Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection - Antivirus8/Antivirus2008 and can't connect to Google or Bing


  • This topic is locked This topic is locked
16 replies to this topic

#1 mttime73

mttime73

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 24 February 2013 - 12:20 PM

Hello,

I am dealing with a malware infection.  The problem started when the computer would start, try and do a check disk, then blue screen with 0x7e error.  Booted into recovery console and ran chkdsk /p and that allowed Windows to boot to the desktop.

Then ran Malware Bytes and it came back with 29 infections: Rogue.AntivirusSuite.Gen, Security.Hijack, Rogue.AntivirusSuite, Trojan.Fraudpack, Worm.Muha, Rogue.Antivirus2008, Rogue.AntivirusSuite, Rogue.Antivirus8, Hijack.SearchPage, and Trojan.Ransom.Gen.

 

The computer improved significantly, but I noticed that I couldn't connect to the major search engines (Google and Bing).  I couldn't ping them nor could I connect with a web browser (tried IE8, Chrome and Firefox - all current versions).  I can, however, connect to other sites such as bleepingcomputer.com.  It only seems to affect search engines.

 

I ran HiJack this and noticed that there was an entry for ProxyServer, 127.0.0.1:5555 for ftp, http, and https.  I also noticed an entry for the hosts file of localhost ::1 (or something similiar).  It was nearly impossible to edit the host file until I ran the Microsoft fix.  Then I used HiJack to delete the hosts.old file in case the system was still referencing it.

 

I wanted to give this forum one last chance to clean the infection before I tell my friend I have to reformat the hard drive and reinstall Windows.

 

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Doug at 9:07:18 on 2013-02-24
#Option MBR scan  is disabled.
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1252 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Best Antivirus Software *Enabled/Updated* {6F49B0E1-58C9-4C9A-A1CA-3FF3E90AE8D9}
FW: Best Antivirus Software *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\windows\system32\devldr32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\EXE\Snippy.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\EXE\sysinternals\RootkitRevealer.exe
C:\DOCUME~1\DOUG~2.DOU\LOCALS~1\Temp\C.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RetroExpress] c:\progra~1\retros~1\retros~1.0\RetroExpress.exe /h
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [nwiz] nwiz.exe /install
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\snippy.lnk - c:\windows\exe\Snippy.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\taskma~1.lnk - c:\windows\system32\taskmgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145061727359
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145061838562
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.120
TCP: Interfaces\{DA968A68-4676-491E-97E5-C80E34F7CC86} : DHCPNameServer = 192.168.1.120
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\doug.doug-3t8pm028we\application data\mozilla\firefox\profiles\ie71nxxp.default\
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R3 C;C;c:\docume~1\doug~2.dou\locals~1\temp\C.exe [2013-2-23 396160]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-2-24 40776]
S3 Licedikv;Licedikv; [x]
S3 UNL;UNL;c:\docume~1\doug~2.dou\locals~1\temp\UNL.exe [2013-2-23 461696]
.
=============== Created Last 30 ================
.
2013-02-24 16:42:52    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-24 16:39:37    6954968    ----a-w-    c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{4d1a6ac7-1198-4d7b-9126-67bba7888cde}\mpengine.dll
2013-02-24 03:37:40    388096    ----a-r-    c:\documents and settings\doug.doug-3t8pm028we\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-02-24 03:37:33    --------    d-----w-    c:\program files\Trend Micro
2013-02-24 01:47:46    --------    d-----w-    c:\program files\ESET
2013-02-23 21:28:32    --------    d--h--w-    c:\windows\PIF
2013-02-23 20:27:55    --------    d-----w-    c:\documents and settings\doug.doug-3t8pm028we\local settings\application data\Mozilla
2013-02-23 20:26:25    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-02-23 20:21:19    --------    d-----w-    c:\program files\Foxit Software
2013-02-23 19:57:10    6954968    ----a-w-    c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-23 19:57:01    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-02-23 19:55:04    --------    d-----w-    c:\program files\Microsoft Security Client
2013-02-23 19:45:08    --------    d-----w-    c:\windows\EXE
2013-02-23 16:58:42    21504    -c--a-w-    c:\windows\system32\dllcache\hidserv.dll
2013-02-23 16:58:42    21504    ----a-w-    c:\windows\system32\hidserv.dll
2013-02-23 00:51:59    --------    d-----w-    c:\documents and settings\doug.doug-3t8pm028we\application data\Malwarebytes
2013-02-23 00:51:46    --------    d-----w-    c:\documents and settings\all users.windows\application data\Malwarebytes
2013-02-23 00:51:44    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-23 00:51:44    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-22 23:18:38    12160    -c--a-w-    c:\windows\system32\dllcache\mouhid.sys
2013-02-22 23:18:38    12160    ----a-w-    c:\windows\system32\drivers\mouhid.sys
2013-02-22 23:18:28    14592    -c--a-w-    c:\windows\system32\dllcache\kbdhid.sys
2013-02-22 23:18:28    14592    ----a-w-    c:\windows\system32\drivers\kbdhid.sys
2013-02-22 23:17:53    10368    -c--a-w-    c:\windows\system32\dllcache\hidusb.sys
2013-02-22 23:17:53    10368    ----a-w-    c:\windows\system32\drivers\hidusb.sys
.
==================== Find3M  ====================
.
2013-01-26 03:55:44    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-20 23:59:04    195296    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16:02    2193024    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58    2069760    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49:10    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-26 20:16:29    916480    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:16:28    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59    385024    ----a-w-    c:\windows\system32\html.iec
2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
2001-06-20 23:19:18    40960    ----a-w-    c:\program files\ACMonitor_X83.exe
.
============= FINISH:  9:08:11.65 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 PM

Posted 24 February 2013 - 01:23 PM


Hello mttime73

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 24 February 2013 - 02:20 PM

Hello Gringo,


 

Thank you kindly for the assistance and prompt reply.

 

===============

Security Check, checkup.txt:
 

 Results of screen317's Security Check version 0.99.59
 Windows XP Service Pack 3 x86 
 Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!
 ESET Online Scanner v3 
 Microsoft Security Essentials  
`````````Anti-malware/Other Utilities Check:`````````
 Windows Defender Signatures 
 Malwarebytes Anti-Malware version 1.70.0.1100
 CCleaner   
 Mozilla Firefox (19.0)
 Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

===============
 

===============
AdwCleaner, AdwCleaner[S1].txt:

 

# AdwCleaner v2.113 - Logfile created 02/24/2013 at 10:58:47
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Doug - DOUG-3T8PM028WE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Doug.DOUG-3T8PM028WE\Desktop\adwcleaner.exe
# Option [Delete]

 


***** [Services] *****
 


***** [Files / Folders] *****
 


***** [Registry] *****
 

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\PIP
 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.


 

-\\ Mozilla Firefox v19.0 (en-US)


 

-\\ Google Chrome v25.0.1364.97


 

*************************


 

AdwCleaner[S1].txt - [1499 octets] - [24/02/2013 10:58:47]


 

########## EOF - C:\AdwCleaner[S1].txt - [1559 octets] ##########

===============


===============
RogueKiller, RKreport[1].txt:


 

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/


 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Doug [Admin rights]
Mode : Remove -- Date : 02/24/2013 11:14:37
| ARK || FAK || MBR |


 

¤¤¤ Bad processes : 1 ¤¤¤
[DLL] rundll32.exe -- C:\WINDOWS\SYSTEM32\rundll32.exe : C:\WINDOWS\SYSTEM32\nvmctray.dll [x] -> KILLED [TermProc]


 

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][BLACKLISTDLL] HKCU\[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)


 

¤¤¤ Particular Files / Folders: ¤¤¤


 

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xF74C6852)


 

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts


 

¤¤¤ MBR Check: ¤¤¤


 

+++++ PhysicalDrive0: ST3160812A +++++
--- User ---
[MBR] 5a3987e3170232a45dc57d2f2bc3cdf3
[BSP] e2fa895233174da02d45250c6603b27f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38138 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 78108030 | Size: 114447 Mo
User = LL1 ... OK!
User = LL2 ... OK!


 

+++++ PhysicalDrive1: ST340016A +++++
--- User ---
[MBR] 360683c7bb2b42b179246b94837761d3
[BSP] f49cae14d8b91b005dff84b1f6d8852f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
User = LL1 ... OK!
User = LL2 ... OK!


 

Finished : << RKreport[2]_D_02242013_02d1114.txt >>
RKreport[1]_S_02242013_02d1111.txt ; RKreport[2]_D_02242013_02d1114.txt

===============

 

Thanks!

 

 


 

 


 

 


 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 PM

Posted 24 February 2013 - 02:33 PM


Hello mttime73

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 24 February 2013 - 03:11 PM

Hello Gringo,

I still cannot ping google.com or bing.com, nor can I browse to them in IE8, Chrome, or Firefox.

 

Here is the log from ComboFix:

 

ComboFix 13-02-24.01 - Doug 02/24/2013  11:54:14.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1619 [GMT -8:00]
Running from: c:\documents and settings\Doug.DOUG-3T8PM028WE\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\0tbpw.pad
c:\documents and settings\All Users.WINDOWS\Application Data\DirectCDUserName.txt
c:\documents and settings\Default User\WINDOWS
c:\program files\Program Files
c:\program files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst
c:\program files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst
c:\program files\Program Files\Common Files\Adobe\Workflow\Options.txt
c:\windows\jestertb.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\33924e028b5ba509.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3a8ccf06a4497840.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6d33f50f9bf456f8.fb
c:\windows\system32\Cache\7a01aa020a5dde7c.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b84383d70270e8e0.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dc84d8c1c752351a.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SET270.tmp
c:\windows\system32\SET276.tmp
c:\windows\system32\SET279.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-24 to 2013-02-24  )))))))))))))))))))))))))))))))
.
.
2013-02-24 19:08 . 2013-02-24 19:08 29904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D1A6AC7-1198-4D7B-9126-67BBA7888CDE}\MpKslb1984dae.sys
2013-02-24 16:39 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D1A6AC7-1198-4D7B-9126-67BBA7888CDE}\mpengine.dll
2013-02-24 03:37 . 2013-02-24 03:37 388096 ----a-r- c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-24 03:37 . 2013-02-24 03:37 -------- d-----w- c:\program files\Trend Micro
2013-02-24 01:47 . 2013-02-24 01:47 -------- d-----w- c:\program files\ESET
2013-02-23 21:28 . 2013-02-23 21:28 -------- d--h--w- c:\windows\PIF
2013-02-23 21:19 . 2013-02-23 21:20 -------- d-----w- c:\documents and settings\Administrator
2013-02-23 20:27 . 2013-02-23 20:27 -------- d-----w- c:\documents and settings\Doug.DOUG-3T8PM028WE\Local Settings\Application Data\Mozilla
2013-02-23 20:26 . 2013-02-23 20:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-02-23 20:21 . 2013-02-23 20:21 -------- d-----w- c:\program files\Foxit Software
2013-02-23 20:13 . 2013-02-23 20:14 -------- d-----w- c:\program files\Google
2013-02-23 19:57 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-23 19:57 . 2013-01-30 10:53 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-23 19:55 . 2013-02-23 19:55 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-23 19:49 . 2013-02-23 19:49 -------- d-----w- c:\program files\7-Zip
2013-02-23 19:45 . 2013-02-23 19:48 -------- d-----w- c:\windows\EXE
2013-02-23 16:58 . 2008-04-14 01:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-02-23 16:58 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-02-23 00:51 . 2013-02-23 00:51 -------- d-----w- c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Malwarebytes
2013-02-23 00:51 . 2013-02-23 00:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2013-02-23 00:51 . 2013-02-23 00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-23 00:51 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-22 23:18 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-02-22 23:18 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-02-22 23:18 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-02-22 23:18 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-02-22 23:17 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-02-22 23:17 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-26 03:55 . 2002-09-03 16:51 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 23:59 . 2013-01-20 23:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16 . 2002-09-03 16:50 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2002-08-29 01:04 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2002-09-03 17:11 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-30 04:02 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2002-09-03 16:42 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-26 20:16 . 2006-02-24 21:26 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2002-09-03 16:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2006-04-15 04:30 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2002-09-03 16:27 290560 ----a-w- c:\windows\system32\atmfd.dll
2001-06-20 23:19 . 2001-06-19 23:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
2013-02-16 00:35 . 2013-02-23 20:25 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.0\RetroExpress.exe" [2007-01-18 9371648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"nwiz"="nwiz.exe" [2003-07-28 323584]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Snippy.lnk - c:\windows\EXE\Snippy.exe [2013-2-23 102400]
Task Manager.lnk - c:\windows\SYSTEM32\taskmgr.exe [2002-9-3 135680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-08 18:06 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 02:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
.
R1 MpKslb1984dae;MpKslb1984dae;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D1A6AC7-1198-4D7B-9126-67BBA7888CDE}\MpKslb1984dae.sys [2/24/2013 11:08 AM 29904]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 2:40 AM 118784]
S3 Licedikv;Licedikv; [x]
S3 UNL;UNL;c:\docume~1\DOUG~2.DOU\LOCALS~1\Temp\UNL.exe --> c:\docume~1\DOUG~2.DOU\LOCALS~1\Temp\UNL.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLB1984DAE
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 20:14 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 20:13]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 20:13]
.
2013-02-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 19:11]
.
2013-02-24 c:\windows\Tasks\User_Feed_Synchronization-{B5391352-B02A-4B8F-B9BA-86C317D1785D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.120
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Mozilla\Firefox\Profiles\ie71nxxp.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-QUICKCARE - c:\program files\Qwest\QuickCare\bin\sprtcmd.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-24 12:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-02-24  12:05:58
ComboFix-quarantined-files.txt  2013-02-24 20:05
.
Pre-Run: 6,761,279,488 bytes free
Post-Run: 7,580,413,952 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 07DACF2C25795837ED5F93F429DC3B8F
 

Thanks!



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 PM

Posted 24 February 2013 - 03:21 PM

Hello mttime73


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it or you can upload it here and send me the link - http://www.speedyshare.com/

  • Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo




Edited by gringo_pr, 24 February 2013 - 03:21 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 24 February 2013 - 05:06 PM

Hello Gringo,

The infection appears to be clean!  Thank you so much.  I can now browse to google.com and bing.com.

 

Thanks so much!!!



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 PM

Posted 24 February 2013 - 05:21 PM

Hello mttime73

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo

Edited by gringo_pr, 24 February 2013 - 05:22 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 25 February 2013 - 12:53 AM

Hi Gringo,

To be thorough, I am attaching the TDSSKiller and MBAR logs from the last go around, before I gave the all clear. 

 

TDSSKiller:

12:28:09.0843 2084  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:28:10.0578 2084  ============================================================
12:28:10.0578 2084  Current date / time: 2013/02/24 12:28:10.0578
12:28:10.0578 2084  SystemInfo:
12:28:10.0578 2084  
12:28:10.0578 2084  OS Version: 5.1.2600 ServicePack: 3.0
12:28:10.0656 2084  Product type: Workstation
12:28:10.0656 2084  ComputerName: DOUG-3T8PM028WE
12:28:10.0656 2084  UserName: Doug
12:28:10.0656 2084  Windows directory: C:\windows
12:28:10.0656 2084  System windows directory: C:\windows
12:28:10.0656 2084  Processor architecture: Intel x86
12:28:10.0656 2084  Number of processors: 1
12:28:10.0656 2084  Page size: 0x1000
12:28:10.0671 2084  Boot type: Normal boot
12:28:10.0671 2084  ============================================================
12:28:17.0265 2084  BG loaded
12:28:18.0078 2084  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:28:18.0093 2084  Drive \Device\Harddisk1\DR1 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:28:18.0484 2084  ============================================================
12:28:18.0484 2084  \Device\Harddisk0\DR0:
12:28:18.0484 2084  MBR partitions:
12:28:18.0484 2084  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
12:28:18.0484 2084  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4A7D57E, BlocksNum 0xDF87B7E
12:28:18.0484 2084  \Device\Harddisk1\DR1:
12:28:18.0484 2084  MBR partitions:
12:28:18.0484 2084  ============================================================
12:28:18.0562 2084  C: <-> \Device\Harddisk0\DR0\Partition1
12:28:18.0656 2084  D: <-> \Device\Harddisk0\DR0\Partition2
12:28:18.0656 2084  ============================================================
12:28:18.0656 2084  Initialize success
12:28:18.0656 2084  ============================================================
12:30:56.0046 3052  ============================================================
12:30:56.0046 3052  Scan started
12:30:56.0046 3052  Mode: Manual; SigCheck; TDLFS;
12:30:56.0046 3052  ============================================================
12:30:56.0250 3052  ================ Scan system memory ========================
12:30:56.0250 3052  System memory - ok
12:30:56.0265 3052  ================ Scan services =============================
12:30:56.0500 3052  Abiosdsk - ok
12:30:56.0531 3052  abp480n5 - ok
12:30:56.0593 3052  [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
12:30:56.0609 3052  Suspicious file (Forged): C:\windows\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17
12:30:56.0609 3052  ACPI ( Virus.Win32.Rloader.a ) - infected
12:30:56.0609 3052  ACPI - detected Virus.Win32.Rloader.a (0)
12:30:56.0656 3052  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\windows\system32\drivers\ACPIEC.sys
12:30:58.0781 3052  ACPIEC - ok
12:30:58.0906 3052  [ E42F7B36B4D8866184E8DF9776CA4226 ] AdobeActiveFileMonitor C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
12:30:58.0953 3052  AdobeActiveFileMonitor ( UnsignedFile.Multi.Generic ) - warning
12:30:58.0953 3052  AdobeActiveFileMonitor - detected UnsignedFile.Multi.Generic (1)
12:30:58.0968 3052  adpu160m - ok
12:30:59.0000 3052  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\windows\system32\drivers\aec.sys
12:30:59.0281 3052  aec - ok
12:30:59.0343 3052  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\windows\System32\drivers\afd.sys
12:30:59.0421 3052  AFD - ok
12:30:59.0468 3052  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\windows\system32\DRIVERS\agp440.sys
12:30:59.0750 3052  agp440 - ok
12:30:59.0765 3052  Aha154x - ok
12:30:59.0781 3052  aic78u2 - ok
12:30:59.0812 3052  aic78xx - ok
12:30:59.0859 3052  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\windows\system32\alrsvc.dll
12:31:00.0140 3052  Alerter - ok
12:31:00.0187 3052  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\windows\System32\alg.exe
12:31:00.0296 3052  ALG - ok
12:31:00.0312 3052  AliIde - ok
12:31:00.0328 3052  amsint - ok
12:31:00.0375 3052  [ 116BFF96077A4A724E0AAB800525CEB5 ] AN983           C:\windows\system32\DRIVERS\AN983.sys
12:31:00.0656 3052  AN983 - ok
12:31:00.0656 3052  AppMgmt - ok
12:31:00.0687 3052  asc - ok
12:31:00.0703 3052  asc3350p - ok
12:31:00.0718 3052  asc3550 - ok
12:31:00.0828 3052  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:31:00.0890 3052  aspnet_state - ok
12:31:00.0937 3052  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
12:31:01.0218 3052  AsyncMac - ok
12:31:01.0250 3052  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\windows\system32\DRIVERS\atapi.sys
12:31:01.0531 3052  atapi - ok
12:31:01.0546 3052  Atdisk - ok
12:31:01.0562 3052  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\windows\system32\DRIVERS\atmarpc.sys
12:31:01.0859 3052  Atmarpc - ok
12:31:01.0968 3052  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\windows\System32\audiosrv.dll
12:31:02.0265 3052  AudioSrv - ok
12:31:02.0312 3052  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\windows\system32\DRIVERS\audstub.sys
12:31:02.0578 3052  audstub - ok
12:31:02.0625 3052  [ 9372CC48814A17E67C28945EB4ACC189 ] basic2          C:\windows\system32\DRIVERS\basic2.sys
12:31:02.0703 3052  basic2 - ok
12:31:02.0750 3052  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\windows\system32\drivers\Beep.sys
12:31:03.0031 3052  Beep - ok
12:31:03.0093 3052  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\windows\system32\qmgr.dll
12:31:03.0453 3052  BITS - ok
12:31:03.0500 3052  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\windows\System32\browser.dll
12:31:03.0593 3052  Browser - ok
12:31:03.0703 3052  catchme - ok
12:31:03.0734 3052  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\windows\system32\drivers\cbidf2k.sys
12:31:04.0062 3052  cbidf2k - ok
12:31:04.0062 3052  cd20xrnt - ok
12:31:04.0093 3052  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\windows\system32\drivers\Cdaudio.sys
12:31:04.0359 3052  Cdaudio - ok
12:31:04.0421 3052  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\windows\system32\drivers\Cdfs.sys
12:31:04.0703 3052  Cdfs - ok
12:31:04.0750 3052  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\windows\system32\DRIVERS\cdrom.sys
12:31:05.0046 3052  Cdrom - ok
12:31:05.0062 3052  Changer - ok
12:31:05.0109 3052  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\windows\system32\cisvc.exe
12:31:05.0375 3052  CiSvc - ok
12:31:05.0421 3052  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\windows\system32\clipsrv.exe
12:31:05.0718 3052  ClipSrv - ok
12:31:05.0750 3052  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:05.0843 3052  clr_optimization_v2.0.50727_32 - ok
12:31:05.0859 3052  CmdIde - ok
12:31:05.0875 3052  COMSysApp - ok
12:31:05.0906 3052  Cpqarray - ok
12:31:05.0968 3052  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\windows\System32\cryptsvc.dll
12:31:06.0234 3052  CryptSvc - ok
12:31:06.0296 3052  [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk        C:\windows\system32\DRIVERS\ctljystk.sys
12:31:06.0562 3052  ctljystk - ok
12:31:06.0578 3052  dac2w2k - ok
12:31:06.0609 3052  dac960nt - ok
12:31:06.0671 3052  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\windows\system32\rpcss.dll
12:31:06.0750 3052  DcomLaunch - ok
12:31:06.0796 3052  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\windows\System32\dhcpcsvc.dll
12:31:07.0078 3052  Dhcp - ok
12:31:07.0125 3052  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\windows\system32\DRIVERS\disk.sys
12:31:07.0421 3052  Disk - ok
12:31:07.0500 3052  [ A14524D3F130A57163E0B3E057FC85D5 ] DLABOIOM        C:\windows\system32\DLA\DLABOIOM.SYS
12:31:07.0531 3052  DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
12:31:07.0531 3052  DLABOIOM - detected UnsignedFile.Multi.Generic (1)
12:31:07.0578 3052  [ 7581407A6A3C56860AE31E6E423FE824 ] DLACDBHM        C:\windows\system32\Drivers\DLACDBHM.SYS
12:31:07.0609 3052  DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
12:31:07.0609 3052  DLACDBHM - detected UnsignedFile.Multi.Generic (1)
12:31:07.0625 3052  [ 7C4CDF8A684B63D7482E0BF7440DC3B5 ] DLADResN        C:\windows\system32\DLA\DLADResN.SYS
12:31:07.0640 3052  DLADResN ( UnsignedFile.Multi.Generic ) - warning
12:31:07.0640 3052  DLADResN - detected UnsignedFile.Multi.Generic (1)
12:31:07.0656 3052  [ 97BCA2AAC06A9FEA56615B4B15BDB9B8 ] DLAIFS_M        C:\windows\system32\DLA\DLAIFS_M.SYS
12:31:07.0687 3052  DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
12:31:07.0687 3052  DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
12:31:07.0734 3052  [ BE8D558CF749424F0DE612813F7C6725 ] DLAOPIOM        C:\windows\system32\DLA\DLAOPIOM.SYS
12:31:07.0750 3052  DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
12:31:07.0750 3052  DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
12:31:07.0765 3052  [ 7E5277CB45DC5E2A86AF8CE093C7EF31 ] DLAPoolM        C:\windows\system32\DLA\DLAPoolM.SYS
12:31:07.0796 3052  DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
12:31:07.0796 3052  DLAPoolM - detected UnsignedFile.Multi.Generic (1)
12:31:07.0843 3052  [ 693DFD92D41A3D270053CD97834E4960 ] DLARTL_N        C:\windows\system32\Drivers\DLARTL_N.SYS
12:31:07.0859 3052  DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
12:31:07.0859 3052  DLARTL_N - detected UnsignedFile.Multi.Generic (1)
12:31:07.0906 3052  [ D886B6D02B51E5BD61B8A571A16D5CA2 ] DLAUDFAM        C:\windows\system32\DLA\DLAUDFAM.SYS
12:31:07.0937 3052  DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
12:31:07.0937 3052  DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
12:31:07.0968 3052  [ 2C0ECF7A9D5162D87C64E2AE868B5039 ] DLAUDF_M        C:\windows\system32\DLA\DLAUDF_M.SYS
12:31:07.0984 3052  DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
12:31:07.0984 3052  DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
12:31:08.0000 3052  dmadmin - ok
12:31:08.0062 3052  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\windows\system32\drivers\dmboot.sys
12:31:08.0375 3052  dmboot - ok
12:31:08.0406 3052  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\windows\system32\drivers\dmio.sys
12:31:08.0687 3052  dmio - ok
12:31:08.0734 3052  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\windows\system32\drivers\dmload.sys
12:31:09.0000 3052  dmload - ok
12:31:09.0046 3052  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\windows\System32\dmserver.dll
12:31:09.0328 3052  dmserver - ok
12:31:09.0359 3052  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\windows\system32\drivers\DMusic.sys
12:31:09.0640 3052  DMusic - ok
12:31:09.0687 3052  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\windows\System32\dnsrslvr.dll
12:31:09.0812 3052  Dnscache - ok
12:31:09.0875 3052  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\windows\System32\dot3svc.dll
12:31:10.0140 3052  Dot3svc - ok
12:31:10.0171 3052  dpti2o - ok
12:31:10.0218 3052  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
12:31:10.0546 3052  drmkaud - ok
12:31:10.0593 3052  [ 73623D89FAEF4D1AA600EDEE8B490BC5 ] DRVMCDB         C:\windows\system32\Drivers\DRVMCDB.SYS
12:31:10.0625 3052  DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
12:31:10.0625 3052  DRVMCDB - detected UnsignedFile.Multi.Generic (1)
12:31:10.0640 3052  [ 2AEEE1600D0F14BA535F90A1F4411B54 ] DRVNDDM         C:\windows\system32\Drivers\DRVNDDM.SYS
12:31:10.0671 3052  DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
12:31:10.0671 3052  DRVNDDM - detected UnsignedFile.Multi.Generic (1)
12:31:10.0718 3052  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\windows\System32\eapsvc.dll
12:31:11.0000 3052  EapHost - ok
12:31:11.0046 3052  [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k          C:\windows\system32\drivers\emu10k1m.sys
12:31:11.0359 3052  emu10k - ok
12:31:11.0406 3052  [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1         C:\windows\system32\drivers\ctlfacem.sys
12:31:11.0656 3052  emu10k1 - ok
12:31:11.0718 3052  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\windows\System32\ersvc.dll
12:31:12.0015 3052  ERSvc - ok
12:31:12.0062 3052  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\windows\system32\services.exe
12:31:12.0125 3052  Eventlog - ok
12:31:12.0187 3052  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
12:31:12.0234 3052  EventSystem - ok
12:31:12.0281 3052  [ 9EA76A7F28CD968F8ADC709E479F23B2 ] Fallback        C:\windows\system32\DRIVERS\fallback.sys
12:31:12.0312 3052  Fallback - ok
12:31:12.0343 3052  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\windows\system32\drivers\Fastfat.sys
12:31:12.0609 3052  Fastfat - ok
12:31:12.0671 3052  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
12:31:12.0765 3052  FastUserSwitchingCompatibility - ok
12:31:12.0812 3052  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\windows\system32\DRIVERS\fdc.sys
12:31:13.0125 3052  Fdc - ok
12:31:13.0156 3052  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\windows\system32\drivers\Fips.sys
12:31:13.0437 3052  Fips - ok
12:31:13.0453 3052  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
12:31:13.0734 3052  Flpydisk - ok
12:31:13.0781 3052  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
12:31:14.0031 3052  FltMgr - ok
12:31:14.0125 3052  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:31:14.0156 3052  FontCache3.0.0.0 - ok
12:31:14.0218 3052  [ B7B262D0431374F3AFD1349E35B368D9 ] Fsks            C:\windows\system32\DRIVERS\fsksnt.sys
12:31:14.0250 3052  Fsks - ok
12:31:14.0281 3052  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
12:31:14.0562 3052  Fs_Rec - ok
12:31:14.0609 3052  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\windows\system32\DRIVERS\ftdisk.sys
12:31:14.0875 3052  Ftdisk - ok
12:31:14.0906 3052  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\windows\system32\DRIVERS\gameenum.sys
12:31:15.0218 3052  gameenum - ok
12:31:15.0265 3052  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\windows\system32\DRIVERS\msgpc.sys
12:31:15.0546 3052  Gpc - ok
12:31:15.0609 3052  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:31:15.0703 3052  gupdate - ok
12:31:15.0734 3052  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:31:15.0750 3052  gupdatem - ok
12:31:15.0843 3052  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:31:16.0156 3052  helpsvc - ok
12:31:16.0203 3052  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\windows\System32\hidserv.dll
12:31:16.0484 3052  HidServ - ok
12:31:16.0531 3052  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
12:31:16.0812 3052  HidUsb - ok
12:31:16.0859 3052  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\windows\System32\kmsvc.dll
12:31:17.0156 3052  hkmsvc - ok
12:31:17.0187 3052  hpn - ok
12:31:17.0296 3052  [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:31:17.0328 3052  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:31:17.0328 3052  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:31:17.0375 3052  [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:31:17.0406 3052  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:31:17.0406 3052  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:31:17.0468 3052  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\windows\system32\DRIVERS\HPZid412.sys
12:31:17.0625 3052  HPZid412 - ok
12:31:17.0656 3052  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\windows\system32\DRIVERS\HPZipr12.sys
12:31:17.0718 3052  HPZipr12 - ok
12:31:17.0750 3052  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\windows\system32\DRIVERS\HPZius12.sys
12:31:17.0828 3052  HPZius12 - ok
12:31:17.0890 3052  [ 74E379857D4C0DFB56DE2D19B8F4C434 ] hsf_msft        C:\windows\system32\DRIVERS\HSF_MSFT.sys
12:31:18.0218 3052  hsf_msft - ok
12:31:18.0265 3052  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\windows\system32\Drivers\HTTP.sys
12:31:18.0328 3052  HTTP - ok
12:31:18.0359 3052  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\windows\System32\w3ssl.dll
12:31:18.0671 3052  HTTPFilter - ok
12:31:18.0687 3052  i2omgmt - ok
12:31:18.0718 3052  i2omp - ok
12:31:18.0765 3052  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
12:31:19.0078 3052  i8042prt - ok
12:31:19.0171 3052  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:31:19.0265 3052  idsvc - ok
12:31:19.0296 3052  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\windows\system32\DRIVERS\imapi.sys
12:31:19.0578 3052  Imapi - ok
12:31:19.0625 3052  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\windows\system32\imapi.exe
12:31:19.0875 3052  ImapiService - ok
12:31:19.0890 3052  InCDFs - ok
12:31:19.0906 3052  InCDPass - ok
12:31:19.0921 3052  InCDRm - ok
12:31:19.0953 3052  ini910u - ok
12:31:20.0000 3052  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\windows\system32\DRIVERS\intelide.sys
12:31:20.0296 3052  IntelIde - ok
12:31:20.0359 3052  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\windows\system32\drivers\ip6fw.sys
12:31:20.0640 3052  ip6fw - ok
12:31:20.0687 3052  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
12:31:20.0968 3052  IpFilterDriver - ok
12:31:21.0000 3052  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\windows\system32\DRIVERS\ipinip.sys
12:31:21.0312 3052  IpInIp - ok
12:31:21.0343 3052  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\windows\system32\DRIVERS\ipnat.sys
12:31:21.0625 3052  IpNat - ok
12:31:21.0656 3052  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\windows\system32\DRIVERS\ipsec.sys
12:31:21.0953 3052  IPSec - ok
12:31:22.0000 3052  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\windows\system32\DRIVERS\irenum.sys
12:31:22.0156 3052  IRENUM - ok
12:31:22.0187 3052  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
12:31:22.0437 3052  isapnp - ok
12:31:22.0468 3052  [ A4E3277398C8ABA999483D4C658C9696 ] K56             C:\windows\system32\DRIVERS\k56nt.sys
12:31:22.0531 3052  K56 - ok
12:31:22.0562 3052  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
12:31:22.0843 3052  Kbdclass - ok
12:31:22.0875 3052  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
12:31:23.0156 3052  kbdhid - ok
12:31:23.0187 3052  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\windows\system32\drivers\kmixer.sys
12:31:23.0468 3052  kmixer - ok
12:31:23.0515 3052  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\windows\system32\drivers\KSecDD.sys
12:31:23.0671 3052  KSecDD - ok
12:31:23.0718 3052  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\windows\System32\srvsvc.dll
12:31:23.0812 3052  lanmanserver - ok
12:31:23.0859 3052  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll
12:31:23.0937 3052  lanmanworkstation - ok
12:31:23.0953 3052  lbrtfdc - ok
12:31:23.0984 3052  Licedikv - ok
12:31:24.0046 3052  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\windows\System32\lmhsvc.dll
12:31:24.0328 3052  LmHosts - ok
12:31:24.0375 3052  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\windows\System32\msgsvc.dll
12:31:24.0656 3052  Messenger - ok
12:31:24.0718 3052  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\windows\system32\drivers\mnmdd.sys
12:31:24.0984 3052  mnmdd - ok
12:31:25.0031 3052  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
12:31:25.0312 3052  mnmsrvc - ok
12:31:25.0359 3052  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\windows\system32\drivers\Modem.sys
12:31:25.0625 3052  Modem - ok
12:31:25.0671 3052  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\windows\system32\DRIVERS\mouclass.sys
12:31:25.0953 3052  Mouclass - ok
12:31:26.0015 3052  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
12:31:26.0296 3052  mouhid - ok
12:31:26.0328 3052  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\windows\system32\drivers\MountMgr.sys
12:31:26.0625 3052  MountMgr - ok
12:31:26.0687 3052  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:31:26.0734 3052  MozillaMaintenance - ok
12:31:26.0781 3052  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
12:31:26.0859 3052  MpFilter - ok
12:31:26.0859 3052  mraid35x - ok
12:31:26.0906 3052  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\windows\system32\DRIVERS\mrxdav.sys
12:31:27.0171 3052  MRxDAV - ok
12:31:27.0328 3052  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\windows\system32\DRIVERS\mrxsmb.sys
12:31:27.0421 3052  MRxSmb - ok
12:31:27.0468 3052  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
12:31:27.0734 3052  MSDTC - ok
12:31:27.0765 3052  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\windows\system32\drivers\Msfs.sys
12:31:28.0031 3052  Msfs - ok
12:31:28.0046 3052  MSIServer - ok
12:31:28.0078 3052  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
12:31:28.0343 3052  MSKSSRV - ok
12:31:28.0406 3052  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:31:28.0437 3052  MsMpSvc - ok
12:31:28.0453 3052  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
12:31:28.0734 3052  MSPCLOCK - ok
12:31:28.0781 3052  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
12:31:29.0062 3052  MSPQM - ok
12:31:29.0093 3052  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
12:31:29.0359 3052  mssmbios - ok
12:31:29.0406 3052  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\windows\system32\drivers\Mup.sys
12:31:29.0484 3052  Mup - ok
12:31:29.0546 3052  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\windows\System32\qagentrt.dll
12:31:29.0828 3052  napagent - ok
12:31:29.0875 3052  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\windows\system32\drivers\NDIS.sys
12:31:30.0156 3052  NDIS - ok
12:31:30.0203 3052  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
12:31:30.0296 3052  NdisTapi - ok
12:31:30.0343 3052  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
12:31:30.0625 3052  Ndisuio - ok
12:31:30.0656 3052  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
12:31:30.0937 3052  NdisWan - ok
12:31:30.0984 3052  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
12:31:31.0078 3052  NDProxy - ok
12:31:31.0125 3052  [ 9EAC175BA34898308620C1984C881845 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:31:31.0250 3052  Net Driver HPZ12 - ok
12:31:31.0281 3052  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
12:31:31.0562 3052  NetBIOS - ok
12:31:31.0625 3052  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
12:31:31.0906 3052  NetBT - ok
12:31:31.0953 3052  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\windows\system32\netdde.exe
12:31:32.0218 3052  NetDDE - ok
12:31:32.0265 3052  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\windows\system32\netdde.exe
12:31:32.0531 3052  NetDDEdsdm - ok
12:31:32.0578 3052  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\windows\system32\lsass.exe
12:31:32.0859 3052  Netlogon - ok
12:31:32.0921 3052  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\windows\System32\netman.dll
12:31:33.0203 3052  Netman - ok
12:31:33.0234 3052  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:31:33.0281 3052  NetTcpPortSharing - ok
12:31:33.0343 3052  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\windows\System32\mswsock.dll
12:31:33.0390 3052  Nla - ok
12:31:33.0421 3052  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\windows\system32\drivers\Npfs.sys
12:31:33.0687 3052  Npfs - ok
12:31:33.0750 3052  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
12:31:34.0046 3052  Ntfs - ok
12:31:34.0078 3052  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\windows\System32\lsass.exe
12:31:34.0328 3052  NtLmSsp - ok
12:31:34.0390 3052  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\windows\system32\ntmssvc.dll
12:31:34.0671 3052  NtmsSvc - ok
12:31:34.0703 3052  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\windows\system32\drivers\Null.sys
12:31:34.0984 3052  Null - ok
12:31:35.0078 3052  [ 1685A86CE8DC5A70D307DCA625FB50E7 ] nv              C:\windows\system32\DRIVERS\nv4_mini.sys
12:31:35.0218 3052  nv - ok
12:31:35.0250 3052  [ 697A09635E30D3722E1124EC33FACE15 ] NVSvc           C:\windows\System32\nvsvc32.exe
12:31:35.0312 3052  NVSvc - ok
12:31:35.0359 3052  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\windows\system32\DRIVERS\nwlnkflt.sys
12:31:35.0625 3052  NwlnkFlt - ok
12:31:35.0671 3052  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\windows\system32\DRIVERS\nwlnkfwd.sys
12:31:35.0953 3052  NwlnkFwd - ok
12:31:35.0984 3052  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\windows\system32\DRIVERS\parport.sys
12:31:36.0265 3052  Parport - ok
12:31:36.0328 3052  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\windows\system32\drivers\PartMgr.sys
12:31:36.0593 3052  PartMgr - ok
12:31:36.0640 3052  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\windows\system32\drivers\ParVdm.sys
12:31:36.0906 3052  ParVdm - ok
12:31:36.0953 3052  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\windows\system32\DRIVERS\pci.sys
12:31:37.0234 3052  PCI - ok
12:31:37.0265 3052  PCIDump - ok
12:31:37.0281 3052  PCIIde - ok
12:31:37.0328 3052  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\windows\system32\drivers\Pcmcia.sys
12:31:37.0609 3052  Pcmcia - ok
12:31:37.0609 3052  PDCOMP - ok
12:31:37.0640 3052  PDFRAME - ok
12:31:37.0656 3052  PDRELI - ok
12:31:37.0671 3052  PDRFRAME - ok
12:31:37.0687 3052  perc2 - ok
12:31:37.0703 3052  perc2hib - ok
12:31:37.0796 3052  [ D0F9F362023BF94CF58A1C3CDBBEBE06 ] PhotoshopElementsDeviceConnect C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
12:31:37.0812 3052  PhotoshopElementsDeviceConnect ( UnsignedFile.Multi.Generic ) - warning
12:31:37.0812 3052  PhotoshopElementsDeviceConnect - detected UnsignedFile.Multi.Generic (1)
12:31:37.0843 3052  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\windows\system32\services.exe
12:31:37.0890 3052  PlugPlay - ok
12:31:37.0937 3052  [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:31:38.0062 3052  Pml Driver HPZ12 - ok
12:31:38.0093 3052  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\windows\system32\lsass.exe
12:31:38.0375 3052  PolicyAgent - ok
12:31:38.0437 3052  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
12:31:38.0718 3052  PptpMiniport - ok
12:31:38.0765 3052  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\windows\system32\DRIVERS\processr.sys
12:31:39.0046 3052  Processor - ok
12:31:39.0078 3052  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe
12:31:39.0328 3052  ProtectedStorage - ok
12:31:39.0359 3052  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\windows\system32\DRIVERS\psched.sys
12:31:39.0671 3052  PSched - ok
12:31:39.0718 3052  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\windows\system32\DRIVERS\ptilink.sys
12:31:39.0968 3052  Ptilink - ok
12:31:40.0015 3052  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
12:31:40.0250 3052  PxHelp20 - ok
12:31:40.0265 3052  ql1080 - ok
12:31:40.0296 3052  Ql10wnt - ok
12:31:40.0312 3052  ql12160 - ok
12:31:40.0328 3052  ql1240 - ok
12:31:40.0343 3052  ql1280 - ok
12:31:40.0406 3052  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
12:31:40.0687 3052  RasAcd - ok
12:31:40.0750 3052  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\windows\System32\rasauto.dll
12:31:41.0046 3052  RasAuto - ok
12:31:41.0078 3052  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
12:31:41.0375 3052  Rasl2tp - ok
12:31:41.0421 3052  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\windows\System32\rasmans.dll
12:31:41.0703 3052  RasMan - ok
12:31:41.0750 3052  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
12:31:42.0046 3052  RasPppoe - ok
12:31:42.0078 3052  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\windows\system32\DRIVERS\raspti.sys
12:31:42.0406 3052  Raspti - ok
12:31:42.0437 3052  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\windows\system32\DRIVERS\rdbss.sys
12:31:42.0734 3052  Rdbss - ok
12:31:42.0750 3052  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
12:31:43.0015 3052  RDPCDD - ok
12:31:43.0109 3052  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
12:31:43.0265 3052  RDPWD - ok
12:31:43.0312 3052  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:31:43.0625 3052  RDSessMgr - ok
12:31:43.0656 3052  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\windows\system32\DRIVERS\redbook.sys
12:31:43.0937 3052  redbook - ok
12:31:44.0000 3052  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\windows\System32\mprdim.dll
12:31:44.0328 3052  RemoteAccess - ok
12:31:44.0406 3052  [ AB1D1720F720E8DC470BCF0F1A152763 ] RetroExpLauncher C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
12:31:44.0421 3052  RetroExpLauncher ( UnsignedFile.Multi.Generic ) - warning
12:31:44.0421 3052  RetroExpLauncher - detected UnsignedFile.Multi.Generic (1)
12:31:44.0468 3052  [ 4C35E57300A2DC5932A8E29EFA527C32 ] Rksample        C:\windows\system32\DRIVERS\rksample.sys
12:31:44.0515 3052  Rksample - ok
12:31:44.0593 3052  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\windows\System32\locator.exe
12:31:44.0859 3052  RpcLocator - ok
12:31:44.0906 3052  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\windows\System32\rpcss.dll
12:31:44.0953 3052  RpcSs - ok
12:31:45.0000 3052  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\windows\System32\rsvp.exe
12:31:45.0312 3052  RSVP - ok
12:31:45.0328 3052  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\windows\system32\lsass.exe
12:31:45.0718 3052  SamSs - ok
12:31:45.0781 3052  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\windows\System32\SCardSvr.exe
12:31:46.0125 3052  SCardSvr - ok
12:31:46.0187 3052  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\windows\system32\schedsvc.dll
12:31:46.0515 3052  Schedule - ok
12:31:46.0578 3052  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\windows\system32\DRIVERS\secdrv.sys
12:31:46.0750 3052  Secdrv - ok
12:31:46.0796 3052  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\windows\System32\seclogon.dll
12:31:47.0093 3052  seclogon - ok
12:31:47.0140 3052  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\windows\system32\sens.dll
12:31:47.0453 3052  SENS - ok
12:31:47.0500 3052  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\windows\system32\DRIVERS\serenum.sys
12:31:47.0796 3052  serenum - ok
12:31:47.0828 3052  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\windows\system32\DRIVERS\serial.sys
12:31:48.0156 3052  Serial - ok
12:31:48.0218 3052  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\windows\system32\drivers\Sfloppy.sys
12:31:48.0500 3052  Sfloppy - ok
12:31:48.0562 3052  [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman           C:\windows\system32\drivers\sfmanm.sys
12:31:48.0859 3052  sfman - ok
12:31:48.0921 3052  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\windows\System32\ipnathlp.dll
12:31:49.0265 3052  SharedAccess - ok
12:31:49.0312 3052  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:31:49.0359 3052  ShellHWDetection - ok
12:31:49.0375 3052  Simbad - ok
12:31:49.0437 3052  [ 413CFA795CAD19A010889DF0EC060408 ] SoftFax         C:\windows\system32\DRIVERS\faxnt.sys
12:31:49.0484 3052  SoftFax - ok
12:31:49.0531 3052  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\windows\system32\DRIVERS\SONYPVU1.SYS
12:31:49.0859 3052  SONYPVU1 - ok
12:31:49.0875 3052  Sparrow - ok
12:31:49.0921 3052  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\windows\system32\drivers\splitter.sys
12:31:50.0234 3052  splitter - ok
12:31:50.0296 3052  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\windows\system32\spoolsv.exe
12:31:50.0359 3052  Spooler - ok
12:31:50.0390 3052  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\windows\system32\DRIVERS\sr.sys
12:31:50.0531 3052  sr - ok
12:31:50.0578 3052  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\windows\system32\srsvc.dll
12:31:50.0718 3052  srservice - ok
12:31:50.0765 3052  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\windows\system32\DRIVERS\srv.sys
12:31:50.0875 3052  Srv - ok
12:31:50.0937 3052  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
12:31:51.0109 3052  SSDPSRV - ok
12:31:51.0171 3052  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\windows\system32\wiaservc.dll
12:31:51.0484 3052  stisvc - ok
12:31:51.0531 3052  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\windows\system32\DRIVERS\swenum.sys
12:31:51.0828 3052  swenum - ok
12:31:51.0859 3052  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\windows\system32\drivers\swmidi.sys
12:31:52.0140 3052  swmidi - ok
12:31:52.0156 3052  SwPrv - ok
12:31:52.0187 3052  symc810 - ok
12:31:52.0203 3052  symc8xx - ok
12:31:52.0234 3052  sym_hi - ok
12:31:52.0250 3052  sym_u3 - ok
12:31:52.0281 3052  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\windows\system32\drivers\sysaudio.sys
12:31:52.0578 3052  sysaudio - ok
12:31:52.0625 3052  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\windows\system32\smlogsvc.exe
12:31:52.0906 3052  SysmonLog - ok
12:31:52.0953 3052  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\windows\System32\tapisrv.dll
12:31:53.0265 3052  TapiSrv - ok
12:31:53.0343 3052  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\windows\system32\DRIVERS\tcpip.sys
12:31:53.0406 3052  Tcpip - ok
12:31:53.0453 3052  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\windows\system32\drivers\TDPIPE.sys
12:31:53.0750 3052  TDPIPE - ok
12:31:53.0781 3052  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\windows\system32\drivers\TDTCP.sys
12:31:54.0062 3052  TDTCP - ok
12:31:54.0109 3052  [ 88155247177638048422893737429D9E ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
12:31:54.0390 3052  TermDD - ok
12:31:54.0468 3052  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\windows\System32\termsrv.dll
12:31:54.0734 3052  TermService - ok
12:31:54.0765 3052  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\windows\System32\shsvcs.dll
12:31:54.0796 3052  Themes - ok
12:31:54.0828 3052  [ E0F10A379239B4FAB319C55A9CD6BC96 ] Tones           C:\windows\system32\DRIVERS\tonesnt.sys
12:31:54.0875 3052  Tones - ok
12:31:54.0890 3052  TosIde - ok
12:31:54.0953 3052  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\windows\system32\trkwks.dll
12:31:55.0234 3052  TrkWks - ok
12:31:55.0296 3052  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\windows\system32\drivers\Udfs.sys
12:31:55.0578 3052  Udfs - ok
12:31:55.0593 3052  ultra - ok
12:31:55.0609 3052  UNL - ok
12:31:55.0671 3052  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\windows\system32\DRIVERS\update.sys
12:31:55.0984 3052  Update - ok
12:31:56.0046 3052  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\windows\System32\upnphost.dll
12:31:56.0187 3052  upnphost - ok
12:31:56.0218 3052  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\windows\System32\ups.exe
12:31:56.0484 3052  UPS - ok
12:31:56.0546 3052  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
12:31:56.0843 3052  usbccgp - ok
12:31:56.0875 3052  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
12:31:57.0171 3052  usbehci - ok
12:31:57.0203 3052  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
12:31:57.0484 3052  usbhub - ok
12:31:57.0531 3052  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
12:31:57.0828 3052  usbohci - ok
12:31:57.0859 3052  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
12:31:58.0140 3052  usbprint - ok
12:31:58.0171 3052  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
12:31:58.0453 3052  usbscan - ok
12:31:58.0500 3052  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
12:31:58.0781 3052  USBSTOR - ok
12:31:58.0828 3052  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
12:31:59.0109 3052  usbuhci - ok
12:31:59.0156 3052  [ 177B65899D418F8C8F037B20567A99D6 ] V124            C:\windows\system32\DRIVERS\v124nt.sys
12:31:59.0187 3052  V124 - ok
12:31:59.0234 3052  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\windows\System32\drivers\vga.sys
12:31:59.0500 3052  VgaSave - ok
12:31:59.0515 3052  ViaIde - ok
12:31:59.0562 3052  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\windows\system32\drivers\VolSnap.sys
12:31:59.0843 3052  VolSnap - ok
12:31:59.0906 3052  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\windows\System32\vssvc.exe
12:32:00.0031 3052  VSS - ok
12:32:00.0078 3052  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\windows\system32\w32time.dll
12:32:00.0375 3052  W32Time - ok
12:32:00.0406 3052  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
12:32:00.0671 3052  Wanarp - ok
12:32:00.0687 3052  WDICA - ok
12:32:00.0734 3052  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\windows\system32\drivers\wdmaud.sys
12:32:01.0000 3052  wdmaud - ok
12:32:01.0062 3052  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\windows\System32\webclnt.dll
12:32:01.0359 3052  WebClient - ok
12:32:01.0406 3052  [ A941AA38E3951058E584C4BBDDD56ED9 ] winachsf        C:\windows\system32\DRIVERS\HSF_CNXT.sys
12:32:01.0437 3052  winachsf - ok
12:32:01.0531 3052  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\windows\system32\wbem\WMIsvc.dll
12:32:01.0781 3052  winmgmt - ok
12:32:01.0859 3052  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:32:01.0937 3052  WmdmPmSN - ok
12:32:02.0015 3052  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:32:02.0328 3052  WmiApSrv - ok
12:32:02.0421 3052  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:32:02.0500 3052  WMPNetworkSvc - ok
12:32:02.0546 3052  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\windows\System32\drivers\ws2ifsl.sys
12:32:02.0812 3052  WS2IFSL - ok
12:32:02.0843 3052  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\windows\system32\wscsvc.dll
12:32:03.0125 3052  wscsvc - ok
12:32:03.0171 3052  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\windows\system32\wuauserv.dll
12:32:03.0453 3052  wuauserv - ok
12:32:03.0484 3052  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\windows\system32\DRIVERS\WudfPf.sys
12:32:03.0546 3052  WudfPf - ok
12:32:03.0578 3052  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\windows\system32\DRIVERS\wudfrd.sys
12:32:03.0625 3052  WudfRd - ok
12:32:03.0656 3052  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\windows\System32\WUDFSvc.dll
12:32:03.0703 3052  WudfSvc - ok
12:32:03.0765 3052  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\windows\System32\wzcsvc.dll
12:32:04.0062 3052  WZCSVC - ok
12:32:04.0093 3052  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\windows\System32\xmlprov.dll
12:32:04.0406 3052  xmlprov - ok
12:32:04.0421 3052  ================ Scan global ===============================
12:32:04.0484 3052  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll
12:32:04.0531 3052  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
12:32:04.0578 3052  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
12:32:04.0609 3052  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe
12:32:04.0609 3052  [Global] - ok
12:32:04.0625 3052  ================ Scan MBR ==================================
12:32:04.0640 3052  [ 4E800BC56057CADF2FCDFC8F093595DC ] \Device\Harddisk0\DR0
12:32:05.0046 3052  \Device\Harddisk0\DR0 - ok
12:32:05.0062 3052  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
12:32:05.0140 3052  \Device\Harddisk1\DR1 - ok
12:32:05.0156 3052  ================ Scan VBR ==================================
12:32:05.0156 3052  [ A73C52B7452BF72F9BDCD75783470A86 ] \Device\Harddisk0\DR0\Partition1
12:32:05.0156 3052  \Device\Harddisk0\DR0\Partition1 - ok
12:32:05.0250 3052  [ E48EBCA20FBF5C133403331C2CACCCF4 ] \Device\Harddisk0\DR0\Partition2
12:32:05.0250 3052  \Device\Harddisk0\DR0\Partition2 - ok
12:32:05.0250 3052  ================ Scan active images ========================
12:32:05.0265 3052  [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys
12:32:05.0265 3052  C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys - ok
12:32:05.0281 3052  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\SYSTEM32\DRIVERS\videoprt.sys
12:32:05.0281 3052  C:\WINDOWS\SYSTEM32\DRIVERS\videoprt.sys - ok
12:32:05.0296 3052  [ 1685A86CE8DC5A70D307DCA625FB50E7 ] C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
12:32:05.0296 3052  C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys - ok
12:32:05.0312 3052  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\SYSTEM32\DRIVERS\ks.sys
12:32:05.0312 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ks.sys - ok
12:32:05.0328 3052  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys
12:32:05.0328 3052  C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys - ok
12:32:05.0328 3052  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys
12:32:05.0343 3052  C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys - ok
12:32:05.0343 3052  [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys
12:32:05.0343 3052  C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys - ok
12:32:05.0375 3052  [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys
12:32:05.0375 3052  C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys - ok
12:32:05.0390 3052  [ 7FFA171CCE6A8BFC774862A578BA39A2 ] C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys
12:32:05.0390 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys - ok
12:32:05.0406 3052  [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys
12:32:05.0406 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys - ok
12:32:05.0421 3052  [ 9372CC48814A17E67C28945EB4ACC189 ] C:\WINDOWS\SYSTEM32\DRIVERS\basic2.sys
12:32:05.0421 3052  C:\WINDOWS\SYSTEM32\DRIVERS\basic2.sys - ok
12:32:05.0437 3052  [ 065639773D8B03F33577F6CDAEA21063 ] C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys
12:32:05.0437 3052  C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys - ok
12:32:05.0437 3052  [ 4C35E57300A2DC5932A8E29EFA527C32 ] C:\WINDOWS\SYSTEM32\DRIVERS\rksample.sys
12:32:05.0437 3052  C:\WINDOWS\SYSTEM32\DRIVERS\rksample.sys - ok
12:32:05.0453 3052  [ F270A6CEEEBBAAF8D5633BDA2CA01A60 ] C:\WINDOWS\SYSTEM32\DRIVERS\soar.sys
12:32:05.0453 3052  C:\WINDOWS\SYSTEM32\DRIVERS\soar.sys - ok
12:32:05.0468 3052  [ 76C432D458995DCBF17F7AED9766F9E6 ] C:\WINDOWS\SYSTEM32\DRIVERS\amosnt.sys
12:32:05.0468 3052  C:\WINDOWS\SYSTEM32\DRIVERS\amosnt.sys - ok
12:32:05.0484 3052  [ A941AA38E3951058E584C4BBDDD56ED9 ] C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys
12:32:05.0484 3052  C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys - ok
12:32:05.0500 3052  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\SYSTEM32\DRIVERS\modem.sys
12:32:05.0500 3052  C:\WINDOWS\SYSTEM32\DRIVERS\modem.sys - ok
12:32:05.0515 3052  [ 116BFF96077A4A724E0AAB800525CEB5 ] C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys
12:32:05.0515 3052  C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys - ok
12:32:05.0531 3052  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\SYSTEM32\DRIVERS\usbport.sys
12:32:05.0531 3052  C:\WINDOWS\SYSTEM32\DRIVERS\usbport.sys - ok
12:32:05.0546 3052  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
12:32:05.0546 3052  C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys - ok
12:32:05.0562 3052  [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\SYSTEM32\DRIVERS\usbohci.sys
12:32:05.0562 3052  C:\WINDOWS\SYSTEM32\DRIVERS\usbohci.sys - ok
12:32:05.0578 3052  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys
12:32:05.0578 3052  C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys - ok
12:32:05.0593 3052  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys
12:32:05.0593 3052  C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys - ok
12:32:05.0609 3052  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys
12:32:05.0609 3052  C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys - ok
12:32:05.0625 3052  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys
12:32:05.0625 3052  C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys - ok
12:32:05.0640 3052  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys
12:32:05.0640 3052  C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys - ok
12:32:05.0656 3052  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys
12:32:05.0656 3052  C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys - ok
12:32:05.0671 3052  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys
12:32:05.0671 3052  C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys - ok
12:32:05.0687 3052  [ 7581407A6A3C56860AE31E6E423FE824 ] C:\WINDOWS\SYSTEM32\DRIVERS\DLACDBHM.SYS
12:32:05.0687 3052  C:\WINDOWS\SYSTEM32\DRIVERS\DLACDBHM.SYS - ok
12:32:05.0703 3052  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys
12:32:05.0703 3052  C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys - ok
12:32:05.0718 3052  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
12:32:05.0718 3052  C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys - ok
12:32:05.0734 3052  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys
12:32:05.0734 3052  C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys - ok
12:32:05.0750 3052  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\SYSTEM32\DRIVERS\audstub.sys
12:32:05.0750 3052  C:\WINDOWS\SYSTEM32\DRIVERS\audstub.sys - ok
12:32:05.0765 3052  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys
12:32:05.0765 3052  C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys - ok
12:32:05.0781 3052  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\SYSTEM32\DRIVERS\ndistapi.sys
12:32:05.0781 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ndistapi.sys - ok
12:32:05.0796 3052  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys
12:32:05.0796 3052  C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys - ok
12:32:05.0812 3052  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys
12:32:05.0812 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys - ok
12:32:05.0828 3052  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys
12:32:05.0828 3052  C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys - ok
12:32:05.0843 3052  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\SYSTEM32\DRIVERS\tdi.sys
12:32:05.0843 3052  C:\WINDOWS\SYSTEM32\DRIVERS\tdi.sys - ok
12:32:05.0859 3052  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys
12:32:05.0859 3052  C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys - ok
12:32:05.0875 3052  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys
12:32:05.0875 3052  C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys - ok
12:32:05.0890 3052  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys
12:32:05.0890 3052  C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys - ok
12:32:05.0906 3052  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys
12:32:05.0906 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys - ok
12:32:05.0921 3052  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\SYSTEM32\DRIVERS\raspti.sys
12:32:05.0921 3052  C:\WINDOWS\SYSTEM32\DRIVERS\raspti.sys - ok
12:32:05.0937 3052  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys
12:32:05.0937 3052  C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys - ok
12:32:05.0953 3052  [ 88155247177638048422893737429D9E ] C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
12:32:05.0953 3052  C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys - ok
12:32:05.0968 3052  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\SYSTEM32\DRIVERS\update.sys
12:32:05.0968 3052  C:\WINDOWS\SYSTEM32\DRIVERS\update.sys - ok
12:32:05.0968 3052  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys
12:32:05.0968 3052  C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys - ok
12:32:05.0984 3052  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\SYSTEM32\DRIVERS\usbd.sys
12:32:05.0984 3052  C:\WINDOWS\SYSTEM32\DRIVERS\usbd.sys - ok
12:32:06.0000 3052  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys
12:32:06.0000 3052  C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys - ok
12:32:06.0015 3052  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\SYSTEM32\DRIVERS\ndproxy.sys
12:32:06.0015 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ndproxy.sys - ok
12:32:06.0031 3052  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys
12:32:06.0031 3052  C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys - ok
12:32:06.0046 3052  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\SYSTEM32\DRIVERS\sfloppy.sys
12:32:06.0046 3052  C:\WINDOWS\SYSTEM32\DRIVERS\sfloppy.sys - ok
12:32:06.0062 3052  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\SYSTEM32\DRIVERS\cdaudio.sys
12:32:06.0062 3052  C:\WINDOWS\SYSTEM32\DRIVERS\cdaudio.sys - ok
12:32:06.0078 3052  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\SYSTEM32\DRIVERS\fs_rec.sys
12:32:06.0078 3052  C:\WINDOWS\SYSTEM32\DRIVERS\fs_rec.sys - ok
12:32:06.0093 3052  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys
12:32:06.0093 3052  C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys - ok
12:32:06.0125 3052  [ 693DFD92D41A3D270053CD97834E4960 ] C:\WINDOWS\SYSTEM32\DRIVERS\DLARTL_N.SYS
12:32:06.0125 3052  C:\WINDOWS\SYSTEM32\DRIVERS\DLARTL_N.SYS - ok
12:32:06.0140 3052  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\SYSTEM32\DRIVERS\null.sys
12:32:06.0140 3052  C:\WINDOWS\SYSTEM32\DRIVERS\null.sys - ok
12:32:06.0156 3052  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\SYSTEM32\DRIVERS\hidparse.sys
12:32:06.0156 3052  C:\WINDOWS\SYSTEM32\DRIVERS\hidparse.sys - ok
12:32:06.0156 3052  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
12:32:06.0156 3052  C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys - ok
12:32:06.0171 3052  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\SYSTEM32\DRIVERS\vga.sys
12:32:06.0171 3052  C:\WINDOWS\SYSTEM32\DRIVERS\vga.sys - ok
12:32:06.0187 3052  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\SYSTEM32\DRIVERS\mnmdd.sys
12:32:06.0187 3052  C:\WINDOWS\SYSTEM32\DRIVERS\mnmdd.sys - ok
12:32:06.0203 3052  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\SYSTEM32\DRIVERS\msfs.sys
12:32:06.0203 3052  C:\WINDOWS\SYSTEM32\DRIVERS\msfs.sys - ok
12:32:06.0218 3052  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\SYSTEM32\DRIVERS\npfs.sys
12:32:06.0218 3052  C:\WINDOWS\SYSTEM32\DRIVERS\npfs.sys - ok
12:32:06.0234 3052  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\SYSTEM32\DRIVERS\rasacd.sys
12:32:06.0234 3052  C:\WINDOWS\SYSTEM32\DRIVERS\rasacd.sys - ok
12:32:06.0250 3052  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\SYSTEM32\DRIVERS\rdpcdd.sys
12:32:06.0250 3052  C:\WINDOWS\SYSTEM32\DRIVERS\rdpcdd.sys - ok
12:32:06.0265 3052  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys
12:32:06.0265 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys - ok
12:32:06.0281 3052  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
12:32:06.0281 3052  C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys - ok
12:32:06.0296 3052  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\SYSTEM32\DRIVERS\ipnat.sys
12:32:06.0296 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ipnat.sys - ok
12:32:06.0312 3052  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys
12:32:06.0312 3052  C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys - ok
12:32:06.0328 3052  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\SYSTEM32\DRIVERS\wanarp.sys
12:32:06.0328 3052  C:\WINDOWS\SYSTEM32\DRIVERS\wanarp.sys - ok
12:32:06.0343 3052  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\SYSTEM32\DRIVERS\ws2ifsl.sys
12:32:06.0343 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ws2ifsl.sys - ok
12:32:06.0359 3052  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
12:32:06.0359 3052  C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys - ok
12:32:06.0375 3052  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys
12:32:06.0375 3052  C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys - ok
12:32:06.0390 3052  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys
12:32:06.0390 3052  C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys - ok
12:32:06.0390 3052  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
12:32:06.0390 3052  C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys - ok
12:32:06.0406 3052  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\SYSTEM32\DRIVERS\fips.sys
12:32:06.0406 3052  C:\WINDOWS\SYSTEM32\DRIVERS\fips.sys - ok
12:32:06.0421 3052  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\SYSTEM32\smss.exe
12:32:06.0421 3052  C:\WINDOWS\SYSTEM32\smss.exe - ok
12:32:06.0437 3052  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\SYSTEM32\ntdll.dll
12:32:06.0437 3052  C:\WINDOWS\SYSTEM32\ntdll.dll - ok
12:32:06.0453 3052  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\SYSTEM32\autochk.exe
12:32:06.0453 3052  C:\WINDOWS\SYSTEM32\autochk.exe - ok
12:32:06.0468 3052  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
12:32:06.0468 3052  C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys - ok
12:32:06.0484 3052  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\SYSTEM32\sfcfiles.dll
12:32:06.0484 3052  C:\WINDOWS\SYSTEM32\sfcfiles.dll - ok
12:32:06.0500 3052  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\SYSTEM32\DRIVERS\cdfs.sys
12:32:06.0500 3052  C:\WINDOWS\SYSTEM32\DRIVERS\cdfs.sys - ok
12:32:06.0515 3052  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\SYSTEM32\DRIVERS\hidclass.sys
12:32:06.0515 3052  C:\WINDOWS\SYSTEM32\DRIVERS\hidclass.sys - ok
12:32:06.0531 3052  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
12:32:06.0531 3052  C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys - ok
12:32:06.0546 3052  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
12:32:06.0546 3052  C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys - ok
12:32:06.0546 3052  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
12:32:06.0546 3052  C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys - ok
12:32:06.0562 3052  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\SYSTEM32\DRIVERS\wmilib.sys
12:32:06.0562 3052  C:\WINDOWS\SYSTEM32\DRIVERS\wmilib.sys - ok
12:32:06.0578 3052  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\SYSTEM32\DRIVERS\dxapi.sys
12:32:06.0578 3052  C:\WINDOWS\SYSTEM32\DRIVERS\dxapi.sys - ok
12:32:06.0593 3052  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\SYSTEM32\watchdog.sys
12:32:06.0593 3052  C:\WINDOWS\SYSTEM32\watchdog.sys - ok
12:32:06.0609 3052  [ BD39EC6064A1B5DFDABCF312A38A37EE ] C:\WINDOWS\SYSTEM32\win32k.sys
12:32:06.0609 3052  C:\WINDOWS\SYSTEM32\win32k.sys - ok
12:32:06.0625 3052  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\SYSTEM32\csrss.exe
12:32:06.0625 3052  C:\WINDOWS\SYSTEM32\csrss.exe - ok
12:32:06.0640 3052  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\SYSTEM32\csrsrv.dll
12:32:06.0640 3052  C:\WINDOWS\SYSTEM32\csrsrv.dll - ok
12:32:06.0640 3052  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\SYSTEM32\basesrv.dll
12:32:06.0640 3052  C:\WINDOWS\SYSTEM32\basesrv.dll - ok
12:32:06.0656 3052  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\SYSTEM32\winsrv.dll
12:32:06.0656 3052  C:\WINDOWS\SYSTEM32\winsrv.dll - ok
12:32:06.0671 3052  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\SYSTEM32\gdi32.dll
12:32:06.0671 3052  C:\WINDOWS\SYSTEM32\gdi32.dll - ok
12:32:06.0687 3052  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\SYSTEM32\kernel32.dll
12:32:06.0687 3052  C:\WINDOWS\SYSTEM32\kernel32.dll - ok
12:32:06.0703 3052  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\SYSTEM32\user32.dll
12:32:06.0703 3052  C:\WINDOWS\SYSTEM32\user32.dll - ok
12:32:06.0703 3052  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\SYSTEM32\DRIVERS\dxg.sys
12:32:06.0703 3052  C:\WINDOWS\SYSTEM32\DRIVERS\dxg.sys - ok
12:32:06.0718 3052  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\SYSTEM32\DRIVERS\dxgthk.sys
12:32:06.0718 3052  C:\WINDOWS\SYSTEM32\DRIVERS\dxgthk.sys - ok
12:32:06.0734 3052  [ 3B4890CE5EFBEC5E3D7103506EE85454 ] C:\WINDOWS\SYSTEM32\nv4_disp.dll
12:32:06.0734 3052  C:\WINDOWS\SYSTEM32\nv4_disp.dll - ok
12:32:06.0750 3052  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\SYSTEM32\vga.dll
12:32:06.0750 3052  C:\WINDOWS\SYSTEM32\vga.dll - ok
12:32:06.0765 3052  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\SYSTEM32\winlogon.exe
12:32:06.0765 3052  C:\WINDOWS\SYSTEM32\winlogon.exe - ok
12:32:06.0781 3052  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\SYSTEM32\advapi32.dll
12:32:06.0781 3052  C:\WINDOWS\SYSTEM32\advapi32.dll - ok
12:32:06.0796 3052  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\SYSTEM32\rpcrt4.dll
12:32:06.0796 3052  C:\WINDOWS\SYSTEM32\rpcrt4.dll - ok
12:32:06.0812 3052  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\SYSTEM32\secur32.dll
12:32:06.0812 3052  C:\WINDOWS\SYSTEM32\secur32.dll - ok
12:32:06.0812 3052  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\SYSTEM32\authz.dll
12:32:06.0812 3052  C:\WINDOWS\SYSTEM32\authz.dll - ok
12:32:06.0828 3052  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\SYSTEM32\msvcrt.dll
12:32:06.0828 3052  C:\WINDOWS\SYSTEM32\msvcrt.dll - ok
12:32:06.0843 3052  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\SYSTEM32\crypt32.dll
12:32:06.0843 3052  C:\WINDOWS\SYSTEM32\crypt32.dll - ok
12:32:06.0859 3052  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\SYSTEM32\msasn1.dll
12:32:06.0859 3052  C:\WINDOWS\SYSTEM32\msasn1.dll - ok
12:32:06.0875 3052  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\SYSTEM32\nddeapi.dll
12:32:06.0875 3052  C:\WINDOWS\SYSTEM32\nddeapi.dll - ok
12:32:06.0890 3052  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\SYSTEM32\profmap.dll
12:32:06.0890 3052  C:\WINDOWS\SYSTEM32\profmap.dll - ok
12:32:06.0890 3052  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\SYSTEM32\netapi32.dll
12:32:06.0890 3052  C:\WINDOWS\SYSTEM32\netapi32.dll - ok
12:32:06.0906 3052  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\SYSTEM32\userenv.dll
12:32:06.0906 3052  C:\WINDOWS\SYSTEM32\userenv.dll - ok
12:32:06.0921 3052  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\SYSTEM32\psapi.dll
12:32:06.0921 3052  C:\WINDOWS\SYSTEM32\psapi.dll - ok
12:32:06.0937 3052  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\SYSTEM32\regapi.dll
12:32:06.0937 3052  C:\WINDOWS\SYSTEM32\regapi.dll - ok
12:32:06.0953 3052  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\SYSTEM32\setupapi.dll
12:32:06.0953 3052  C:\WINDOWS\SYSTEM32\setupapi.dll - ok
12:32:06.0953 3052  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\SYSTEM32\version.dll
12:32:06.0953 3052  C:\WINDOWS\SYSTEM32\version.dll - ok
12:32:06.0968 3052  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\SYSTEM32\winsta.dll
12:32:06.0968 3052  C:\WINDOWS\SYSTEM32\winsta.dll - ok
12:32:06.0984 3052  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\SYSTEM32\wintrust.dll
12:32:06.0984 3052  C:\WINDOWS\SYSTEM32\wintrust.dll - ok
12:32:07.0000 3052  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\SYSTEM32\imagehlp.dll
12:32:07.0000 3052  C:\WINDOWS\SYSTEM32\imagehlp.dll - ok
12:32:07.0015 3052  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\SYSTEM32\ws2_32.dll
12:32:07.0015 3052  C:\WINDOWS\SYSTEM32\ws2_32.dll - ok
12:32:07.0031 3052  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\SYSTEM32\ws2help.dll
12:32:07.0031 3052  C:\WINDOWS\SYSTEM32\ws2help.dll - ok
12:32:07.0046 3052  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\SYSTEM32\imm32.dll
12:32:07.0046 3052  C:\WINDOWS\SYSTEM32\imm32.dll - ok
12:32:07.0062 3052  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\SYSTEM32\kbdus.dll
12:32:07.0062 3052  C:\WINDOWS\SYSTEM32\kbdus.dll - ok
12:32:07.0078 3052  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\SYSTEM32\msgina.dll
12:32:07.0078 3052  C:\WINDOWS\SYSTEM32\msgina.dll - ok
12:32:07.0078 3052  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\SYSTEM32\comctl32.dll
12:32:07.0078 3052  C:\WINDOWS\SYSTEM32\comctl32.dll - ok
12:32:07.0093 3052  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\SYSTEM32\comdlg32.dll
12:32:07.0093 3052  C:\WINDOWS\SYSTEM32\comdlg32.dll - ok
12:32:07.0109 3052  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\SYSTEM32\odbc32.dll
12:32:07.0109 3052  C:\WINDOWS\SYSTEM32\odbc32.dll - ok
12:32:07.0125 3052  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\SYSTEM32\shell32.dll
12:32:07.0125 3052  C:\WINDOWS\SYSTEM32\shell32.dll - ok
12:32:07.0140 3052  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\SYSTEM32\shlwapi.dll
12:32:07.0140 3052  C:\WINDOWS\SYSTEM32\shlwapi.dll - ok
12:32:07.0140 3052  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\SYSTEM32\sxs.dll
12:32:07.0140 3052  C:\WINDOWS\SYSTEM32\sxs.dll - ok
12:32:07.0156 3052  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
12:32:07.0156 3052  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
12:32:07.0171 3052  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\SYSTEM32\odbcint.dll
12:32:07.0171 3052  C:\WINDOWS\SYSTEM32\odbcint.dll - ok
12:32:07.0187 3052  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\SYSTEM32\shsvcs.dll
12:32:07.0187 3052  C:\WINDOWS\SYSTEM32\shsvcs.dll - ok
12:32:07.0203 3052  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\SYSTEM32\sfc.dll
12:32:07.0203 3052  C:\WINDOWS\SYSTEM32\sfc.dll - ok
12:32:07.0218 3052  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\SYSTEM32\sfc_os.dll
12:32:07.0218 3052  C:\WINDOWS\SYSTEM32\sfc_os.dll - ok
12:32:07.0234 3052  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\SYSTEM32\ole32.dll
12:32:07.0234 3052  C:\WINDOWS\SYSTEM32\ole32.dll - ok
12:32:07.0234 3052  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\SYSTEM32\apphelp.dll
12:32:07.0234 3052  C:\WINDOWS\SYSTEM32\apphelp.dll - ok
12:32:07.0250 3052  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\SYSTEM32\lsass.exe
12:32:07.0250 3052  C:\WINDOWS\SYSTEM32\lsass.exe - ok
12:32:07.0265 3052  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\SYSTEM32\services.exe
12:32:07.0265 3052  C:\WINDOWS\SYSTEM32\services.exe - ok
12:32:07.0281 3052  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\SYSTEM32\lsasrv.dll
12:32:07.0281 3052  C:\WINDOWS\SYSTEM32\lsasrv.dll - ok
12:32:07.0296 3052  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\SYSTEM32\ncobjapi.dll
12:32:07.0296 3052  C:\WINDOWS\SYSTEM32\ncobjapi.dll - ok
12:32:07.0312 3052  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\SYSTEM32\msvcp60.dll
12:32:07.0312 3052  C:\WINDOWS\SYSTEM32\msvcp60.dll - ok
12:32:07.0328 3052  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\SYSTEM32\mpr.dll
12:32:07.0328 3052  C:\WINDOWS\SYSTEM32\mpr.dll - ok
12:32:07.0343 3052  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\SYSTEM32\scesrv.dll
12:32:07.0343 3052  C:\WINDOWS\SYSTEM32\scesrv.dll - ok
12:32:07.0343 3052  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\SYSTEM32\ntdsapi.dll
12:32:07.0343 3052  C:\WINDOWS\SYSTEM32\ntdsapi.dll - ok
12:32:07.0359 3052  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\SYSTEM32\dnsapi.dll
12:32:07.0359 3052  C:\WINDOWS\SYSTEM32\dnsapi.dll - ok
12:32:07.0375 3052  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\SYSTEM32\umpnpmgr.dll
12:32:07.0375 3052  C:\WINDOWS\SYSTEM32\umpnpmgr.dll - ok
12:32:07.0390 3052  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\SYSTEM32\shimeng.dll
12:32:07.0390 3052  C:\WINDOWS\SYSTEM32\shimeng.dll - ok
12:32:07.0390 3052  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\SYSTEM32\wldap32.dll
12:32:07.0390 3052  C:\WINDOWS\SYSTEM32\wldap32.dll - ok
12:32:07.0406 3052  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
12:32:07.0406 3052  C:\WINDOWS\AppPatch\acadproc.dll - ok
12:32:07.0421 3052  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\SYSTEM32\samlib.dll
12:32:07.0421 3052  C:\WINDOWS\SYSTEM32\samlib.dll - ok
12:32:07.0437 3052  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\SYSTEM32\samsrv.dll
12:32:07.0437 3052  C:\WINDOWS\SYSTEM32\samsrv.dll - ok
12:32:07.0453 3052  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
12:32:07.0453 3052  C:\WINDOWS\AppPatch\acgenral.dll - ok
12:32:07.0468 3052  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\SYSTEM32\cryptdll.dll
12:32:07.0468 3052  C:\WINDOWS\SYSTEM32\cryptdll.dll - ok
12:32:07.0484 3052  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\SYSTEM32\winmm.dll
12:32:07.0484 3052  C:\WINDOWS\SYSTEM32\winmm.dll - ok
12:32:07.0484 3052  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\SYSTEM32\oleaut32.dll
12:32:07.0484 3052  C:\WINDOWS\SYSTEM32\oleaut32.dll - ok
12:32:07.0500 3052  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\SYSTEM32\msacm32.dll
12:32:07.0500 3052  C:\WINDOWS\SYSTEM32\msacm32.dll - ok
12:32:07.0515 3052  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\SYSTEM32\uxtheme.dll
12:32:07.0515 3052  C:\WINDOWS\SYSTEM32\uxtheme.dll - ok
12:32:07.0531 3052  [ C41907648CF7F3E83CED1E35F9B8D858 ] C:\WINDOWS\SYSTEM32\ctwdm32.dll
12:32:07.0531 3052  C:\WINDOWS\SYSTEM32\ctwdm32.dll - ok
12:32:07.0546 3052  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\SYSTEM32\msapsspc.dll
12:32:07.0546 3052  C:\WINDOWS\SYSTEM32\msapsspc.dll - ok
12:32:07.0562 3052  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\SYSTEM32\msvcrt40.dll
12:32:07.0562 3052  C:\WINDOWS\SYSTEM32\msvcrt40.dll - ok
12:32:07.0578 3052  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\SYSTEM32\schannel.dll
12:32:07.0578 3052  C:\WINDOWS\SYSTEM32\schannel.dll - ok
12:32:07.0578 3052  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\SYSTEM32\digest.dll
12:32:07.0578 3052  C:\WINDOWS\SYSTEM32\digest.dll - ok
12:32:07.0593 3052  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\SYSTEM32\msnsspc.dll
12:32:07.0593 3052  C:\WINDOWS\SYSTEM32\msnsspc.dll - ok
12:32:07.0609 3052  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\SYSTEM32\msctfime.ime
12:32:07.0609 3052  C:\WINDOWS\SYSTEM32\msctfime.ime - ok
12:32:07.0625 3052  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\SYSTEM32\msprivs.dll
12:32:07.0625 3052  C:\WINDOWS\SYSTEM32\msprivs.dll - ok
12:32:07.0640 3052  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\SYSTEM32\kerberos.dll
12:32:07.0640 3052  C:\WINDOWS\SYSTEM32\kerberos.dll - ok
12:32:07.0640 3052  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\SYSTEM32\atmfd.dll
12:32:07.0640 3052  C:\WINDOWS\SYSTEM32\atmfd.dll - ok
12:32:07.0656 3052  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\SYSTEM32\msv1_0.dll
12:32:07.0656 3052  C:\WINDOWS\SYSTEM32\msv1_0.dll - ok
12:32:07.0671 3052  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\SYSTEM32\iphlpapi.dll
12:32:07.0671 3052  C:\WINDOWS\SYSTEM32\iphlpapi.dll - ok
12:32:07.0687 3052  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\SYSTEM32\netlogon.dll
12:32:07.0687 3052  C:\WINDOWS\SYSTEM32\netlogon.dll - ok
12:32:07.0703 3052  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\SYSTEM32\w32time.dll
12:32:07.0703 3052  C:\WINDOWS\SYSTEM32\w32time.dll - ok
12:32:07.0718 3052  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\SYSTEM32\wdigest.dll
12:32:07.0718 3052  C:\WINDOWS\SYSTEM32\wdigest.dll - ok
12:32:07.0734 3052  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\SYSTEM32\rsaenh.dll
12:32:07.0734 3052  C:\WINDOWS\SYSTEM32\rsaenh.dll - ok
12:32:07.0734 3052  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\SYSTEM32\winscard.dll
12:32:07.0734 3052  C:\WINDOWS\SYSTEM32\winscard.dll - ok
12:32:07.0750 3052  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\SYSTEM32\wtsapi32.dll
12:32:07.0750 3052  C:\WINDOWS\SYSTEM32\wtsapi32.dll - ok
12:32:07.0765 3052  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\SYSTEM32\scecli.dll
12:32:07.0765 3052  C:\WINDOWS\SYSTEM32\scecli.dll - ok
12:32:07.0781 3052  [ 2AEEE1600D0F14BA535F90A1F4411B54 ] C:\WINDOWS\SYSTEM32\DRIVERS\DRVNDDM.SYS
12:32:07.0781 3052  C:\WINDOWS\SYSTEM32\DRIVERS\DRVNDDM.SYS - ok
12:32:07.0796 3052  [ 7C4CDF8A684B63D7482E0BF7440DC3B5 ] C:\WINDOWS\SYSTEM32\DLA\DLADResN.SYS
12:32:07.0796 3052  C:\WINDOWS\SYSTEM32\DLA\DLADResN.SYS - ok
12:32:07.0812 3052  [ 97BCA2AAC06A9FEA56615B4B15BDB9B8 ] C:\WINDOWS\SYSTEM32\DLA\DLAIFS_M.SYS
12:32:07.0812 3052  C:\WINDOWS\SYSTEM32\DLA\DLAIFS_M.SYS - ok
12:32:07.0828 3052  [ BE8D558CF749424F0DE612813F7C6725 ] C:\WINDOWS\SYSTEM32\DLA\DLAOPIOM.SYS
12:32:07.0828 3052  C:\WINDOWS\SYSTEM32\DLA\DLAOPIOM.SYS - ok
12:32:07.0843 3052  [ 7E5277CB45DC5E2A86AF8CE093C7EF31 ] C:\WINDOWS\SYSTEM32\DLA\DLAPoolM.SYS
12:32:07.0843 3052  C:\WINDOWS\SYSTEM32\DLA\DLAPoolM.SYS - ok
12:32:07.0843 3052  [ A14524D3F130A57163E0B3E057FC85D5 ] C:\WINDOWS\SYSTEM32\DLA\DLABOIOM.SYS
12:32:07.0843 3052  C:\WINDOWS\SYSTEM32\DLA\DLABOIOM.SYS - ok
12:32:07.0859 3052  [ D886B6D02B51E5BD61B8A571A16D5CA2 ] C:\WINDOWS\SYSTEM32\DLA\DLAUDFAM.SYS
12:32:07.0859 3052  C:\WINDOWS\SYSTEM32\DLA\DLAUDFAM.SYS - ok
12:32:07.0875 3052  [ 2C0ECF7A9D5162D87C64E2AE868B5039 ] C:\WINDOWS\SYSTEM32\DLA\DLAUDF_M.SYS
12:32:07.0875 3052  C:\WINDOWS\SYSTEM32\DLA\DLAUDF_M.SYS - ok
12:32:07.0890 3052  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\SYSTEM32\svchost.exe
12:32:07.0890 3052  C:\WINDOWS\SYSTEM32\svchost.exe - ok
12:32:07.0890 3052  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\SYSTEM32\ntmarta.dll
12:32:07.0890 3052  C:\WINDOWS\SYSTEM32\ntmarta.dll - ok
12:32:07.0906 3052  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\SYSTEM32\rpcss.dll
12:32:07.0906 3052  C:\WINDOWS\SYSTEM32\rpcss.dll - ok
12:32:07.0921 3052  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\SYSTEM32\xpsp2res.dll
12:32:07.0921 3052  C:\WINDOWS\SYSTEM32\xpsp2res.dll - ok
12:32:07.0937 3052  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\SYSTEM32\eventlog.dll
12:32:07.0937 3052  C:\WINDOWS\SYSTEM32\eventlog.dll - ok
12:32:07.0953 3052  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\SYSTEM32\mswsock.dll
12:32:07.0953 3052  C:\WINDOWS\SYSTEM32\mswsock.dll - ok
12:32:07.0968 3052  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\SYSTEM32\winrnr.dll
12:32:07.0968 3052  C:\WINDOWS\SYSTEM32\winrnr.dll - ok
12:32:07.0984 3052  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:32:07.0984 3052  C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
12:32:07.0984 3052  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\SYSTEM32\rasadhlp.dll
12:32:07.0984 3052  C:\WINDOWS\SYSTEM32\rasadhlp.dll - ok
12:32:08.0000 3052  [ F556912E70B22D740C9C99E310E3C11F ] C:\Program Files\Microsoft Security Client\MpSvc.dll
12:32:08.0000 3052  C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
12:32:08.0015 3052  [ 3D9381A332E4373F8811C71BA5078B31 ] C:\Program Files\Microsoft Security Client\MpClient.dll
12:32:08.0015 3052  C:\Program Files\Microsoft Security Client\MpClient.dll - ok
12:32:08.0031 3052  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\SYSTEM32\logonui.exe
12:32:08.0031 3052  C:\WINDOWS\SYSTEM32\logonui.exe - ok
12:32:08.0046 3052  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\SYSTEM32\duser.dll
12:32:08.0046 3052  C:\WINDOWS\SYSTEM32\duser.dll - ok
12:32:08.0062 3052  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\SYSTEM32\msimg32.dll
12:32:08.0062 3052  C:\WINDOWS\SYSTEM32\msimg32.dll - ok
12:32:08.0078 3052  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\SYSTEM32\oleacc.dll
12:32:08.0078 3052  C:\WINDOWS\SYSTEM32\oleacc.dll - ok
12:32:08.0093 3052  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys
12:32:08.0093 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys - ok
12:32:08.0109 3052  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\SYSTEM32\cscdll.dll
12:32:08.0109 3052  C:\WINDOWS\SYSTEM32\cscdll.dll - ok
12:32:08.0125 3052  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\SYSTEM32\dhcpcsvc.dll
12:32:08.0125 3052  C:\WINDOWS\SYSTEM32\dhcpcsvc.dll - ok
12:32:08.0140 3052  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\SYSTEM32\dimsntfy.dll
12:32:08.0140 3052  C:\WINDOWS\SYSTEM32\dimsntfy.dll - ok
12:32:08.0140 3052  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\SYSTEM32\wlnotify.dll
12:32:08.0140 3052  C:\WINDOWS\SYSTEM32\wlnotify.dll - ok
12:32:08.0156 3052  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\SYSTEM32\winspool.drv
12:32:08.0156 3052  C:\WINDOWS\SYSTEM32\winspool.drv - ok
12:32:08.0171 3052  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\SYSTEM32\clbcatq.dll
12:32:08.0171 3052  C:\WINDOWS\SYSTEM32\clbcatq.dll - ok
12:32:08.0187 3052  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\SYSTEM32\comres.dll
12:32:08.0187 3052  C:\WINDOWS\SYSTEM32\comres.dll - ok
12:32:08.0203 3052  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\SYSTEM32\shgina.dll
12:32:08.0203 3052  C:\WINDOWS\SYSTEM32\shgina.dll - ok
12:32:08.0218 3052  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\SYSTEM32\hnetcfg.dll
12:32:08.0218 3052  C:\WINDOWS\SYSTEM32\hnetcfg.dll - ok
12:32:08.0234 3052  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\SYSTEM32\dnsrslvr.dll
12:32:08.0234 3052  C:\WINDOWS\SYSTEM32\dnsrslvr.dll - ok
12:32:08.0250 3052  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\SYSTEM32\wshtcpip.dll
12:32:08.0250 3052  C:\WINDOWS\SYSTEM32\wshtcpip.dll - ok
12:32:08.0265 3052  [ AA87D7709021503687326432DC59590D ] C:\Program Files\Microsoft Security Client\MpRTP.dll
12:32:08.0265 3052  C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
12:32:08.0281 3052  [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\SYSTEM32\fltlib.dll
12:32:08.0281 3052  C:\WINDOWS\SYSTEM32\fltlib.dll - ok
12:32:08.0296 3052  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\SYSTEM32\lmhsvc.dll
12:32:08.0296 3052  C:\WINDOWS\SYSTEM32\lmhsvc.dll - ok
12:32:08.0312 3052  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\SYSTEM32\wzcsvc.dll
12:32:08.0312 3052  C:\WINDOWS\SYSTEM32\wzcsvc.dll - ok
12:32:08.0328 3052  [ 5650B193FD9F06274BA17311DEACC5A8 ] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D1A6AC7-1198-4D7B-9126-67BBA7888CDE}\mpengine.dll
12:32:08.0328 3052  C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D1A6AC7-1198-4D7B-9126-67BBA7888CDE}\mpengine.dll - ok
12:32:08.0343 3052  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\SYSTEM32\rtutils.dll
12:32:08.0343 3052  C:\WINDOWS\SYSTEM32\rtutils.dll - ok
12:32:08.0343 3052  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\SYSTEM32\eapolqec.dll
12:32:08.0343 3052  C:\WINDOWS\SYSTEM32\eapolqec.dll - ok
12:32:08.0359 3052  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\SYSTEM32\wmi.dll
12:32:08.0359 3052  C:\WINDOWS\SYSTEM32\wmi.dll - ok
12:32:08.0375 3052  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\SYSTEM32\atl.dll
12:32:08.0375 3052  C:\WINDOWS\SYSTEM32\atl.dll - ok
12:32:08.0390 3052  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\SYSTEM32\qutil.dll
12:32:08.0390 3052  C:\WINDOWS\SYSTEM32\qutil.dll - ok
12:32:08.0390 3052  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\SYSTEM32\dot3api.dll
12:32:08.0390 3052  C:\WINDOWS\SYSTEM32\dot3api.dll - ok
12:32:08.0406 3052  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\SYSTEM32\esent.dll
12:32:08.0406 3052  C:\WINDOWS\SYSTEM32\esent.dll - ok
12:32:08.0421 3052  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\SYSTEM32\rastls.dll
12:32:08.0421 3052  C:\WINDOWS\SYSTEM32\rastls.dll - ok
12:32:08.0437 3052  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\SYSTEM32\cryptui.dll
12:32:08.0437 3052  C:\WINDOWS\SYSTEM32\cryptui.dll - ok
12:32:08.0453 3052  [ D175F91A4C98B8848818C9B5089F88A2 ] C:\WINDOWS\SYSTEM32\wininet.dll
12:32:08.0453 3052  C:\WINDOWS\SYSTEM32\wininet.dll - ok
12:32:08.0468 3052  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\SYSTEM32\normaliz.dll
12:32:08.0468 3052  C:\WINDOWS\SYSTEM32\normaliz.dll - ok
12:32:08.0484 3052  [ 84A5C7B9B1B82F94A8245781FD44D8BA ] C:\WINDOWS\SYSTEM32\urlmon.dll
12:32:08.0484 3052  C:\WINDOWS\SYSTEM32\urlmon.dll - ok
12:32:08.0484 3052  [ D1B3D1E05BEDC8F9B0BBBC03D6033F82 ] C:\WINDOWS\SYSTEM32\iertutil.dll
12:32:08.0484 3052  C:\WINDOWS\SYSTEM32\iertutil.dll - ok
12:32:08.0500 3052  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\SYSTEM32\mprapi.dll
12:32:08.0500 3052  C:\WINDOWS\SYSTEM32\mprapi.dll - ok
12:32:08.0515 3052  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\SYSTEM32\activeds.dll
12:32:08.0515 3052  C:\WINDOWS\SYSTEM32\activeds.dll - ok
12:32:08.0531 3052  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\SYSTEM32\adsldpc.dll
12:32:08.0531 3052  C:\WINDOWS\SYSTEM32\adsldpc.dll - ok
12:32:08.0546 3052  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\SYSTEM32\rasapi32.dll
12:32:08.0546 3052  C:\WINDOWS\SYSTEM32\rasapi32.dll - ok
12:32:08.0562 3052  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\SYSTEM32\rasman.dll
12:32:08.0562 3052  C:\WINDOWS\SYSTEM32\rasman.dll - ok
12:32:08.0562 3052  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\SYSTEM32\tapi32.dll
12:32:08.0562 3052  C:\WINDOWS\SYSTEM32\tapi32.dll - ok
12:32:08.0578 3052  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\SYSTEM32\riched20.dll
12:32:08.0578 3052  C:\WINDOWS\SYSTEM32\riched20.dll - ok
12:32:08.0593 3052  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\SYSTEM32\raschap.dll
12:32:08.0593 3052  C:\WINDOWS\SYSTEM32\raschap.dll - ok
12:32:08.0609 3052  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\SYSTEM32\schedsvc.dll
12:32:08.0609 3052  C:\WINDOWS\SYSTEM32\schedsvc.dll - ok
12:32:08.0625 3052  [ CB6B671ED6D97F2E9F2274EADB7517B2 ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
12:32:08.0625 3052  C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
12:32:08.0640 3052  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\SYSTEM32\msidle.dll
12:32:08.0640 3052  C:\WINDOWS\SYSTEM32\msidle.dll - ok
12:32:08.0640 3052  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\SYSTEM32\spoolsv.exe
12:32:08.0640 3052  C:\WINDOWS\SYSTEM32\spoolsv.exe - ok
12:32:08.0656 3052  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\SYSTEM32\cabinet.dll
12:32:08.0656 3052  C:\WINDOWS\SYSTEM32\cabinet.dll - ok
12:32:08.0671 3052  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\SYSTEM32\audiosrv.dll
12:32:08.0671 3052  C:\WINDOWS\SYSTEM32\audiosrv.dll - ok
12:32:08.0687 3052  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\SYSTEM32\wkssvc.dll
12:32:08.0687 3052  C:\WINDOWS\SYSTEM32\wkssvc.dll - ok
12:32:08.0703 3052  [ 42DD9011D54C3A91F14BDBBF50791DA9 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
12:32:08.0703 3052  C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
12:32:08.0718 3052  [ A26E0A6A7EBB45815A3583E170C27031 ] C:\Program Files\Microsoft Security Client\LegitLib.dll
12:32:08.0718 3052  C:\Program Files\Microsoft Security Client\LegitLib.dll - ok
12:32:08.0734 3052  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\SYSTEM32\WBEM\wbemcomn.dll
12:32:08.0734 3052  C:\WINDOWS\SYSTEM32\WBEM\wbemcomn.dll - ok
12:32:08.0734 3052  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\SYSTEM32\WBEM\wbemprox.dll
12:32:08.0734 3052  C:\WINDOWS\SYSTEM32\WBEM\wbemprox.dll - ok
12:32:08.0750 3052  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys
12:32:08.0750 3052  C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys - ok
12:32:08.0765 3052  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\SYSTEM32\webclnt.dll
12:32:08.0765 3052  C:\WINDOWS\SYSTEM32\webclnt.dll - ok
12:32:08.0781 3052  [ E42F7B36B4D8866184E8DF9776CA4226 ] C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
12:32:08.0781 3052  C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe - ok
12:32:08.0796 3052  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\SYSTEM32\DRIVERS\parvdm.sys
12:32:08.0796 3052  C:\WINDOWS\SYSTEM32\DRIVERS\parvdm.sys - ok
12:32:08.0812 3052  [ EC426AD27A93AE0D5AF80BA3985186CD ] C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
12:32:08.0812 3052  C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll - ok
12:32:08.0828 3052  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Adobe\Photoshop Elements 3.0\msvcp71.dll
12:32:08.0828 3052  C:\Program Files\Adobe\Photoshop Elements 3.0\msvcp71.dll - ok
12:32:08.0843 3052  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Adobe\Photoshop Elements 3.0\msvcr71.dll
12:32:08.0843 3052  C:\Program Files\Adobe\Photoshop Elements 3.0\msvcr71.dll - ok
12:32:08.0859 3052  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\SYSTEM32\cryptsvc.dll
12:32:08.0859 3052  C:\WINDOWS\SYSTEM32\cryptsvc.dll - ok
12:32:08.0859 3052  [ 9EA76A7F28CD968F8ADC709E479F23B2 ] C:\WINDOWS\SYSTEM32\DRIVERS\fallback.sys
12:32:08.0859 3052  C:\WINDOWS\SYSTEM32\DRIVERS\fallback.sys - ok
12:32:08.0875 3052  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\SYSTEM32\certcli.dll
12:32:08.0875 3052  C:\WINDOWS\SYSTEM32\certcli.dll - ok
12:32:08.0890 3052  [ B7B262D0431374F3AFD1349E35B368D9 ] C:\WINDOWS\SYSTEM32\DRIVERS\fsksnt.sys
12:32:08.0890 3052  C:\WINDOWS\SYSTEM32\DRIVERS\fsksnt.sys - ok
12:32:08.0906 3052  [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
12:32:08.0906 3052  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
12:32:08.0906 3052  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\SYSTEM32\es.dll
12:32:08.0906 3052  C:\WINDOWS\SYSTEM32\es.dll - ok
12:32:08.0921 3052  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\SYSTEM32\ersvc.dll
12:32:08.0921 3052  C:\WINDOWS\SYSTEM32\ersvc.dll - ok
12:32:08.0937 3052  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
12:32:08.0937 3052  C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
12:32:08.0953 3052  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\SYSTEM32\msi.dll
12:32:08.0953 3052  C:\WINDOWS\SYSTEM32\msi.dll - ok
12:32:08.0968 3052  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\SYSTEM32\dbghelp.dll
12:32:08.0968 3052  C:\WINDOWS\SYSTEM32\dbghelp.dll - ok
12:32:08.0984 3052  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
12:32:08.0984 3052  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll - ok
12:32:09.0000 3052  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\SYSTEM32\hidserv.dll
12:32:09.0000 3052  C:\WINDOWS\SYSTEM32\hidserv.dll - ok
12:32:09.0000 3052  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\SYSTEM32\hid.dll
12:32:09.0000 3052  C:\WINDOWS\SYSTEM32\hid.dll - ok
12:32:09.0015 3052  [ 731F22BA402EE4B62748ADAF6363C182 ] C:\WINDOWS\SYSTEM32\DRIVERS\ipfltdrv.sys
12:32:09.0015 3052  C:\WINDOWS\SYSTEM32\DRIVERS\ipfltdrv.sys - ok
12:32:09.0031 3052  [ 99ED733F614660EB32199BF889DFB7E2 ] C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:32:09.0031 3052  C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll - ok
12:32:09.0046 3052  [ A4E3277398C8ABA999483D4C658C9696 ] C:\WINDOWS\SYSTEM32\DRIVERS\k56nt.sys
12:32:09.0046 3052  C:\WINDOWS\SYSTEM32\DRIVERS\k56nt.sys - ok
12:32:09.0062 3052  [ 9AF5EA601C06E5C64F9F006E050B931E ] C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
12:32:09.0062 3052  C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll - ok
12:32:09.0078 3052  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\SYSTEM32\srvsvc.dll
12:32:09.0078 3052  C:\WINDOWS\SYSTEM32\srvsvc.dll - ok
12:32:09.0093 3052  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\SYSTEM32\netmsg.dll
12:32:09.0093 3052  C:\WINDOWS\SYSTEM32\netmsg.dll - ok
12:32:09.0109 3052  [ E1F3AB2CC3521E68F242FB4D60C52AE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
12:32:09.0109 3052  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll - ok
12:32:09.0125 3052  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys
12:32:09.0125 3052  C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys - ok
12:32:09.0125 3052  [ 1C4D0F52B4238B9388F2A28DD0903588 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
12:32:09.0125 3052  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll - ok
12:32:09.0140 3052  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\SYSTEM32\spoolss.dll
12:32:09.0140 3052  C:\WINDOWS\SYSTEM32\spoolss.dll - ok
12:32:09.0156 3052  [ 9EAC175BA34898308620C1984C881845 ] C:\WINDOWS\SYSTEM32\HPZINW12.DLL
12:32:09.0156 3052  C:\WINDOWS\SYSTEM32\HPZINW12.DLL - ok
12:32:09.0171 3052  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\SYSTEM32\netman.dll
12:32:09.0171 3052  C:\WINDOWS\SYSTEM32\netman.dll - ok
12:32:09.0187 3052  [ 697A09635E30D3722E1124EC33FACE15 ] C:\WINDOWS\SYSTEM32\nvsvc32.exe
12:32:09.0187 3052  C:\WINDOWS\SYSTEM32\nvsvc32.exe - ok
12:32:09.0187 3052  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\SYSTEM32\localspl.dll
12:32:09.0187 3052  C:\WINDOWS\SYSTEM32\localspl.dll - ok
12:32:09.0203 3052  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
12:32:09.0203 3052  C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
12:32:09.0218 3052  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\SYSTEM32\mstask.dll
12:32:09.0218 3052  C:\WINDOWS\SYSTEM32\mstask.dll - ok
12:32:09.0234 3052  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\SYSTEM32\wsock32.dll
12:32:09.0234 3052  C:\WINDOWS\SYSTEM32\wsock32.dll - ok
12:32:09.0250 3052  [ 1D04D352F6E82C18D958B873EF3E3215 ] C:\WINDOWS\SYSTEM32\nvcpl.dll
12:32:09.0250 3052  C:\WINDOWS\SYSTEM32\nvcpl.dll - ok
12:32:09.0265 3052  [ D0F9F362023BF94CF58A1C3CDBBEBE06 ] C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
12:32:09.0265 3052  C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe - ok
12:32:09.0281 3052  [ 3CAEAE7608F1BD7BA873A3B02895B106 ] C:\WINDOWS\SYSTEM32\sti.dll
12:32:09.0281 3052  C:\WINDOWS\SYSTEM32\sti.dll - ok
12:32:09.0281 3052  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\SYSTEM32\cfgmgr32.dll
12:32:09.0281 3052  C:\WINDOWS\SYSTEM32\cfgmgr32.dll - ok
12:32:09.0296 3052  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\SYSTEM32\netshell.dll
12:32:09.0296 3052  C:\WINDOWS\SYSTEM32\netshell.dll - ok
12:32:09.0312 3052  [ 75CF9DE0A67AF916ED591743DFB69694 ] C:\WINDOWS\SYSTEM32\HPZIPM12.DLL
12:32:09.0312 3052  C:\WINDOWS\SYSTEM32\HPZIPM12.DLL - ok
12:32:09.0328 3052  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\SYSTEM32\ipsecsvc.dll
12:32:09.0328 3052  C:\WINDOWS\SYSTEM32\ipsecsvc.dll - ok
12:32:09.0343 3052  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\SYSTEM32\cnbjmon.dll
12:32:09.0343 3052  C:\WINDOWS\SYSTEM32\cnbjmon.dll - ok
12:32:09.0359 3052  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\SYSTEM32\oakley.dll
12:32:09.0359 3052  C:\WINDOWS\SYSTEM32\oakley.dll - ok
12:32:09.0375 3052  [ AB1D1720F720E8DC470BCF0F1A152763 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
12:32:09.0375 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe - ok
12:32:09.0375 3052  [ 3224F83C20DC185E7416C79EF049AB78 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\bdrockui.dll
12:32:09.0375 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\bdrockui.dll - ok
12:32:09.0390 3052  [ C059207011CECE9EED384BA1352C0B69 ] C:\WINDOWS\SYSTEM32\cpwmon2k.dll
12:32:09.0390 3052  C:\WINDOWS\SYSTEM32\cpwmon2k.dll - ok
12:32:09.0406 3052  [ EC56FB19F7B261F244B7183E2FBF08BE ] C:\PROGRA~1\RETROS~1\RETROS~1.0\bdrock20.dll
12:32:09.0406 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\bdrock20.dll - ok
12:32:09.0421 3052  [ BE3CD116130174657EAD2731AB3DAA5D ] C:\WINDOWS\SYSTEM32\hpz3l5ha.dll
12:32:09.0421 3052  C:\WINDOWS\SYSTEM32\hpz3l5ha.dll - ok
12:32:09.0421 3052  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\SYSTEM32\pjlmon.dll
12:32:09.0421 3052  C:\WINDOWS\SYSTEM32\pjlmon.dll - ok
12:32:09.0437 3052  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\SYSTEM32\tcpmon.dll
12:32:09.0437 3052  C:\WINDOWS\SYSTEM32\tcpmon.dll - ok
12:32:09.0453 3052  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\SYSTEM32\usbmon.dll
12:32:09.0453 3052  C:\WINDOWS\SYSTEM32\usbmon.dll - ok
12:32:09.0468 3052  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\SYSTEM32\winipsec.dll
12:32:09.0468 3052  C:\WINDOWS\SYSTEM32\winipsec.dll - ok
12:32:09.0484 3052  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\SYSTEM32\pstorsvc.dll
12:32:09.0484 3052  C:\WINDOWS\SYSTEM32\pstorsvc.dll - ok
12:32:09.0500 3052  [ 75BF87E542C1368DBD6768AE6E6ED507 ] C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp5ha.dll
12:32:09.0500 3052  C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp5ha.dll - ok
12:32:09.0515 3052  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\SYSTEM32\psbase.dll
12:32:09.0515 3052  C:\WINDOWS\SYSTEM32\psbase.dll - ok
12:32:09.0515 3052  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\SYSTEM32\dssenh.dll
12:32:09.0515 3052  C:\WINDOWS\SYSTEM32\dssenh.dll - ok
12:32:09.0531 3052  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
12:32:09.0531 3052  C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll - ok
12:32:09.0546 3052  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Retrospect\Retrospect Express HD 2.0\msvcr71.dll
12:32:09.0546 3052  C:\Program Files\Retrospect\Retrospect Express HD 2.0\msvcr71.dll - ok
12:32:09.0562 3052  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\SYSTEM32\win32spl.dll
12:32:09.0562 3052  C:\WINDOWS\SYSTEM32\win32spl.dll - ok
12:32:09.0578 3052  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\SYSTEM32\netrap.dll
12:32:09.0578 3052  C:\WINDOWS\SYSTEM32\netrap.dll - ok
12:32:09.0593 3052  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\SYSTEM32\inetpp.dll
12:32:09.0593 3052  C:\WINDOWS\SYSTEM32\inetpp.dll - ok
12:32:09.0609 3052  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\SYSTEM32\credui.dll
12:32:09.0609 3052  C:\WINDOWS\SYSTEM32\credui.dll - ok
12:32:09.0609 3052  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\SYSTEM32\dot3dlg.dll
12:32:09.0609 3052  C:\WINDOWS\SYSTEM32\dot3dlg.dll - ok
12:32:09.0625 3052  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\SYSTEM32\onex.dll
12:32:09.0625 3052  C:\WINDOWS\SYSTEM32\onex.dll - ok
12:32:09.0640 3052  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\SYSTEM32\eappcfg.dll
12:32:09.0640 3052  C:\WINDOWS\SYSTEM32\eappcfg.dll - ok
12:32:09.0656 3052  [ E81BBE78A8EF85ACD490B3E64EF63A7C ] C:\WINDOWS\SYSTEM32\mapi32.dll
12:32:09.0656 3052  C:\WINDOWS\SYSTEM32\mapi32.dll - ok
12:32:09.0656 3052  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\SYSTEM32\eappprxy.dll
12:32:09.0656 3052  C:\WINDOWS\SYSTEM32\eappprxy.dll - ok
12:32:09.0671 3052  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\SYSTEM32\wzcsapi.dll
12:32:09.0671 3052  C:\WINDOWS\SYSTEM32\wzcsapi.dll - ok
12:32:09.0687 3052  [ 413CFA795CAD19A010889DF0EC060408 ] C:\WINDOWS\SYSTEM32\DRIVERS\faxnt.sys
12:32:09.0687 3052  C:\WINDOWS\SYSTEM32\DRIVERS\faxnt.sys - ok
12:32:09.0703 3052  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\SYSTEM32\srsvc.dll
12:32:09.0703 3052  C:\WINDOWS\SYSTEM32\srsvc.dll - ok
12:32:09.0718 3052  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\SYSTEM32\powrprof.dll
12:32:09.0718 3052  C:\WINDOWS\SYSTEM32\powrprof.dll - ok
12:32:09.0734 3052  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\SYSTEM32\seclogon.dll
12:32:09.0734 3052  C:\WINDOWS\SYSTEM32\seclogon.dll - ok
12:32:09.0750 3052  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\SYSTEM32\sens.dll
12:32:09.0750 3052  C:\WINDOWS\SYSTEM32\sens.dll - ok
12:32:09.0765 3052  [ E0F10A379239B4FAB319C55A9CD6BC96 ] C:\WINDOWS\SYSTEM32\DRIVERS\tonesnt.sys
12:32:09.0765 3052  C:\WINDOWS\SYSTEM32\DRIVERS\tonesnt.sys - ok
12:32:09.0765 3052  [ 177B65899D418F8C8F037B20567A99D6 ] C:\WINDOWS\SYSTEM32\DRIVERS\v124nt.sys
12:32:09.0765 3052  C:\WINDOWS\SYSTEM32\DRIVERS\v124nt.sys - ok
12:32:09.0781 3052  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\SYSTEM32\trkwks.dll
12:32:09.0781 3052  C:\WINDOWS\SYSTEM32\trkwks.dll - ok
12:32:09.0796 3052  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\SYSTEM32\wiaservc.dll
12:32:09.0796 3052  C:\WINDOWS\SYSTEM32\wiaservc.dll - ok
12:32:09.0812 3052  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\SYSTEM32\WBEM\wmisvc.dll
12:32:09.0812 3052  C:\WINDOWS\SYSTEM32\WBEM\wmisvc.dll - ok
12:32:09.0828 3052  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\SYSTEM32\mscms.dll
12:32:09.0828 3052  C:\WINDOWS\SYSTEM32\mscms.dll - ok
12:32:09.0843 3052  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\SYSTEM32\vssapi.dll
12:32:09.0843 3052  C:\WINDOWS\SYSTEM32\vssapi.dll - ok
12:32:09.0859 3052  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\SYSTEM32\browser.dll
12:32:09.0859 3052  C:\WINDOWS\SYSTEM32\browser.dll - ok
12:32:09.0875 3052  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\SYSTEM32\wuauserv.dll
12:32:09.0875 3052  C:\WINDOWS\SYSTEM32\wuauserv.dll - ok
12:32:09.0875 3052  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\SYSTEM32\wuaueng.dll
12:32:09.0875 3052  C:\WINDOWS\SYSTEM32\wuaueng.dll - ok
12:32:09.0890 3052  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\SYSTEM32\winhttp.dll
12:32:09.0890 3052  C:\WINDOWS\SYSTEM32\winhttp.dll - ok
12:32:09.0906 3052  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\SYSTEM32\mspatcha.dll
12:32:09.0906 3052  C:\WINDOWS\SYSTEM32\mspatcha.dll - ok
12:32:09.0921 3052  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\SYSTEM32\wscsvc.dll
12:32:09.0921 3052  C:\WINDOWS\SYSTEM32\wscsvc.dll - ok
12:32:09.0921 3052  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\SYSTEM32\ipnathlp.dll
12:32:09.0921 3052  C:\WINDOWS\SYSTEM32\ipnathlp.dll - ok
12:32:09.0937 3052  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\SYSTEM32\WBEM\wbemcore.dll
12:32:09.0937 3052  C:\WINDOWS\SYSTEM32\WBEM\wbemcore.dll - ok
12:32:09.0953 3052  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\SYSTEM32\WBEM\esscli.dll
12:32:09.0953 3052  C:\WINDOWS\SYSTEM32\WBEM\esscli.dll - ok
12:32:09.0968 3052  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\SYSTEM32\WBEM\fastprox.dll
12:32:09.0968 3052  C:\WINDOWS\SYSTEM32\WBEM\fastprox.dll - ok
12:32:09.0984 3052  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\SYSTEM32\WBEM\wbemsvc.dll
12:32:09.0984 3052  C:\WINDOWS\SYSTEM32\WBEM\wbemsvc.dll - ok
12:32:10.0000 3052  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\SYSTEM32\comsvcs.dll
12:32:10.0000 3052  C:\WINDOWS\SYSTEM32\comsvcs.dll - ok
12:32:10.0015 3052  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\SYSTEM32\colbact.dll
12:32:10.0015 3052  C:\WINDOWS\SYSTEM32\colbact.dll - ok
12:32:10.0031 3052  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\SYSTEM32\mtxclu.dll
12:32:10.0031 3052  C:\WINDOWS\SYSTEM32\mtxclu.dll - ok
12:32:10.0031 3052  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\SYSTEM32\clusapi.dll
12:32:10.0031 3052  C:\WINDOWS\SYSTEM32\clusapi.dll - ok
12:32:10.0062 3052  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\SYSTEM32\resutils.dll
12:32:10.0062 3052  C:\WINDOWS\SYSTEM32\resutils.dll - ok
12:32:10.0062 3052  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\SYSTEM32\wups.dll
12:32:10.0062 3052  C:\WINDOWS\SYSTEM32\wups.dll - ok
12:32:10.0078 3052  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\SYSTEM32\WBEM\wmiutils.dll
12:32:10.0078 3052  C:\WINDOWS\SYSTEM32\WBEM\wmiutils.dll - ok
12:32:10.0093 3052  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\SYSTEM32\wups2.dll
12:32:10.0093 3052  C:\WINDOWS\SYSTEM32\wups2.dll - ok
12:32:10.0109 3052  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\SYSTEM32\WBEM\repdrvfs.dll
12:32:10.0109 3052  C:\WINDOWS\SYSTEM32\WBEM\repdrvfs.dll - ok
12:32:10.0125 3052  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\SYSTEM32\WBEM\wmiprvsd.dll
12:32:10.0125 3052  C:\WINDOWS\SYSTEM32\WBEM\wmiprvsd.dll - ok
12:32:10.0140 3052  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\SYSTEM32\wuauclt.exe
12:32:10.0140 3052  C:\WINDOWS\SYSTEM32\wuauclt.exe - ok
12:32:10.0140 3052  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\SYSTEM32\WBEM\wbemess.dll
12:32:10.0140 3052  C:\WINDOWS\SYSTEM32\WBEM\wbemess.dll - ok
12:32:10.0156 3052  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\SYSTEM32\wuapi.dll
12:32:10.0156 3052  C:\WINDOWS\SYSTEM32\wuapi.dll - ok
12:32:10.0171 3052  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\SYSTEM32\WBEM\ncprov.dll
12:32:10.0171 3052  C:\WINDOWS\SYSTEM32\WBEM\ncprov.dll - ok
12:32:10.0187 3052  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\SYSTEM32\actxprxy.dll
12:32:10.0187 3052  C:\WINDOWS\SYSTEM32\actxprxy.dll - ok
12:32:10.0203 3052  [ 58D4765AB87347DB835D5693ADF652C1 ] C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:32:10.0203 3052  C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll - ok
12:32:10.0218 3052  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\SYSTEM32\shfolder.dll
12:32:10.0218 3052  C:\WINDOWS\SYSTEM32\shfolder.dll - ok
12:32:10.0218 3052  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\SYSTEM32\alg.exe
12:32:10.0218 3052  C:\WINDOWS\SYSTEM32\alg.exe - ok
12:32:10.0234 3052  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\SYSTEM32\WBEM\wbemcons.dll
12:32:10.0234 3052  C:\WINDOWS\SYSTEM32\WBEM\wbemcons.dll - ok
12:32:10.0250 3052  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
12:32:10.0250 3052  C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe - ok
12:32:10.0265 3052  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\SYSTEM32\netcfgx.dll
12:32:10.0265 3052  C:\WINDOWS\SYSTEM32\netcfgx.dll - ok
12:32:10.0281 3052  [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\SYSTEM32\licwmi.dll
12:32:10.0281 3052  C:\WINDOWS\SYSTEM32\licwmi.dll - ok
12:32:10.0296 3052  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll
12:32:10.0296 3052  C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll - ok
12:32:10.0312 3052  [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\SYSTEM32\licdll.dll
12:32:10.0312 3052  C:\WINDOWS\SYSTEM32\licdll.dll - ok
12:32:10.0312 3052  [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\SYSTEM32\dpcdll.dll
12:32:10.0312 3052  C:\WINDOWS\SYSTEM32\dpcdll.dll - ok
12:32:10.0328 3052  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\SYSTEM32\msxml3.dll
12:32:10.0328 3052  C:\WINDOWS\SYSTEM32\msxml3.dll - ok
12:32:10.0343 3052  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\SYSTEM32\cscui.dll
12:32:10.0343 3052  C:\WINDOWS\SYSTEM32\cscui.dll - ok
12:32:10.0359 3052  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\SYSTEM32\termsrv.dll
12:32:10.0359 3052  C:\WINDOWS\SYSTEM32\termsrv.dll - ok
12:32:10.0375 3052  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\SYSTEM32\icaapi.dll
12:32:10.0375 3052  C:\WINDOWS\SYSTEM32\icaapi.dll - ok
12:32:10.0390 3052  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\SYSTEM32\mstlsapi.dll
12:32:10.0390 3052  C:\WINDOWS\SYSTEM32\mstlsapi.dll - ok
12:32:10.0390 3052  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\SYSTEM32\wdmaud.drv
12:32:10.0390 3052  C:\WINDOWS\SYSTEM32\wdmaud.drv - ok
12:32:10.0406 3052  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys
12:32:10.0406 3052  C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys - ok
12:32:10.0421 3052  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\SYSTEM32\drprov.dll
12:32:10.0421 3052  C:\WINDOWS\SYSTEM32\drprov.dll - ok
12:32:10.0437 3052  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys
12:32:10.0437 3052  C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys - ok
12:32:10.0437 3052  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\SYSTEM32\ntlanman.dll
12:32:10.0437 3052  C:\WINDOWS\SYSTEM32\ntlanman.dll - ok
12:32:10.0453 3052  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\SYSTEM32\netui0.dll
12:32:10.0453 3052  C:\WINDOWS\SYSTEM32\netui0.dll - ok
12:32:10.0468 3052  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\SYSTEM32\netui1.dll
12:32:10.0468 3052  C:\WINDOWS\SYSTEM32\netui1.dll - ok
12:32:10.0484 3052  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\SYSTEM32\davclnt.dll
12:32:10.0484 3052  C:\WINDOWS\SYSTEM32\davclnt.dll - ok
12:32:10.0500 3052  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
12:32:10.0500 3052  C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys - ok
12:32:10.0515 3052  [ 69A5ADF546505F4C69EF3046BF798B49 ] C:\WINDOWS\SYSTEM32\mprui.dll
12:32:10.0515 3052  C:\WINDOWS\SYSTEM32\mprui.dll - ok
12:32:10.0531 3052  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys
12:32:10.0531 3052  C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys - ok
12:32:10.0531 3052  [ 1414E666316CA7D9823DBD2D4ADA5971 ] C:\WINDOWS\SYSTEM32\netui2.dll
12:32:10.0531 3052  C:\WINDOWS\SYSTEM32\netui2.dll - ok
12:32:10.0546 3052  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys
12:32:10.0546 3052  C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys - ok
12:32:10.0562 3052  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
12:32:10.0562 3052  C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys - ok
12:32:10.0578 3052  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys
12:32:10.0578 3052  C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys - ok
12:32:10.0593 3052  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys
12:32:10.0593 3052  C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys - ok
12:32:10.0609 3052  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\SYSTEM32\msacm32.drv
12:32:10.0609 3052  C:\WINDOWS\SYSTEM32\msacm32.drv - ok
12:32:10.0625 3052  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\SYSTEM32\midimap.dll
12:32:10.0625 3052  C:\WINDOWS\SYSTEM32\midimap.dll - ok
12:32:10.0625 3052  [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\SYSTEM32\wscntfy.exe
12:32:10.0625 3052  C:\WINDOWS\SYSTEM32\wscntfy.exe - ok
12:32:10.0640 3052  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\SYSTEM32\userinit.exe
12:32:10.0640 3052  C:\WINDOWS\SYSTEM32\userinit.exe - ok
12:32:10.0656 3052  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
12:32:10.0656 3052  C:\WINDOWS\explorer.exe - ok
12:32:10.0671 3052  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\SYSTEM32\browseui.dll
12:32:10.0671 3052  C:\WINDOWS\SYSTEM32\browseui.dll - ok
12:32:10.0687 3052  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\SYSTEM32\shdocvw.dll
12:32:10.0687 3052  C:\WINDOWS\SYSTEM32\shdocvw.dll - ok
12:32:10.0687 3052  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\SYSTEM32\desk.cpl
12:32:10.0687 3052  C:\WINDOWS\SYSTEM32\desk.cpl - ok
12:32:10.0703 3052  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\SYSTEM32\themeui.dll
12:32:10.0703 3052  C:\WINDOWS\SYSTEM32\themeui.dll - ok
12:32:10.0718 3052  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\SYSTEM32\cmd.exe
12:32:10.0718 3052  C:\WINDOWS\SYSTEM32\cmd.exe - ok
12:32:10.0734 3052  [ 53249B2147DDC8212B290ACF80570290 ] C:\WINDOWS\SYSTEM32\ieframe.dll
12:32:10.0734 3052  C:\WINDOWS\SYSTEM32\ieframe.dll - ok
12:32:10.0750 3052  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\DOUG~2.DOU\LOCALS~1\temp\1F646D0B-A1EE-4E94-A63C-4A1D83BCBF25.exe
12:32:10.0750 3052  C:\DOCUME~1\DOUG~2.DOU\LOCALS~1\temp\1F646D0B-A1EE-4E94-A63C-4A1D83BCBF25.exe - ok
12:32:10.0765 3052  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\SYSTEM32\ntshrui.dll
12:32:10.0765 3052  C:\WINDOWS\SYSTEM32\ntshrui.dll - ok
12:32:10.0781 3052  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\SYSTEM32\linkinfo.dll
12:32:10.0781 3052  C:\WINDOWS\SYSTEM32\linkinfo.dll - ok
12:32:10.0796 3052  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\SYSTEM32\rundll32.exe
12:32:10.0796 3052  C:\WINDOWS\SYSTEM32\rundll32.exe - ok
12:32:10.0812 3052  [ 7AF5A466CF4AECA28E3DCBCF5B6FD220 ] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
12:32:10.0812 3052  C:\Program Files\HP\HP Software Update\hpwuSchd2.exe - ok
12:32:10.0812 3052  [ BE87A13E3B0442D1918B5797ED3B6979 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
12:32:10.0812 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe - ok
12:32:10.0828 3052  [ 4D2F7561D8A840450AABFAD3740B0E6B ] C:\Program Files\Microsoft Security Client\msseces.exe
12:32:10.0828 3052  C:\Program Files\Microsoft Security Client\msseces.exe - ok
12:32:10.0843 3052  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\SYSTEM32\upnp.dll
12:32:10.0843 3052  C:\WINDOWS\SYSTEM32\upnp.dll - ok
12:32:10.0859 3052  [ 5D8D50D90CBF3B5CC32100425545394A ] C:\WINDOWS\SYSTEM32\nwiz.exe
12:32:10.0859 3052  C:\WINDOWS\SYSTEM32\nwiz.exe - ok
12:32:10.0875 3052  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
12:32:10.0875 3052  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
12:32:10.0890 3052  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\SYSTEM32\ctfmon.exe
12:32:10.0890 3052  C:\WINDOWS\SYSTEM32\ctfmon.exe - ok
12:32:10.0890 3052  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\SYSTEM32\ssdpapi.dll
12:32:10.0890 3052  C:\WINDOWS\SYSTEM32\ssdpapi.dll - ok
12:32:10.0906 3052  [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\SYSTEM32\mscoree.dll
12:32:10.0906 3052  C:\WINDOWS\SYSTEM32\mscoree.dll - ok
12:32:10.0921 3052  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\SYSTEM32\msctf.dll
12:32:10.0921 3052  C:\WINDOWS\SYSTEM32\msctf.dll - ok
12:32:10.0937 3052  [ 18473F44D6DE85C8CB4E70F503C5EA64 ] C:\WINDOWS\SYSTEM32\xactsrv.dll
12:32:10.0937 3052  C:\WINDOWS\SYSTEM32\xactsrv.dll - ok
12:32:10.0953 3052  [ E96B10537EB5024273480554BFFFE23D ] C:\WINDOWS\SYSTEM32\devldr32.exe
12:32:10.0953 3052  C:\WINDOWS\SYSTEM32\devldr32.exe - ok
12:32:10.0968 3052  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\SYSTEM32\msutb.dll
12:32:10.0968 3052  C:\WINDOWS\SYSTEM32\msutb.dll - ok
12:32:10.0968 3052  [ FB53A700132D9A97D1E10E9F80BD6174 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
12:32:10.0968 3052  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
12:32:10.0984 3052  [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\SYSTEM32\msisip.dll
12:32:10.0984 3052  C:\WINDOWS\SYSTEM32\msisip.dll - ok
12:32:11.0000 3052  [ 50E7B8475B394389D26ED552C772EADB ] C:\WINDOWS\SYSTEM32\nview.dll
12:32:11.0000 3052  C:\WINDOWS\SYSTEM32\nview.dll - ok
12:32:11.0015 3052  [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\SYSTEM32\wshext.dll
12:32:11.0015 3052  C:\WINDOWS\SYSTEM32\wshext.dll - ok
12:32:11.0031 3052  [ F3AD8EA144F411A6292775FA2B230DE5 ] C:\WINDOWS\SYSTEM32\windowspowershell\v1.0\pwrshsip.dll
12:32:11.0031 3052  C:\WINDOWS\SYSTEM32\windowspowershell\v1.0\pwrshsip.dll - ok
12:32:11.0046 3052  [ 731EA87CC4C5B411FAD0304DDD7C77E8 ] C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL
12:32:11.0046 3052  C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL - ok
12:32:11.0062 3052  [ 559D9CBFC29DEE2773B28D38851683BA ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
12:32:11.0062 3052  C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
12:32:11.0078 3052  [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\SYSTEM32\olepro32.dll
12:32:11.0078 3052  C:\WINDOWS\SYSTEM32\olepro32.dll - ok
12:32:11.0093 3052  [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\SYSTEM32\ddraw.dll
12:32:11.0093 3052  C:\WINDOWS\SYSTEM32\ddraw.dll - ok
12:32:11.0093 3052  [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\SYSTEM32\dciman32.dll
12:32:11.0093 3052  C:\WINDOWS\SYSTEM32\dciman32.dll - ok
12:32:11.0109 3052  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\SYSTEM32\webcheck.dll
12:32:11.0109 3052  C:\WINDOWS\SYSTEM32\webcheck.dll - ok
12:32:11.0125 3052  [ 760EF5FB0D7B43EA9EEC4BC9A34BCFED ] C:\WINDOWS\SYSTEM32\devcon32.dll
12:32:11.0125 3052  C:\WINDOWS\SYSTEM32\devcon32.dll - ok
12:32:11.0140 3052  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\SYSTEM32\mlang.dll
12:32:11.0140 3052  C:\WINDOWS\SYSTEM32\mlang.dll - ok
12:32:11.0140 3052  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\SYSTEM32\DRIVERS\76854476.sys
12:32:11.0140 3052  C:\WINDOWS\SYSTEM32\DRIVERS\76854476.sys - ok
12:32:11.0156 3052  [ F14219FC767F1383526AB423F278A8E3 ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
12:32:11.0156 3052  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - ok
12:32:11.0171 3052  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\SYSTEM32\stobject.dll
12:32:11.0171 3052  C:\WINDOWS\SYSTEM32\stobject.dll - ok
12:32:11.0187 3052  [ 235781D67706E492073363E587D3B4DE ] C:\WINDOWS\SYSTEM32\sfman32.dll
12:32:11.0187 3052  C:\WINDOWS\SYSTEM32\sfman32.dll - ok
12:32:11.0203 3052  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\SYSTEM32\batmeter.dll
12:32:11.0203 3052  C:\WINDOWS\SYSTEM32\batmeter.dll - ok
12:32:11.0218 3052  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
12:32:11.0218 3052  C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll - ok
12:32:11.0234 3052  [ 118D81523EA80B9E252CB840E94754C6 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
12:32:11.0234 3052  C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
12:32:11.0234 3052  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\SYSTEM32\sensapi.dll
12:32:11.0234 3052  C:\WINDOWS\SYSTEM32\sensapi.dll - ok
12:32:11.0250 3052  [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\IME\sptip.dll
12:32:11.0250 3052  C:\WINDOWS\IME\sptip.dll - ok
12:32:11.0265 3052  [ 09523AFBC5937D7CC786FC9C74D2D516 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
12:32:11.0265 3052  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll - ok
12:32:11.0281 3052  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\SYSTEM32\mydocs.dll
12:32:11.0281 3052  C:\WINDOWS\SYSTEM32\mydocs.dll - ok
12:32:11.0296 3052  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\SYSTEM32\imapi.exe
12:32:11.0296 3052  C:\WINDOWS\SYSTEM32\imapi.exe - ok
12:32:11.0312 3052  [ 723528449ED0D1B0AD98AF3EDF23101D ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
12:32:11.0312 3052  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
12:32:11.0328 3052  [ D92FADB393E56E6725CFD993C6DE6CBD ] C:\WINDOWS\EXE\Snippy.exe
12:32:11.0328 3052  C:\WINDOWS\EXE\Snippy.exe - ok
12:32:11.0328 3052  [ 855F6333E3A4DFC6F3C8B0520C261FCD ] C:\WINDOWS\SYSTEM32\msftedit.dll
12:32:11.0328 3052  C:\WINDOWS\SYSTEM32\msftedit.dll - ok
12:32:11.0343 3052  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
12:32:11.0343 3052  C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll - ok
12:32:11.0359 3052  [ 4B3685AA700084E4ED6635FC1EFD9CC2 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
12:32:11.0359 3052  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll - ok
12:32:11.0375 3052  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
12:32:11.0375 3052  C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll - ok
12:32:11.0390 3052  [ 2CD1C3506A85B38E2D17E61ADED175C4 ] C:\WINDOWS\SYSTEM32\taskmgr.exe
12:32:11.0390 3052  C:\WINDOWS\SYSTEM32\taskmgr.exe - ok
12:32:11.0390 3052  [ 7A7831A07950CD7E8AC82AFA7E44A816 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
12:32:11.0390 3052  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll - ok
12:32:11.0406 3052  [ 982E7190DF0B0A79954EF1886D42047D ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
12:32:11.0406 3052  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll - ok
12:32:11.0421 3052  [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
12:32:11.0421 3052  C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
12:32:11.0437 3052  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\SYSTEM32\rasmans.dll
12:32:11.0437 3052  C:\WINDOWS\SYSTEM32\rasmans.dll - ok
12:32:11.0453 3052  [ 9507A8E70A620A36CF2CF60740B8F022 ] C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
12:32:11.0453 3052  C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll - ok
12:32:11.0468 3052  [ 9D9F73BA0493671C59BD173419A28010 ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
12:32:11.0468 3052  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc - ok
12:32:11.0484 3052  [ 219AF0F9A54EBEEB3E7E20025D801034 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
12:32:11.0484 3052  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
12:32:11.0484 3052  [ 0DFA4D5E8205614EDA53394E637812E4 ] C:\WINDOWS\SYSTEM32\vdmdbg.dll
12:32:11.0484 3052  C:\WINDOWS\SYSTEM32\vdmdbg.dll - ok
12:32:11.0515 3052  [ 021CFC69A1874431DC88BEFC37A2A2FD ] C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
12:32:11.0515 3052  C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll - ok
12:32:11.0531 3052  [ 9D39D9E07C180127252E176EC2B41487 ] C:\WINDOWS\SYSTEM32\utildll.dll
12:32:11.0531 3052  C:\WINDOWS\SYSTEM32\utildll.dll - ok
12:32:11.0546 3052  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\SYSTEM32\tapisrv.dll
12:32:11.0546 3052  C:\WINDOWS\SYSTEM32\tapisrv.dll - ok
12:32:11.0562 3052  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\SYSTEM32\rastapi.dll
12:32:11.0562 3052  C:\WINDOWS\SYSTEM32\rastapi.dll - ok
12:32:11.0562 3052  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\SYSTEM32\unimdm.tsp
12:32:11.0562 3052  C:\WINDOWS\SYSTEM32\unimdm.tsp - ok
12:32:11.0593 3052  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\SYSTEM32\uniplat.dll
12:32:11.0593 3052  C:\WINDOWS\SYSTEM32\uniplat.dll - ok
12:32:11.0593 3052  [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\SYSTEM32\unimdmat.dll
12:32:11.0593 3052  C:\WINDOWS\SYSTEM32\unimdmat.dll - ok
12:32:11.0609 3052  [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\SYSTEM32\modemui.dll
12:32:11.0609 3052  C:\WINDOWS\SYSTEM32\modemui.dll - ok
12:32:11.0625 3052  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\SYSTEM32\kmddsp.tsp
12:32:11.0625 3052  C:\WINDOWS\SYSTEM32\kmddsp.tsp - ok
12:32:11.0640 3052  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\SYSTEM32\ipconf.tsp
12:32:11.0640 3052  C:\WINDOWS\SYSTEM32\ipconf.tsp - ok
12:32:11.0656 3052  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\SYSTEM32\ndptsp.tsp
12:32:11.0656 3052  C:\WINDOWS\SYSTEM32\ndptsp.tsp - ok
12:32:11.0656 3052  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\SYSTEM32\h323.tsp
12:32:11.0656 3052  C:\WINDOWS\SYSTEM32\h323.tsp - ok
12:32:11.0671 3052  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\SYSTEM32\hidphone.tsp
12:32:11.0671 3052  C:\WINDOWS\SYSTEM32\hidphone.tsp - ok
12:32:11.0687 3052  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\SYSTEM32\rasppp.dll
12:32:11.0687 3052  C:\WINDOWS\SYSTEM32\rasppp.dll - ok
12:32:11.0703 3052  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\SYSTEM32\ntlsapi.dll
12:32:11.0703 3052  C:\WINDOWS\SYSTEM32\ntlsapi.dll - ok
12:32:11.0718 3052  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\SYSTEM32\rasqec.dll
12:32:11.0718 3052  C:\WINDOWS\SYSTEM32\rasqec.dll - ok
12:32:11.0734 3052  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\SYSTEM32\rasdlg.dll
12:32:11.0734 3052  C:\WINDOWS\SYSTEM32\rasdlg.dll - ok
12:32:11.0750 3052  [ C9F498C68E21B05FC01C7FCE938B0865 ] C:\Program Files\Retrospect\Retrospect Express HD 2.0\rdaccif.dll
12:32:11.0750 3052  C:\Program Files\Retrospect\Retrospect Express HD 2.0\rdaccif.dll - ok
12:32:11.0750 3052  [ BCD9FA9B74E446591F9EE821C2992862 ] C:\Program Files\Retrospect\Retrospect Express HD 2.0\BmpBtton.dll
12:32:11.0750 3052  C:\Program Files\Retrospect\Retrospect Express HD 2.0\BmpBtton.dll - ok
12:32:11.0765 3052  [ 2849F13593D2712CCB97FFBDD3C1232E ] C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
12:32:11.0765 3052  C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - ok
12:32:11.0781 3052  [ 19E344B35B500608C02B59F8E2ACC9D5 ] C:\Program Files\Retrospect\Retrospect Express HD 2.0\BmpPanel.dll
12:32:11.0781 3052  C:\Program Files\Retrospect\Retrospect Express HD 2.0\BmpPanel.dll - ok
12:32:11.0796 3052  [ 0A440E9785A10F5AD9F2F6CBDA35C2C4 ] C:\Program Files\Retrospect\Retrospect Express HD 2.0\locfiltr.dll
12:32:11.0796 3052  C:\Program Files\Retrospect\Retrospect Express HD 2.0\locfiltr.dll - ok
12:32:11.0812 3052  [ 59E295110DD323D585E07651A2FD207C ] C:\PROGRA~1\RETROS~1\RETROS~1.0\Retrospect.exe
12:32:11.0812 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\Retrospect.exe - ok
12:32:11.0828 3052  [ FE4E6BFAFF47F653B63D24EB834FBD88 ] C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrooem.dll
12:32:11.0828 3052  C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrooem.dll - ok
12:32:11.0843 3052  [ A6E02F65BE0C48DE7101923AE70268BD ] C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
12:32:11.0843 3052  C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll - ok
12:32:11.0859 3052  [ 5526B0FE3E3ECDA9152FAEE6D907798E ] C:\PROGRA~1\RETROS~1\RETROS~1.0\storsets.dll
12:32:11.0859 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\storsets.dll - ok
12:32:11.0859 3052  [ D3D188ED719182B4603C91181DAD53D5 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\tree.dll
12:32:11.0875 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\tree.dll - ok
12:32:11.0875 3052  [ D0716BD0C0822A642D36E82F49F2B5B8 ] C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
12:32:11.0875 3052  C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll - ok
12:32:11.0890 3052  [ 91400EA8C0FD0CFB5D62C83896E0174F ] C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
12:32:11.0890 3052  C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll - ok
12:32:11.0906 3052  [ D33BF4E33F89574AE3058B767009EA7B ] C:\PROGRA~1\RETROS~1\RETROS~1.0\meson.dll
12:32:11.0906 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\meson.dll - ok
12:32:11.0921 3052  [ 5A636326DD6C4DE058529AEC76225F14 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\devices.dll
12:32:11.0921 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\devices.dll - ok
12:32:11.0921 3052  [ C420B584EBC9D07A9DB531BA35EFF4F6 ] C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
12:32:11.0921 3052  C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc - ok
12:32:11.0937 3052  [ CD926F5ED68CE56532E5CC631D3BA287 ] C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
12:32:11.0937 3052  C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll - ok
12:32:11.0953 3052  [ 830696C53228941926DE30B977869A53 ] C:\WINDOWS\SYSTEM32\vxblock.dll
12:32:11.0953 3052  C:\WINDOWS\SYSTEM32\vxblock.dll - ok
12:32:11.0968 3052  [ 84DCEEECEEE0534EF8AD2480B9B9DAEA ] C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
12:32:11.0968 3052  C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll - ok
12:32:11.0984 3052  [ C996F404597205D56F5EE19E026FB91E ] C:\PROGRA~1\RETROS~1\RETROS~1.0\retrores.dll
12:32:11.0984 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\retrores.dll - ok
12:32:12.0000 3052  [ 22475E2B8D958165D198D24558B231BA ] C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
12:32:12.0000 3052  C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll - ok
12:32:12.0000 3052  [ 30EC64D8637493FE96805795859363D8 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\tyce.dll
12:32:12.0000 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\tyce.dll - ok
12:32:12.0015 3052  [ 4A140EB2F7555430496B4FBAAA48BAE6 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\network.dll
12:32:12.0015 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\network.dll - ok
12:32:12.0031 3052  [ EB6A6F8CCEE3FD0FA0532DF0587E8F15 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\enginelo.dll
12:32:12.0031 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\enginelo.dll - ok
12:32:12.0046 3052  [ 98D89A319416531F239A58B9B9C52DB8 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\enginehi.dll
12:32:12.0046 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\enginehi.dll - ok
12:32:12.0062 3052  [ 22EC4BECC07B727424045C8833BC18B3 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\uimeson.dll
12:32:12.0062 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\uimeson.dll - ok
12:32:12.0078 3052  [ 352ACD7E6A866653BCC5D2382D026FC6 ] C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
12:32:12.0078 3052  C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll - ok
12:32:12.0093 3052  [ A227CE81F6BCB73F2966973B1B046241 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\uimisc.dll
12:32:12.0093 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\uimisc.dll - ok
12:32:12.0109 3052  [ EE5F08FB9E0D70E4EBC549CCF596BB07 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\uidevs.dll
12:32:12.0109 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\uidevs.dll - ok
12:32:12.0125 3052  [ 951453EC8D82B239A2F88A39A69BE3BD ] C:\PROGRA~1\RETROS~1\RETROS~1.0\uinetwrk.dll
12:32:12.0125 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\uinetwrk.dll - ok
12:32:12.0140 3052  [ BAECA0E1B5C12541ACE51DFED6BE6299 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\help.dll
12:32:12.0140 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\help.dll - ok
12:32:12.0140 3052  [ F02716DDA43E9D3D5570FB4B109D6EE5 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\pcvldrvr.dll
12:32:12.0140 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\pcvldrvr.dll - ok
12:32:12.0156 3052  [ B8CB56E2420A542B8CA4181CC4740389 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\pcvol.dll
12:32:12.0156 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\pcvol.dll - ok
12:32:12.0171 3052  [ 4491DB9C29F0F2FA0F4DF99D7CD34987 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\pcdr.dll
12:32:12.0171 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\pcdr.dll - ok
12:32:12.0187 3052  [ ED331CBDFCA796E83FE2962E27BC6782 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\macvol.dll
12:32:12.0187 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\macvol.dll - ok
12:32:12.0203 3052  [ 8AE23DB28D39DEE0968188D862C36E01 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\uiprod.dll
12:32:12.0203 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\uiprod.dll - ok
12:32:12.0203 3052  [ 20A36FF7827799D05DB158D1CD559F76 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\unixvol.rpx
12:32:12.0203 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\unixvol.rpx - ok
12:32:12.0218 3052  [ 8849E939E570504DE6760EA14949C4BA ] C:\PROGRA~1\RETROS~1\RETROS~1.0\nwvol.rpx
12:32:12.0218 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\nwvol.rpx - ok
12:32:12.0234 3052  [ 76E5710E072B7EECABFC3E3F34B43F8B ] C:\PROGRA~1\RETROS~1\RETROS~1.0\autoupdt.dll
12:32:12.0234 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\autoupdt.dll - ok
12:32:12.0250 3052  [ A51D842704B9B110092A213EC366C5E6 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\auconprs.dll
12:32:12.0250 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\auconprs.dll - ok
12:32:12.0265 3052  [ FEDDD3579FEE51A9873D856DF3933C68 ] C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
12:32:12.0265 3052  C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe - ok
12:32:12.0281 3052  [ C9BD323B1BDBFEEEBFC204B574FDB5A1 ] C:\WINDOWS\SYSTEM32\HPZIPR12.DLL
12:32:12.0281 3052  C:\WINDOWS\SYSTEM32\HPZIPR12.DLL - ok
12:32:12.0296 3052  [ F4624C7D2136D279174E0F09FBD9130E ] C:\WINDOWS\SYSTEM32\HPZIDR12.DLL
12:32:12.0296 3052  C:\WINDOWS\SYSTEM32\HPZIDR12.DLL - ok
12:32:12.0296 3052  [ 3E9A33113D663D8BD5ED38858E669652 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
12:32:12.0296 3052  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll - ok
12:32:12.0312 3052  [ 1D0A76276AD7A836F29F447968C61CE6 ] C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
12:32:12.0312 3052  C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll - ok
12:32:12.0328 3052  [ F2F4EABAC9BF1BA8D543D4C585C1B872 ] C:\PROGRA~1\RETROS~1\RETROS~1.0\rdacc.rpx.dll
12:32:12.0328 3052  C:\PROGRA~1\RETROS~1\RETROS~1.0\rdacc.rpx.dll - ok
12:32:12.0343 3052  [ 1B94A16AB1B30F05DDEC9231AA50264C ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
12:32:12.0343 3052  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll - ok
12:32:12.0359 3052  [ 71F57DD6ECDDC2FA4A7EB6BA56775DF5 ] C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
12:32:12.0359 3052  C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe - ok
12:32:12.0375 3052  [ 698417BFEF3ABBCF9B3B51260C515E19 ] C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbutil.dll
12:32:12.0375 3052  C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbutil.dll - ok
12:32:12.0390 3052  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\SYSTEM32\WBEM\cimwin32.dll
12:32:12.0390 3052  C:\WINDOWS\SYSTEM32\WBEM\cimwin32.dll - ok
12:32:12.0390 3052  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\SYSTEM32\security.dll
12:32:12.0390 3052  C:\WINDOWS\SYSTEM32\security.dll - ok
12:32:12.0406 3052  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\SYSTEM32\WBEM\wmipcima.dll
12:32:12.0406 3052  C:\WINDOWS\SYSTEM32\WBEM\wmipcima.dll - ok
12:32:12.0421 3052  [ 0A0A339D07FF5E9989EEF1E1D476CD29 ] C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
12:32:12.0421 3052  C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll - ok
12:32:12.0437 3052  [ FB71B03BFEF36CC57109E526562254C7 ] C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll
12:32:12.0437 3052  C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll - ok
12:32:12.0437 3052  [ 13BE601DD9AF4B726C8EF1DC337271CC ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
12:32:12.0437 3052  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll - ok
12:32:12.0453 3052  [ 7C4DCFF108869D7915D39B9371BE5FFE ] C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
12:32:12.0453 3052  C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll - ok
12:32:12.0468 3052  [ D3A4E3F35C2893490473C328A840AA92 ] C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc
12:32:12.0468 3052  C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc - ok
12:32:12.0484 3052  [ BFB91FE0B2631F23FDC8CFDD4618ACEC ] C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
12:32:12.0484 3052  C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc - ok
12:32:12.0500 3052  [ 5B6748DFA56A0BE54C45B989378293E1 ] C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
12:32:12.0500 3052  C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll - ok
12:32:12.0500 3052  ============================================================
12:32:12.0500 3052  Scan finished
12:32:12.0500 3052  ============================================================
12:32:12.0656 3044  Detected object count: 17
12:32:12.0656 3044  Actual detected object count: 17
12:33:37.0187 3044  C:\windows\system32\DRIVERS\ACPI.sys - copied to quarantine
12:33:37.0578 3044  Backup copy found, using it..
12:33:37.0593 3044  C:\windows\system32\DRIVERS\ACPI.sys - will be cured on reboot
12:33:37.0593 3044  ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
12:33:37.0593 3044  AdobeActiveFileMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0593 3044  AdobeActiveFileMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0609 3044  DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0609 3044  DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0609 3044  DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0609 3044  DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0609 3044  DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0609 3044  DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0625 3044  DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0625 3044  DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0625 3044  DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0625 3044  DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0640 3044  DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0640 3044  DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0640 3044  DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0640 3044  DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0656 3044  DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0656 3044  DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0656 3044  DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0656 3044  DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0671 3044  DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0671 3044  DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0671 3044  DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0671 3044  DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0671 3044  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0671 3044  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0687 3044  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0687 3044  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0687 3044  PhotoshopElementsDeviceConnect ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0687 3044  PhotoshopElementsDeviceConnect ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:37.0703 3044  RetroExpLauncher ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:37.0703 3044  RetroExpLauncher ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:43.0015 2060  Deinitialize success
 

 

 

MBAR:

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.24.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Doug :: DOUG-3T8PM028WE [administrator]

2/24/2013 1:42:45 PM
mbar-log-2013-02-24 (13-42-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27953
Time elapsed: 1 hour(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


 

Thanks!



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 PM

Posted 25 February 2013 - 01:14 AM

OK go ahead and run the script
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 25 February 2013 - 01:22 AM

Hi Gringo!

I ran the script.  The results are below.  The computer does feel more fluid, I'm curious what infection was found.  Can you help me understand the infection?

 

Here is the log:

ComboFix 13-02-24.01 - Doug 02/24/2013  22:03:23.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1576 [GMT -8:00]
Running from: c:\documents and settings\Doug.DOUG-3T8PM028WE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Doug.DOUG-3T8PM028WE\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-25 to 2013-02-25  )))))))))))))))))))))))))))))))
.
.
2013-02-25 05:59 . 2013-02-25 05:59 29904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE2898DB-749C-4F11-9E61-F5E00E117AA0}\MpKsldc656e14.sys
2013-02-25 05:52 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE2898DB-749C-4F11-9E61-F5E00E117AA0}\mpengine.dll
2013-02-24 21:58 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-24 20:37 . 2013-02-24 20:37 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-02-24 20:33 . 2013-02-24 20:33 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-24 03:37 . 2013-02-24 03:37 388096 ----a-r- c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-24 03:37 . 2013-02-24 03:37 -------- d-----w- c:\program files\Trend Micro
2013-02-24 01:47 . 2013-02-24 01:47 -------- d-----w- c:\program files\ESET
2013-02-23 21:28 . 2013-02-23 21:28 -------- d--h--w- c:\windows\PIF
2013-02-23 21:19 . 2013-02-23 21:20 -------- d-----w- c:\documents and settings\Administrator
2013-02-23 20:27 . 2013-02-23 20:27 -------- d-----w- c:\documents and settings\Doug.DOUG-3T8PM028WE\Local Settings\Application Data\Mozilla
2013-02-23 20:26 . 2013-02-23 20:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-02-23 20:21 . 2013-02-23 20:21 -------- d-----w- c:\program files\Foxit Software
2013-02-23 20:13 . 2013-02-23 20:14 -------- d-----w- c:\program files\Google
2013-02-23 19:57 . 2013-01-30 10:53 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-23 19:55 . 2013-02-23 19:55 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-23 19:49 . 2013-02-23 19:49 -------- d-----w- c:\program files\7-Zip
2013-02-23 19:45 . 2013-02-23 19:48 -------- d-----w- c:\windows\EXE
2013-02-23 16:58 . 2008-04-14 01:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-02-23 16:58 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-02-23 00:51 . 2013-02-23 00:51 -------- d-----w- c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Malwarebytes
2013-02-23 00:51 . 2013-02-23 00:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2013-02-23 00:51 . 2013-02-23 00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-23 00:51 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-22 23:18 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-02-22 23:18 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-02-22 23:18 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-02-22 23:18 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-02-22 23:17 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-02-22 23:17 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-24 20:34 . 2002-09-03 16:26 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2013-01-26 03:55 . 2002-09-03 16:51 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 23:59 . 2013-01-20 23:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16 . 2002-09-03 16:50 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2002-08-29 01:04 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2002-09-03 17:11 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-30 04:02 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2002-09-03 16:42 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-26 20:16 . 2006-02-24 21:26 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2002-09-03 16:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2006-04-15 04:30 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2002-09-03 16:27 290560 ----a-w- c:\windows\system32\atmfd.dll
2001-06-20 23:19 . 2001-06-19 23:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
2013-02-16 00:35 . 2013-02-23 20:25 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.0\RetroExpress.exe" [2007-01-18 9371648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"nwiz"="nwiz.exe" [2003-07-28 323584]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Snippy.lnk - c:\windows\EXE\Snippy.exe [2013-2-23 102400]
Task Manager.lnk - c:\windows\SYSTEM32\taskmgr.exe [2002-9-3 135680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-08 18:06 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 02:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
.
R1 MpKsldc656e14;MpKsldc656e14;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE2898DB-749C-4F11-9E61-F5E00E117AA0}\MpKsldc656e14.sys [2/24/2013 9:59 PM 29904]
R3 mbamchameleon;mbamchameleon;c:\windows\SYSTEM32\DRIVERS\mbamchameleon.sys [2/24/2013 12:37 PM 35144]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 2:40 AM 118784]
S3 Licedikv;Licedikv; [x]
S3 UNL;UNL;c:\docume~1\DOUG~2.DOU\LOCALS~1\Temp\UNL.exe --> c:\docume~1\DOUG~2.DOU\LOCALS~1\Temp\UNL.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLDC656E14
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 20:14 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 20:13]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 20:13]
.
2013-02-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 19:11]
.
2013-02-24 c:\windows\Tasks\User_Feed_Synchronization-{B5391352-B02A-4B8F-B9BA-86C317D1785D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.120
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Mozilla\Firefox\Profiles\ie71nxxp.default\
FF - ExtSQL: 2013-02-24 21:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Mozilla\Firefox\Profiles\ie71nxxp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-24 21:45; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Mozilla\Firefox\Profiles\ie71nxxp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-02-24 21:45; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Mozilla\Firefox\Profiles\ie71nxxp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-02-24 21:45; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Mozilla\Firefox\Profiles\ie71nxxp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-02-24 21:45; newtaburl@sogame.cat; c:\documents and settings\Doug.DOUG-3T8PM028WE\Application Data\Mozilla\Firefox\Profiles\ie71nxxp.default\extensions\newtaburl@sogame.cat.xpi
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-02379571.sys
SafeBoot-50372911.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-24 22:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-02-24  22:18:07
ComboFix-quarantined-files.txt  2013-02-25 06:18
.
Pre-Run: 7,495,491,584 bytes free
Post-Run: 7,481,225,216 bytes free
.
- - End Of File - - 5642D143FD4EF25798C95D3F8D6098A3
 

 

Thanks!



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 PM

Posted 25 February 2013 - 01:35 AM


Hello

so far I have been removing dross from the infections you have already removed

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
      • report from Hijackthis
        • let me know of any problems you may have had
          • How is the computer doing now?
        Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 25 February 2013 - 02:23 AM

Hi Gringo,

CCleaner was basic IE cache files.

 

MBAM Log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org


 

Database version: v2013.02.25.03


 

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: DOUG-3T8PM028WE [administrator]


 

2/24/2013 10:39:06 PM
mbam-log-2013-02-24 (22-39-06).txt


 

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 326129
Time elapsed: 10 minute(s), 47 second(s)


 

Memory Processes Detected: 0
(No malicious items detected)


 

Memory Modules Detected: 0
(No malicious items detected)


 

Registry Keys Detected: 0
(No malicious items detected)


 

Registry Values Detected: 0
(No malicious items detected)


 

Registry Data Items Detected: 0
(No malicious items detected)


 

Folders Detected: 0
(No malicious items detected)


 

Files Detected: 0
(No malicious items detected)


 

(end)

 

 

There was nothing to remove.

========================

 

 

HiJack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:19 PM, on 2/24/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal


 

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\windows\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\devldr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\wscntfy.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snippy.lnk = C:\WINDOWS\EXE\Snippy.exe
O4 - Global Startup: Task Manager.lnk = C:\WINDOWS\SYSTEM32\taskmgr.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145061727359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145061838562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: UNL - Unknown owner - C:\DOCUME~1\DOUG~2.DOU\LOCALS~1\Temp\UNL.exe (file missing)


 

--
End of file - 5578 bytes

 

=========================

 

Everything seems a lot better!!  It is an old computer, so processor and memory limiting internet experience, but so much better.

 

Thanks so much!!



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:53 PM

Posted 25 February 2013 - 03:07 AM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
  • When the scan is complete
    • If no threats were found
      • put a checkmark in "Uninstall application on close"
      • close program
      • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 26 February 2013 - 01:06 AM

Hi Gringo,

The ESET scan did find a couple of items.

 

C:\Documents and Settings\Doug.DOUG-3T8PM028WE\My Documents\Aaron's Programs\Programs\FoxitReader545.0124_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\TDSSKiller_Quarantine\24.02.2013_12.28.10\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan
 

Thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users