS
18:37:09.0187 3132 Processor architecture: Intel x86
18:37:09.0187 3132 Number of processors: 2
18:37:09.0187 3132 Page size: 0x1000
18:37:09.0187 3132 Boot type: Normal boot
18:37:09.0187 3132 ============================================================
18:37:09.0703 3132 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:37:09.0937 3132 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:37:09.0937 3132 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:37:09.0937 3132 ============================================================
18:37:09.0937 3132 \Device\Harddisk0\DR0:
18:37:09.0937 3132 MBR partitions:
18:37:09.0937 3132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E849D80
18:37:09.0953 3132 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E849DFE, BlocksNum 0x38CF7642
18:37:09.0953 3132 \Device\Harddisk1\DR1:
18:37:09.0953 3132 MBR partitions:
18:37:09.0953 3132 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
18:37:09.0953 3132 \Device\Harddisk2\DR2:
18:37:09.0953 3132 MBR partitions:
18:37:09.0953 3132 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
18:37:09.0953 3132 ============================================================
18:37:10.0218 3132 D: <-> \Device\Harddisk0\DR0\Partition2
18:37:10.0234 3132 C: <-> \Device\Harddisk0\DR0\Partition1
18:37:10.0296 3132 P: <-> \Device\Harddisk2\DR2\Partition1
18:37:10.0390 3132 I: <-> \Device\Harddisk1\DR1\Partition1
18:37:10.0390 3132 ============================================================
18:37:10.0390 3132 Initialize success
18:37:10.0390 3132 ============================================================
18:37:30.0250 2732 Deinitialize success

18:44:22.0531 4024 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:44:24.0546 4024 ============================================================
18:44:24.0546 4024 Current date / time: 2013/01/11 18:44:24.0546
18:44:24.0546 4024 SystemInfo:
18:44:24.0546 4024
18:44:24.0546 4024 OS Version: 5.1.2600 ServicePack: 3.0
18:44:24.0546 4024 Product type: Workstation
18:44:24.0546 4024 ComputerName: BILLDELL
18:44:24.0546 4024 UserName: BILL
18:44:24.0546 4024 Windows directory: C:\WINDOWS
18:44:24.0546 4024 System windows directory: C:\WINDOWS
18:44:24.0546 4024 Processor architecture: Intel x86
18:44:24.0546 4024 Number of processors: 2
18:44:24.0546 4024 Page size: 0x1000
18:44:24.0546 4024 Boot type: Normal boot
18:44:24.0546 4024 ============================================================
18:44:25.0015 4024 BG loaded
18:44:25.0343 4024 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:44:25.0343 4024 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:44:25.0562 4024 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:44:25.0562 4024 ============================================================
18:44:25.0562 4024 \Device\Harddisk0\DR0:
18:44:25.0578 4024 MBR partitions:
18:44:25.0578 4024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E849D80
18:44:25.0593 4024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E849DFE, BlocksNum 0x38CF7642
18:44:25.0593 4024 \Device\Harddisk1\DR1:
18:44:25.0593 4024 MBR partitions:
18:44:25.0593 4024 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
18:44:25.0593 4024 \Device\Harddisk2\DR2:
18:44:25.0593 4024 MBR partitions:
18:44:25.0593 4024 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
18:44:25.0593 4024 ============================================================
18:44:26.0250 4024 D: <-> \Device\Harddisk0\DR0\Partition2
18:44:26.0515 4024 C: <-> \Device\Harddisk0\DR0\Partition1
18:44:26.0578 4024 P: <-> \Device\Harddisk2\DR2\Partition1
18:44:26.0718 4024 I: <-> \Device\Harddisk1\DR1\Partition1
18:44:26.0718 4024 ============================================================
18:44:26.0718 4024 Initialize success
18:44:26.0718 4024 ============================================================
18:44:44.0593 2216 ============================================================
18:44:44.0593 2216 Scan started
18:44:44.0593 2216 Mode: Manual; SigCheck; TDLFS;
18:44:44.0593 2216 ============================================================
18:44:46.0187 2216 ================ Scan system memory ========================
18:44:46.0187 2216 System memory - ok
18:44:46.0203 2216 ================ Scan services =============================
18:44:46.0281 2216 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
18:44:46.0859 2216 a2acc - ok
18:44:46.0953 2216 [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
18:44:47.0093 2216 a2AntiMalware - ok
18:44:47.0109 2216 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
18:44:47.0140 2216 A2DDA - ok
18:44:47.0187 2216 Abiosdsk - ok
18:44:47.0203 2216 abp480n5 - ok
18:44:47.0234 2216 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:44:47.0343 2216 ACPI - ok
18:44:47.0359 2216 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:44:47.0468 2216 ACPIEC - ok
18:44:47.0578 2216 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:44:47.0609 2216 AdobeFlashPlayerUpdateSvc - ok
18:44:47.0625 2216 adpu160m - ok
18:44:47.0687 2216 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:44:47.0828 2216 aec - ok
18:44:47.0859 2216 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:44:47.0937 2216 AFD - ok
18:44:47.0953 2216 Aha154x - ok
18:44:47.0968 2216 aic78u2 - ok
18:44:47.0968 2216 aic78xx - ok
18:44:48.0031 2216 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:44:48.0156 2216 Alerter - ok
18:44:48.0171 2216 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:44:48.0296 2216 ALG - ok
18:44:48.0312 2216 AliIde - ok
18:44:48.0312 2216 amsint - ok
18:44:48.0343 2216 AppMgmt - ok
18:44:48.0421 2216 asc - ok
18:44:48.0437 2216 asc3350p - ok
18:44:48.0437 2216 asc3550 - ok
18:44:49.0031 2216 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:44:49.0093 2216 aspnet_state - ok
18:44:49.0140 2216 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:44:49.0250 2216 AsyncMac - ok
18:44:49.0281 2216 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
18:44:49.0375 2216 atapi - ok
18:44:49.0375 2216 Atdisk - ok
18:44:49.0421 2216 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:44:49.0515 2216 Atmarpc - ok
18:44:49.0562 2216 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:44:49.0640 2216 AudioSrv - ok
18:44:49.0671 2216 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:44:49.0750 2216 audstub - ok
18:44:49.0781 2216 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:44:49.0875 2216 Beep - ok
18:44:49.0906 2216 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:44:50.0078 2216 BITS - ok
18:44:50.0109 2216 [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
18:44:50.0125 2216 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning
18:44:50.0125 2216 Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)
18:44:50.0125 2216 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
18:44:50.0218 2216 Browser - ok
18:44:50.0234 2216 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
18:44:50.0296 2216 BrScnUsb - ok
18:44:50.0375 2216 catchme - ok
18:44:50.0390 2216 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:44:50.0484 2216 cbidf2k - ok
18:44:50.0484 2216 cd20xrnt - ok
18:44:50.0515 2216 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:44:50.0625 2216 Cdaudio - ok
18:44:50.0625 2216 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:44:50.0703 2216 Cdfs - ok
18:44:50.0734 2216 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:44:50.0781 2216 Cdrom - ok
18:44:50.0828 2216 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
18:44:50.0828 2216 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
18:44:50.0828 2216 cercsr6 - detected UnsignedFile.Multi.Generic (1)
18:44:50.0859 2216 [ 67B20DA4727F54AEA29FDDAD810C898D ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
18:44:50.0859 2216 cfwids - ok
18:44:50.0875 2216 Changer - ok
18:44:50.0890 2216 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:44:50.0968 2216 CiSvc - ok
18:44:50.0984 2216 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:44:51.0078 2216 ClipSrv - ok
18:44:51.0109 2216 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:44:51.0234 2216 clr_optimization_v2.0.50727_32 - ok
18:44:51.0250 2216 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:44:51.0437 2216 clr_optimization_v4.0.30319_32 - ok
18:44:51.0437 2216 CmdIde - ok
18:44:51.0437 2216 COMSysApp - ok
18:44:51.0453 2216 Cpqarray - ok
18:44:51.0468 2216 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:44:51.0546 2216 CryptSvc - ok
18:44:51.0562 2216 dac2w2k - ok
18:44:51.0562 2216 dac960nt - ok
18:44:51.0625 2216 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:44:51.0656 2216 DcomLaunch - ok
18:44:51.0687 2216 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:44:51.0781 2216 Dhcp - ok
18:44:51.0812 2216 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:44:51.0906 2216 Disk - ok
18:44:51.0906 2216 dmadmin - ok
18:44:51.0937 2216 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:44:52.0078 2216 dmboot - ok
18:44:52.0093 2216 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:44:52.0203 2216 dmio - ok
18:44:52.0218 2216 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:44:52.0312 2216 dmload - ok
18:44:52.0328 2216 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:44:52.0406 2216 dmserver - ok
18:44:52.0421 2216 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:44:52.0531 2216 DMusic - ok
18:44:52.0546 2216 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:44:52.0640 2216 Dot3svc - ok
18:44:52.0640 2216 dpti2o - ok
18:44:52.0656 2216 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:44:52.0750 2216 drmkaud - ok
18:44:52.0765 2216 [ 00192F0C612591D585594E9467E6CA8B ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:44:52.0890 2216 e1express - ok
18:44:52.0906 2216 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:44:53.0000 2216 EapHost - ok
18:44:53.0015 2216 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:44:53.0109 2216 ERSvc - ok
18:44:53.0140 2216 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:44:53.0171 2216 Eventlog - ok
18:44:53.0187 2216 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:44:53.0281 2216 Fastfat - ok
18:44:53.0328 2216 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:44:53.0421 2216 FastUserSwitchingCompatibility - ok
18:44:53.0437 2216 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:44:53.0531 2216 Fdc - ok
18:44:53.0531 2216 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:44:53.0625 2216 Fips - ok
18:44:53.0671 2216 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:44:53.0718 2216 FLEXnet Licensing Service - ok
18:44:53.0718 2216 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:44:53.0812 2216 Flpydisk - ok
18:44:53.0843 2216 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:44:53.0921 2216 FltMgr - ok
18:44:53.0984 2216 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:44:54.0000 2216 FontCache3.0.0.0 - ok
18:44:54.0000 2216 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:44:54.0109 2216 Fs_Rec - ok
18:44:54.0140 2216 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:44:54.0218 2216 Ftdisk - ok
18:44:54.0250 2216 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:44:54.0343 2216 Gpc - ok
18:44:54.0390 2216 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:44:54.0515 2216 HDAudBus - ok
18:44:54.0546 2216 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:44:54.0625 2216 HidServ - ok
18:44:54.0656 2216 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:44:54.0765 2216 hidusb - ok
18:44:54.0812 2216 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\WINDOWS\system32\drivers\HipShieldK.sys
18:44:54.0828 2216 HipShieldK - ok
18:44:54.0875 2216 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:44:54.0953 2216 hkmsvc - ok
18:44:54.0968 2216 hpn - ok
18:44:54.0984 2216 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:44:55.0046 2216 HTTP - ok
18:44:55.0062 2216 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:44:55.0156 2216 HTTPFilter - ok
18:44:55.0156 2216 i2omgmt - ok
18:44:55.0156 2216 i2omp - ok
18:44:55.0187 2216 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
18:44:55.0281 2216 i8042prt - ok
18:44:55.0343 2216 [ 294110966CEDD127629C5BE48367C8CF ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:44:55.0390 2216 iastor - ok
18:44:55.0468 2216 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:44:55.0515 2216 idsvc - ok
18:44:55.0562 2216 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:44:55.0656 2216 Imapi - ok
18:44:55.0703 2216 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:44:55.0781 2216 ImapiService - ok
18:44:55.0781 2216 ini910u - ok
18:44:55.0796 2216 IntelIde - ok
18:44:55.0828 2216 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:44:55.0921 2216 intelppm - ok
18:44:55.0953 2216 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:44:56.0046 2216 Ip6Fw - ok
18:44:56.0078 2216 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:44:56.0171 2216 IpFilterDriver - ok
18:44:56.0187 2216 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:44:56.0281 2216 IpInIp - ok
18:44:56.0281 2216 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:44:56.0390 2216 IpNat - ok
18:44:56.0406 2216 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:44:56.0500 2216 IPSec - ok
18:44:56.0500 2216 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:44:56.0609 2216 IRENUM - ok
18:44:56.0625 2216 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:44:56.0703 2216 isapnp - ok
18:44:56.0734 2216 [ 339DEA550CC17283D6FD689AC7E67C57 ] ivusb C:\WINDOWS\system32\DRIVERS\ivusb.sys
18:44:56.0750 2216 ivusb - ok
18:44:56.0812 2216 [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:44:56.0843 2216 JavaQuickStarterService - ok
18:44:56.0859 2216 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:44:56.0953 2216 Kbdclass - ok
18:44:56.0968 2216 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:44:57.0062 2216 kbdhid - ok
18:44:57.0093 2216 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:44:57.0187 2216 kmixer - ok
18:44:57.0234 2216 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:44:57.0328 2216 KSecDD - ok
18:44:57.0343 2216 kudrww - ok
18:44:57.0375 2216 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:44:57.0421 2216 lanmanserver - ok
18:44:57.0484 2216 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:44:57.0562 2216 lanmanworkstation - ok
18:44:57.0562 2216 lbrtfdc - ok
18:44:57.0640 2216 [ 5712DCBE52D68865CCA91AE04807B755 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:44:57.0671 2216 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:44:57.0671 2216 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:44:57.0703 2216 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:44:57.0796 2216 LmHosts - ok
18:44:57.0843 2216 [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:44:57.0859 2216 McAfee SiteAdvisor Service - ok
18:44:57.0890 2216 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
18:44:57.0921 2216 McciCMService ( UnsignedFile.Multi.Generic ) - warning
18:44:57.0921 2216 McciCMService - detected UnsignedFile.Multi.Generic (1)
18:44:57.0937 2216 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:44:57.0937 2216 McMPFSvc - ok
18:44:57.0937 2216 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:44:57.0953 2216 mcmscsvc - ok
18:44:57.0953 2216 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:44:57.0968 2216 McNaiAnn - ok
18:44:57.0968 2216 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:44:57.0984 2216 McNASvc - ok
18:44:58.0031 2216 [ C7DA06C9A9AEEFBE37AAC281EA6385D5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
18:44:58.0062 2216 McODS - ok
18:44:58.0062 2216 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:44:58.0078 2216 McProxy - ok
18:44:58.0125 2216 [ 6C2D89C52DA8592C57FB0DC7BAB36FF7 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:44:58.0140 2216 McShield - ok
18:44:58.0171 2216 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:44:58.0265 2216 Messenger - ok
18:44:58.0296 2216 [ BA3004F4C0A0CD19DB9C2C0AB3A84EFE ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
18:44:58.0312 2216 mfeapfk - ok
18:44:58.0343 2216 [ 39C20B7D9AC19BFE616CA09DD3A240AF ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
18:44:58.0375 2216 mfeavfk - ok
18:44:58.0375 2216 mfeavfk01 - ok
18:44:58.0390 2216 [ E3470DECDA0A4015A0CA00ED645F2EBE ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
18:44:58.0406 2216 mfebopk - ok
18:44:58.0453 2216 [ 4E13EA496E202BCB4FCC342D96FAF83A ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:44:58.0484 2216 mfefire - ok
18:44:58.0500 2216 [ C8AC8147E02ED8795E1FD946165BACCF ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
18:44:58.0531 2216 mfefirek - ok
18:44:58.0578 2216 [ 7AAF92954D8D2801B17A1163C60ABFE9 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
18:44:58.0593 2216 mfehidk - ok
18:44:58.0640 2216 [ 3474B9391903C0AB2E9987CB4DE943D8 ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:44:58.0656 2216 mfendisk - ok
18:44:58.0656 2216 [ 3474B9391903C0AB2E9987CB4DE943D8 ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:44:58.0671 2216 mfendiskmp - ok
18:44:58.0703 2216 [ 62D55D882D58A1250348F324BC0AFC06 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
18:44:58.0718 2216 mferkdet - ok
18:44:58.0750 2216 [ FCFAB391E3736769FE5865F3ACB3DCCB ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
18:44:58.0781 2216 mfetdi2k - ok
18:44:58.0812 2216 [ 82B7415D5A8FB24D3F6736400F5E1600 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
18:44:58.0828 2216 mfevtp - ok
18:44:58.0859 2216 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:44:58.0953 2216 mnmdd - ok
18:44:58.0984 2216 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:44:59.0093 2216 mnmsrvc - ok
18:44:59.0156 2216 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:44:59.0250 2216 Modem - ok
18:44:59.0265 2216 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:44:59.0359 2216 Mouclass - ok
18:44:59.0359 2216 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:44:59.0453 2216 mouhid - ok
18:44:59.0468 2216 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:44:59.0546 2216 MountMgr - ok
18:44:59.0562 2216 mraid35x - ok
18:44:59.0562 2216 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:44:59.0640 2216 MRxDAV - ok
18:44:59.0671 2216 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:44:59.0703 2216 MRxSmb - ok
18:44:59.0734 2216 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:44:59.0828 2216 MSDTC - ok
18:44:59.0828 2216 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:44:59.0921 2216 Msfs - ok
18:44:59.0921 2216 MSIServer - ok
18:44:59.0953 2216 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:45:00.0062 2216 MSKSSRV - ok
18:45:00.0062 2216 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:45:00.0156 2216 MSPCLOCK - ok
18:45:00.0187 2216 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:45:00.0281 2216 MSPQM - ok
18:45:00.0296 2216 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:45:00.0390 2216 mssmbios - ok
18:45:00.0468 2216 MSSQL$SQLEXPRESS - ok
18:45:00.0500 2216 MSSQL$SS - ok
18:45:00.0531 2216 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:45:00.0562 2216 MSSQLServerADHelper - ok
18:45:00.0609 2216 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:45:00.0625 2216 MSSQLServerADHelper100 - ok
18:45:00.0640 2216 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:45:00.0718 2216 Mup - ok
18:45:00.0750 2216 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:45:00.0828 2216 NDIS - ok
18:45:00.0828 2216 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:45:00.0937 2216 NdisTapi - ok
18:45:00.0968 2216 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:45:01.0078 2216 Ndisuio - ok
18:45:01.0078 2216 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:45:01.0171 2216 NdisWan - ok
18:45:01.0234 2216 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:45:01.0281 2216 NDProxy - ok
18:45:01.0281 2216 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:45:01.0359 2216 NetBIOS - ok
18:45:01.0453 2216 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:45:01.0562 2216 NetBT - ok
18:45:01.0593 2216 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:45:01.0703 2216 NetDDE - ok
18:45:01.0703 2216 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:45:01.0781 2216 NetDDEdsdm - ok
18:45:01.0812 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:45:01.0906 2216 Netlogon - ok
18:45:01.0984 2216 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:45:02.0062 2216 NetTcpPortSharing - ok
18:45:02.0093 2216 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
18:45:02.0125 2216 Nla - ok
18:45:02.0125 2216 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:45:02.0203 2216 Npfs - ok
18:45:02.0218 2216 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:45:02.0312 2216 Ntfs - ok
18:45:02.0312 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:45:02.0390 2216 NtLmSsp - ok
18:45:02.0421 2216 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:45:02.0531 2216 NtmsSvc - ok
18:45:02.0546 2216 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:45:02.0640 2216 Null - ok
18:45:02.0828 2216 [ 449220E13E94B64EBFDC788E97EC9222 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:45:02.0953 2216 nv - ok
18:45:02.0968 2216 [ 2F7CD9D1BB1948DA19CF51E76550FD68 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
18:45:03.0000 2216 NVSvc - ok
18:45:03.0015 2216 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:45:03.0125 2216 NwlnkFlt - ok
18:45:03.0140 2216 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:45:03.0234 2216 NwlnkFwd - ok
18:45:03.0296 2216 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
18:45:03.0312 2216 OMCI ( UnsignedFile.Multi.Generic ) - warning
18:45:03.0312 2216 OMCI - detected UnsignedFile.Multi.Generic (1)
18:45:03.0328 2216 [ 257190D58444732B68919C573368B64D ] OXSDIDRV_x32 C:\WINDOWS\system32\DRIVERS\OXSDIDRV_x32.sys
18:45:03.0359 2216 OXSDIDRV_x32 - ok
18:45:03.0406 2216 [ 8F534A8630F6BABA92E14531F96906CD ] OXUDIDRV C:\WINDOWS\system32\Drivers\OXUDIDRV_X32.sys
18:45:03.0421 2216 OXUDIDRV - ok
18:45:03.0437 2216 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:45:03.0546 2216 Parport - ok
18:45:03.0578 2216 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:45:03.0671 2216 PartMgr - ok
18:45:03.0703 2216 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:45:03.0812 2216 ParVdm - ok
18:45:03.0812 2216 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:45:03.0906 2216 PCI - ok
18:45:03.0906 2216 PCIDump - ok
18:45:03.0906 2216 PCIIde - ok
18:45:03.0937 2216 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:45:04.0031 2216 Pcmcia - ok
18:45:04.0031 2216 PDCOMP - ok
18:45:04.0046 2216 PDFRAME - ok
18:45:04.0046 2216 PDRELI - ok
18:45:04.0046 2216 PDRFRAME - ok
18:45:04.0062 2216 perc2 - ok
18:45:04.0062 2216 perc2hib - ok
18:45:04.0093 2216 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:45:04.0109 2216 PlugPlay - ok
18:45:04.0218 2216 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
18:45:04.0296 2216 PMBDeviceInfoProvider - ok
18:45:04.0296 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:45:04.0375 2216 PolicyAgent - ok
18:45:04.0390 2216 [ DE4DFB09BF96FD5F810750140E2AA236 ] ppsio2 C:\WINDOWS\system32\drivers\ppsio2.sys
18:45:04.0406 2216 ppsio2 ( UnsignedFile.Multi.Generic ) - warning
18:45:04.0406 2216 ppsio2 - detected UnsignedFile.Multi.Generic (1)
18:45:04.0421 2216 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:45:04.0515 2216 PptpMiniport - ok
18:45:04.0531 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:45:04.0609 2216 ProtectedStorage - ok
18:45:04.0625 2216 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:45:04.0718 2216 PSched - ok
18:45:04.0718 2216 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:45:04.0843 2216 Ptilink - ok
18:45:04.0843 2216 ql1080 - ok
18:45:04.0843 2216 Ql10wnt - ok
18:45:04.0843 2216 ql12160 - ok
18:45:04.0859 2216 ql1240 - ok
18:45:04.0859 2216 ql1280 - ok
18:45:04.0890 2216 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:45:04.0984 2216 RasAcd - ok
18:45:05.0031 2216 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:45:05.0109 2216 RasAuto - ok
18:45:05.0140 2216 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:45:05.0234 2216 Rasl2tp - ok
18:45:05.0296 2216 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:45:05.0375 2216 RasMan - ok
18:45:05.0390 2216 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:45:05.0500 2216 RasPppoe - ok
18:45:05.0500 2216 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:45:05.0609 2216 Raspti - ok
18:45:05.0625 2216 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:45:05.0703 2216 Rdbss - ok
18:45:05.0718 2216 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:45:05.0812 2216 RDPCDD - ok
18:45:05.0843 2216 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:45:05.0984 2216 RDPWD - ok
18:45:06.0046 2216 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:45:06.0140 2216 RDSessMgr - ok
18:45:06.0171 2216 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:45:06.0296 2216 redbook - ok
18:45:06.0343 2216 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:45:06.0437 2216 RemoteAccess - ok
18:45:06.0437 2216 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:45:06.0531 2216 RpcLocator - ok
18:45:06.0625 2216 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:45:06.0656 2216 RpcSs - ok
18:45:06.0734 2216 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
18:45:06.0765 2216 RsFx0103 - ok
18:45:06.0812 2216 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:45:06.0937 2216 RSVP - ok
18:45:06.0984 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:45:07.0062 2216 SamSs - ok
18:45:07.0140 2216 [ 224049C51E2C2D07B02B1BED262976A1 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
18:45:07.0156 2216 SbieDrv - ok
18:45:07.0203 2216 [ 3129023CEF1A2225665D44F9545DAED4 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
18:45:07.0218 2216 SbieSvc - ok
18:45:07.0234 2216 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:45:07.0328 2216 SCardSvr - ok
18:45:07.0359 2216 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:45:07.0453 2216 Schedule - ok
18:45:07.0468 2216 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:45:07.0578 2216 Secdrv - ok
18:45:07.0593 2216 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:45:07.0687 2216 seclogon - ok
18:45:07.0718 2216 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:45:07.0828 2216 Serial - ok
18:45:07.0875 2216 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:45:07.0968 2216 Sfloppy - ok
18:45:08.0046 2216 [ C950D0381B42A54541CD55ADCCF3D75B ] SgtSch2Svc C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
18:45:08.0125 2216 SgtSch2Svc - ok
18:45:08.0156 2216 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:45:08.0250 2216 SharedAccess - ok
18:45:08.0296 2216 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:45:08.0390 2216 ShellHWDetection - ok
18:45:08.0390 2216 Simbad - ok
18:45:08.0421 2216 [ 98B44C15B4EED76AA8DCCB64A4CA11AF ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
18:45:08.0437 2216 snapman - ok
18:45:08.0437 2216 Sparrow - ok
18:45:08.0453 2216 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:45:08.0546 2216 splitter - ok
18:45:08.0625 2216 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:45:08.0656 2216 Spooler - ok
18:45:08.0703 2216 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:45:08.0734 2216 SQLAgent$SQLEXPRESS - ok
18:45:08.0796 2216 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:45:08.0812 2216 SQLBrowser - ok
18:45:08.0828 2216 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:45:08.0859 2216 SQLWriter - ok
18:45:08.0859 2216 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:45:08.0953 2216 sr - ok
18:45:08.0984 2216 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:45:09.0093 2216 srservice - ok
18:45:09.0109 2216 [ 0F6AEFAD3641A657E18081F52D0C15AF ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:45:09.0125 2216 Srv - ok
18:45:09.0171 2216 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:45:09.0250 2216 SSDPSRV - ok
18:45:09.0312 2216 [ 797FCC1D859B203958E915BB82528DA9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
18:45:09.0375 2216 STHDA - ok
18:45:09.0406 2216 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:45:09.0500 2216 stisvc - ok
18:45:09.0546 2216 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:45:09.0640 2216 swenum - ok
18:45:09.0671 2216 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:45:09.0765 2216 swmidi - ok
18:45:09.0781 2216 SwPrv - ok
18:45:09.0781 2216 symc810 - ok
18:45:09.0781 2216 symc8xx - ok
18:45:09.0796 2216 sym_hi - ok
18:45:09.0796 2216 sym_u3 - ok
18:45:09.0828 2216 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:45:10.0015 2216 sysaudio - ok
18:45:10.0031 2216 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:45:10.0156 2216 SysmonLog - ok
18:45:10.0234 2216 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:45:10.0343 2216 TapiSrv - ok
18:45:10.0375 2216 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:45:10.0421 2216 Tcpip - ok
18:45:10.0453 2216 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:45:10.0546 2216 TDPIPE - ok
18:45:10.0578 2216 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:45:10.0671 2216 TDTCP - ok
18:45:10.0703 2216 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:45:10.0781 2216 TermDD - ok
18:45:10.0828 2216 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:45:10.0921 2216 TermService - ok
18:45:10.0953 2216 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:45:11.0031 2216 Themes - ok
18:45:11.0062 2216 [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
18:45:11.0078 2216 timounter - ok
18:45:11.0093 2216 TosIde - ok
18:45:11.0140 2216 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:45:11.0218 2216 TrkWks - ok
18:45:11.0250 2216 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:45:11.0359 2216 Udfs - ok
18:45:11.0359 2216 ultra - ok
18:45:11.0406 2216 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:45:11.0515 2216 Update - ok
18:45:11.0531 2216 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:45:11.0625 2216 UPS - ok
18:45:11.0656 2216 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:45:11.0750 2216 usbccgp - ok
18:45:11.0796 2216 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:45:11.0890 2216 usbehci - ok
18:45:11.0890 2216 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:45:11.0984 2216 usbhub - ok
18:45:12.0000 2216 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:45:12.0093 2216 usbprint - ok
18:45:12.0140 2216 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:45:12.0218 2216 usbscan - ok
18:45:12.0234 2216 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:45:12.0328 2216 USBSTOR - ok
18:45:12.0343 2216 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:45:12.0437 2216 usbuhci - ok
18:45:12.0468 2216 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:45:12.0546 2216 VgaSave - ok
18:45:12.0546 2216 ViaIde - ok
18:45:12.0578 2216 [ 149EC3E217F9D11E9CA6C54CE3D70C73 ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
18:45:12.0578 2216 vididr - ok
18:45:12.0593 2216 [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53 C:\WINDOWS\system32\DRIVERS\vsflt53.sys
18:45:12.0609 2216 vidsflt53 - ok
18:45:12.0656 2216 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:45:12.0734 2216 VolSnap - ok
18:45:12.0750 2216 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:45:12.0859 2216 VSS - ok
18:45:12.0875 2216 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:45:12.0968 2216 W32Time - ok
18:45:12.0968 2216 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:45:13.0062 2216 Wanarp - ok
18:45:13.0062 2216 WDICA - ok
18:45:13.0109 2216 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:45:13.0203 2216 wdmaud - ok
18:45:13.0250 2216 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:45:13.0328 2216 winmgmt - ok
18:45:13.0359 2216 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:45:13.0453 2216 WmiApSrv - ok
18:45:13.0515 2216 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:45:13.0578 2216 WPFFontCache_v0400 - ok
18:45:13.0625 2216 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:45:13.0718 2216 WS2IFSL - ok
18:45:13.0765 2216 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:45:13.0859 2216 wscsvc - ok
18:45:13.0906 2216 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:45:13.0984 2216 wuauserv - ok
18:45:14.0031 2216 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:45:14.0140 2216 WZCSVC - ok
18:45:14.0156 2216 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:45:14.0250 2216 xmlprov - ok
18:45:14.0250 2216 ================ Scan global ===============================
18:45:14.0296 2216 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:45:14.0312 2216 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
18:45:14.0328 2216 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
18:45:14.0343 2216 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:45:14.0359 2216 [Global] - ok
18:45:14.0359 2216 ================ Scan MBR ==================================
18:45:14.0359 2216 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:45:14.0625 2216 \Device\Harddisk0\DR0 - ok
18:45:14.0625 2216 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:45:14.0718 2216 \Device\Harddisk1\DR1 - ok
18:45:14.0718 2216 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
18:45:14.0812 2216 \Device\Harddisk2\DR2 - ok
18:45:14.0812 2216 ================ Scan VBR ==================================
18:45:14.0812 2216 [ D0FCBDE77BD84D97F0C06C447487BFA1 ] \Device\Harddisk0\DR0\Partition1
18:45:14.0812 2216 \Device\Harddisk0\DR0\Partition1 - ok
18:45:14.0812 2216 [ 964AA1CC9A3E07EE87FECF3E7A1891B4 ] \Device\Harddisk0\DR0\Partition2
18:45:14.0812 2216 \Device\Harddisk0\DR0\Partition2 - ok
18:45:14.0812 2216 [ E87BA0F20B13E6AD7B6014A0C5A13D0A ] \Device\Harddisk1\DR1\Partition1
18:45:14.0812 2216 \Device\Harddisk1\DR1\Partition1 - ok
18:45:14.0828 2216 [ AFE7C92B60B4F6FDF0277A8B01E4FA9F ] \Device\Harddisk2\DR2\Partition1
18:45:14.0828 2216 \Device\Harddisk2\DR2\Partition1 - ok
18:45:14.0828 2216 ================ Scan active images ========================
18:45:14.0828 2216 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
18:45:14.0828 2216 C:\WINDOWS\system32\drivers\intelppm.sys - ok
18:45:14.0828 2216 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
18:45:14.0828 2216 C:\WINDOWS\system32\drivers\videoprt.sys - ok
18:45:14.0828 2216 [ 449220E13E94B64EBFDC788E97EC9222 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
18:45:14.0828 2216 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
18:45:14.0843 2216 [ 00192F0C612591D585594E9467E6CA8B ] C:\WINDOWS\system32\drivers\e1e5132.sys
18:45:14.0843 2216 C:\WINDOWS\system32\drivers\e1e5132.sys - ok
18:45:14.0843 2216 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
18:45:14.0843 2216 C:\WINDOWS\system32\drivers\usbport.sys - ok
18:45:14.0843 2216 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
18:45:14.0843 2216 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
18:45:14.0843 2216 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] C:\WINDOWS\system32\drivers\cdrom.sys
18:45:14.0843 2216 C:\WINDOWS\system32\drivers\cdrom.sys - ok
18:45:14.0859 2216 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
18:45:14.0859 2216 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
18:45:14.0859 2216 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
18:45:14.0859 2216 C:\WINDOWS\system32\drivers\usbehci.sys - ok
18:45:14.0859 2216 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
18:45:14.0859 2216 C:\WINDOWS\system32\drivers\ks.sys - ok
18:45:14.0859 2216 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
18:45:14.0859 2216 C:\WINDOWS\system32\drivers\audstub.sys - ok
18:45:14.0859 2216 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
18:45:14.0859 2216 C:\WINDOWS\system32\drivers\imapi.sys - ok
18:45:14.0859 2216 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
18:45:14.0859 2216 C:\WINDOWS\system32\drivers\redbook.sys - ok
18:45:14.0875 2216 [ 3474B9391903C0AB2E9987CB4DE943D8 ] C:\WINDOWS\system32\drivers\mfendisk.sys
18:45:14.0875 2216 C:\WINDOWS\system32\drivers\mfendisk.sys - ok
18:45:14.0875 2216 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] C:\WINDOWS\system32\drivers\ndistapi.sys
18:45:14.0875 2216 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
18:45:14.0875 2216 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
18:45:14.0875 2216 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
18:45:14.0875 2216 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
18:45:14.0875 2216 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
18:45:14.0875 2216 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
18:45:14.0875 2216 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
18:45:14.0890 2216 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
18:45:14.0890 2216 C:\WINDOWS\system32\drivers\tdi.sys - ok
18:45:14.0890 2216 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
18:45:14.0890 2216 C:\WINDOWS\system32\drivers\raspptp.sys - ok
18:45:14.0890 2216 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
18:45:14.0890 2216 C:\WINDOWS\system32\drivers\msgpc.sys - ok
18:45:14.0890 2216 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
18:45:14.0890 2216 C:\WINDOWS\system32\drivers\psched.sys - ok
18:45:14.0890 2216 [ 39C20B7D9AC19BFE616CA09DD3A240AF ] C:\WINDOWS\system32\drivers\mfeavfk.sys
18:45:14.0890 2216 C:\WINDOWS\system32\drivers\mfeavfk.sys - ok
18:45:14.0890 2216 [ C8AC8147E02ED8795E1FD946165BACCF ] C:\WINDOWS\system32\drivers\mfefirek.sys
18:45:14.0890 2216 C:\WINDOWS\system32\drivers\mfefirek.sys - ok
18:45:14.0906 2216 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
18:45:14.0906 2216 C:\WINDOWS\system32\drivers\ptilink.sys - ok
18:45:14.0906 2216 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
18:45:14.0906 2216 C:\WINDOWS\system32\drivers\raspti.sys - ok
18:45:14.0906 2216 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
18:45:14.0906 2216 C:\WINDOWS\system32\drivers\termdd.sys - ok
18:45:14.0906 2216 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
18:45:14.0906 2216 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
18:45:14.0906 2216 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
18:45:14.0906 2216 C:\WINDOWS\system32\drivers\mouclass.sys - ok
18:45:14.0906 2216 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
18:45:14.0906 2216 C:\WINDOWS\system32\drivers\swenum.sys - ok
18:45:14.0921 2216 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
18:45:14.0921 2216 C:\WINDOWS\system32\drivers\update.sys - ok
18:45:14.0921 2216 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
18:45:14.0921 2216 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
18:45:14.0921 2216 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
18:45:14.0921 2216 C:\WINDOWS\system32\drivers\usbd.sys - ok
18:45:14.0921 2216 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
18:45:14.0921 2216 C:\WINDOWS\system32\drivers\usbhub.sys - ok
18:45:14.0921 2216 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
18:45:14.0921 2216 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
18:45:14.0921 2216 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
18:45:14.0921 2216 C:\WINDOWS\system32\drivers\drmk.sys - ok
18:45:14.0937 2216 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
18:45:14.0937 2216 C:\WINDOWS\system32\drivers\portcls.sys - ok
18:45:14.0937 2216 [ 797FCC1D859B203958E915BB82528DA9 ] C:\WINDOWS\system32\drivers\sthda.sys
18:45:14.0937 2216 C:\WINDOWS\system32\drivers\sthda.sys - ok
18:45:14.0937 2216 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
18:45:14.0937 2216 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
18:45:14.0937 2216 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
18:45:14.0937 2216 C:\WINDOWS\system32\drivers\fdc.sys - ok
18:45:14.0937 2216 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
18:45:14.0937 2216 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
18:45:14.0953 2216 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
18:45:14.0953 2216 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
18:45:14.0953 2216 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
18:45:14.0953 2216 C:\WINDOWS\system32\drivers\beep.sys - ok
18:45:14.0953 2216 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
18:45:14.0953 2216 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
18:45:14.0953 2216 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
18:45:14.0953 2216 C:\WINDOWS\system32\drivers\hidparse.sys - ok
18:45:14.0953 2216 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
18:45:14.0953 2216 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
18:45:14.0953 2216 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
18:45:14.0953 2216 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
18:45:14.0968 2216 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
18:45:14.0968 2216 C:\WINDOWS\system32\drivers\null.sys - ok
18:45:14.0968 2216 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
18:45:14.0968 2216 C:\WINDOWS\system32\drivers\vga.sys - ok
18:45:14.0968 2216 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
18:45:14.0968 2216 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
18:45:14.0968 2216 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
18:45:14.0968 2216 C:\WINDOWS\system32\drivers\msfs.sys - ok
18:45:14.0968 2216 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
18:45:14.0968 2216 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
18:45:14.0968 2216 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
18:45:14.0968 2216 C:\WINDOWS\system32\drivers\ipsec.sys - ok
18:45:14.0984 2216 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
18:45:14.0984 2216 C:\WINDOWS\system32\drivers\npfs.sys - ok
18:45:14.0984 2216 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
18:45:14.0984 2216 C:\WINDOWS\system32\drivers\rasacd.sys - ok
18:45:14.0984 2216 [ FCFAB391E3736769FE5865F3ACB3DCCB ] C:\WINDOWS\system32\drivers\mfetdi2k.sys
18:45:14.0984 2216 C:\WINDOWS\system32\drivers\mfetdi2k.sys - ok
18:45:14.0984 2216 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
18:45:14.0984 2216 C:\WINDOWS\system32\drivers\tcpip.sys - ok
18:45:14.0984 2216 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
18:45:14.0984 2216 C:\WINDOWS\system32\drivers\ipnat.sys - ok
18:45:15.0000 2216 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
18:45:15.0000 2216 C:\WINDOWS\system32\drivers\netbt.sys - ok
18:45:15.0000 2216 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
18:45:15.0000 2216 C:\WINDOWS\system32\drivers\wanarp.sys - ok
18:45:15.0000 2216 [ 7E775010EF291DA96AD17CA4B17137D7 ] C:\WINDOWS\system32\drivers\afd.sys
18:45:15.0000 2216 C:\WINDOWS\system32\drivers\afd.sys - ok
18:45:15.0000 2216 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:45:15.0000 2216 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
18:45:15.0000 2216 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
18:45:15.0000 2216 C:\WINDOWS\system32\drivers\netbios.sys - ok
18:45:15.0000 2216 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
18:45:15.0000 2216 C:\WINDOWS\system32\drivers\rdbss.sys - ok
18:45:15.0015 2216 [ F3AEFB11ABC521122B67095044169E98 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
18:45:15.0015 2216 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
18:45:15.0015 2216 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] C:\WINDOWS\system32\drivers\omci.sys
18:45:15.0015 2216 C:\WINDOWS\system32\drivers\omci.sys - ok
18:45:15.0015 2216 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
18:45:15.0015 2216 C:\WINDOWS\system32\drivers\fips.sys - ok
18:45:15.0015 2216 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
18:45:15.0015 2216 C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys - ok
18:45:15.0015 2216 [ 911DDF2E16761643A47225F654D811E5 ] C:\WINDOWS\system32\ntdll.dll
18:45:15.0015 2216 C:\WINDOWS\system32\ntdll.dll - ok
18:45:15.0015 2216 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
18:45:15.0015 2216 C:\WINDOWS\system32\smss.exe - ok
18:45:15.0031 2216 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
18:45:15.0031 2216 C:\WINDOWS\system32\autochk.exe - ok
18:45:15.0031 2216 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
18:45:15.0031 2216 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
18:45:15.0031 2216 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
18:45:15.0031 2216 C:\WINDOWS\system32\drivers\hidclass.sys - ok
18:45:15.0031 2216 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
18:45:15.0031 2216 C:\WINDOWS\system32\drivers\hidusb.sys - ok
18:45:15.0031 2216 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
18:45:15.0031 2216 C:\WINDOWS\system32\drivers\usbprint.sys - ok
18:45:15.0031 2216 [ 92A964547B96D697E5E9ED43B4297F5A ] C:\WINDOWS\system32\drivers\BrScnUsb.sys
18:45:15.0031 2216 C:\WINDOWS\system32\drivers\BrScnUsb.sys - ok
18:45:15.0046 2216 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
18:45:15.0046 2216 C:\WINDOWS\system32\drivers\mouhid.sys - ok
18:45:15.0046 2216 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
18:45:15.0046 2216 C:\WINDOWS\system32\sfcfiles.dll - ok
18:45:15.0046 2216 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
18:45:15.0046 2216 C:\WINDOWS\system32\drivers\cdfs.sys - ok
18:45:15.0046 2216 [ 294110966CEDD127629C5BE48367C8CF ] C:\WINDOWS\system32\drivers\iaStor.sys
18:45:15.0046 2216 C:\WINDOWS\system32\drivers\iaStor.sys - ok
18:45:15.0046 2216 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
18:45:15.0046 2216 C:\WINDOWS\system32\drivers\dxapi.sys - ok
18:45:15.0062 2216 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
18:45:15.0062 2216 C:\WINDOWS\system32\watchdog.sys - ok
18:45:15.0062 2216 [ E40E572FD5DA970921A893B05FB217D9 ] C:\WINDOWS\system32\win32k.sys
18:45:15.0062 2216 C:\WINDOWS\system32\win32k.sys - ok
18:45:15.0062 2216 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:45:15.0062 2216 C:\WINDOWS\system32\basesrv.dll - ok
18:45:15.0062 2216 [ 51C5B2BC37AE9EC5FED75B4AEEE04B18 ] C:\WINDOWS\system32\csrsrv.dll
18:45:15.0062 2216 C:\WINDOWS\system32\csrsrv.dll - ok
18:45:15.0062 2216 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
18:45:15.0062 2216 C:\WINDOWS\system32\csrss.exe - ok
18:45:15.0062 2216 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
18:45:15.0062 2216 C:\WINDOWS\system32\gdi32.dll - ok
18:45:15.0078 2216 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
18:45:15.0078 2216 C:\WINDOWS\system32\kernel32.dll - ok
18:45:15.0078 2216 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
18:45:15.0078 2216 C:\WINDOWS\system32\winsrv.dll - ok
18:45:15.0078 2216 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
18:45:15.0078 2216 C:\WINDOWS\system32\drivers\dxg.sys - ok
18:45:15.0078 2216 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
18:45:15.0078 2216 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
18:45:15.0078 2216 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
18:45:15.0078 2216 C:\WINDOWS\system32\user32.dll - ok
18:45:15.0078 2216 [ 4AFEC942F4E5BA876FFB6786764128E4 ] C:\WINDOWS\system32\nv4_disp.dll
18:45:15.0078 2216 C:\WINDOWS\system32\nv4_disp.dll - ok
18:45:15.0093 2216 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
18:45:15.0093 2216 C:\WINDOWS\system32\vga.dll - ok
18:45:15.0093 2216 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
18:45:15.0093 2216 C:\WINDOWS\system32\winlogon.exe - ok
18:45:15.0093 2216 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
18:45:15.0093 2216 C:\WINDOWS\system32\advapi32.dll - ok
18:45:15.0093 2216 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
18:45:15.0093 2216 C:\WINDOWS\system32\authz.dll - ok
18:45:15.0093 2216 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
18:45:15.0093 2216 C:\WINDOWS\system32\rpcrt4.dll - ok
18:45:15.0109 2216 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
18:45:15.0109 2216 C:\WINDOWS\system32\secur32.dll - ok
18:45:15.0109 2216 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
18:45:15.0109 2216 C:\WINDOWS\system32\msvcrt.dll - ok
18:45:15.0109 2216 [ BDAAF79DD63F194434D31A74B9BB8B77 ] C:\WINDOWS\system32\crypt32.dll
18:45:15.0109 2216 C:\WINDOWS\system32\crypt32.dll - ok
18:45:15.0109 2216 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
18:45:15.0109 2216 C:\WINDOWS\system32\msasn1.dll - ok
18:45:15.0109 2216 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
18:45:15.0109 2216 C:\WINDOWS\system32\nddeapi.dll - ok
18:45:15.0109 2216 [ 318230E845919255EF3C5D5E1E863631 ] C:\WINDOWS\system32\netapi32.dll
18:45:15.0109 2216 C:\WINDOWS\system32\netapi32.dll - ok
18:45:15.0125 2216 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
18:45:15.0125 2216 C:\WINDOWS\system32\profmap.dll - ok
18:45:15.0125 2216 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
18:45:15.0125 2216 C:\WINDOWS\system32\psapi.dll - ok
18:45:15.0125 2216 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
18:45:15.0125 2216 C:\WINDOWS\system32\regapi.dll - ok
18:45:15.0125 2216 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
18:45:15.0125 2216 C:\WINDOWS\system32\setupapi.dll - ok
18:45:15.0125 2216 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
18:45:15.0125 2216 C:\WINDOWS\system32\userenv.dll - ok
18:45:15.0125 2216 [ CA648BD638245EB83F971FF71B031BEC ] C:\WINDOWS\system32\imagehlp.dll
18:45:15.0125 2216 C:\WINDOWS\system32\imagehlp.dll - ok
18:45:15.0140 2216 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
18:45:15.0140 2216 C:\WINDOWS\system32\imm32.dll - ok
18:45:15.0140 2216 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
18:45:15.0140 2216 C:\WINDOWS\system32\kbdus.dll - ok
18:45:15.0140 2216 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
18:45:15.0140 2216 C:\WINDOWS\system32\version.dll - ok
18:45:15.0140 2216 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
18:45:15.0140 2216 C:\WINDOWS\system32\winsta.dll - ok
18:45:15.0140 2216 [ AEADC4FE32D6D60F36D9B9ACE5C642A2 ] C:\WINDOWS\system32\wintrust.dll
18:45:15.0140 2216 C:\WINDOWS\system32\wintrust.dll - ok
18:45:15.0156 2216 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
18:45:15.0156 2216 C:\WINDOWS\system32\ws2help.dll - ok
18:45:15.0156 2216 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
18:45:15.0156 2216 C:\WINDOWS\system32\ws2_32.dll - ok
18:45:15.0156 2216 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
18:45:15.0156 2216 C:\WINDOWS\system32\msgina.dll - ok
18:45:15.0156 2216 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
18:45:15.0156 2216 C:\WINDOWS\system32\comctl32.dll - ok
18:45:15.0156 2216 [ 52A5A388661FF3A889593185367B7226 ] C:\WINDOWS\system32\odbc32.dll
18:45:15.0156 2216 C:\WINDOWS\system32\odbc32.dll - ok
18:45:15.0156 2216 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
18:45:15.0156 2216 C:\WINDOWS\system32\comdlg32.dll - ok
18:45:15.0171 2216 [ 304CFF53C9C9BEB03607ABE94A8FC781 ] C:\WINDOWS\system32\shell32.dll
18:45:15.0171 2216 C:\WINDOWS\system32\shell32.dll - ok
18:45:15.0171 2216 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
18:45:15.0171 2216 C:\WINDOWS\system32\shlwapi.dll - ok
18:45:15.0171 2216 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
18:45:15.0171 2216 C:\WINDOWS\system32\sxs.dll - ok
18:45:15.0171 2216 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
18:45:15.0171 2216 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
18:45:15.0171 2216 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
18:45:15.0171 2216 C:\WINDOWS\system32\odbcint.dll - ok
18:45:15.0171 2216 [ 7A6A7900B5E322763430BA6FD9A31224 ] C:\WINDOWS\system32\ole32.dll
18:45:15.0171 2216 C:\WINDOWS\system32\ole32.dll - ok
18:45:15.0187 2216 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
18:45:15.0187 2216 C:\WINDOWS\system32\sfc.dll - ok
18:45:15.0187 2216 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
18:45:15.0187 2216 C:\WINDOWS\system32\sfc_os.dll - ok
18:45:15.0187 2216 [ 1926899BF9FFE2602B63074971700412 ] C:\WINDOWS\system32\shsvcs.dll
18:45:15.0187 2216 C:\WINDOWS\system32\shsvcs.dll - ok
18:45:15.0187 2216 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
18:45:15.0187 2216 C:\WINDOWS\system32\apphelp.dll - ok
18:45:15.0187 2216 [ 6A77C91890CFE08135301574BB29559F ] C:\WINDOWS\system32\lsasrv.dll
18:45:15.0187 2216 C:\WINDOWS\system32\lsasrv.dll - ok
18:45:15.0187 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
18:45:15.0187 2216 C:\WINDOWS\system32\lsass.exe - ok
18:45:15.0203 2216 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
18:45:15.0203 2216 C:\WINDOWS\system32\ncobjapi.dll - ok
18:45:15.0203 2216 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:45:15.0203 2216 C:\WINDOWS\system32\services.exe - ok
18:45:15.0203 2216 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
18:45:15.0203 2216 C:\WINDOWS\system32\msvcp60.dll - ok
18:45:15.0203 2216 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
18:45:15.0203 2216 C:\WINDOWS\system32\scesrv.dll - ok
18:45:15.0203 2216 [ 5D3FDE8FB2801A2041D1B965372C4928 ] C:\WINDOWS\system32\dnsapi.dll
18:45:15.0203 2216 C:\WINDOWS\system32\dnsapi.dll - ok
18:45:15.0203 2216 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
18:45:15.0203 2216 C:\WINDOWS\system32\mpr.dll - ok
18:45:15.0218 2216 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
18:45:15.0218 2216 C:\WINDOWS\system32\ntdsapi.dll - ok
18:45:15.0218 2216 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
18:45:15.0218 2216 C:\WINDOWS\system32\shimeng.dll - ok
18:45:15.0218 2216 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
18:45:15.0218 2216 C:\WINDOWS\system32\umpnpmgr.dll - ok
18:45:15.0218 2216 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
18:45:15.0218 2216 C:\WINDOWS\system32\wldap32.dll - ok
18:45:15.0218 2216 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
18:45:15.0218 2216 C:\WINDOWS\AppPatch\acadproc.dll - ok
18:45:15.0234 2216 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
18:45:15.0234 2216 C:\WINDOWS\system32\samlib.dll - ok
18:45:15.0234 2216 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
18:45:15.0234 2216 C:\WINDOWS\system32\samsrv.dll - ok
18:45:15.0234 2216 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
18:45:15.0234 2216 C:\WINDOWS\AppPatch\acgenral.dll - ok
18:45:15.0234 2216 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
18:45:15.0234 2216 C:\WINDOWS\system32\cryptdll.dll - ok
18:45:15.0234 2216 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
18:45:15.0234 2216 C:\WINDOWS\system32\msacm32.dll - ok
18:45:15.0234 2216 [ 387006CF9983000BAB76DD250D424045 ] C:\WINDOWS\system32\oleaut32.dll
18:45:15.0234 2216 C:\WINDOWS\system32\oleaut32.dll - ok
18:45:15.0250 2216 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
18:45:15.0250 2216 C:\WINDOWS\system32\uxtheme.dll - ok
18:45:15.0250 2216 [ F1300D0B4C40754A01DF16F350F0EF60 ] C:\WINDOWS\system32\winmm.dll
18:45:15.0250 2216 C:\WINDOWS\system32\winmm.dll - ok
18:45:15.0250 2216 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
18:45:15.0250 2216 C:\WINDOWS\system32\digest.dll - ok
18:45:15.0250 2216 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
18:45:15.0250 2216 C:\WINDOWS\system32\msapsspc.dll - ok
18:45:15.0250 2216 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
18:45:15.0250 2216 C:\WINDOWS\system32\msnsspc.dll - ok
18:45:15.0250 2216 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
18:45:15.0250 2216 C:\WINDOWS\system32\msvcrt40.dll - ok
18:45:15.0265 2216 [ 30ACE70B3C0242F0D1AC3B4FA708710F ] C:\WINDOWS\system32\schannel.dll
18:45:15.0265 2216 C:\WINDOWS\system32\schannel.dll - ok
18:45:15.0265 2216 [ 99EA6AC9B3FEE42E0438A3A24720EE3F ] C:\WINDOWS\system32\kerberos.dll
18:45:15.0265 2216 C:\WINDOWS\system32\kerberos.dll - ok
18:45:15.0265 2216 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
18:45:15.0265 2216 C:\WINDOWS\system32\msctfime.ime - ok
18:45:15.0265 2216 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
18:45:15.0265 2216 C:\WINDOWS\system32\msprivs.dll - ok
18:45:15.0265 2216 [ 9BB5690B2CA8C4435484E23362115FEA ] C:\WINDOWS\system32\atmfd.dll
18:45:15.0265 2216 C:\WINDOWS\system32\atmfd.dll - ok
18:45:15.0265 2216 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
18:45:15.0265 2216 C:\WINDOWS\system32\iphlpapi.dll - ok
18:45:15.0281 2216 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
18:45:15.0281 2216 C:\WINDOWS\system32\msv1_0.dll - ok
18:45:15.0281 2216 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
18:45:15.0281 2216 C:\WINDOWS\system32\netlogon.dll - ok
18:45:15.0281 2216 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
18:45:15.0281 2216 C:\WINDOWS\system32\rsaenh.dll - ok
18:45:15.0281 2216 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
18:45:15.0281 2216 C:\WINDOWS\system32\w32time.dll - ok
18:45:15.0281 2216 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
18:45:15.0281 2216 C:\WINDOWS\system32\wdigest.dll - ok
18:45:15.0296 2216 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
18:45:15.0296 2216 C:\WINDOWS\system32\scecli.dll - ok
18:45:15.0296 2216 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
18:45:15.0296 2216 C:\WINDOWS\system32\winscard.dll - ok
18:45:15.0296 2216 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
18:45:15.0296 2216 C:\WINDOWS\system32\wtsapi32.dll - ok
18:45:15.0296 2216 [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] C:\Program Files\Emsisoft Anti-Malware\a2service.exe
18:45:15.0296 2216 C:\Program Files\Emsisoft Anti-Malware\a2service.exe - ok
18:45:15.0296 2216 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
18:45:15.0296 2216 C:\WINDOWS\system32\msimg32.dll - ok
18:45:15.0296 2216 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
18:45:15.0296 2216 C:\WINDOWS\system32\winspool.drv - ok
18:45:15.0312 2216 [ AEF53C9AFF3688876D476F36288A56D2 ] C:\Program Files\Emsisoft Anti-Malware\a2engine.dll
18:45:15.0312 2216 C:\Program Files\Emsisoft Anti-Malware\a2engine.dll - ok
18:45:15.0312 2216 [ 1755023407FDE00D9916505A557569D5 ] C:\Program Files\Emsisoft Anti-Malware\bdcore.dll
18:45:15.0312 2216 C:\Program Files\Emsisoft Anti-Malware\bdcore.dll - ok
18:45:15.0312 2216 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] C:\WINDOWS\system32\mswsock.dll
18:45:15.0312 2216 C:\WINDOWS\system32\mswsock.dll - ok
18:45:15.0312 2216 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
18:45:15.0312 2216 C:\WINDOWS\system32\wsock32.dll - ok
18:45:15.0312 2216 [ 4E6C4FB949FB4D0952F718EF9D87C204 ] C:\Program Files\Emsisoft Anti-Malware\quarantine.dll
18:45:15.0312 2216 C:\Program Files\Emsisoft Anti-Malware\quarantine.dll - ok
18:45:15.0312 2216 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
18:45:15.0312 2216 C:\WINDOWS\system32\logonui.exe - ok
18:45:15.0328 2216 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
18:45:15.0328 2216 C:\WINDOWS\system32\duser.dll - ok
18:45:15.0328 2216 [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
18:45:15.0328 2216 C:\WINDOWS\system32\oleacc.dll - ok
18:45:15.0328 2216 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
18:45:15.0328 2216 C:\WINDOWS\system32\clbcatq.dll - ok
18:45:15.0328 2216 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
18:45:15.0328 2216 C:\WINDOWS\system32\comres.dll - ok
18:45:15.0328 2216 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
18:45:15.0328 2216 C:\WINDOWS\system32\shgina.dll - ok
18:45:15.0343 2216 [ 3F00B08A6BD8FAC25DCFF48E9955800F ] C:\Program Files\Emsisoft Anti-Malware\a2core32.dll
18:45:15.0343 2216 C:\Program Files\Emsisoft Anti-Malware\a2core32.dll - ok
18:45:15.0343 2216 [ EB38F568D21259B410D252A40B39366A ] C:\Program Files\Emsisoft Anti-Malware\a2dix86.dll
18:45:15.0343 2216 C:\Program Files\Emsisoft Anti-Malware\a2dix86.dll - ok
18:45:15.0343 2216 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
18:45:15.0343 2216 C:\WINDOWS\system32\fltlib.dll - ok
18:45:15.0343 2216 [ EC4D3CEF7D1DCF9DCD98A94BDE71E244 ] C:\Program Files\Emsisoft Anti-Malware\a2update.dll
18:45:15.0343 2216 C:\Program Files\Emsisoft Anti-Malware\a2update.dll - ok
18:45:15.0343 2216 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
18:45:15.0343 2216 C:\WINDOWS\system32\ntmarta.dll - ok
18:45:15.0343 2216 [ F432EB8D1D84A565167107E2EF001473 ] C:\Program Files\Emsisoft Anti-Malware\a2wsc.dll
18:45:15.0343 2216 C:\Program Files\Emsisoft Anti-Malware\a2wsc.dll - ok
18:45:15.0359 2216 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
18:45:15.0359 2216 C:\WINDOWS\system32\svchost.exe - ok
18:45:15.0359 2216 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
18:45:15.0359 2216 C:\WINDOWS\system32\rpcss.dll - ok
18:45:15.0359 2216 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
18:45:15.0359 2216 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
18:45:15.0359 2216 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
18:45:15.0359 2216 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
18:45:15.0359 2216 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
18:45:15.0359 2216 C:\WINDOWS\system32\xpsp2res.dll - ok
18:45:15.0359 2216 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
18:45:15.0359 2216 C:\WINDOWS\system32\eventlog.dll - ok
18:45:15.0375 2216 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
18:45:15.0375 2216 C:\WINDOWS\system32\hnetcfg.dll - ok
18:45:15.0375 2216 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
18:45:15.0375 2216 C:\WINDOWS\system32\wshtcpip.dll - ok
18:45:15.0375 2216 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
18:45:15.0375 2216 C:\WINDOWS\system32\winrnr.dll - ok
18:45:15.0375 2216 [ 913311F5F69932ADC29B0FF3015494CD ] C:\Program Files\Sandboxie\SbieDll.dll
18:45:15.0375 2216 C:\Program Files\Sandboxie\SbieDll.dll - ok
18:45:15.0375 2216 [ 3129023CEF1A2225665D44F9545DAED4 ] C:\Program Files\Sandboxie\SbieSvc.exe
18:45:15.0375 2216 C:\Program Files\Sandboxie\SbieSvc.exe - ok
18:45:15.0375 2216 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
18:45:15.0375 2216 C:\WINDOWS\system32\rasadhlp.dll - ok
18:45:15.0390 2216 [ 224049C51E2C2D07B02B1BED262976A1 ] C:\Program Files\Sandboxie\SbieDrv.sys
18:45:15.0390 2216 C:\Program Files\Sandboxie\SbieDrv.sys - ok
18:45:15.0390 2216 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
18:45:15.0390 2216 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
18:45:15.0390 2216 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
18:45:15.0390 2216 C:\WINDOWS\system32\dhcpcsvc.dll - ok
18:45:15.0390 2216 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
18:45:15.0390 2216 C:\WINDOWS\system32\lmhsvc.dll - ok
18:45:15.0390 2216 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
18:45:15.0390 2216 C:\WINDOWS\system32\wzcsvc.dll - ok
18:45:15.0406 2216 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
18:45:15.0406 2216 C:\WINDOWS\system32\atl.dll - ok
18:45:15.0406 2216 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
18:45:15.0406 2216 C:\WINDOWS\system32\dot3api.dll - ok
18:45:15.0406 2216 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
18:45:15.0406 2216 C:\WINDOWS\system32\eapolqec.dll - ok
18:45:15.0406 2216 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
18:45:15.0406 2216 C:\WINDOWS\system32\esent.dll - ok
18:45:15.0406 2216 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
18:45:15.0406 2216 C:\WINDOWS\system32\qutil.dll - ok
18:45:15.0406 2216 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
18:45:15.0406 2216 C:\WINDOWS\system32\rtutils.dll - ok
18:45:15.0421 2216 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
18:45:15.0421 2216 C:\WINDOWS\system32\wmi.dll - ok
18:45:15.0421 2216 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
18:45:15.0421 2216 C:\WINDOWS\system32\rastls.dll - ok
18:45:15.0421 2216 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
18:45:15.0421 2216 C:\WINDOWS\system32\cryptui.dll - ok
18:45:15.0421 2216 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
18:45:15.0421 2216 C:\WINDOWS\system32\normaliz.dll - ok
18:45:15.0421 2216 [ 30EE694430B9BD030858CCA88AF1875F ] C:\WINDOWS\system32\urlmon.dll
18:45:15.0421 2216 C:\WINDOWS\system32\urlmon.dll - ok
18:45:15.0421 2216 [ 306A2B05EA9846278113964DC6E2C940 ] C:\WINDOWS\system32\wininet.dll
18:45:15.0421 2216 C:\WINDOWS\system32\wininet.dll - ok
18:45:15.0437 2216 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
18:45:15.0437 2216 C:\WINDOWS\system32\activeds.dll - ok
18:45:15.0437 2216 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
18:45:15.0437 2216 C:\WINDOWS\system32\adsldpc.dll - ok
18:45:15.0437 2216 [ B8A72ABACA96B56FBE83AC2801586E50 ] C:\WINDOWS\system32\iertutil.dll
18:45:15.0437 2216 C:\WINDOWS\system32\iertutil.dll - ok
18:45:15.0437 2216 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
18:45:15.0437 2216 C:\WINDOWS\system32\mprapi.dll - ok
18:45:15.0437 2216 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
18:45:15.0437 2216 C:\WINDOWS\system32\rasapi32.dll - ok
18:45:15.0453 2216 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
18:45:15.0453 2216 C:\WINDOWS\system32\rasman.dll - ok
18:45:15.0453 2216 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
18:45:15.0453 2216 C:\WINDOWS\system32\tapi32.dll - ok
18:45:15.0453 2216 [ A14D324C50EB71FB480DDD60481D0C04 ] C:\WINDOWS\system32\pstorec.dll
18:45:15.0453 2216 C:\WINDOWS\system32\pstorec.dll - ok
18:45:15.0453 2216 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
18:45:15.0453 2216 C:\WINDOWS\system32\riched20.dll - ok
18:45:15.0453 2216 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
18:45:15.0453 2216 C:\WINDOWS\system32\raschap.dll - ok
18:45:15.0453 2216 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
18:45:15.0453 2216 C:\WINDOWS\system32\schedsvc.dll - ok
18:45:15.0453 2216 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
18:45:15.0468 2216 C:\WINDOWS\system32\msidle.dll - ok
18:45:15.0468 2216 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
18:45:15.0468 2216 C:\WINDOWS\system32\spoolsv.exe - ok
18:45:15.0468 2216 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
18:45:15.0468 2216 C:\WINDOWS\system32\audiosrv.dll - ok
18:45:15.0468 2216 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
18:45:15.0468 2216 C:\WINDOWS\system32\wkssvc.dll - ok
18:45:15.0468 2216 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
18:45:15.0468 2216 C:\WINDOWS\system32\powrprof.dll - ok
18:45:15.0468 2216 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
18:45:15.0468 2216 C:\WINDOWS\system32\wdmaud.drv - ok
18:45:15.0484 2216 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
18:45:15.0484 2216 C:\WINDOWS\system32\dpcdll.dll - ok
18:45:15.0484 2216 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
18:45:15.0484 2216 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
18:45:15.0484 2216 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
18:45:15.0484 2216 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
18:45:15.0484 2216 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
18:45:15.0484 2216 C:\WINDOWS\system32\drivers\splitter.sys - ok
18:45:15.0484 2216 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
18:45:15.0484 2216 C:\WINDOWS\system32\drprov.dll - ok
18:45:15.0484 2216 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
18:45:15.0484 2216 C:\WINDOWS\system32\netui0.dll - ok
18:45:15.0500 2216 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
18:45:15.0500 2216 C:\WINDOWS\system32\netui1.dll - ok
18:45:15.0500 2216 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
18:45:15.0500 2216 C:\WINDOWS\system32\ntlanman.dll - ok
18:45:15.0500 2216 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
18:45:15.0500 2216 C:\WINDOWS\system32\davclnt.dll - ok
18:45:15.0500 2216 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
18:45:15.0500 2216 C:\WINDOWS\system32\drivers\aec.sys - ok
18:45:15.0500 2216 [ 69A5ADF546505F4C69EF3046BF798B49 ] C:\WINDOWS\system32\mprui.dll
18:45:15.0500 2216 C:\WINDOWS\system32\mprui.dll - ok
18:45:15.0500 2216 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
18:45:15.0500 2216 C:\WINDOWS\system32\netmsg.dll - ok
18:45:15.0515 2216 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
18:45:15.0515 2216 C:\WINDOWS\system32\netrap.dll - ok
18:45:15.0515 2216 [ 1414E666316CA7D9823DBD2D4ADA5971 ] C:\WINDOWS\system32\netui2.dll
18:45:15.0515 2216 C:\WINDOWS\system32\netui2.dll - ok
18:45:15.0515 2216 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
18:45:15.0515 2216 C:\WINDOWS\system32\drivers\swmidi.sys - ok
18:45:15.0515 2216 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
18:45:15.0515 2216 C:\WINDOWS\system32\drivers\dmusic.sys - ok
18:45:15.0515 2216 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
18:45:15.0515 2216 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
18:45:15.0515 2216 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
18:45:15.0515 2216 C:\WINDOWS\system32\drivers\kmixer.sys - ok
18:45:15.0531 2216 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
18:45:15.0531 2216 C:\WINDOWS\system32\msacm32.drv - ok
18:45:15.0531 2216 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
18:45:15.0531 2216 C:\WINDOWS\system32\midimap.dll - ok
18:45:15.0531 2216 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
18:45:15.0531 2216 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
18:45:15.0531 2216 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
18:45:15.0531 2216 C:\WINDOWS\system32\drivers\parport.sys - ok
18:45:15.0531 2216 [ DE4DFB09BF96FD5F810750140E2AA236 ] C:\WINDOWS\system32\drivers\ppsio2.sys
18:45:15.0531 2216 C:\WINDOWS\system32\drivers\ppsio2.sys - ok
18:45:15.0546 2216 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
18:45:15.0546 2216 C:\WINDOWS\system32\drivers\serial.sys - ok
18:45:15.0546 2216 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:45:15.0546 2216 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
18:45:15.0546 2216 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
18:45:15.0546 2216 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
18:45:15.0546 2216 [ B04DB1F0B2652FCBCCC5FD0C46579F0F ] C:\WINDOWS\system32\mscoree.dll
18:45:15.0546 2216 C:\WINDOWS\system32\mscoree.dll - ok
18:45:15.0546 2216 [ 91061352084424820AC6268808CB8EE3 ] C:\Program Files\Java\jre6\bin\jqs.exe
18:45:15.0546 2216 C:\Program Files\Java\jre6\bin\jqs.exe - ok
18:45:15.0546 2216 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
18:45:15.0546 2216 C:\WINDOWS\system32\certcli.dll - ok
18:45:15.0562 2216 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
18:45:15.0562 2216 C:\WINDOWS\system32\cryptsvc.dll - ok
18:45:15.0562 2216 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
18:45:15.0562 2216 C:\WINDOWS\system32\ersvc.dll - ok
18:45:15.0562 2216 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
18:45:15.0562 2216 C:\WINDOWS\system32\hid.dll - ok
18:45:15.0562 2216 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
18:45:15.0562 2216 C:\WINDOWS\system32\hidserv.dll - ok
18:45:15.0562 2216 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
18:45:15.0562 2216 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
18:45:15.0578 2216 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
18:45:15.0578 2216 C:\WINDOWS\system32\pdh.dll - ok
18:45:15.0578 2216 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
18:45:15.0578 2216 C:\WINDOWS\system32\odbcbcp.dll - ok
18:45:15.0578 2216 [ 5712DCBE52D68865CCA91AE04807B755 ] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:45:15.0578 2216 C:\Program Files\Common Files\LightScribe\LSSrvc.exe - ok
18:45:15.0578 2216 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Common Files\LightScribe\msvcp71.dll
18:45:15.0578 2216 C:\Program Files\Common Files\LightScribe\msvcp71.dll - ok
18:45:15.0578 2216 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Common Files\LightScribe\msvcr71.dll
18:45:15.0578 2216 C:\Program Files\Common Files\LightScribe\msvcr71.dll - ok
18:45:15.0578 2216 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
18:45:15.0578 2216 C:\WINDOWS\system32\srvsvc.dll - ok
18:45:15.0593 2216 [ 0F6AEFAD3641A657E18081F52D0C15AF ] C:\WINDOWS\system32\drivers\srv.sys
18:45:15.0593 2216 C:\WINDOWS\system32\drivers\srv.sys - ok
18:45:15.0593 2216 [ AA897735D5AB916297A6823A9B2D61B1 ] C:\WINDOWS\system32\localspl.dll
18:45:15.0593 2216 C:\WINDOWS\system32\localspl.dll - ok
18:45:15.0593 2216 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
18:45:15.0593 2216 C:\WINDOWS\system32\spoolss.dll - ok
18:45:15.0593 2216 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
18:45:15.0593 2216 C:\WINDOWS\system32\cnbjmon.dll - ok
18:45:15.0593 2216 [ 7D465B4715EF166A18D1474B6DF81BC0 ] C:\WINDOWS\system32\lmdimon8.dll
18:45:15.0593 2216 C:\WINDOWS\system32\lmdimon8.dll - ok
18:45:15.0593 2216 [ ABF1962C902E85AD36761956BDE72325 ] C:\WINDOWS\system32\msi.dll
18:45:15.0593 2216 C:\WINDOWS\system32\msi.dll - ok
18:45:15.0609 2216 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
18:45:15.0609 2216 C:\WINDOWS\system32\pjlmon.dll - ok
18:45:15.0609 2216 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
18:45:15.0609 2216 C:\WINDOWS\system32\tcpmon.dll - ok
18:45:15.0609 2216 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
18:45:15.0609 2216 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
18:45:15.0609 2216 [ A8AFF61C1533745EF2932E57FEDD2FF7 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
18:45:15.0609 2216 C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll - ok
18:45:15.0609 2216 [ 091BAF6A902261F235B734DEFE0473EC ] C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll
18:45:15.0609 2216 C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll - ok
18:45:15.0625 2216 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
18:45:15.0625 2216 C:\WINDOWS\system32\usbmon.dll - ok
18:45:15.0625 2216 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
18:45:15.0625 2216 C:\WINDOWS\system32\inetpp.dll - ok
18:45:15.0625 2216 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
18:45:15.0625 2216 C:\WINDOWS\system32\win32spl.dll - ok
18:45:15.0625 2216 [ ECAB006AC6136F1307E140B633CDB8C2 ] C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:45:15.0625 2216 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe - ok
18:45:15.0625 2216 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
18:45:15.0625 2216 C:\WINDOWS\system32\perfdisk.dll - ok
18:45:15.0625 2216 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
18:45:15.0625 2216 C:\WINDOWS\system32\perfos.dll - ok
18:45:15.0640 2216 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\WINDOWS\system32\msvcr100.dll
18:45:15.0640 2216 C:\WINDOWS\system32\msvcr100.dll - ok
18:45:15.0640 2216 [ B1E8AF364027029272758C8E34776144 ] C:\Program Files\Common Files\McAfee\MSC\LogCntrl.dll
18:45:15.0640 2216 C:\Program Files\Common Files\McAfee\MSC\LogCntrl.dll - ok
18:45:15.0640 2216 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
18:45:15.0640 2216 C:\WINDOWS\system32\userinit.exe - ok
18:45:15.0640 2216 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
18:45:15.0640 2216 C:\WINDOWS\explorer.exe - ok
18:45:15.0640 2216 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
18:45:15.0640 2216 C:\WINDOWS\system32\browseui.dll - ok
18:45:15.0640 2216 [ 62BDF8E945F23BEE485BB3CB4ED19CB7 ] C:\WINDOWS\system32\shdocvw.dll
18:45:15.0640 2216 C:\WINDOWS\system32\shdocvw.dll - ok
18:45:15.0656 2216 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
18:45:15.0656 2216 C:\WINDOWS\system32\cscui.dll - ok
18:45:15.0656 2216 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
18:45:15.0656 2216 C:\WINDOWS\system32\cscdll.dll - ok
18:45:15.0656 2216 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
18:45:15.0656 2216 C:\WINDOWS\system32\desk.cpl - ok
18:45:15.0656 2216 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
18:45:15.0656 2216 C:\WINDOWS\system32\themeui.dll - ok
18:45:15.0656 2216 [ 1D702A6E768510F2623171C963AFAE36 ] C:\Program Files\McAfee\SiteAdvisor\SaSSHMod.dll
18:45:15.0656 2216 C:\Program Files\McAfee\SiteAdvisor\SaSSHMod.dll - ok
18:45:15.0671 2216 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] C:\Program Files\Common Files\Motive\McciCMService.exe
18:45:15.0671 2216 C:\Program Files\Common Files\Motive\McciCMService.exe - ok
18:45:15.0671 2216 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
18:45:15.0671 2216 C:\WINDOWS\system32\actxprxy.dll - ok
18:45:15.0671 2216 [ 82EF9C21FA2FA566FCE1C153A7B3EA2E ] C:\Program Files\Java\jre6\bin\awt.dll
18:45:15.0671 2216 C:\Program Files\Java\jre6\bin\awt.dll - ok
18:45:15.0671 2216 [ 82B7415D5A8FB24D3F6736400F5E1600 ] C:\WINDOWS\system32\mfevtps.exe
18:45:15.0671 2216 C:\WINDOWS\system32\mfevtps.exe - ok
18:45:15.0671 2216 [ 6FBB8AB011931F0753C22AB00E7FD5CD ] C:\Program Files\Java\jre6\bin\client\jvm.dll
18:45:15.0671 2216 C:\Program Files\Java\jre6\bin\client\jvm.dll - ok
18:45:15.0671 2216 [ 8C77ECF3C7DCBB926312B7ECED6ECA75 ] C:\WINDOWS\system32\winhttp.dll
18:45:15.0671 2216 C:\WINDOWS\system32\winhttp.dll - ok
18:45:15.0687 2216 [ CAC6F6F206C978DEEA928B9302646A09 ] C:\PROGRA~1\McAfee\MSC\mcmscsub.dll
18:45:15.0687 2216 C:\PROGRA~1\McAfee\MSC\mcmscsub.dll - ok
18:45:15.0687 2216 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
18:45:15.0687 2216 C:\WINDOWS\system32\cmd.exe - ok
18:45:15.0687 2216 [ 2EF237A6B7232F45A7DF000C54974BF1 ] C:\WINDOWS\system32\ieframe.dll
18:45:15.0687 2216 C:\WINDOWS\system32\ieframe.dll - ok
18:45:15.0687 2216 [ C85670AB64068F8080998AEBA6C5019C ] C:\WINDOWS\system32\atl100.dll
18:45:15.0687 2216 C:\WINDOWS\system32\atl100.dll - ok
18:45:15.0687 2216 [ BC83108B18756547013ED443B8CDB31B ] C:\WINDOWS\system32\msvcp100.dll
18:45:15.0687 2216 C:\WINDOWS\system32\msvcp100.dll - ok
18:45:15.0687 2216 [ 7DED7521EB8B8D56DADCD044D1B77709 ] C:\PROGRA~1\McAfee\SITEAD~1\saupkeep.dll
18:45:15.0687 2216 C:\PROGRA~1\McAfee\SITEAD~1\saupkeep.dll - ok
18:45:15.0703 2216 [ 7CC9484FBC922F7DC0B1D767A256C1E5 ] C:\PROGRA~1\McAfee\VIRUSS~1\NaiAnn.dll
18:45:15.0703 2216 C:\PROGRA~1\McAfee\VIRUSS~1\NaiAnn.dll - ok
18:45:15.0703 2216 [ B6BC3BE34663B1AFFA90929B3721D2A9 ] C:\Program Files\Java\jre6\bin\dcpr.dll
18:45:15.0703 2216 C:\Program Files\Java\jre6\bin\dcpr.dll - ok
18:45:15.0703 2216 [ 142E8D3C5C68E2A7EBF832F3756AAC60 ] C:\Program Files\Java\jre6\bin\deploy.dll
18:45:15.0703 2216 C:\Program Files\Java\jre6\bin\deploy.dll - ok
18:45:15.0703 2216 [ 31A9B48230D3880527037F938750D63E ] C:\Program Files\Java\jre6\bin\fontmanager.dll
18:45:15.0703 2216 C:\Program Files\Java\jre6\bin\fontmanager.dll - ok
18:45:15.0703 2216 [ 992FDADAB5A58A357AC54498FBF2016C ] C:\Program Files\Java\jre6\bin\hpi.dll
18:45:15.0703 2216 C:\Program Files\Java\jre6\bin\hpi.dll - ok
18:45:15.0703 2216 [ 4A3242B5B25D9A803A5469A6DD9FCCDE ] C:\Program Files\Java\jre6\bin\java.dll
18:45:15.0703 2216 C:\Program Files\Java\jre6\bin\java.dll - ok
18:45:15.0718 2216 [ 36F1BDE30FB27A78A27DC13ADB5BE9EC ] C:\Program Files\Java\jre6\bin\javaw.exe
18:45:15.0718 2216 C:\Program Files\Java\jre6\bin\javaw.exe - ok
18:45:15.0718 2216 [ 8E1D15CC9F34302B661229036A11A4EB ] C:\Program Files\Java\jre6\bin\jp2native.dll
18:45:15.0718 2216 C:\Program Files\Java\jre6\bin\jp2native.dll - ok
18:45:15.0718 2216 [ EC0FE83D3A62E9159CC14BFEC52B4361 ] C:\Program Files\Java\jre6\bin\jpeg.dll
18:45:15.0718 2216 C:\Program Files\Java\jre6\bin\jpeg.dll - ok
18:45:15.0718 2216 [ 9CA1C6FDF570D20F506E70654FBF9861 ] C:\Program Files\Java\jre6\bin\net.dll
18:45:15.0718 2216 C:\Program Files\Java\jre6\bin\net.dll - ok
18:45:15.0718 2216 [ 2E50B9E0C0647475116247DCE4357161 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\11_6_2~1\mcutil.dll
18:45:15.0718 2216 C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\11_6_2~1\mcutil.dll - ok
18:45:15.0734 2216 [ 7874739A4E6A0B391720436EDBB580F3 ] C:\Program Files\Java\jre6\bin\nio.dll
18:45:15.0734 2216 C:\Program Files\Java\jre6\bin\nio.dll - ok
18:45:15.0734 2216 [ 5CCC99D373562E2FE241C846636DA3FE ] C:\Program Files\Java\jre6\bin\regutils.dll
18:45:15.0734 2216 C:\Program Files\Java\jre6\bin\regutils.dll - ok
18:45:15.0734 2216 [ 28E60C4EC03340EE7C5D51D79C19498B ] C:\PROGRA~1\COMMON~1\McAfee\Core\mccoreps.dll
18:45:15.0734 2216 C:\PROGRA~1\COMMON~1\McAfee\Core\mccoreps.dll - ok
18:45:15.0734 2216 [ 9972D89BB6561E57E3E1D63B805FD900 ] C:\Program Files\Java\jre6\bin\verify.dll
18:45:15.0734 2216 C:\Program Files\Java\jre6\bin\verify.dll - ok
18:45:15.0734 2216 [ 2BDD66064F1AF7907800A94176F51F84 ] C:\Program Files\Java\jre6\bin\zip.dll
18:45:15.0734 2216 C:\Program Files\Java\jre6\bin\zip.dll - ok
18:45:15.0734 2216 [ B8B742537BFA1AC4F742B36BEB310BF6 ] C:\PROGRA~1\McAfee\VIRUSS~1\McVsPs.dll
18:45:15.0734 2216 C:\PROGRA~1\McAfee\VIRUSS~1\McVsPs.dll - ok
18:45:15.0750 2216 [ 149DA63ED179DE9B46D5C38A867F3199 ] C:\PROGRA~1\McAfee\VIRUSS~1\NaiAnnPs.dll
18:45:15.0750 2216 C:\PROGRA~1\McAfee\VIRUSS~1\NaiAnnPs.dll - ok
18:45:15.0750 2216 [ B05640AC812FCCB488328DF34E7F663A ] C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
18:45:15.0750 2216 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe - ok
18:45:15.0750 2216 [ 2E645C11AAB7A7E5F607355F6CBDF068 ] C:\PROGRA~1\McAfee\VIRUSS~1\MVsCfg.dll
18:45:15.0750 2216 C:\PROGRA~1\McAfee\VIRUSS~1\MVsCfg.dll - ok
18:45:15.0750 2216 [ C3333DD48A39C17689414275E09D7CC7 ] C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll
18:45:15.0750 2216 C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll - ok
18:45:15.0750 2216 [ D37356755AF6B5A6C84735258EDBBC57 ] C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_worker.dll
18:45:15.0750 2216 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_worker.dll - ok
18:45:15.0765 2216 [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
18:45:15.0765 2216 C:\WINDOWS\system32\lz32.dll - ok
18:45:15.0765 2216 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
18:45:15.0765 2216 C:\WINDOWS\system32\shfolder.dll - ok
18:45:15.0765 2216 [ 240F879F13CFFAE974B8929ADC42A257 ] C:\Program Files\Common Files\McAfee\SystemCore\mcshield.dll
18:45:15.0765 2216 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.dll - ok
18:45:15.0765 2216 [ 2F25B52B0CF0F6F5BE2D789181D61735 ] C:\Program Files\McAfee\VirusScan\mvslog.dll
18:45:15.0765 2216 C:\Program Files\McAfee\VirusScan\mvslog.dll - ok
18:45:15.0765 2216 [ 45AF9B0A6C6A09D848CAC557DD036971 ] C:\PROGRA~1\McAfee\MSC\McTelemetryAPI.dll
18:45:15.0765 2216 C:\PROGRA~1\McAfee\MSC\McTelemetryAPI.dll - ok
18:45:15.0765 2216 [ AE02E6DAC99FA4DC642C71B10FEE9971 ] C:\Program Files\Common Files\McAfee\MSC\LangSel.dll
18:45:15.0765 2216 C:\Program Files\Common Files\McAfee\MSC\LangSel.dll - ok
18:45:15.0781 2216 [ 4BE8D8FB641F43F4C4D6CF6AB5ADE968 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\McRTMui.dll
18:45:15.0781 2216 C:\PROGRA~1\COMMON~1\McAfee\MSC\McRTMui.dll - ok
18:45:15.0781 2216 [ 6A9A136C7403FA7452834FF025ECFA9D ] C:\Program Files\McAfee\MSC\oemui.dll
18:45:15.0781 2216 C:\Program Files\McAfee\MSC\oemui.dll - ok
18:45:15.0781 2216 [ 516F2ED421D9689696D38D5B5F825370 ] C:\Program Files\McAfee\MSC\mcprlres.dll
18:45:15.0781 2216 C:\Program Files\McAfee\MSC\mcprlres.dll - ok
18:45:15.0781 2216 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
18:45:15.0781 2216 C:\WINDOWS\system32\cryptnet.dll - ok
18:45:15.0781 2216 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
18:45:15.0781 2216 C:\WINDOWS\system32\sensapi.dll - ok
18:45:15.0781 2216 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
18:45:15.0781 2216 C:\WINDOWS\system32\cabinet.dll - ok
18:45:15.0796 2216 [ 1169436EE42F860C7DB37A4692B38F0E ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
18:45:15.0796 2216 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll - ok
18:45:15.0796 2216 [ 32D2C44247C8F9CAC70DE1F3AE121964 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll
18:45:15.0796 2216 C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll - ok
18:45:15.0796 2216 [ 8C53CCD787C381CD535D8DCCA12584D8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
18:45:15.0796 2216 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll - ok
18:45:15.0796 2216 [ 32C940D6BAAD78CC236BF8832D1AD9B7 ] C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlos.dll
18:45:15.0796 2216 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlos.dll - ok
18:45:15.0796 2216 [ B88613BE5B9939BD5DD63F9E196413AD ] C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\opends60.dll
18:45:15.0796 2216 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\opends60.dll - ok
18:45:15.0812 2216 [ 0FB5AA33D26F7212963D832083CD0C5C ] C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\batchparser.dll
18:45:15.0812 2216 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\batchparser.dll - ok
18:45:15.0812 2216 [ E31E4E9F644FBFE79DCA532D9781F71D ] C:\Program Files\Microsoft SQL Server\100\Shared\instapi10.dll
18:45:15.0812 2216 C:\Program Files\Microsoft SQL Server\100\Shared\instapi10.dll - ok
18:45:15.0812 2216 [ 00E36BEEA22C92D1030C6D8F80BC0F6A ] C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
18:45:15.0812 2216 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe - ok
18:45:15.0812 2216 [ B0FF455B1ED1BF859D24ACDB0855B985 ] C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlboot.dll
18:45:15.0812 2216 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlboot.dll - ok
18:45:15.0812 2216 [ 11123D8CAC3E659C4C9D88526DC57E42 ] C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
18:45:15.0812 2216 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll - ok
18:45:15.0812 2216 [ 0398080B5AC3A16F2D314B6CC75060AD ] C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlos.dll
18:45:15.0812 2216 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlos.dll - ok
18:45:15.0828 2216 [ E111CED19D6A9FF9BBA5C219D0C5A3CE ] C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\opends60.dll
18:45:15.0828 2216 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\opends60.dll - ok
18:45:15.0828 2216 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
18:45:15.0828 2216 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
18:45:15.0828 2216 [ 7B193BA3F0245D5867B71AD1CF631474 ] C:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll
18:45:15.0828 2216 C:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll - ok
18:45:15.0828 2216 [ B913091D9A9ECE911B1DAA91AE8A65D5 ] C:\WINDOWS\system32\nvcpl.dll
18:45:15.0828 2216 C:\WINDOWS\system32\nvcpl.dll - ok
18:45:15.0828 2216 [ 2F7CD9D1BB1948DA19CF51E76550FD68 ] C:\WINDOWS\system32\nvsvc32.exe
18:45:15.0828 2216 C:\WINDOWS\system32\nvsvc32.exe - ok
18:45:15.0843 2216 [ 4F3CA19A916FB67A2535A56806F68F88 ] C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLBOOT.dll
18:45:15.0843 2216 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLBOOT.dll - ok
18:45:15.0843 2216 [ 627FA58ADC043704F9D14CA44340956F ] C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
18:45:15.0843 2216 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe - ok
18:45:15.0843 2216 [ A2E50E911680B2B7ED241BE318EF008E ] C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1033\sqlevn70.rll
18:45:15.0843 2216 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1033\sqlevn70.rll - ok
18:45:15.0843 2216 [ D7C454957E2094589A189E88014F7CDD ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4974_x-ww_39291683\atl90.dll
18:45:15.0843 2216 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4974_x-ww_39291683\atl90.dll - ok
18:45:15.0843 2216 [ 87AF258581A96331E14B11280721516F ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4974_x-ww_d889290f\msvcp90.dll
18:45:15.0843 2216 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4974_x-ww_d889290f\msvcp90.dll - ok
18:45:15.0843 2216 [ EBE9F2ED58018DD0FC2A7C0D5F4DEBE0 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4974_x-ww_d889290f\msvcr90.dll
18:45:15.0843 2216 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4974_x-ww_d889290f\msvcr90.dll - ok
18:45:15.0859 2216 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
18:45:15.0859 2216 C:\WINDOWS\system32\ipsecsvc.dll - ok
18:45:15.0859 2216 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
18:45:15.0859 2216 C:\WINDOWS\system32\oakley.dll - ok
18:45:15.0859 2216 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
18:45:15.0859 2216 C:\WINDOWS\system32\seclogon.dll - ok
18:45:15.0859 2216 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
18:45:15.0859 2216 C:\WINDOWS\system32\dssenh.dll - ok
18:45:15.0859 2216 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
18:45:15.0859 2216 C:\WINDOWS\system32\psbase.dll - ok
18:45:15.0859 2216 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
18:45:15.0859 2216 C:\WINDOWS\system32\pstorsvc.dll - ok
18:45:15.0875 2216 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
18:45:15.0875 2216 C:\WINDOWS\system32\winipsec.dll - ok
18:45:15.0875 2216 [ C950D0381B42A54541CD55ADCCF3D75B ] C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
18:45:15.0875 2216 C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe - ok
18:45:15.0875 2216 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
18:45:15.0875 2216 C:\WINDOWS\system32\ipnathlp.dll - ok
18:45:15.0875 2216 [ B54B48F6D92423440C264E91225C5FF1 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:45:15.0875 2216 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe - ok
18:45:15.0875 2216 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
18:45:15.0875 2216 C:\WINDOWS\system32\security.dll - ok
18:45:15.0890 2216 [ 637A0F23F9012358E92E6F99835494D1 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:45:15.0890 2216 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe - ok
18:45:15.0890 2216 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
18:45:15.0890 2216 C:\WINDOWS\system32\netshell.dll - ok
18:45:15.0890 2216 [ 070812B5FCD46F5A22AF74EBF6A81E06 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll
18:45:15.0890 2216 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll - ok
18:45:15.0890 2216 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
18:45:15.0890 2216 C:\WINDOWS\system32\wiaservc.dll - ok
18:45:15.0890 2216 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
18:45:15.0890 2216 C:\WINDOWS\system32\vssapi.dll - ok
18:45:15.0890 2216 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
18:45:15.0890 2216 C:\WINDOWS\system32\cfgmgr32.dll - ok
18:45:15.0906 2216 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
18:45:15.0906 2216 C:\WINDOWS\system32\mscms.dll - ok
18:45:15.0906 2216 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
18:45:15.0906 2216 C:\WINDOWS\system32\credui.dll - ok
18:45:15.0906 2216 [ 4BAA73CB727D69BB6D03BC11B5701F1B ] C:\WINDOWS\system32\BrWia04b.dll
18:45:15.0906 2216 C:\WINDOWS\system32\BrWia04b.dll - ok
18:45:15.0906 2216 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
18:45:15.0906 2216 C:\WINDOWS\system32\dot3dlg.dll - ok
18:45:15.0921 2216 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
18:45:15.0921 2216 C:\WINDOWS\system32\onex.dll - ok
18:45:15.0921 2216 [ A4D46B6FA6AD0E3AA309D060F00A3808 ] C:\Program Files\Common Files\McAfee\SystemCore\lockdown.dll
18:45:15.0921 2216 C:\Program Files\Common Files\McAfee\SystemCore\lockdown.dll - ok
18:45:15.0921 2216 [ 6C2D89C52DA8592C57FB0DC7BAB36FF7 ] C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
18:45:15.0921 2216 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe - ok
18:45:15.0921 2216 [ 01E8D9B07EEB603CC6BF5CDB21F1DCC9 ] C:\Program Files\Common Files\McAfee\SystemCore\mytilus3.dll
18:45:15.0921 2216 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3.dll - ok
18:45:15.0921 2216 [ CCBE0C26F9C221E73211890F8346CE70 ] C:\WINDOWS\system32\BrUSi04b.dll
18:45:15.0921 2216 C:\WINDOWS\system32\BrUSi04b.dll - ok
18:45:15.0937 2216 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
18:45:15.0937 2216 C:\WINDOWS\system32\eappcfg.dll - ok
18:45:15.0937 2216 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
18:45:15.0937 2216 C:\WINDOWS\system32\eappprxy.dll - ok
18:45:15.0937 2216 [ 8D3FF64E90496C73C0344774329581B6 ] C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_server.dll
18:45:15.0937 2216 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_server.dll - ok
18:45:15.0937 2216 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
18:45:15.0937 2216 C:\WINDOWS\system32\trkwks.dll - ok
18:45:15.0953 2216 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
18:45:15.0953 2216 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
18:45:15.0953 2216 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
18:45:15.0953 2216 C:\WINDOWS\system32\wuauserv.dll - ok
18:45:15.0953 2216 [ 250304DC7238574A6CECC88F13E07538 ] C:\Program Files\Common Files\McAfee\SystemCore\ftl.dll
18:45:15.0953 2216 C:\Program Files\Common Files\McAfee\SystemCore\ftl.dll - ok
18:45:15.0953 2216 [ 6298277B73C77FA99106B271A7525163 ] C:\WINDOWS\system32\wuaueng.dll
18:45:15.0953 2216 C:\WINDOWS\system32\wuaueng.dll - ok
18:45:15.0953 2216 [ 4E13EA496E202BCB4FCC342D96FAF83A ] C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
18:45:15.0953 2216 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe - ok
18:45:15.0953 2216 [ E64585A16E4452DF3F756EC4CA809E75 ] C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll
18:45:15.0953 2216 C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll - ok
18:45:15.0968 2216 [ 7509744AD3ECA4D625520B55633CB2CF ] C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll
18:45:15.0968 2216 C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll - ok
18:45:15.0968 2216 [ 55E8267140290D8E1BF291252F3723D1 ] C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll
18:45:15.0968 2216 C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll - ok
18:45:15.0968 2216 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
18:45:15.0968 2216 C:\WINDOWS\system32\netman.dll - ok
18:45:15.0968 2216 [ DA7212A2E5DF4058FF72840BF4EF67EC ] C:\Program Files\Common Files\McAfee\SystemCore\mfeavfa.dll
18:45:15.0968 2216 C:\Program Files\Common Files\McAfee\SystemCore\mfeavfa.dll - ok
18:45:15.0968 2216 [ 8CD7F18D1EF09160FD201446CA70A2FD ] C:\PROGRA~1\McAfee\MPF\MpfSvc.dll
18:45:15.0968 2216 C:\PROGRA~1\McAfee\MPF\MpfSvc.dll - ok
18:45:15.0968 2216 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
18:45:15.0968 2216 C:\WINDOWS\system32\wzcsapi.dll - ok
18:45:15.0984 2216 [ F721987C5A710EF2EDA2CBA9CFFAFAF7 ] C:\Program Files\Common Files\McAfee\MNA\McNASvc.dll
18:45:15.0984 2216 C:\Program Files\Common Files\McAfee\MNA\McNASvc.dll - ok
18:45:15.0984 2216 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
18:45:15.0984 2216 C:\WINDOWS\system32\mspatcha.dll - ok
18:45:15.0984 2216 [ A06CE3399D16DB864F55FAEB1F1927A9 ] C:\WINDOWS\system32\browser.dll
18:45:15.0984 2216 C:\WINDOWS\system32\browser.dll - ok
18:45:15.0984 2216 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
18:45:15.0984 2216 C:\WINDOWS\system32\wscsvc.dll - ok
18:45:15.0984 2216 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
18:45:15.0984 2216 C:\WINDOWS\system32\netcfgx.dll - ok
18:45:15.0984 2216 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
18:45:15.0984 2216 C:\WINDOWS\system32\clusapi.dll - ok
18:45:16.0000 2216 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
18:45:16.0000 2216 C:\WINDOWS\system32\es.dll - ok
18:45:16.0000 2216 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
18:45:16.0000 2216 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
18:45:16.0000 2216 [ 80A617849B004D1C6C4BEAB7AA86F021 ] C:\Program Files\McAfee\VirusScan\Engine\5500.1093\mcscan32.dll
18:45:16.0000 2216 C:\Program Files\McAfee\VirusScan\Engine\5500.1093\mcscan32.dll - ok
18:45:16.0000 2216 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
18:45:16.0000 2216 C:\WINDOWS\system32\wbem\esscli.dll - ok
18:45:16.0000 2216 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
18:45:16.0000 2216 C:\WINDOWS\system32\wbem\fastprox.dll - ok
18:45:16.0015 2216 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
18:45:16.0015 2216 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
18:45:16.0015 2216 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
18:45:16.0015 2216 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
18:45:16.0015 2216 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
18:45:16.0015 2216 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
18:45:16.0015 2216 [ 1D326842006C4BE77ECD848CF89F01AB ] C:\WINDOWS\system32\wups.dll
18:45:16.0015 2216 C:\WINDOWS\system32\wups.dll - ok
18:45:16.0015 2216 [ 5BD1234E11B39C63BBA87022AF6D43C2 ] C:\WINDOWS\system32\wups2.dll
18:45:16.0015 2216 C:\WINDOWS\system32\wups2.dll - ok
18:45:16.0015 2216 [ F0012F09428AD9952FF57C93ACAAB585 ] C:\Program Files\Common Files\McAfee\McProxy\McProxy.dll
18:45:16.0015 2216 C:\Program Files\Common Files\McAfee\McProxy\McProxy.dll - ok
18:45:16.0031 2216 [ FC76F0803BF2B86E3ABD2C63BB0FDEFD ] C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll
18:45:16.0031 2216 C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll - ok
18:45:16.0031 2216 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
18:45:16.0031 2216 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
18:45:16.0031 2216 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
18:45:16.0031 2216 C:\WINDOWS\system32\wbem\wbemess.dll - ok
18:45:16.0031 2216 [ 6C169A7B9CD228CD56BD95814EBC6194 ] C:\Program Files\Common Files\McAfee\NMC\McNmcSrv.dll
18:45:16.0031 2216 C:\Program Files\Common Files\McAfee\NMC\McNmcSrv.dll - ok
18:45:16.0031 2216 [ 62BB79160F86CD962F312C68C6239BFD ] C:\WINDOWS\system32\wuauclt.exe
18:45:16.0031 2216 C:\WINDOWS\system32\wuauclt.exe - ok
18:45:16.0031 2216 [ B17440A103BC883B57974D63F43B7485 ] C:\Program Files\Common Files\McAfee\NMC\McDisc.dll
18:45:16.0031 2216 C:\Program Files\Common Files\McAfee\NMC\McDisc.dll - ok
18:45:16.0046 2216 [ 009758CC06B7F55B4A4D16A66E243C24 ] C:\WINDOWS\system32\wuapi.dll
18:45:16.0046 2216 C:\WINDOWS\system32\wuapi.dll - ok
18:45:16.0046 2216 [ A518D3C9FB121F0F37F86B3F1F5D1C32 ] C:\Program Files\Common Files\McAfee\NMC\McNDSv.dll
18:45:16.0046 2216 C:\Program Files\Common Files\McAfee\NMC\McNDSv.dll - ok
18:45:16.0046 2216 [ E6D44BF4A7A11BC06520B8CE54128F7B ] C:\PROGRA~1\McAfee\MSC\mcsubmgr\11_6_4~1\mcsubmgr.dll
18:45:16.0046 2216 C:\PROGRA~1\McAfee\MSC\mcsubmgr\11_6_4~1\mcsubmgr.dll - ok
18:45:16.0046 2216 [ B01860E256305C775C4678F66710AA60 ] C:\PROGRA~1\McAfee\MSC\McMscShm.dll
18:45:16.0046 2216 C:\PROGRA~1\McAfee\MSC\McMscShm.dll - ok
18:45:16.0046 2216 [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\WINDOWS\system32\msxml4.dll
18:45:16.0046 2216 C:\WINDOWS\system32\msxml4.dll - ok
18:45:16.0062 2216 [ 2FA8B03CB4C0BE92BF43C5EDE8B17846 ] C:\WINDOWS\system32\msxml6.dll
18:45:16.0062 2216 C:\WINDOWS\system32\msxml6.dll - ok
18:45:16.0062 2216 [ 5C2B01675683AAF42FED528DE2C24C12 ] C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlscriptupgrade.dll
18:45:16.0062 2216 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlscriptupgrade.dll - ok
18:45:16.0062 2216 [ 29F0FD02453EC44991856EBB1B37C3EF ] C:\PROGRA~1\McAfee\VIRUSS~1\mvsap.dll
18:45:16.0062 2216 C:\PROGRA~1\McAfee\VIRUSS~1\mvsap.dll - ok
18:45:16.0062 2216 [ FD83993DBFEC4EEE7C13BC8FA74DFACC ] C:\PROGRA~1\McAfee\MSC\mclwapi.dll
18:45:16.0062 2216 C:\PROGRA~1\McAfee\MSC\mclwapi.dll - ok
18:45:16.0062 2216 [ A75338FABF3C24EBC4058FAF8A7203D7 ] C:\PROGRA~1\McAfee\MPF\MpfShm.dll
18:45:16.0062 2216 C:\PROGRA~1\McAfee\MPF\MpfShm.dll - ok
18:45:16.0062 2216 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
18:45:16.0062 2216 C:\WINDOWS\system32\wbem\ncprov.dll - ok
18:45:16.0078 2216 [ 9BD0C29C5C78C74A8D177399F07BD194 ] C:\PROGRA~1\McAfee\VIRUSS~1\McOasShm.dll
18:45:16.0078 2216 C:\PROGRA~1\McAfee\VIRUSS~1\McOasShm.dll - ok
18:45:16.0078 2216 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
18:45:16.0078 2216 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
18:45:16.0078 2216 [ 355DB4F5E585CA04C08519CE98CD5CA2 ] C:\PROGRA~1\McAfee\MPF\MpfEvt.dll
18:45:16.0078 2216 C:\PROGRA~1\McAfee\MPF\MpfEvt.dll - ok
18:45:16.0078 2216 [ 43979C30662F322E720B50B3D95F5D95 ] C:\PROGRA~1\COMMON~1\McAfee\HACKER~1\HWAPI.dll
18:45:16.0078 2216 C:\PROGRA~1\COMMON~1\McAfee\HACKER~1\HWAPI.dll - ok
18:45:16.0078 2216 [ F0898390403BE08777978B4F483953A8 ] C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dll
18:45:16.0078 2216 C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dll - ok
18:45:16.0078 2216 [ A4D46B6FA6AD0E3AA309D060F00A3808 ] C:\Program Files\Common Files\McAfee\VSCore\lockdown.dll
18:45:16.0078 2216 C:\Program Files\Common Files\McAfee\VSCore\lockdown.dll - ok
18:45:16.0093 2216 [ BA3004F4C0A0CD19DB9C2C0AB3A84EFE ] C:\WINDOWS\system32\drivers\mfeapfk.sys
18:45:16.0093 2216 C:\WINDOWS\system32\drivers\mfeapfk.sys - ok
18:45:16.0093 2216 [ A727EAF1C956F05F51592D715E50F725 ] C:\PROGRA~1\McAfee\MPF\MpfApi.dll
18:45:16.0093 2216 C:\PROGRA~1\McAfee\MPF\MpfApi.dll - ok
18:45:16.0093 2216 [ 566B1A3DF999E8B0C5C4778F66119E91 ] C:\Program Files\McAfee\MPF\L10N.dll
18:45:16.0093 2216 C:\Program Files\McAfee\MPF\L10N.dll - ok
18:45:16.0093 2216 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
18:45:16.0093 2216 C:\WINDOWS\system32\termsrv.dll - ok
18:45:16.0093 2216 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
18:45:16.0093 2216 C:\WINDOWS\system32\icaapi.dll - ok
18:45:16.0109 2216 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
18:45:16.0109 2216 C:\WINDOWS\system32\mstlsapi.dll - ok
18:45:16.0109 2216 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
18:45:16.0109 2216 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
18:45:16.0109 2216 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
18:45:16.0109 2216 C:\WINDOWS\system32\rundll32.exe - ok
18:45:16.0109 2216 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
18:45:16.0109 2216 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
18:45:16.0109 2216 [ E84B3CB28AB4D95C07738AE9937C2734 ] C:\Program Files\McAfee\SiteAdvisor\sahook.dll
18:45:16.0109 2216 C:\Program Files\McAfee\SiteAdvisor\sahook.dll - ok
18:45:16.0109 2216 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
18:45:16.0109 2216 C:\WINDOWS\system32\wbem\framedyn.dll - ok
18:45:16.0125 2216 [ 67B20DA4727F54AEA29FDDAD810C898D ] C:\WINDOWS\system32\drivers\cfwids.sys
18:45:16.0125 2216 C:\WINDOWS\system32\drivers\cfwids.sys - ok
18:45:16.0125 2216 [ 0AD792A78419867BF5D750853D80FA11 ] C:\WINDOWS\system32\msxml3.dll
18:45:16.0125 2216 C:\WINDOWS\system32\msxml3.dll - ok
18:45:16.0125 2216 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
18:45:16.0125 2216 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
18:45:16.0125 2216 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\BILL\LOCALS~1\temp\D370F097-E036-4F93-B30C-6EE96B583A16.exe
18:45:16.0125 2216 C:\DOCUME~1\BILL\LOCALS~1\temp\D370F097-E036-4F93-B30C-6EE96B583A16.exe - ok
18:45:16.0125 2216 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
18:45:16.0125 2216 C:\WINDOWS\system32\linkinfo.dll - ok
18:45:16.0125 2216 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
18:45:16.0125 2216 C:\WINDOWS\system32\ntshrui.dll - ok
18:45:16.0140 2216 [ 3ECA9B282687A529995953E1C048BB2D ] C:\PROGRA~1\COMMON~1\McAfee\NMC\McMPFEvt.dll
18:45:16.0140 2216 C:\PROGRA~1\COMMON~1\McAfee\NMC\McMPFEvt.dll - ok
18:45:16.0140 2216 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\82371327.sys
18:45:16.0140 2216 C:\WINDOWS\system32\drivers\82371327.sys - ok
18:45:16.0140 2216 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
18:45:16.0140 2216 C:\WINDOWS\system32\verclsid.exe - ok
18:45:16.0140 2216 [ E18770ED0BA0BA5BBAE0ABBE456F3482 ] C:\WINDOWS\stsystra.exe
18:45:16.0140 2216 C:\WINDOWS\stsystra.exe - ok
18:45:16.0140 2216 [ 7395329CD34D72420C67F641F7ACCDFC ] C:\WINDOWS\system32\stlang.dll
18:45:16.0140 2216 C:\WINDOWS\system32\stlang.dll - ok
18:45:16.0156 2216 [ 652401636A8D82D81A99A637A6A49F09 ] C:\WINDOWS\system32\mfc42u.dll
18:45:16.0156 2216 C:\WINDOWS\system32\mfc42u.dll - ok
18:45:16.0156 2216 [ 581A9FE27C17B1679085A066B069B65D ] C:\Program Files\McAfee.com\Agent\mcagent.exe
18:45:16.0156 2216 C:\Program Files\McAfee.com\Agent\mcagent.exe - ok
18:45:16.0156 2216 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
18:45:16.0156 2216 C:\WINDOWS\system32\webcheck.dll - ok
18:45:16.0156 2216 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
18:45:16.0156 2216 C:\WINDOWS\system32\mlang.dll - ok
18:45:16.0156 2216 [ 97CF50A028147CEF1EFE734FFD4E7F75 ] C:\WINDOWS\system32\stacapi.dll
18:45:16.0156 2216 C:\WINDOWS\system32\stacapi.dll - ok
18:45:16.0156 2216 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
18:45:16.0156 2216 C:\WINDOWS\system32\stobject.dll - ok
18:45:16.0171 2216 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
18:45:16.0171 2216 C:\WINDOWS\system32\batmeter.dll - ok
18:45:16.0171 2216 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
18:45:16.0171 2216 C:\WINDOWS\system32\imapi.exe - ok
18:45:16.0171 2216 [ AF14865688616679CD9A66FC7B5F1752 ] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
18:45:16.0171 2216 C:\Program Files\Emsisoft Anti-Malware\a2guard.exe - ok
18:45:16.0171 2216 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
18:45:16.0171 2216 C:\WINDOWS\system32\ctfmon.exe - ok
18:45:16.0171 2216 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
18:45:16.0171 2216 C:\WINDOWS\system32\msctf.dll - ok
18:45:16.0171 2216 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
18:45:16.0171 2216 C:\WINDOWS\system32\msutb.dll - ok
18:45:16.0187 2216 [ 317C54DCAB9EE29CD4B9F55D197A90D1 ] C:\WINDOWS\system32\msisip.dll
18:45:16.0187 2216 C:\WINDOWS\system32\msisip.dll - ok
18:45:16.0187 2216 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
18:45:16.0187 2216 C:\WINDOWS\ime\sptip.dll - ok
18:45:16.0187 2216 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
18:45:16.0187 2216 C:\WINDOWS\system32\wshext.dll - ok
18:45:16.0187 2216 [ F51F9E10D937A8EDD58D2D456FF49468 ] C:\Program Files\Microsoft Office\Office\OSA9.EXE
18:45:16.0187 2216 C:\Program Files\Microsoft Office\Office\OSA9.EXE - ok
18:45:16.0187 2216 [ C456FE5204BDF9089FC75AC6F3ECADA0 ] C:\Program Files\Microsoft Office\Office\MSO9.DLL
18:45:16.0187 2216 C:\Program Files\Microsoft Office\Office\MSO9.DLL - ok
18:45:16.0203 2216 [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
18:45:16.0203 2216 C:\WINDOWS\system32\ddraw.dll - ok
18:45:16.0203 2216 [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
18:45:16.0203 2216 C:\WINDOWS\system32\dciman32.dll - ok
18:45:16.0203 2216 [ 04A7FC260B47D3D00B1E2CBFC664A803 ] C:\Program Files\Emsisoft Anti-Malware\a2framework.dll
18:45:16.0203 2216 C:\Program Files\Emsisoft Anti-Malware\a2framework.dll - ok
18:45:16.0203 2216 [ 1C22A3866112ED41E1F3684DAE9AD5D2 ] C:\WINDOWS\system32\mmcshext.dll
18:45:16.0203 2216 C:\WINDOWS\system32\mmcshext.dll - ok
18:45:16.0203 2216 [ D3E868700D9B5E3C54B7EED060215CC1 ] C:\WINDOWS\system32\hhsetup.dll
18:45:16.0203 2216 C:\WINDOWS\system32\hhsetup.dll - ok
18:45:16.0203 2216 ============================================================
18:45:16.0203 2216 Scan finished
18:45:16.0203 2216 ============================================================
18:45:16.0312 2448 Detected object count: 6
18:45:16.0312 2448 Actual detected object count: 6
18:46:59.0609 2448 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:59.0609 2448 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:59.0609 2448 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:59.0609 2448 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:59.0609 2448 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:59.0609 2448 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:59.0609 2448 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:59.0609 2448 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:59.0609 2448 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:59.0609 2448 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:59.0609 2448 ppsio2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:59.0609 2448 ppsio2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:47:24.0421 3996 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-11 19:27:07
-----------------------------
19:27:07.703 OS Version: Windows 5.1.2600 Service Pack 3
19:27:07.703 Number of processors: 2 586 0xF06
19:27:07.703 ComputerName: BILLDELL UserName: BILL
19:27:08.656 Initialize success
19:27:21.734 AVAST engine defs: 13011101
19:28:12.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
19:28:12.671 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
19:28:12.671 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
19:28:12.671 Disk 1 Vendor: ST2000DM CC4H Size: 1907729MB BusType: 3
19:28:12.671 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-4
19:28:12.671 Disk 2 Vendor: ST315003 CC1H Size: 1430799MB BusType: 3
19:28:12.687 Disk 0 MBR read successfully
19:28:12.687 Disk 0 MBR scan
19:28:12.750 Disk 0 Windows XP default MBR code
19:28:12.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 250003 MB offset 63
19:28:12.750 Disk 0 Partition - 00 0F Extended LBA 465390 MB offset 512007615
19:28:12.765 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465390 MB offset 512007678
19:28:12.765 Disk 0 scanning sectors +1465128000
19:28:12.859 Disk 0 scanning C:\WINDOWS\system32\drivers
19:28:24.015 Service scanning
19:28:38.187 Modules scanning
19:28:49.937 Disk 0 trace - called modules:
19:28:49.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll iaStor.sys
19:28:49.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b4bd030]
19:28:49.953 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8b4e2a20]
19:28:49.953 5 vsflt53.sys[b9f32c2b] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8b4c0030]
19:28:50.593 AVAST engine scan C:\WINDOWS
19:29:14.796 AVAST engine scan C:\WINDOWS\system32
19:33:51.828 AVAST engine scan C:\WINDOWS\system32\drivers
19:34:26.406 AVAST engine scan C:\Documents and Settings\BILL
19:41:31.093 AVAST engine scan C:\Documents and Settings\All Users
20:30:08.718 Scan finished successfully
09:20:36.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BILL\Desktop\MBR.dat"
09:20:36.203 The log file has been saved successfully to "C:\Documents and Settings\BILL\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 12 January 2013 - 12:42 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 to6cess

to6cess
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 12 January 2013 - 02:08 PM

Gringo,
ComboFix ran fine with script, and it did ask me to update new version of ComboFix which I did.
Still have the same problem.
Thanks.

Report:

ComboFix 13-01-12.01 - BILL 01/12/2013 12:40:54.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2378 [GMT -6:00]
Running from: c:\documents and settings\BILL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BILL\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))
.
.
2013-01-09 18:49 . 2013-01-09 18:49 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-05 18:46 . 2013-01-09 14:08 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-12-30 19:16 . 2012-12-24 23:19 1754528 ----a-w- C:\rkill.com
2012-12-20 15:38 . 2012-12-20 15:38 -------- d-----w- c:\documents and settings\Hoa
2012-12-14 09:09 . 2012-11-09 12:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 18:49 . 2012-07-25 18:43 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 18:49 . 2012-07-25 18:43 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 22:49 . 2011-10-07 15:32 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 18:11 . 2012-11-16 18:11 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-11-09 12:56 . 2011-03-14 13:39 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 12:53 . 2011-03-14 13:31 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 12:53 . 2011-03-14 13:39 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 12:52 . 2011-03-14 13:39 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 12:52 . 2011-03-14 13:39 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 12:51 . 2010-10-14 03:28 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 12:50 . 2011-03-14 13:39 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 12:50 . 2011-03-14 13:39 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 12:49 . 2011-03-14 13:39 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 12:49 . 2010-10-14 03:28 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-31 21:10 . 2012-10-31 21:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 21:10 . 2012-10-31 21:10 138056 ----a-w- c:\windows\system32\atl100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="G -BOOT" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2012-10-17 3364264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [7/13/2012 3:32 PM 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [7/13/2012 3:32 PM 83392]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [1/5/2013 12:46 PM 17904]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/14/2011 7:39 AM 91168]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [1/5/2013 12:46 PM 3084688]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/14/2011 7:39 AM 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/14/2011 7:39 AM 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/14/2011 7:39 AM 167784]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/14/2011 7:39 AM 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/14/2011 7:31 AM 167344]
R2 MSSQL$SS;SQL Server (SS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 2:18 AM 360224]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [1/21/2010 5:38 PM 23200]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/30/2011 1:48 PM 845808]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/14/2011 7:39 AM 60480]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/14/2011 7:39 AM 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/14/2012 3:09 AM 84432]
S2 kudrww;kudrww;c:\documents and settings\BILL\Application Data\ljzgm.bat --> c:\documents and settings\BILL\Application Data\ljzgm.bat [?]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [1/5/2013 12:46 PM 54072]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/27/2012 10:07 PM 146872]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 8:18 AM 24216]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/14/2012 3:09 AM 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/14/2011 7:39 AM 92192]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [9/28/2009 9:55 AM 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [1/21/2011 10:54 AM 24880]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 9:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 39882392
*NewlyCreated* - 81345541
*NewlyCreated* - ASWMBR
*Deregistered* - 39882392
*Deregistered* - 81345541
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 18:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
TCP: DhcpNameServer = 192.168.1.254
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://192.168.1.2/cab/OCXChecker_6110.cab
DPF: {3F932FFA-F092-4FDB-92C5-1285978614D2} - hxxp://74.175.80.98:82/WATCH_16R.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-81345541.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-12 12:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kudrww]
"ImagePath"="c:\documents and settings\BILL\Application Data\ljzgm.bat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2604)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-01-12 12:48:13
ComboFix-quarantined-files.txt 2013-01-12 18:48
ComboFix2.txt 2013-01-11 00:38
ComboFix3.txt 2012-12-31 19:14
.
Pre-Run: 74,744,446,976 bytes free
Post-Run: 74,880,778,240 bytes free
.
- - End Of File - - 2E9604551F0DDEB2D4D9CD7C6B291338

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 12 January 2013 - 02:26 PM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 to6cess

to6cess
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 12 January 2013 - 04:27 PM

Gringo,
Follow your last post.
I can sign to yahoo mail but only with mouse click on Signin button.
Enter doesn't work, say Error on Page at bottom, and the problem with ESET is still there.
I think we half way there.
Thanks.
To6cess.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 12 January 2013 - 04:29 PM

Try running IE without addons and see what happens - http://blogs.msdn.com/b/ie/archive/2006/07/25/678113.aspx
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 to6cess

to6cess
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 January 2013 - 04:20 PM

Hi Gringo,
I open Internet Explorer.
And disable all add-on.
Close IE.
Re-open and the same thing still happen.
What else should we do?
Thanks for your help.
To6cess.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users