Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me to remove all ssdt,kernel hooks, hidden registry keys,rootkits and so on


  • This topic is locked This topic is locked
129 replies to this topic

#1 cutthroat

cutthroat

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 21 March 2013 - 02:17 PM

Hi.

I am infected for sure.

I have run tdsskiller but the program did not finish because of a blue screen(bsod) and it found 28 threats but did not remove any of them because a bsod .


After a restart I run tdsskiller again and nothing was found.

This is normal ?

No program can detect any malware or rootkits on my system but until I used combofix and removed a lot of files .exe on c:\windows and .sys files but there are another things combofix did not removed I think.

I run combofix again and again and I need your help to remove everything from my computer.

This log.txt is from the last time when i ran combofix .

Combofix already did his job before but always when I run combofix it appears to have many things to remove manually, including registry keys and so on.

 

This log.txt is not the same when I run first time combofix, if needed I can upload my first log of combofix to see every removal was done.


Thank you so much

 

 

Here is the log.txt

 

ComboFix 13-03-21.01 - Carlos Silva 21-03-2013  18:49:26.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.351.1033.18.2046.1289 [GMT 0:00]
Executando de: c:\documents and settings\Carlos Silva\Desktop\is0ehsfd.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-02-21 to 2013-03-21  ))))))))))))))))))))))))))))
.
.
2013-03-21 17:24 . 2008-04-13 21:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2013-03-21 17:24 . 2008-04-13 21:45 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2013-03-21 16:52 . 2013-03-21 16:52 -------- d-----w- c:\documents and settings\Carlos Silva\Application Data\Malwarebytes
2013-03-21 16:52 . 2013-03-21 16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-21 16:52 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-21 14:14 . 2013-03-21 15:28 7168 ----a-w- c:\windows\system32\drivers\utexndg1.sys
2013-03-21 11:43 . 2013-03-21 13:00 -------- d-----w- C:\avz4
2013-03-20 23:43 . 2013-03-20 23:43 -------- d-----w- C:\Backreg
2013-03-20 22:15 . 2013-03-20 22:15 164240 ----a-w- c:\windows\system32\drivers\21m5yy3j.sys
2013-03-20 21:56 . 2013-03-20 21:56 164240 ----a-w- c:\windows\system32\drivers\k7ilmvwc.sys
2013-03-20 20:47 . 2013-03-20 20:47 164240 ----a-w- c:\windows\system32\drivers\x2o982xx.sys
2013-03-20 20:22 . 2013-03-20 20:23 -------- d-----w- C:\VBA32
2013-03-20 19:56 . 2013-03-20 19:56 131344 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2013-03-20 19:37 . 2013-03-20 19:37 -------- d-----w- C:\bva
2013-03-20 19:19 . 2013-03-20 19:19 -------- d-----w- C:\vba
2013-03-20 18:52 . 2013-03-20 18:52 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-03-20 15:07 . 2013-03-20 15:07 -------- d-----w- c:\documents and settings\Administrator
2013-03-20 14:50 . 2006-11-04 10:47 114688 ----a-w- c:\windows\system32\LOGONMONITOR.DLL.del
2013-03-19 13:15 . 2013-03-19 13:15 -------- d-----w- c:\program files\CCleaner
2013-03-19 11:03 . 2013-03-19 11:03 457 ----a-w- C:\deletekeys.reg
2013-03-19 10:44 . 2013-03-21 17:42 -------- d-----w- C:\Radix
2013-03-19 00:05 . 2013-03-19 00:05 -------- d-----w- c:\program files\MustBeRandomlyNamed
2013-03-18 19:01 . 2013-03-18 19:01 -------- d-----w- C:\DefenseWallVC
2013-03-18 04:45 . 2009-12-06 17:45 -------- d---a-w- C:\Kernel Detective v1.3.1
2013-03-18 02:35 . 2013-03-18 02:35 -------- d-----w- c:\program files\Tizer™ Rootkit Razor
2013-03-17 16:31 . 2013-03-17 16:31 -------- d-----w- c:\documents and settings\Carlos Silva\Local Settings\Application Data\Help
2013-03-17 03:05 . 2013-03-17 11:41 -------- d-----w- c:\windows\system32\XPSViewer
2013-03-17 03:05 . 2013-03-17 03:05 -------- d-----w- c:\program files\MSBuild
2013-03-17 03:05 . 2013-03-17 03:05 -------- d-----w- c:\program files\Reference Assemblies
2013-03-17 03:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-03-17 03:04 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-03-17 03:04 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-03-17 03:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-03-17 03:04 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-03-17 03:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-03-17 03:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-03-17 03:04 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-03-17 03:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-03-17 03:04 . 2013-03-17 03:04 -------- d-----w- C:\606fc27bf3b708e33d
2013-03-16 20:06 . 2013-03-16 20:06 -------- d-----w- c:\documents and settings\Carlos Silva\Local Settings\Application Data\HP
2013-03-16 20:06 . 2013-03-16 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2013-03-16 20:05 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2013-03-16 20:05 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2013-03-16 20:04 . 2009-04-16 14:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2013-03-16 20:04 . 2009-04-16 14:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2013-03-16 20:04 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2013-03-16 20:04 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2013-03-16 20:04 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2013-03-16 20:04 . 2009-02-10 20:03 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2013-03-16 20:04 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2013-03-16 20:04 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2013-03-16 20:04 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2013-03-16 20:00 . 2013-03-16 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2013-03-16 19:59 . 2013-03-16 19:59 -------- d-----w- c:\program files\Common Files\HP
2013-03-16 19:58 . 2013-03-16 19:58 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2013-03-16 13:15 . 2013-03-16 13:15 -------- d-----w- C:\Minha pen de 16 GB
2013-03-16 08:25 . 2013-03-16 08:25 -------- d-----w- C:\emsisoft
2013-03-16 03:00 . 2013-03-16 03:17 -------- d-----w- c:\windows\SxsCaPendDel
2013-03-15 21:20 . 2013-03-15 21:23 -------- d-----w- C:\Pen azul 4 gb COPIA DOS FICHEIROS
2013-03-15 17:36 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-15 17:17 . 2013-03-15 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2013-03-15 09:36 . 2008-04-13 21:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2013-03-15 09:36 . 2008-04-13 21:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-03-15 09:33 . 2008-08-07 21:10 221184 ----a-w- c:\windows\brprs.exe
2013-03-15 09:33 . 2013-03-16 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2013-03-15 09:32 . 2013-03-16 20:06 -------- d-----w- c:\documents and settings\Carlos Silva\Application Data\HP
2013-03-15 09:29 . 2013-03-15 09:32 -------- d-----w- C:\hp_LJ_M1120_Full_Solution
2013-03-13 22:16 . 2013-03-13 22:16 -------- d-----w- c:\windows\system32\LogFiles
2013-03-13 17:39 . 2013-03-18 13:37 -------- d-----w- c:\documents and settings\Carlos Silva\Application Data\vlc
2013-03-13 17:38 . 2013-03-13 17:38 -------- d-----w- c:\program files\VideoLAN
2013-03-13 06:48 . 2013-03-13 06:48 -------- d-----w- C:\Regrun warrior
2013-03-13 04:40 . 2013-03-13 04:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2013-03-12 07:52 . 2013-03-20 20:42 -------- d-----w- c:\program files\UnHackMe
2013-03-12 07:47 . 2013-03-19 10:37 -------- d-----w- c:\program files\RootKit Hook Analyzer
2013-03-12 07:47 . 2007-07-07 00:39 19248 ----a-w- c:\windows\system32\drivers\rspsc32.sys
2013-03-12 07:11 . 2013-03-12 07:36 -------- d-----w- c:\program files\ProSecurity
2013-03-12 06:46 . 2013-03-21 15:59 -------- d-----w- c:\documents and settings\Carlos Silva\Local Settings\Application Data\temp
2013-03-11 15:14 . 2013-03-11 15:14 -------- d-----w- c:\documents and settings\Carlos Silva\Local Settings\Application Data\Trusteer
2013-03-11 15:13 . 2013-03-12 02:38 -------- d-----w- c:\program files\Trusteer
2013-03-11 15:13 . 2013-03-11 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2013-03-11 03:12 . 2013-03-11 03:12 -------- d-----w- c:\documents and settings\Carlos Silva\Local Settings\Application Data\MigWiz
2013-03-08 13:42 . 2013-03-08 13:42 -------- d-----w- c:\program files\NoVirusThanks
2013-03-08 13:34 . 2013-03-08 13:34 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-07 09:15 . 2013-03-07 09:16 -------- d-----w- c:\documents and settings\Carlos Silva\Local Settings\Application Data\Ares
2013-03-07 09:15 . 2013-03-07 09:15 -------- d-----w- c:\program files\Ares
2013-03-07 09:01 . 2013-03-07 09:02 -------- d-----w- c:\program files\eMule
2013-03-06 03:36 . 2013-03-06 03:36 -------- d-----w- c:\documents and settings\Carlos Silva\Local Settings\Application Data\Mozilla
2013-03-05 05:42 . 2013-03-05 05:42 -------- d-----w- C:\PEN EURO MOVIDA
2013-03-04 10:09 . 2013-03-04 10:22 -------- d-----w- C:\PEN EUROAAA
2013-03-04 08:02 . 2013-03-04 08:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-03-04 07:54 . 2013-03-04 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-03-04 07:34 . 2012-10-29 08:20 27232 ----a-w- c:\windows\system32\drivers\rspSanity32XP.sys
2013-03-04 07:34 . 2010-08-23 17:07 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2013-03-04 07:34 . 2013-03-08 13:45 -------- d-----w- c:\program files\SanityCheck
2013-03-01 23:19 . 2013-03-01 23:30 -------- d-----w- c:\program files\JDownloader
2013-03-01 05:01 . 2013-03-01 05:04 -------- d---a-w- C:\cce_linux
2013-03-01 03:16 . 2013-03-01 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-02-28 17:00 . 2013-02-28 17:04 -------- d-----w- C:\Megadatabase 2013
2013-02-27 05:40 . 2013-02-27 05:40 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2013-02-27 03:52 . 2013-02-27 04:00 -------- d-----w- c:\documents and settings\Carlos Silva\Application Data\InfraRecorder
2013-02-27 03:52 . 2013-02-27 03:52 -------- d-----w- c:\program files\InfraRecorder
2013-02-26 15:00 . 2013-02-26 15:00 -------- d-----w- c:\windows\Sun
2013-02-26 15:00 . 2013-02-26 15:00 -------- d-----w- c:\documents and settings\Carlos Silva\Local Settings\Application Data\Sun
2013-02-25 01:09 . 2013-03-05 04:33 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-02-24 12:51 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-02-22 18:48 . 2013-02-01 14:26 357337 ----a-w- c:\program files\EAM Trial Reset 1.1.exe
2013-02-22 18:41 . 2013-02-22 18:41 -------- d-----w- c:\documents and settings\Carlos Silva\Application Data\EurekaLog
2013-02-22 18:38 . 2013-02-22 18:38 -------- d-----w- c:\program files\MSXML 4.0
2013-02-22 18:35 . 2013-02-22 18:35 -------- d-----w- c:\windows\ie8updates
2013-02-22 18:35 . 2013-03-16 03:01 -------- d--h--w- c:\windows\$hf_mig$
2013-02-22 18:30 . 2013-01-07 01:32 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-02-22 18:30 . 2013-01-07 01:28 2193152 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-02-22 18:30 . 2013-01-07 00:45 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-02-22 18:30 . 2013-01-07 00:45 2069760 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-02-22 18:27 . 2013-02-05 20:04 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-02-22 18:27 . 2013-02-05 20:04 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-02-22 18:27 . 2013-02-05 20:04 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-02-22 18:27 . 2013-02-05 20:04 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-02-22 18:27 . 2013-02-05 20:04 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-02-22 18:27 . 2013-02-05 20:04 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-02-22 18:27 . 2013-02-05 20:04 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-02-22 18:27 . 2013-02-06 01:34 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-02-22 18:22 . 2013-03-13 03:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
2013-02-22 18:20 . 2013-02-22 18:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 03:23 . 2012-11-28 21:42 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-03-12 20:58 . 2008-04-14 12:00 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 20:58 . 2008-04-14 12:00 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:04 . 2012-06-13 15:36 920064 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:04 . 2012-06-13 15:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:04 . 2012-06-13 15:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:40 . 2012-06-13 15:36 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2012-06-13 15:35 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:32 . 2012-06-13 15:35 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:45 . 2012-05-04 12:41 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:32 . 2012-06-13 15:35 1876224 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:48 . 2012-06-13 15:35 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:48 . 2008-04-14 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-31 23:37 . 2012-12-31 23:37 49152 ----a-r- c:\documents and settings\Carlos Silva\Application Data\Microsoft\Installer\{DF27BAF0-47DB-42A7-9B17-DFAC05050C91}\_D4030DE2F31A_4DC6_B45C_15A000CB5A8A.exe
2012-12-31 20:14 . 2012-12-31 21:08 1448809 ----a-w- C:\DOSBox0.74-win32-installer (1).exe
2011-03-18 18:05 . 2012-11-29 09:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-06-13 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2013-02-17 916480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2013-03-07 3363752]
"PS_Alarm"="c:\program files\ProSecurity\Alarm.exe" [2008-01-29 2332672]
"PS_RuleEditor"="c:\program files\ProSecurity\RuleEditor.exe" [2008-01-29 3679744]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-11-02 36864]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"SLastActive1"= 000826edf01ece01
"SFT1"= 000826edf01ece01
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 16:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-10-03 15:15 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 15:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 17:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 19:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 16:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-01-21 18:27 20026472 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 17:05 16945032 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-29 22:22 638976 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 09:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-10-18 19:40 1934632 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-14 19:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Carlos Silva\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
R0 iastor3;iastor3;c:\windows\system32\drivers\iastor3.sys [13-06-2012 15:45 308248]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [13-06-2012 15:45 13616]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [13-06-2012 15:45 13616]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [26-11-2012 5:29 22056]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [26-11-2012 5:29 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [26-11-2012 5:29 14432]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [26-11-2012 5:29 3089856]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [12-03-2013 11:08 2074768]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [21-03-2013 16:52 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21-03-2013 16:52 682344]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [26-11-2012 5:29 54072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21-03-2013 16:52 21104]
R3 NETwLx32;    Controlador da placa Intel® Wireless WiFi Link Série 5000 para Windows XP 32 Bits;c:\windows\system32\drivers\NETwLx32.sys [29-11-2012 9:11 6609920]
S3 21m5yy3j;Vba32 Armour Driver;c:\windows\system32\drivers\21m5yy3j.sys [20-03-2013 22:15 164240]
S3 APHbx0iE;BlackBox SR2; [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [29-11-2012 6:54 193840]
S3 k0wf4wx6;BlackBox SR2; [x]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [20-03-2013 18:52 35144]
S3 Qxg4rk0E;BlackBox SR2; [x]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [11-03-2013 15:14 55448]
S3 RSPHOOKANALYZER;RSPHOOKANALYZER;\??\c:\docume~1\CARLOS~1\LOCALS~1\Temp\rspsc32.sys --> c:\docume~1\CARLOS~1\LOCALS~1\Temp\rspsc32.sys [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [04-03-2013 7:34 27192]
S3 utexndg1;AVZ Kernel Driver;c:\windows\system32\drivers\utexndg1.sys [21-03-2013 14:14 7168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 17:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 01:25 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 20:58]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-29 09:17]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-29 09:17]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.yandex.ru/?clid=154464
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Carlos Silva\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\
.
.
------- Associação de arquivos/ficheiros -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-21 18:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Procurando processos ocultos ... 
.
Procurando entradas auto inicializáveis ocultas ... 
.
Procurando ficheiros/arquivos ocultos ... 
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\WININET.dll
c:\program files\Emsisoft Anti-Malware\a2hooks32.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
.
Tempo para conclusão: 2013-03-21  18:57:51
ComboFix-quarantined-files.txt  2013-03-21 18:57
ComboFix2.txt  2013-03-21 16:16
ComboFix3.txt  2013-03-21 16:02
.
Pré-execução: 8.387.674.112 bytes free
Pós execução: 8.372.727.808 bytes free
.
- - End Of File - - 3B07CEA16320CC4851A2307CDC0BBC67
Attached File  log.txt   25.93KB   2 downloads

 


Edited by cutthroat, 21 March 2013 - 07:17 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 26 March 2013 - 02:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

=http://www.bleepstatic.com/images/site/icons/steps/step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/489349 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gif If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 cutthroat

cutthroat
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 26 March 2013 - 08:10 PM

Hi again !
 
First of all I want to thank you so much for your precious help and dedicated efforts to help us to solve problems with advanced techniques and very powerful tricks.
 
My Windows explorer is now much faster than before
 
My computer is much better now because I have deleted things with AVZ on scripts.
 
But I did not remove the drivers and other things because I was fearing Windows XP would not run anymore.
 
Kernel hooks by a rootkit detected by AVZ(red colour).
 
One strange thing keeps happening.
 
Some days before Tdsskiller detected an serial.sys file and I removed it from c:\windows\system32.
 
The file "serial.sys" from c:\windows\system32 is 63 KB on my Windows XP and I have another machine with Windows xp too and have serial.sys with 65 KB.
 
And I copied the file to c:\windows\system32 and after a few seconds the file "serial.sys" change from 65 Kb to 63 KB.
 
When I copied the file to another location, for example c:\ the file did not change and serial.sys stays with 65 KB.
 
But everytime I copy serial.sys (65KB) to c:\windows\system32 he changes the size to 63 KB.
 
I have several ports open detected on AVZ and I did not delete any.
 
I think I have several dlls created before and they infected my system like combofix tell on last log.
 
When I restart my windows XP I have always an Runtime error saying the program:c:\program files\intel\intel matrix storage manager\iaantmon.exe - This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
 
 
The windows startup is somehow slow.
 
AVZ detected kernel hooks by rootkits.
 
I think I have 2 internet connections on my computer,on control panel\network connections I can see "1394 connection 3" and "local area connection" both connected and firewalled.
 
I would like to remove everyline from combofix log posted here last time.
 
Remove registry entries and dlls and .sys files detected by combofix .
 
The combofix log is here on my 1st post.
 
My computer has another symptoms but I can't remember everything for now.
 
Sorry.
 
I want to thank you for all your efforts trying to help.
 
Here is the DDS and AVZ logs for your analysis.
 
 
 

 

DDS LOG:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Carlos Silva at 0:28:33 on 2013-03-27
#Option Extended Search is enabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.351.1033.18.2046.1122 [GMT 0:00]
.
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
============== Running Processes ================
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yandex.ru/?clid=154464
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:347
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carlos silva\application data\mozilla\firefox\profiles\nahd6ha2.default\
FF - ExtSQL: 2013-03-17 11:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 iastor3;iastor3;c:\windows\system32\drivers\iastor3.sys [2012-6-13 308248]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2012-6-13 13616]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2012-6-13 13616]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2013-3-26 22056]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2013-3-26 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2013-3-26 14432]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2013-3-24 3968]
R1 uzexndg1;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzexndg1.sys [2013-3-25 11264]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2013-3-26 3089856]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2013-3-12 2074768]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2013-3-26 54072]
R3 NETwLx32;    Controlador da placa Intel® Wireless WiFi Link Série 5000 para Windows XP 32 Bits;c:\windows\system32\drivers\NETwLx32.sys [2012-11-29 6609920]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-26 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-26 682344]
S3 APHbx0iE;BlackBox SR2; [x]
S3 bc277x0n;Vba32 Armour Driver;c:\windows\system32\drivers\bc277x0n.sys [2013-3-22 164240]
S3 k0wf4wx6;BlackBox SR2; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-26 21104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13c.tmp --> c:\windows\system32\13C.tmp [?]
S3 Qxg4rk0E;BlackBox SR2; [x]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-3-22 27064]
S3 RSPHOOKANALYZER;RSPHOOKANALYZER;\??\c:\docume~1\carlos~1\locals~1\temp\rspsc32.sys --> c:\docume~1\carlos~1\locals~1\temp\rspsc32.sys [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2013-3-4 27192]
S3 ujexndg1;AVZ-SG Kernel Driver;c:\windows\system32\drivers\ujexndg1.sys [2013-3-25 10240]
S3 utexndg1;AVZ Kernel Driver;c:\windows\system32\drivers\utexndg1.sys [2013-3-25 7168]
.
=============== Created Last 60 ================
.
2013-03-26 15:10:52 315392 ----a-w- c:\windows\HideWin.exe
2013-03-26 15:04:47 -------- d-----w- c:\program files\Motorola
2013-03-26 12:53:29 -------- d-----w- c:\documents and settings\carlos silva\application data\Malwarebytes
2013-03-26 12:53:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-03-26 12:53:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 12:53:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-26 00:17:33 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2013-03-25 19:38:41 56576 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
2013-03-25 19:38:41 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2013-03-25 19:38:41 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2013-03-25 19:38:41 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2013-03-25 15:51:56 10240 ----a-w- c:\windows\system32\drivers\ujexndg1.sys
2013-03-25 13:49:56 7168 ----a-w- c:\windows\system32\drivers\utexndg1.sys
2013-03-25 13:42:49 11264 ----a-w- c:\windows\system32\drivers\uzexndg1.sys
2013-03-25 12:55:50 -------- d-----w- C:\VBA NORMAL
2013-03-25 12:55:23 -------- d-----w- C:\VBA BETA
2013-03-25 12:54:36 -------- d-----w- C:\VBABASES UPDATE
2013-03-25 00:32:02 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2013-03-24 23:58:31 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2013-03-23 03:20:13 -------- d-----w- c:\program files\Nemesis Anti-Spyware
2013-03-23 01:26:47 -------- d-----w- c:\program files\Tizer™ Rootkit Razor
2013-03-22 21:24:02 164240 ----a-w- c:\windows\system32\drivers\bc277x0n.sys
2013-03-22 21:06:39 -------- d-----w- C:\FRST
2013-03-22 19:17:59 164240 ----a-w- c:\windows\system32\drivers\k7thf2xz.sys
2013-03-22 18:17:13 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\VS Revo Group
2013-03-22 18:17:07 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-03-22 18:17:07 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2013-03-22 18:17:05 -------- d-----w- c:\program files\VS Revo Group
2013-03-22 17:50:28 164240 ----a-w- c:\windows\system32\drivers\9dxphn9c.sys
2013-03-22 03:42:49 -------- d-----w- c:\program files\Sophos
2013-03-22 02:26:26 -------- d-----w- c:\windows\ERUNT
2013-03-22 02:25:59 -------- d-----w- C:\JRT
2013-03-22 01:40:58 -------- d-----w- C:\ifghww
2013-03-21 18:48:08 -------- d-----w- C:\is0ehsfd
2013-03-21 17:24:50 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2013-03-21 17:24:50 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2013-03-21 15:52:56 -------- d-sha-r- C:\cmdcons
2013-03-21 15:51:17 98816 ----a-w- c:\windows\sed.exe
2013-03-21 15:51:17 256000 ----a-w- c:\windows\PEV.exe
2013-03-21 15:51:17 208896 ----a-w- c:\windows\MBR.exe
2013-03-21 11:43:53 -------- d-----w- C:\avz4
2013-03-20 23:43:16 -------- d-----w- C:\Backreg
2013-03-20 21:56:47 164240 ----a-w- c:\windows\system32\drivers\k7ilmvwc.sys
2013-03-20 20:47:02 164240 ----a-w- c:\windows\system32\drivers\x2o982xx.sys
2013-03-20 20:25:46 -------- d-----w- c:\windows\system32\appmgmt
2013-03-20 20:22:22 -------- d-----w- C:\VBA32
2013-03-20 19:37:13 -------- d-----w- C:\bva
2013-03-20 19:19:11 -------- d-----w- C:\vba
2013-03-20 14:50:22 114688 ----a-w- c:\windows\system32\LOGONMONITOR.DLL.del
2013-03-19 13:15:21 -------- d-----w- c:\program files\CCleaner
2013-03-19 13:14:33 -------- d-----w- C:\DefenseWallVC_Apps
2013-03-19 11:03:35 457 ----a-w- C:\deletekeys.reg
2013-03-19 10:44:31 -------- d-----w- C:\Radix
2013-03-18 19:01:49 -------- d-----w- C:\DefenseWallVC
2013-03-18 04:45:33 -------- d---a-w- C:\Kernel Detective v1.3.1
2013-03-17 16:31:43 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\Help
2013-03-17 03:05:20 -------- d-----w- c:\windows\system32\XPSViewer
2013-03-17 03:04:58 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-03-17 03:04:38 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-03-17 03:04:38 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-03-17 03:04:38 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-03-17 03:04:38 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-03-17 03:04:38 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-03-17 03:04:38 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-03-17 03:04:38 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-03-17 03:04:38 117760 ------w- c:\windows\system32\prntvpt.dll
2013-03-17 03:04:37 -------- d-----w- C:\606fc27bf3b708e33d
2013-03-16 20:06:27 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\HP
2013-03-16 20:06:08 -------- d-----w- c:\documents and settings\all users\application data\WEBREG
2013-03-16 20:05:04 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2013-03-16 20:05:04 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2013-03-16 20:04:46 312832 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
2013-03-16 20:04:46 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2013-03-16 20:04:45 452408 ----a-r- c:\windows\system32\hpzids01.dll
2013-03-16 20:04:40 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2013-03-16 20:04:13 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2013-03-16 20:04:13 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2013-03-16 20:04:13 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2013-03-16 20:04:13 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2013-03-16 20:04:13 309760 ----a-r- c:\windows\system32\difxapi.dll
2013-03-16 19:59:19 -------- d-----w- c:\program files\common files\HP
2013-03-16 19:58:51 -------- d-----w- c:\program files\common files\Hewlett-Packard
2013-03-16 13:15:05 -------- d-----w- C:\Minha pen de 16 GB
2013-03-16 08:25:01 -------- d-----w- C:\emsisoft
2013-03-16 03:00:41 -------- d-----w- c:\windows\SxsCaPendDel
2013-03-15 21:20:36 -------- d-----w- C:\Pen azul 4 gb COPIA DOS FICHEIROS
2013-03-15 17:36:34 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-15 09:36:31 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2013-03-15 09:36:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-03-15 09:33:48 221184 ----a-w- c:\windows\brprs.exe
2013-03-15 09:29:08 -------- d-----w- C:\hp_LJ_M1120_Full_Solution
2013-03-13 22:16:46 -------- d-----w- c:\windows\system32\LogFiles
2013-03-13 17:38:24 -------- d-----w- c:\program files\VideoLAN
2013-03-13 06:48:07 -------- d-----w- C:\Regrun warrior
2013-03-12 07:52:25 -------- d-----w- c:\program files\UnHackMe
2013-03-12 06:46:26 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\temp
2013-03-11 15:13:50 -------- d-----w- c:\program files\Trusteer
2013-03-11 03:12:54 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\MigWiz
2013-03-08 13:42:12 -------- d-----w- c:\program files\NoVirusThanks
2013-03-08 13:34:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-07 09:01:48 -------- d-----w- c:\program files\eMule
2013-03-06 03:36:00 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\Mozilla
2013-03-05 05:42:19 -------- d-----w- C:\PEN EURO MOVIDA
2013-03-04 10:09:46 -------- d-----w- C:\PEN EUROAAA
2013-03-04 08:02:31 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-03-04 07:54:06 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-03-04 07:34:14 27232 ----a-w- c:\windows\system32\drivers\rspSanity32XP.sys
2013-03-04 07:34:14 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2013-03-01 23:19:15 -------- d-----w- c:\program files\JDownloader
2013-03-01 05:01:04 -------- d---a-w- C:\cce_linux
2013-02-28 17:00:29 -------- d-----w- C:\Megadatabase 2013
2013-02-27 05:40:38 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2013-02-27 03:52:09 -------- d-----w- c:\documents and settings\carlos silva\application data\InfraRecorder
2013-02-27 03:52:00 -------- d-----w- c:\program files\InfraRecorder
2013-02-26 15:00:45 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\Sun
2013-02-25 01:09:14 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-02-24 12:51:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-02-22 18:48:40 357337 ----a-w- c:\program files\EAM Trial Reset 1.1.exe
2013-02-22 18:41:09 -------- d-----w- c:\documents and settings\carlos silva\application data\EurekaLog
2013-02-22 18:38:13 -------- d-----w- c:\program files\MSXML 4.0
2013-02-22 18:35:58 -------- d-----w- c:\windows\ie8updates
2013-02-22 18:35:54 -------- d--h--w- c:\windows\$hf_mig$
2013-02-22 18:30:13 2193152 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-02-22 18:30:13 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-02-22 18:30:13 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-02-22 18:30:12 2069760 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-02-22 18:27:51 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-02-22 18:27:51 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-02-22 18:27:50 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-02-22 18:27:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-02-22 18:27:49 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-02-22 18:27:49 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-02-22 18:27:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-02-22 18:27:45 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll
.
==================== Find6M  ====================
.
2013-03-25 16:08:49 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-03-12 20:58:23 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 20:58:23 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:04:37 920064 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:04:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:04:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:40:26 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:10 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:32:34 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:45:12 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:32:36 1876224 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:48:28 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:48:28 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-31 20:14:16 1448809 ----a-w- C:\DOSBox0.74-win32-installer (1).exe
2012-12-16 12:31:02 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-29 09:15:45 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-11-29 09:15:45 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-11-29 09:14:54 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-11-29 00:42:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-29 00:42:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-28 21:42:15 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-11-19 20:06:02 1573376 ----a-w- c:\windows\system32\VSFilter.dll
2012-11-08 11:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:00:55 1446912 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH:  0:29:12,84 ===============
 
attach.zip follows in attachment
 

 

Attached Files


Edited by cutthroat, 27 March 2013 - 08:33 AM.


#4 cutthroat

cutthroat
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 26 March 2013 - 08:14 PM

AVZ LOGS   Results of system analysis

AVZ 4.39 http://z-oleg.com/secur/avz/

Process List File name PID Description Copyright MD5 Information c:\program files\comodo\dragon\dragon.exe
Script: QuarantineDeleteDelete via BC,Terminate 2952 Comodo Dragon Copyright © 2009-2013, Comodo Security Solutions, Inc. ?? 1746.14 kb, rsAh,
created: 12.03.2013 11:08:06,
modified: 12.03.2013 11:08:06
Command line: 
"C:\Program Files\Comodo\Dragon\dragon.exe" --type=gpu-process --channel="2276.7.1767316735\1305362494" --supports-dual-gpus=false --gpu-vendor-id=0x10de --gpu-device-id=0x0427 --gpu-driver-vendor=NVIDIA --gpu-driver-version=6.14.12.6658 --ignored=" --type=renderer " /prefetch:12 c:\program files\comodo\dragon\dragon.exe
Script: QuarantineDeleteDelete via BC,Terminate 3744 Comodo Dragon Copyright © 2009-2013, Comodo Security Solutions, Inc. ?? 1746.14 kb, rsAh,
created: 12.03.2013 11:08:06,
modified: 12.03.2013 11:08:06
Command line: 
"C:\Program Files\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=InfiniteCache/No/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxSearchSuggestTrialStarted2013Q1/14/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderMulti/SpdyCwnd/cwndMin16/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_76/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/ --disable-accelerated-video-decode --channel="2276.18.926823326\1579339854" /prefetch:3 c:\program files\comodo\dragon\dragon.exe
Script: QuarantineDeleteDelete via BC,Terminate 2276 Comodo Dragon Copyright © 2009-2013, Comodo Security Solutions, Inc. ?? 1746.14 kb, rsAh,
created: 12.03.2013 11:08:06,
modified: 12.03.2013 11:08:06
Command line: 
"C:\Program Files\Comodo\Dragon\dragon.exe" c:\program files\comodo\dragon\dragon.exe
Script: QuarantineDeleteDelete via BC,Terminate 3000 Comodo Dragon Copyright © 2009-2013, Comodo Security Solutions, Inc. ?? 1746.14 kb, rsAh,
created: 12.03.2013 11:08:06,
modified: 12.03.2013 11:08:06
Command line: 
"C:\Program Files\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=InfiniteCache/No/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxSearchSuggestTrialStarted2013Q1/14/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderMulti/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_76/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/ --extension-process --disable-accelerated-video-decode --channel="2276.1.1147124337\295589261" /prefetch:3 c:\program files\comodo\dragon\dragon.exe
Script: QuarantineDeleteDelete via BC,Terminate 3328 Comodo Dragon Copyright © 2009-2013, Comodo Security Solutions, Inc. ?? 1746.14 kb, rsAh,
created: 12.03.2013 11:08:06,
modified: 12.03.2013 11:08:06
Command line: 
"C:\Program Files\Comodo\Dragon\dragon.exe" --type=renderer --lang=en-US --force-fieldtrials=InfiniteCache/No/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxSearchSuggestTrialStarted2013Q1/14/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderMulti/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_76/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/ --extension-process --disable-accelerated-video-decode --channel="2276.2.314030611\1857488684" /prefetch:3 c:\windows\explorer.exe
Script: QuarantineDeleteDelete via BC,Terminate 692 Windows Explorer © Microsoft Corporation. All rights reserved. ?? 1009.50 kb, rsAh,
created: 13.06.2012 15:34:31,
modified: 13.06.2012 15:34:31
Command line: 
C:\WINDOWS\Explorer.EXE c:\program files\intel\intel matrix storage manager\iaantmon.exe
Script: QuarantineDeleteDelete via BC,Terminate 1312 RAID Monitor Copyright© Intel Corporation 2003-2007 ?? 350.52 kb, rsAh,
created: 29.11.2012 06:51:16,
modified: 03.10.2007 15:45:02
Command line: 
"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" c:\windows\system32\nvsvc32.exe
Script: QuarantineDeleteDelete via BC,Terminate 1220 NVIDIA Driver Helper Service, Version 266.58 © NVIDIA Corporation. All rights reserved. ?? 153.10 kb, rsAh,
created: 07.01.2011 19:58:12,
modified: 07.01.2011 19:58:12
Command line: 
C:\WINDOWS\system32\nvsvc32.exe Detected:35, recognized as trusted 30 Module name Handle Description Copyright MD5 Used by processes C:\Program Files\Comodo\Dragon\dragon.dll
Script: QuarantineDeleteDelete via BC 29556736 Comodo Dragon Copyright © 2009-2013, Comodo Security Solutions, Inc. -- 295237442276,30003328 C:\Program Files\Comodo\Dragon\ffmpegsumo.dll
Script: QuarantineDeleteDelete via BC 86179840     -- 374430003328 C:\Program Files\Comodo\Dragon\icudt.dll
Script: QuarantineDeleteDelete via BC 1255145472 ICU Data DLL Copyright © 2010, International Business Machines Corporation and others. All Rights Reserved. -- 295237442276,30003328 C:\Program Files\Comodo\Dragon\libegl.dll
Script: QuarantineDeleteDelete via BC 87293952 ANGLE libEGL Dynamic Link Library Copyright © 2011 Google Inc. -- 2952 C:\Program Files\Comodo\Dragon\libglesv2.dll
Script: QuarantineDeleteDelete via BC 28639232 ANGLE libGLESv2 Dynamic Link Library Copyright © 2011 Google Inc. -- 2952 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_PTG.dll
Script: QuarantineDeleteDelete via BC 6946816 RAID Plug-in for Intel® Matrix Storage Console Copyright© Intel Corporation 2003-2007 -- 1312 C:\WINDOWS\system32\NVRSPT.DLL
Script: QuarantineDeleteDelete via BC 51511296 NVIDIA Iberian Portuguese language resource library © NVIDIA Corporation. All rights reserved. -- 6921220 Modules found:348, recognized as trusted 341 Kernel Space Modules Viewer Module Base address Size in memory Description Manufacturer C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Script: QuarantineDeleteDelete via BC AB286000 101000 (1052672)     Modules found - 132, recognized as trusted - 131 Services Service Description Status File Group Dependencies Detected - 98, recognized as trusted - 98 Drivers Service Description Status File Group Dependencies Abiosdsk
Driver: UnloadDeleteDisableDelete via BC Abiosdsk Not started Abiosdsk.sys
Script: QuarantineDeleteDelete via BC Primary disk   abp480n5
Driver: UnloadDeleteDisableDelete via BC abp480n5 Not started abp480n5.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   adpu160m
Driver: UnloadDeleteDisableDelete via BC adpu160m Not started adpu160m.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   Aha154x
Driver: UnloadDeleteDisableDelete via BC Aha154x Not started Aha154x.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   aic78u2
Driver: UnloadDeleteDisableDelete via BC aic78u2 Not started aic78u2.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   aic78xx
Driver: UnloadDeleteDisableDelete via BC aic78xx Not started aic78xx.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   AliIde
Driver: UnloadDeleteDisableDelete via BC AliIde Not started AliIde.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   amsint
Driver: UnloadDeleteDisableDelete via BC amsint Not started amsint.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   APHbx0iE
Driver: UnloadDeleteDisableDelete via BC BlackBox SR2 Not started APHbx0iE.sys
Script: QuarantineDeleteDelete via BC     asc
Driver: UnloadDeleteDisableDelete via BC asc Not started asc.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   asc3350p
Driver: UnloadDeleteDisableDelete via BC asc3350p Not started asc3350p.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   asc3550
Driver: UnloadDeleteDisableDelete via BC asc3550 Not started asc3550.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   Atdisk
Driver: UnloadDeleteDisableDelete via BC Atdisk Not started Atdisk.sys
Script: QuarantineDeleteDelete via BC Primary disk   bc277x0n
Driver: UnloadDeleteDisableDelete via BC Vba32 Armour Driver Not started C:\WINDOWS\system32\drivers\bc277x0n.sys
Script: QuarantineDeleteDelete via BC     catchme
Driver: UnloadDeleteDisableDelete via BC catchme Not started C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\catchme.sys
Script: QuarantineDeleteDelete via BC Base   cd20xrnt
Driver: UnloadDeleteDisableDelete via BC cd20xrnt Not started cd20xrnt.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   Changer
Driver: UnloadDeleteDisableDelete via BC Changer Not started Changer.sys
Script: QuarantineDeleteDelete via BC Filter   CmdIde
Driver: UnloadDeleteDisableDelete via BC CmdIde Not started CmdIde.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   Cpqarray
Driver: UnloadDeleteDisableDelete via BC Cpqarray Not started Cpqarray.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   dac960nt
Driver: UnloadDeleteDisableDelete via BC dac960nt Not started dac960nt.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   DMusic
Driver: UnloadDeleteDisableDelete via BC DMusic Not started C:\WINDOWS\system32\drivers\DMusic.sys
Script: QuarantineDeleteDelete via BC     dpti2o
Driver: UnloadDeleteDisableDelete via BC dpti2o Not started dpti2o.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   hpn
Driver: UnloadDeleteDisableDelete via BC hpn Not started hpn.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   i2omgmt
Driver: UnloadDeleteDisableDelete via BC i2omgmt Not started i2omgmt.sys
Script: QuarantineDeleteDelete via BC SCSI Class   i2omp
Driver: UnloadDeleteDisableDelete via BC i2omp Not started i2omp.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   ini910u
Driver: UnloadDeleteDisableDelete via BC ini910u Not started ini910u.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   IntelIde
Driver: UnloadDeleteDisableDelete via BC IntelIde Not started IntelIde.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   k0wf4wx6
Driver: UnloadDeleteDisableDelete via BC BlackBox SR2 Not started k0wf4wx6.sys
Script: QuarantineDeleteDelete via BC     lbrtfdc
Driver: UnloadDeleteDisableDelete via BC lbrtfdc Not started lbrtfdc.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   mbamchameleon
Driver: UnloadDeleteDisableDelete via BC mbamchameleon Not started C:\WINDOWS\system32\drivers\mbamchameleon.sys
Script: QuarantineDeleteDelete via BC FSFilter Activity Monitor   MEMSWEEP2
Driver: UnloadDeleteDisableDelete via BC MEMSWEEP2 Not started C:\WINDOWS\system32\13C.tmp
Script: QuarantineDeleteDelete via BC     mraid35x
Driver: UnloadDeleteDisableDelete via BC mraid35x Not started mraid35x.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   PCIDump
Driver: UnloadDeleteDisableDelete via BC PCIDump Not started PCIDump.sys
Script: QuarantineDeleteDelete via BC PCI Configuration   PDCOMP
Driver: UnloadDeleteDisableDelete via BC PDCOMP Not started PDCOMP.sys
Script: QuarantineDeleteDelete via BC     PDFRAME
Driver: UnloadDeleteDisableDelete via BC PDFRAME Not started PDFRAME.sys
Script: QuarantineDeleteDelete via BC     PDRELI
Driver: UnloadDeleteDisableDelete via BC PDRELI Not started PDRELI.sys
Script: QuarantineDeleteDelete via BC     PDRFRAME
Driver: UnloadDeleteDisableDelete via BC PDRFRAME Not started PDRFRAME.sys
Script: QuarantineDeleteDelete via BC     perc2
Driver: UnloadDeleteDisableDelete via BC perc2 Not started perc2.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   perc2hib
Driver: UnloadDeleteDisableDelete via BC perc2hib Not started perc2hib.sys
Script: QuarantineDeleteDelete via BC Filter   ql1080
Driver: UnloadDeleteDisableDelete via BC ql1080 Not started ql1080.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   Ql10wnt
Driver: UnloadDeleteDisableDelete via BC Ql10wnt Not started Ql10wnt.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   ql12160
Driver: UnloadDeleteDisableDelete via BC ql12160 Not started ql12160.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   ql1240
Driver: UnloadDeleteDisableDelete via BC ql1240 Not started ql1240.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   ql1280
Driver: UnloadDeleteDisableDelete via BC ql1280 Not started ql1280.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   Qxg4rk0E
Driver: UnloadDeleteDisableDelete via BC BlackBox SR2 Not started Qxg4rk0E.sys
Script: QuarantineDeleteDelete via BC     RapportIaso
Driver: UnloadDeleteDisableDelete via BC RapportIaso Not started c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
Script: QuarantineDeleteDelete via BC     RSPHOOKANALYZER
Driver: UnloadDeleteDisableDelete via BC RSPHOOKANALYZER Not started C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\rspsc32.sys
Script: QuarantineDeleteDelete via BC     rspSanity
Driver: UnloadDeleteDisableDelete via BC rspSanity Not started C:\WINDOWS\system32\DRIVERS\rspSanity32.sys
Script: QuarantineDeleteDelete via BC FSFilter Undelete FltMgr Simbad
Driver: UnloadDeleteDisableDelete via BC Simbad Not started Simbad.sys
Script: QuarantineDeleteDelete via BC Filter   Sparrow
Driver: UnloadDeleteDisableDelete via BC Sparrow Not started Sparrow.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   sym_hi
Driver: UnloadDeleteDisableDelete via BC sym_hi Not started sym_hi.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   sym_u3
Driver: UnloadDeleteDisableDelete via BC sym_u3 Not started sym_u3.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   symc810
Driver: UnloadDeleteDisableDelete via BC symc810 Not started symc810.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   symc8xx
Driver: UnloadDeleteDisableDelete via BC symc8xx Not started symc8xx.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   TosIde
Driver: UnloadDeleteDisableDelete via BC TosIde Not started TosIde.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   ultra
Driver: UnloadDeleteDisableDelete via BC ultra Not started ultra.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   ViaIde
Driver: UnloadDeleteDisableDelete via BC ViaIde Not started ViaIde.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   WDICA
Driver: UnloadDeleteDisableDelete via BC WDICA Not started WDICA.sys
Script: QuarantineDeleteDelete via BC     Detected - 207, recognized as trusted - 149 Autoruns File name Status Startup method Description C:\Program Files\Comodo\Dragon\dragon.exe
Script: QuarantineDeleteDelete via BC Active Shortcut in Startup folder C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon.lnk, C:\Program Files\NVIDIA Corporation\nView\nview.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\nview, EventMessageFile C:\Program Files\Tizer™ Rootkit Razor\RootkitRazor.exe
Script: QuarantineDeleteDelete via BC Active Shortcut in Startup folder C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Tizer™ Rootkit Razor.lnk, C:\WINDOWS\System32\Drivers\AliIde.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide, EventMessageFile C:\WINDOWS\System32\Drivers\CmdIde.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide, EventMessageFile C:\WINDOWS\System32\Drivers\IntelIde.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide, EventMessageFile C:\WINDOWS\System32\Drivers\TosIde.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\toside, EventMessageFile C:\WINDOWS\System32\Drivers\ViaIde.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide, EventMessageFile C:\WINDOWS\System32\Drivers\fdc.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\fdc, EventMessageFile C:\WINDOWS\System32\Drivers\flpydisk.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\flpydisk, EventMessageFile C:\WINDOWS\System32\Drivers\lbrtfdc.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc, EventMessageFile C:\WINDOWS\System32\PrintFilterPipelineSvc.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc, EventMessageFile C:\WINDOWS\System32\igmpv2.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile C:\WINDOWS\System32\ipbootp.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile C:\WINDOWS\System32\iprip2.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile C:\WINDOWS\System32\ospf.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile C:\WINDOWS\System32\ospfmib.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile C:\WINDOWS\System32\polagent.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile C:\WINDOWS\System32\tssdis.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile C:\WINDOWS\system32\MsSip1.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL
Delete C:\WINDOWS\system32\MsSip2.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL
Delete C:\WINDOWS\system32\MsSip3.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL
Delete C:\WINDOWS\system32\msvbvm60.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime, EventMessageFile C:\WINDOWS\system32\psxss.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix C:\WINDOWS\system32\stisvc.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile deskpan.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {42071714-76d4-11d1-8b24-00a0c9068ff3}
Delete kbd101.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN
Delete kbd101a.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR
Delete mvfs32.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB
Delete mvfs32.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB
Delete mvfs32.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB
Delete mvfs32.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB
Delete mvfs32.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_CURRENT_USER, Control Panel\IOProcs, MVB
Delete vgafix.fon
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon
Delete vgaoem.fon
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon
Delete vgasys.fon
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon
Delete Autoruns items found - 853, recognized as trusted - 817 Internet Explorer extension modules (BHOs, Toolbars ...) File name Type Description Manufacturer CLSID   Explorer Bar     {555D4D79-4BD2-4094-A395-CFC534424A05}
Delete Items found - 5, recognized as trusted - 4 Windows Explorer extension modules File name Destination Description Manufacturer CLSID deskpan.dll
Script: QuarantineDeleteDelete via BC Display Panning CPL Extension     {42071714-76d4-11d1-8b24-00a0c9068ff3}
Delete   Shell extensions for file compression     {764BF0E1-F219-11ce-972D-00AA00A14F56}
Delete   Encryption Context Menu     {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
Delete   IE User Assist     {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}
Delete   Taskbar and Start Menu     {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Delete   User Accounts     {7A9D77BD-5403-11d2-8785-2E0420524153}
Delete   Haali Matroska Thumbnail Exctractor     {327669A0-59A7-4be9-B99E-1C9F3A57611A}
Delete   Desktop Explorer     {1CDB2949-8F65-4355-8456-263E7C208A5D}
Delete   Desktop Explorer Menu     {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
Delete   nView Desktop Context Menu     {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
Delete   DefenseWall shell extension     {DF654E71-7714-4b21-BAE3-346C0D8B6206}
Delete   ColumnHandler     {0561EC90-CE54-4f0c-9C55-E226110A740C}
Delete Items found - 207, recognized as trusted - 195 Printing system extensions (print monitors, providers) File name Type Name Description Manufacturer Items found - 9, recognized as trusted - 9 Task Scheduler jobs File name Job name Job state Description Manufacturer Items found - 3, recognized as trusted - 3 SPI/LSP settings

Namespace providers (NSP)

Manufacturer Status EXE file Description GUID Detected - 3, recognized as trusted - 3

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description Detected - 17, recognized as trusted - 17

Results of automatic SPI settings check

LSP settings checked. No errors detected
TCP/UDP ports Port Status Remote Host Remote Port Application Notes TCP ports 135 LISTENING 0.0.0.0 34996 [1372] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  139 LISTENING 0.0.0.0 2096 [4] System
Script: QuarantineDeleteDelete via BCTerminate
  445 LISTENING 0.0.0.0 63545 [4] System
Script: QuarantineDeleteDelete via BCTerminate
  1029 LISTENING 0.0.0.0 38974 [2692] c:\windows\system32\alg.exe
Script: QuarantineDeleteDelete via BCTerminate
  1031 CLOSE_WAIT 91.199.212.171 80 [528] c:\program files\comodo\dragon\dragon_updater.exe
Script: QuarantineDeleteDelete via BCTerminate
  1032 CLOSE_WAIT 178.255.82.1 80 [528] c:\program files\comodo\dragon\dragon_updater.exe
Script: QuarantineDeleteDelete via BCTerminate
  1736 ESTABLISHED 127.0.0.1 1737 [3364] c:\program files\mozilla firefox\firefox.exe
Script: QuarantineDeleteDelete via BCTerminate
  1737 ESTABLISHED 127.0.0.1 1736 [3364] c:\program files\mozilla firefox\firefox.exe
Script: QuarantineDeleteDelete via BCTerminate
  1739 ESTABLISHED 127.0.0.1 1740 [3364] c:\program files\mozilla firefox\firefox.exe
Script: QuarantineDeleteDelete via BCTerminate
  1740 ESTABLISHED 127.0.0.1 1739 [3364] c:\program files\mozilla firefox\firefox.exe
Script: QuarantineDeleteDelete via BCTerminate
  2304 CLOSE_WAIT 89.108.67.190 80 [3800] c:\documents and settings\carlos silva\desktop\avz4\avz4\avz.exe
Script: QuarantineDeleteDelete via BCTerminate
  2736 TIME_WAIT 173.194.45.14 80 [0]     2869 LISTENING 0.0.0.0 20610 [1908] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  2869 TIME_WAIT 192.168.1.254 2332 [0]     2869 TIME_WAIT 192.168.1.254 2333 [0]     2869 TIME_WAIT 192.168.1.254 2334 [0]     2869 TIME_WAIT 192.168.1.254 2335 [0]     2869 TIME_WAIT 192.168.1.254 2336 [0]     2869 TIME_WAIT 192.168.1.254 2337 [0]     2869 TIME_WAIT 192.168.1.254 2338 [0]     2869 TIME_WAIT 192.168.1.254 2339 [0]     2869 TIME_WAIT 192.168.1.254 2340 [0]     2869 TIME_WAIT 192.168.1.254 2341 [0]     2869 TIME_WAIT 192.168.1.254 2342 [0]     2869 TIME_WAIT 192.168.1.254 2343 [0]     2869 TIME_WAIT 192.168.1.254 2344 [0]     2869 TIME_WAIT 192.168.1.254 2345 [0]     2869 TIME_WAIT 192.168.1.254 2346 [0]     2869 TIME_WAIT 192.168.1.254 2347 [0]     2869 TIME_WAIT 192.168.1.254 2348 [0]     2869 TIME_WAIT 192.168.1.254 2349 [0]     2869 TIME_WAIT 192.168.1.254 2350 [0]     2869 TIME_WAIT 192.168.1.254 2351 [0]     2869 TIME_WAIT 192.168.1.254 2352 [0]     2869 TIME_WAIT 192.168.1.254 2353 [0]     2869 TIME_WAIT 192.168.1.254 2354 [0]     2869 TIME_WAIT 192.168.1.254 2355 [0]     2869 TIME_WAIT 192.168.1.254 2356 [0]     2869 TIME_WAIT 192.168.1.254 2357 [0]     2869 TIME_WAIT 192.168.1.254 2358 [0]     2869 TIME_WAIT 192.168.1.254 2359 [0]     2869 TIME_WAIT 192.168.1.254 2360 [0]     2869 TIME_WAIT 192.168.1.254 2361 [0]     2869 TIME_WAIT 192.168.1.254 2362 [0]     2869 TIME_WAIT 192.168.1.254 2363 [0]     2869 TIME_WAIT 192.168.1.254 2364 [0]     2869 TIME_WAIT 192.168.1.254 2365 [0]     2869 TIME_WAIT 192.168.1.254 2366 [0]     2869 TIME_WAIT 192.168.1.254 2367 [0]     2869 TIME_WAIT 192.168.1.254 2368 [0]     2869 TIME_WAIT 192.168.1.254 2369 [0]     2869 TIME_WAIT 192.168.1.254 2370 [0]     2869 TIME_WAIT 192.168.1.254 2371 [0]     2869 TIME_WAIT 192.168.1.254 2372 [0]     2869 TIME_WAIT 192.168.1.254 2373 [0]     2869 TIME_WAIT 192.168.1.254 2374 [0]     2869 TIME_WAIT 192.168.1.254 2375 [0]     2869 TIME_WAIT 192.168.1.254 2376 [0]     2869 TIME_WAIT 192.168.1.254 2377 [0]     2869 TIME_WAIT 192.168.1.254 2378 [0]     2869 TIME_WAIT 192.168.1.254 2379 [0]     2869 TIME_WAIT 192.168.1.254 2380 [0]     2869 TIME_WAIT 192.168.1.254 2381 [0]     2869 TIME_WAIT 192.168.1.254 2382 [0]     2869 TIME_WAIT 192.168.1.254 2383 [0]     2869 TIME_WAIT 192.168.1.254 2384 [0]     2869 TIME_WAIT 192.168.1.254 2385 [0]     2869 TIME_WAIT 192.168.1.254 2386 [0]     2869 TIME_WAIT 192.168.1.254 2387 [0]     2869 TIME_WAIT 192.168.1.254 2388 [0]     2869 TIME_WAIT 192.168.1.254 2389 [0]     2869 TIME_WAIT 192.168.1.254 2390 [0]     2869 TIME_WAIT 192.168.1.254 2391 [0]     2869 TIME_WAIT 192.168.1.254 2392 [0]     2869 TIME_WAIT 192.168.1.254 2393 [0]     UDP ports 123 LISTENING -- -- [1516] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  123 LISTENING -- -- [1516] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  137 LISTENING -- -- [4] System
Script: QuarantineDeleteDelete via BCTerminate
  138 LISTENING -- -- [4] System
Script: QuarantineDeleteDelete via BCTerminate
  445 LISTENING -- -- [4] System
Script: QuarantineDeleteDelete via BCTerminate
  500 LISTENING -- -- [1056] c:\windows\system32\lsass.exe
Script: QuarantineDeleteDelete via BCTerminate
  1402 LISTENING -- -- [1516] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  1709 LISTENING -- -- [2788] c:\program files\internet explorer\iexplore.exe
Script: QuarantineDeleteDelete via BCTerminate
  1900 LISTENING -- -- [1908] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  1900 LISTENING -- -- [1908] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  4500 LISTENING -- -- [1056] c:\windows\system32\lsass.exe
Script: QuarantineDeleteDelete via BCTerminate
  Downloaded Program Files (DPF) File name Description Manufacturer CLSID Source URL Items found - 0, recognized as trusted - 0 Control Panel Applets (CPL) File name Description Manufacturer Items found - 26, recognized as trusted - 26 Active Setup File name Description Manufacturer CLSID Items found - 16, recognized as trusted - 16 HOSTS file Hosts file record
127.0.0.1	localhost
Clear Hosts file Protocols and handlers File name Type Description Manufacturer CLSID mscoree.dll
Script: QuarantineDeleteDelete via BC
Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: QuarantineDeleteDelete via BC
Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: QuarantineDeleteDelete via BC
Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Items found - 25, recognized as trusted - 22 Suspicious objects File Description Type

AVZ Antiviral Toolkit log; AVZ version is 4.39
Scanning started at 25.03.2013 13:49:55
Database loaded: signatures - 297614, NN profile(s) - 2, malware removal microprograms - 56, signature database released 25.03.2013 16:00
Heuristic microprograms loaded: 402
PVS microprograms loaded: 9
Digital signatures of system files loaded: 538094
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: Disabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=085700)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 8055C700
KiST = 805044D4 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Analyzing CPU 2
CmpCallCallBacks = 00093D84
Disable callback OK
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Searching for masking processes and drivers - complete
1.5 Checking IRP handlers
Driver loaded successfully
Checking - complete
2. Scanning RAM
Number of processes found: 34
Number of modules loaded: 348
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\Opera\Opera\vps\0000\wb.vx
Direct reading: C:\Documents and Settings\Carlos Silva\Local Settings\temp\~DF1954.tmp
Direct reading: C:\Documents and Settings\Carlos Silva\Local Settings\temp\~DF619D.tmp
Direct reading: C:\Documents and Settings\Carlos Silva\Local Settings\temp\~DF61F4.tmp
Direct reading: C:\Documents and Settings\Carlos Silva\Local Settings\temp\~DF6223.tmp
Direct reading: C:\Documents and Settings\Carlos Silva\Local Settings\temp\~DFC1F.tmp
Direct reading: C:\Qoobox\BackEnv\SetPath.bat
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Hidden startup suspected: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: TlntSvr (Telnet)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 164607, extracted from archives: 131994, malicious software found 0, suspicions - 0
Scanning finished at 25.03.2013 14:10:29
Time of scanning: 00:20:36
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
System Analysis in progress

System Analysis - complete

 
 
 


#5 cutthroat

cutthroat
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 26 March 2013 - 08:24 PM

Results of system analysis

AVZ 4.39 http://z-oleg.com/secur/avz/

Process List File name PID Description Copyright MD5 Information c:\program files\emsisoft anti-malware\a2guard.exe
Script: QuarantineDeleteDelete via BCTerminate 2700 Background Guard © 2003-2013 Emsisoft GmbH ?? 3284.91 kb, rsAh,
created: 26.11.2012 05:29:41,
modified: 07.03.2013 02:25:27
Command line: 
"C:\program files\emsisoft anti-malware\a2guard.exe" /d=60 c:\program files\emsisoft anti-malware\a2service.exe
Script: QuarantineDeleteDelete via BCTerminate 1288 Emsisoft Anti-Malware Service © 2003-2013 Emsisoft GmbH ?? 3017.44 kb, rsAh,
created: 26.11.2012 05:29:41,
modified: 07.03.2013 02:25:29
Command line: 
"C:\Program Files\Emsisoft Anti-Malware\a2service.exe" c:\program files\prosecurity\alarm.exe
Script: QuarantineDeleteDelete via BCTerminate 2940 ProSecurity   ?? 2278.00 kb, rsAh,
created: 12.03.2013 07:11:59,
modified: 29.01.2008 01:06:54
Command line: 
"C:\Program Files\ProSecurity\Alarm.exe" c:\program files\ares\ares.exe
Script: QuarantineDeleteDelete via BCTerminate 2848 Ares p2p for windows GPL product ?? 895.00 kb, rsAh,
created: 17.02.2013 00:57:44,
modified: 17.02.2013 00:57:44
Command line: 
"C:\Program Files\Ares\Ares.exe" -h c:\program files\comodo\dragon\dragon_updater.exe
Script: QuarantineDeleteDelete via BCTerminate 1692     ?? 2026.14 kb, rsAh,
created: 12.03.2013 11:08:06,
modified: 12.03.2013 11:08:06
Command line: 
"C:\Program Files\Comodo\Dragon\dragon_updater.exe" c:\program files\intel\intel matrix storage manager\iaantmon.exe
Script: QuarantineDeleteDelete via BCTerminate 1908 RAID Monitor Copyright© Intel Corporation 2003-2007 ?? 350.52 kb, rsAh,
created: 29.11.2012 06:51:16,
modified: 03.10.2007 15:45:02
Command line: 
"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" c:\windows\system32\nvsvc32.exe
Script: QuarantineDeleteDelete via BCTerminate 1456 NVIDIA Driver Helper Service, Version 266.58 © NVIDIA Corporation. All rights reserved. ?? 153.10 kb, rsAh,
created: 07.01.2011 19:58:12,
modified: 07.01.2011 19:58:12
Command line: 
C:\WINDOWS\system32\nvsvc32.exe Detected:30, recognized as trusted 25 Module name Handle Description Copyright MD5 Used by processes C:\Program Files\Comodo\Dragon\distribution.dll
Script: QuarantineDeleteDelete via BC 268435456 Comodo Dragon Copyright © 2009-2013, Comodo Security Solutions, Inc. -- 1692 C:\Program Files\Emsisoft Anti-Malware\a2engine.dll
Script: QuarantineDeleteDelete via BC 268435456 Emsisoft Scan Framework © 2003-2012 Emsisoft GmbH -- 1288 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_PTG.dll
Script: QuarantineDeleteDelete via BC 6946816 RAID Plug-in for Intel® Matrix Storage Console Copyright© Intel Corporation 2003-2007 -- 1908 C:\Program Files\ProSecurity\DVIOCTRL.DLL
Script: QuarantineDeleteDelete via BC 268435456     -- 2940 C:\WINDOWS\system32\NVRSPT.DLL
Script: QuarantineDeleteDelete via BC 9895936 NVIDIA Iberian Portuguese language resource library © NVIDIA Corporation. All rights reserved. -- 1456 Modules found:309, recognized as trusted 304 Kernel Space Modules Viewer Module Base address Size in memory Description Manufacturer C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
Script: QuarantineDeleteDelete via BC A95CB000 004000 (16384) Emsisoft Direct Disk Access Support Driver Copyright © 2012 Emsisoft GmbH. All rights reserved. C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
Script: QuarantineDeleteDelete via BC B85C8000 002000 (8192) Emsisoft Malware-IDS utility driver © 2012 Copyright Emsisoft GmbH C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Script: QuarantineDeleteDelete via BC 9E99A000 101000 (1052672)     Modules found - 137, recognized as trusted - 134 Services Service Description Status File Group Dependencies a2AntiMalware
Service: StopDeleteDisableDelete via BC Emsisoft Anti-Malware 7.0 - Service Running C:\Program Files\Emsisoft Anti-Malware\a2service.exe
Script: QuarantineDeleteDelete via BC FSFilter Anti-Virus   DragonUpdater
Service: StopDeleteDisableDelete via BC COMODO Dragon Update Service Running C:\Program Files\Comodo\Dragon\dragon_updater.exe
Script: QuarantineDeleteDelete via BC     Detected - 99, recognized as trusted - 97 Drivers Service Description Status File Group Dependencies A2DDA
Driver: UnloadDeleteDisableDelete via BC A2 Direct Disk Access Support Driver Running C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
Script: QuarantineDeleteDelete via BC     a2util
Driver: UnloadDeleteDisableDelete via BC a-squared Malware-IDS utility driver Running C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
Script: QuarantineDeleteDelete via BC     21m5yy3j
Driver: UnloadDeleteDisableDelete via BC Vba32 Armour Driver Not started C:\WINDOWS\system32\drivers\21m5yy3j.sys
Script: QuarantineDeleteDelete via BC     Abiosdsk
Driver: UnloadDeleteDisableDelete via BC Abiosdsk Not started Abiosdsk.sys
Script: QuarantineDeleteDelete via BC Primary disk   abp480n5
Driver: UnloadDeleteDisableDelete via BC abp480n5 Not started abp480n5.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   adpu160m
Driver: UnloadDeleteDisableDelete via BC adpu160m Not started adpu160m.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   Aha154x
Driver: UnloadDeleteDisableDelete via BC Aha154x Not started Aha154x.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   aic78u2
Driver: UnloadDeleteDisableDelete via BC aic78u2 Not started aic78u2.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   aic78xx
Driver: UnloadDeleteDisableDelete via BC aic78xx Not started aic78xx.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   AliIde
Driver: UnloadDeleteDisableDelete via BC AliIde Not started AliIde.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   amsint
Driver: UnloadDeleteDisableDelete via BC amsint Not started amsint.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   APHbx0iE
Driver: UnloadDeleteDisableDelete via BC BlackBox SR2 Not started APHbx0iE.sys
Script: QuarantineDeleteDelete via BC     asc
Driver: UnloadDeleteDisableDelete via BC asc Not started asc.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   asc3350p
Driver: UnloadDeleteDisableDelete via BC asc3350p Not started asc3350p.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   asc3550
Driver: UnloadDeleteDisableDelete via BC asc3550 Not started asc3550.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   Atdisk
Driver: UnloadDeleteDisableDelete via BC Atdisk Not started Atdisk.sys
Script: QuarantineDeleteDelete via BC Primary disk   cd20xrnt
Driver: UnloadDeleteDisableDelete via BC cd20xrnt Not started cd20xrnt.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   Changer
Driver: UnloadDeleteDisableDelete via BC Changer Not started Changer.sys
Script: QuarantineDeleteDelete via BC Filter   CmdIde
Driver: UnloadDeleteDisableDelete via BC CmdIde Not started CmdIde.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   Cpqarray
Driver: UnloadDeleteDisableDelete via BC Cpqarray Not started Cpqarray.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   dac960nt
Driver: UnloadDeleteDisableDelete via BC dac960nt Not started dac960nt.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   dpti2o
Driver: UnloadDeleteDisableDelete via BC dpti2o Not started dpti2o.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   hpn
Driver: UnloadDeleteDisableDelete via BC hpn Not started hpn.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   i2omgmt
Driver: UnloadDeleteDisableDelete via BC i2omgmt Not started i2omgmt.sys
Script: QuarantineDeleteDelete via BC SCSI Class   i2omp
Driver: UnloadDeleteDisableDelete via BC i2omp Not started i2omp.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   ini910u
Driver: UnloadDeleteDisableDelete via BC ini910u Not started ini910u.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   IntelIde
Driver: UnloadDeleteDisableDelete via BC IntelIde Not started IntelIde.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   k0wf4wx6
Driver: UnloadDeleteDisableDelete via BC BlackBox SR2 Not started k0wf4wx6.sys
Script: QuarantineDeleteDelete via BC     lbrtfdc
Driver: UnloadDeleteDisableDelete via BC lbrtfdc Not started lbrtfdc.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   mbamchameleon
Driver: UnloadDeleteDisableDelete via BC mbamchameleon Not started C:\WINDOWS\system32\drivers\mbamchameleon.sys
Script: QuarantineDeleteDelete via BC FSFilter Activity Monitor   mraid35x
Driver: UnloadDeleteDisableDelete via BC mraid35x Not started mraid35x.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   PCIDump
Driver: UnloadDeleteDisableDelete via BC PCIDump Not started PCIDump.sys
Script: QuarantineDeleteDelete via BC PCI Configuration   PDCOMP
Driver: UnloadDeleteDisableDelete via BC PDCOMP Not started PDCOMP.sys
Script: QuarantineDeleteDelete via BC     PDFRAME
Driver: UnloadDeleteDisableDelete via BC PDFRAME Not started PDFRAME.sys
Script: QuarantineDeleteDelete via BC     PDRELI
Driver: UnloadDeleteDisableDelete via BC PDRELI Not started PDRELI.sys
Script: QuarantineDeleteDelete via BC     PDRFRAME
Driver: UnloadDeleteDisableDelete via BC PDRFRAME Not started PDRFRAME.sys
Script: QuarantineDeleteDelete via BC     perc2
Driver: UnloadDeleteDisableDelete via BC perc2 Not started perc2.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   perc2hib
Driver: UnloadDeleteDisableDelete via BC perc2hib Not started perc2hib.sys
Script: QuarantineDeleteDelete via BC Filter   ql1080
Driver: UnloadDeleteDisableDelete via BC ql1080 Not started ql1080.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   Ql10wnt
Driver: UnloadDeleteDisableDelete via BC Ql10wnt Not started Ql10wnt.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   ql12160
Driver: UnloadDeleteDisableDelete via BC ql12160 Not started ql12160.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   ql1240
Driver: UnloadDeleteDisableDelete via BC ql1240 Not started ql1240.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   ql1280
Driver: UnloadDeleteDisableDelete via BC ql1280 Not started ql1280.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   Qxg4rk0E
Driver: UnloadDeleteDisableDelete via BC BlackBox SR2 Not started Qxg4rk0E.sys
Script: QuarantineDeleteDelete via BC     RapportIaso
Driver: UnloadDeleteDisableDelete via BC RapportIaso Not started c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
Script: QuarantineDeleteDelete via BC     RSPHOOKANALYZER
Driver: UnloadDeleteDisableDelete via BC RSPHOOKANALYZER Not started C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\rspsc32.sys
Script: QuarantineDeleteDelete via BC     rspSanity
Driver: UnloadDeleteDisableDelete via BC rspSanity Not started C:\WINDOWS\system32\DRIVERS\rspSanity32.sys
Script: QuarantineDeleteDelete via BC FSFilter Undelete FltMgr Simbad
Driver: UnloadDeleteDisableDelete via BC Simbad Not started Simbad.sys
Script: QuarantineDeleteDelete via BC Filter   Sparrow
Driver: UnloadDeleteDisableDelete via BC Sparrow Not started Sparrow.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   sym_hi
Driver: UnloadDeleteDisableDelete via BC sym_hi Not started sym_hi.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   sym_u3
Driver: UnloadDeleteDisableDelete via BC sym_u3 Not started sym_u3.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   symc810
Driver: UnloadDeleteDisableDelete via BC symc810 Not started symc810.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   symc8xx
Driver: UnloadDeleteDisableDelete via BC symc8xx Not started symc8xx.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   TosIde
Driver: UnloadDeleteDisableDelete via BC TosIde Not started TosIde.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   ultra
Driver: UnloadDeleteDisableDelete via BC ultra Not started ultra.sys
Script: QuarantineDeleteDelete via BC SCSI miniport   ViaIde
Driver: UnloadDeleteDisableDelete via BC ViaIde Not started ViaIde.sys
Script: QuarantineDeleteDelete via BC System Bus Extender   WDICA
Driver: UnloadDeleteDisableDelete via BC WDICA Not started WDICA.sys
Script: QuarantineDeleteDelete via BC     Detected - 203, recognized as trusted - 146 Autoruns File name Status Startup method Description C:\Program Files\Ares\Ares.exe
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, ares
Delete C:\Program Files\Comodo\Dragon\dragon.exe
Script: QuarantineDeleteDelete via BC Active Shortcut in Startup folder C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon.lnk, C:\Program Files\Emsisoft Anti-Malware\a2start.exe
Script: QuarantineDeleteDelete via BC Active Shortcut in Startup folder C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk, C:\Program Files\NVIDIA Corporation\nView\nview.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\nview, EventMessageFile C:\Program Files\NoVirusThanks\Anti-Rootkit (Free Edition)\NVTArk.exe
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, NoVirusThanks Anti-Rootkit Free Startup
Delete C:\Program Files\ProSecurity\Alarm.exe
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, PS_Alarm
Delete C:\Program Files\ProSecurity\RuleEditor.exe
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, PS_RuleEditor
Delete C:\Program Files\Tizer™ Rootkit Razor\RootkitRazor.exe
Script: QuarantineDeleteDelete via BC Active Shortcut in Startup folder C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Tizer™ Rootkit Razor.lnk, C:\WINDOWS\System32\Drivers\AliIde.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide, EventMessageFile C:\WINDOWS\System32\Drivers\CmdIde.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide, EventMessageFile C:\WINDOWS\System32\Drivers\IntelIde.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide, EventMessageFile C:\WINDOWS\System32\Drivers\Serial.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\serial, EventMessageFile C:\WINDOWS\System32\Drivers\TosIde.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\toside, EventMessageFile C:\WINDOWS\System32\Drivers\ViaIde.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide, EventMessageFile C:\WINDOWS\System32\Drivers\fdc.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\fdc, EventMessageFile C:\WINDOWS\System32\Drivers\flpydisk.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\flpydisk, EventMessageFile C:\WINDOWS\System32\Drivers\lbrtfdc.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc, EventMessageFile C:\WINDOWS\System32\PrintFilterPipelineSvc.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc, EventMessageFile C:\WINDOWS\System32\igmpv2.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile C:\WINDOWS\System32\ipbootp.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile C:\WINDOWS\System32\iprip2.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile C:\WINDOWS\System32\ospf.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile C:\WINDOWS\System32\ospfmib.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile C:\WINDOWS\System32\polagent.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile C:\WINDOWS\System32\tssdis.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile C:\WINDOWS\system32\MsSip1.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL
Delete C:\WINDOWS\system32\MsSip2.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL
Delete C:\WINDOWS\system32\MsSip3.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL
Delete C:\WINDOWS\system32\msvbvm60.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime, EventMessageFile C:\WINDOWS\system32\psxss.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix C:\WINDOWS\system32\stisvc.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile c:\program files\emsisoft anti-malware\a2guard.exe
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, emsisoft anti-malware
Delete deskpan.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {42071714-76d4-11d1-8b24-00a0c9068ff3}
Delete kbd101.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN
Delete kbd101a.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR
Delete mvfs32.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB
Delete mvfs32.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB
Delete mvfs32.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB
Delete mvfs32.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB
Delete mvfs32.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_CURRENT_USER, Control Panel\IOProcs, MVB
Delete vgafix.fon
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon
Delete vgaoem.fon
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon
Delete vgasys.fon
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon
Delete Autoruns items found - 860, recognized as trusted - 817 Internet Explorer extension modules (BHOs, Toolbars ...) File name Type Description Manufacturer CLSID Items found - 12, recognized as trusted - 12 Windows Explorer extension modules File name Destination Description Manufacturer CLSID deskpan.dll
Script: QuarantineDeleteDelete via BC Display Panning CPL Extension     {42071714-76d4-11d1-8b24-00a0c9068ff3}
Delete   Shell extensions for file compression     {764BF0E1-F219-11ce-972D-00AA00A14F56}
Delete   Encryption Context Menu     {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
Delete   IE User Assist     {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}
Delete   Taskbar and Start Menu     {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Delete   User Accounts     {7A9D77BD-5403-11d2-8785-2E0420524153}
Delete   Haali Matroska Thumbnail Exctractor     {327669A0-59A7-4be9-B99E-1C9F3A57611A}
Delete   Desktop Explorer     {1CDB2949-8F65-4355-8456-263E7C208A5D}
Delete   Desktop Explorer Menu     {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
Delete   nView Desktop Context Menu     {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
Delete   DefenseWall shell extension     {DF654E71-7714-4b21-BAE3-346C0D8B6206}
Delete   ColumnHandler     {0561EC90-CE54-4f0c-9C55-E226110A740C}
Delete Items found - 207, recognized as trusted - 195 Printing system extensions (print monitors, providers) File name Type Name Description Manufacturer Items found - 9, recognized as trusted - 9 Task Scheduler jobs File name Job name Job state Description Manufacturer Items found - 3, recognized as trusted - 3 SPI/LSP settings Namespace providers (NSP) Manufacturer Status EXE file Description GUID Detected - 3, recognized as trusted - 3 Transport protocol providers (TSP, LSP) Manufacturer EXE file Description Detected - 17, recognized as trusted - 17 Results of automatic SPI settings check
LSP settings checked. No errors detected
TCP/UDP ports Port Status Remote Host Remote Port Application Notes TCP ports 135 LISTENING 0.0.0.0 39054 [1564] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  139 LISTENING 0.0.0.0 47308 [4] System
Script: QuarantineDeleteDelete via BCTerminate
  445 LISTENING 0.0.0.0 24619 [4] System
Script: QuarantineDeleteDelete via BCTerminate
  1026 LISTENING 0.0.0.0 43211 [2212] c:\windows\system32\alg.exe
Script: QuarantineDeleteDelete via BCTerminate
  1027 CLOSE_WAIT 91.199.212.171 80 [1692] c:\program files\comodo\dragon\dragon_updater.exe
Script: QuarantineDeleteDelete via BCTerminate
  1028 CLOSE_WAIT 178.255.82.1 80 [1692] c:\program files\comodo\dragon\dragon_updater.exe
Script: QuarantineDeleteDelete via BCTerminate
  1062 ESTABLISHED 189.82.174.50 54401 [2848] c:\program files\ares\ares.exe
Script: QuarantineDeleteDelete via BCTerminate
  1074 ESTABLISHED 177.81.94.238 60806 [2848] c:\program files\ares\ares.exe
Script: QuarantineDeleteDelete via BCTerminate
  1080 ESTABLISHED 201.43.249.42 51185 [2848] c:\program files\ares\ares.exe
Script: QuarantineDeleteDelete via BCTerminate
  1081 ESTABLISHED 190.37.191.36 31108 [2848] c:\program files\ares\ares.exe
Script: QuarantineDeleteDelete via BCTerminate
  1082 ESTABLISHED 197.153.0.130 53402 [2848] c:\program files\ares\ares.exe
Script: QuarantineDeleteDelete via BCTerminate
  1087 CLOSE_WAIT 89.108.67.190 80 [2924] c:\avz4\avz.exe
Script: QuarantineDeleteDelete via BCTerminate
  5152 LISTENING 0.0.0.0 55432 [2004] c:\program files\java\jre7\bin\jqs.exe
Script: QuarantineDeleteDelete via BCTerminate
  26061 LISTENING 0.0.0.0 47116 [2848] c:\program files\ares\ares.exe
Script: QuarantineDeleteDelete via BCTerminate
  UDP ports 123 LISTENING -- -- [1712] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  123 LISTENING -- -- [1712] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  137 LISTENING -- -- [4] System
Script: QuarantineDeleteDelete via BCTerminate
  138 LISTENING -- -- [4] System
Script: QuarantineDeleteDelete via BCTerminate
  445 LISTENING -- -- [4] System
Script: QuarantineDeleteDelete via BCTerminate
  500 LISTENING -- -- [1112] c:\windows\system32\lsass.exe
Script: QuarantineDeleteDelete via BCTerminate
  1900 LISTENING -- -- [280] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  1900 LISTENING -- -- [280] c:\windows\system32\svchost.exe
Script: QuarantineDeleteDelete via BCTerminate
  4500 LISTENING -- -- [1112] c:\windows\system32\lsass.exe
Script: QuarantineDeleteDelete via BCTerminate
  26061 LISTENING -- -- [2848] c:\program files\ares\ares.exe
Script: QuarantineDeleteDelete via BCTerminate
  26062 LISTENING -- -- [2848] c:\program files\ares\ares.exe
Script: QuarantineDeleteDelete via BCTerminate
  Downloaded Program Files (DPF) File name Description Manufacturer CLSID Source URL Items found - 0, recognized as trusted - 0 Control Panel Applets (CPL) File name Description Manufacturer Items found - 27, recognized as trusted - 27 Active Setup File name Description Manufacturer CLSID Items found - 16, recognized as trusted - 16 HOSTS file Hosts file record
127.0.0.1	localhost
Clear Hosts file Protocols and handlers File name Type Description Manufacturer CLSID mscoree.dll
Script: QuarantineDeleteDelete via BC
Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: QuarantineDeleteDelete via BC
Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: QuarantineDeleteDelete via BC
Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Items found - 25, recognized as trusted - 22 Suspicious objects File Description Type

AVZ Antiviral Toolkit log; AVZ version is 4.39
Scanning started at 21.03.2013 13:00:38
Database loaded: signatures - 297614, NN profile(s) - 2, malware removal microprograms - 56, signature database released 21.03.2013 04:00
Heuristic microprograms loaded: 402
PVS microprograms loaded: 9
Digital signatures of system files loaded: 533742
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
Searching for masking processes and drivers - complete
1.5 Checking IRP handlers
Driver loaded successfully
Checking - complete
2. Scanning RAM
Number of processes found: 29
C:\WINDOWS\system32\smss.exe - clean, found in Trusted Objects Database
c:\windows\system32\csrss.exe - clean, found in Trusted Objects Database
c:\windows\system32\winlogon.exe - clean, found in Trusted Objects Database
c:\windows\system32\services.exe - clean, found in Trusted Objects Database
c:\windows\system32\lsass.exe - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2service.exe - clean,IS NOT listed in Trusted Objects Database
c:\windows\system32\nvsvc32.exe - clean, found in Trusted Objects Database
c:\windows\system32\svchost.exe - clean, found in Trusted Objects Database
c:\windows\system32\svchost.exe - clean, found in Trusted Objects Database
c:\windows\system32\svchost.exe - clean, found in Trusted Objects Database
c:\windows\system32\svchost.exe - clean, found in Trusted Objects Database
c:\windows\system32\svchost.exe - clean, found in Trusted Objects Database
c:\windows\system32\spoolsv.exe - clean, found in Trusted Objects Database
c:\windows\explorer.exe - clean, found in Trusted Objects Database
c:\windows\system32\svchost.exe - clean, found in Trusted Objects Database
c:\program files\comodo\dragon\dragon_updater.exe - clean,IS NOT listed in Trusted Objects Database
c:\program files\intel\intel matrix storage manager\iaantmon.exe - clean, found in Trusted Objects Database
c:\program files\java\jre7\bin\jqs.exe - clean, found in Trusted Objects Database
c:\program files\common files\lightscribe\lssrvc.exe - clean, found in Trusted Objects Database
c:\windows\system32\svchost.exe - clean, found in Trusted Objects Database
c:\windows\system32\alg.exe - clean, found in Trusted Objects Database
c:\windows\system32\wscntfy.exe - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2guard.exe - clean,IS NOT listed in Trusted Objects Database
c:\program files\hp\hp ut\bin\hppusg.exe - clean, found in Trusted Objects Database
c:\program files\hp\hp software update\hpwuschd2.exe - clean, found in Trusted Objects Database
c:\windows\system32\ctfmon.exe - clean, found in Trusted Objects Database
c:\program files\ares\ares.exe - clean,IS NOT listed in Trusted Objects Database
>>> The real size is supposed to be = 2772992
Extended process analysis: 2848 C:\Program Files\Ares\Ares.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
[ES]:EXE runtime packer ?
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
c:\program files\prosecurity\alarm.exe - clean,IS NOT listed in Trusted Objects Database
c:\avz4\avz.exe - clean, found in Trusted Objects Database
Number of modules loaded: 309
c:\windows\system32\ntdll.dll - clean, found in Trusted Objects Database
c:\windows\system32\csrsrv.dll - clean, found in Trusted Objects Database
c:\windows\system32\basesrv.dll - clean, found in Trusted Objects Database
c:\windows\system32\winsrv.dll - clean, found in Trusted Objects Database
c:\windows\system32\gdi32.dll - clean, found in Trusted Objects Database
c:\windows\system32\kernel32.dll - clean, found in Trusted Objects Database
c:\windows\system32\user32.dll - clean, found in Trusted Objects Database
c:\windows\system32\lpk.dll - clean, found in Trusted Objects Database
c:\windows\system32\usp10.dll - clean, found in Trusted Objects Database
c:\windows\system32\advapi32.dll - clean, found in Trusted Objects Database
c:\windows\system32\rpcrt4.dll - clean, found in Trusted Objects Database
c:\windows\system32\secur32.dll - clean, found in Trusted Objects Database
c:\windows\system32\sxs.dll - clean, found in Trusted Objects Database
c:\windows\system32\authz.dll - clean, found in Trusted Objects Database
c:\windows\system32\msvcrt.dll - clean, found in Trusted Objects Database
c:\windows\system32\crypt32.dll - clean, found in Trusted Objects Database
c:\windows\system32\msasn1.dll - clean, found in Trusted Objects Database
c:\windows\system32\nddeapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\profmap.dll - clean, found in Trusted Objects Database
c:\windows\system32\netapi32.dll - clean, found in Trusted Objects Database
c:\windows\system32\userenv.dll - clean, found in Trusted Objects Database
c:\windows\system32\psapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\regapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\setupapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\version.dll - clean, found in Trusted Objects Database
c:\windows\system32\winsta.dll - clean, found in Trusted Objects Database
c:\windows\system32\wintrust.dll - clean, found in Trusted Objects Database
c:\windows\system32\imagehlp.dll - clean, found in Trusted Objects Database
c:\windows\system32\ws2_32.dll - clean, found in Trusted Objects Database
c:\windows\system32\ws2help.dll - clean, found in Trusted Objects Database
c:\windows\system32\imm32.dll - clean, found in Trusted Objects Database
c:\windows\system32\msgina.dll - clean, found in Trusted Objects Database
c:\windows\system32\comctl32.dll - clean, found in Trusted Objects Database
c:\windows\system32\odbc32.dll - clean, found in Trusted Objects Database
c:\windows\system32\comdlg32.dll - clean, found in Trusted Objects Database
c:\windows\system32\shell32.dll - clean, found in Trusted Objects Database
c:\windows\system32\shlwapi.dll - clean, found in Trusted Objects Database
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - clean, found in Trusted Objects Database
c:\windows\system32\odbcint.dll - clean, found in Trusted Objects Database
c:\windows\system32\shsvcs.dll - clean, found in Trusted Objects Database
c:\windows\system32\sfc.dll - clean, found in Trusted Objects Database
c:\windows\system32\sfc_os.dll - clean, found in Trusted Objects Database
c:\windows\system32\ole32.dll - clean, found in Trusted Objects Database
c:\windows\system32\apphelp.dll - clean, found in Trusted Objects Database
c:\windows\system32\msctfime.ime - clean, found in Trusted Objects Database
c:\windows\system32\winscard.dll - clean, found in Trusted Objects Database
c:\windows\system32\wtsapi32.dll - clean, found in Trusted Objects Database
c:\windows\system32\winmm.dll - clean, found in Trusted Objects Database
c:\windows\system32\serwvdrv.dll - clean, found in Trusted Objects Database
c:\windows\system32\umdmxfrm.dll - clean, found in Trusted Objects Database
c:\windows\system32\uxtheme.dll - clean, found in Trusted Objects Database
c:\windows\system32\cscdll.dll - clean, found in Trusted Objects Database
c:\windows\system32\dimsntfy.dll - clean, found in Trusted Objects Database
c:\windows\system32\rsaenh.dll - clean, found in Trusted Objects Database
c:\windows\system32\wlnotify.dll - clean, found in Trusted Objects Database
c:\windows\system32\mpr.dll - clean, found in Trusted Objects Database
c:\windows\system32\winspool.drv - clean, found in Trusted Objects Database
c:\windows\system32\credssp.dll - clean, found in Trusted Objects Database
c:\windows\system32\schannel.dll - clean, found in Trusted Objects Database
c:\windows\system32\samlib.dll - clean, found in Trusted Objects Database
c:\windows\system32\msv1_0.dll - clean, found in Trusted Objects Database
c:\windows\system32\cryptdll.dll - clean, found in Trusted Objects Database
c:\windows\system32\iphlpapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\cscui.dll - clean, found in Trusted Objects Database
c:\windows\system32\xpsp2res.dll - clean, found in Trusted Objects Database
c:\windows\system32\ntmarta.dll - clean, found in Trusted Objects Database
c:\windows\system32\wldap32.dll - clean, found in Trusted Objects Database
c:\windows\system32\wdmaud.drv - clean, found in Trusted Objects Database
c:\windows\system32\comres.dll - clean, found in Trusted Objects Database
c:\windows\system32\oleaut32.dll - clean, found in Trusted Objects Database
c:\windows\system32\clbcatq.dll - clean, found in Trusted Objects Database
c:\windows\system32\msacm32.drv - clean, found in Trusted Objects Database
c:\windows\system32\msacm32.dll - clean, found in Trusted Objects Database
c:\windows\system32\ncobjapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\msvcp60.dll - clean, found in Trusted Objects Database
c:\windows\system32\scesrv.dll - clean, found in Trusted Objects Database
c:\windows\system32\umpnpmgr.dll - clean, found in Trusted Objects Database
c:\windows\system32\shimeng.dll - clean, found in Trusted Objects Database
c:\windows\apppatch\acadproc.dll - clean, found in Trusted Objects Database
c:\windows\system32\eventlog.dll - clean, found in Trusted Objects Database
c:\windows\system32\lsasrv.dll - clean, found in Trusted Objects Database
c:\windows\system32\ntdsapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\dnsapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\samsrv.dll - clean, found in Trusted Objects Database
c:\windows\apppatch\acgenral.dll - clean, found in Trusted Objects Database
c:\windows\system32\msprivs.dll - clean, found in Trusted Objects Database
c:\windows\system32\kerberos.dll - clean, found in Trusted Objects Database
c:\windows\system32\netlogon.dll - clean, found in Trusted Objects Database
c:\windows\system32\w32time.dll - clean, found in Trusted Objects Database
c:\windows\system32\wdigest.dll - clean, found in Trusted Objects Database
c:\windows\system32\scecli.dll - clean, found in Trusted Objects Database
c:\windows\system32\ipsecsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\oakley.dll - clean, found in Trusted Objects Database
c:\windows\system32\winipsec.dll - clean, found in Trusted Objects Database
c:\windows\system32\mswsock.dll - clean, found in Trusted Objects Database
c:\windows\system32\hnetcfg.dll - clean, found in Trusted Objects Database
c:\windows\system32\wshtcpip.dll - clean, found in Trusted Objects Database
c:\windows\system32\pstorsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\psbase.dll - clean, found in Trusted Objects Database
c:\windows\system32\dssenh.dll - clean, found in Trusted Objects Database
c:\windows\system32\msimg32.dll - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2engine.dll - clean,IS NOT listed in Trusted Objects Database
c:\program files\emsisoft anti-malware\bdcore.dll - clean, found in Trusted Objects Database
c:\windows\system32\wsock32.dll - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\quarantine.dll - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2core32.dll - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2dix86.dll - clean, found in Trusted Objects Database
c:\windows\system32\fltlib.dll - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2update.dll - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2acc.dll - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2wsc.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\wbemprox.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\wbemcomn.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\wbemsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\fastprox.dll - clean, found in Trusted Objects Database
c:\windows\system32\rasadhlp.dll - clean, found in Trusted Objects Database
c:\windows\system32\powrprof.dll - clean, found in Trusted Objects Database
c:\windows\system32\nvapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\nvrspt.dll - clean,IS NOT listed in Trusted Objects Database
c:\windows\system32\rpcss.dll - clean, found in Trusted Objects Database
c:\windows\system32\termsrv.dll - clean, found in Trusted Objects Database
c:\windows\system32\icaapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\mstlsapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\activeds.dll - clean, found in Trusted Objects Database
c:\windows\system32\adsldpc.dll - clean, found in Trusted Objects Database
c:\windows\system32\atl.dll - clean, found in Trusted Objects Database
c:\windows\system32\winrnr.dll - clean, found in Trusted Objects Database
c:\windows\system32\msi.dll - clean, found in Trusted Objects Database
c:\windows\system32\dhcpcsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\wzcsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\rtutils.dll - clean, found in Trusted Objects Database
c:\windows\system32\wmi.dll - clean, found in Trusted Objects Database
c:\windows\system32\eapolqec.dll - clean, found in Trusted Objects Database
c:\windows\system32\qutil.dll - clean, found in Trusted Objects Database
c:\windows\system32\dot3api.dll - clean, found in Trusted Objects Database
c:\windows\system32\esent.dll - clean, found in Trusted Objects Database
c:\windows\system32\rastls.dll - clean, found in Trusted Objects Database
c:\windows\system32\cryptui.dll - clean, found in Trusted Objects Database
c:\windows\system32\wininet.dll - clean, found in Trusted Objects Database
c:\windows\system32\normaliz.dll - clean, found in Trusted Objects Database
c:\windows\system32\urlmon.dll - clean, found in Trusted Objects Database
c:\windows\system32\iertutil.dll - clean, found in Trusted Objects Database
c:\windows\system32\mprapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\rasapi32.dll - clean, found in Trusted Objects Database
c:\windows\system32\rasman.dll - clean, found in Trusted Objects Database
c:\windows\system32\tapi32.dll - clean, found in Trusted Objects Database
c:\windows\system32\raschap.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\wmisvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\vssapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\netman.dll - clean, found in Trusted Objects Database
c:\windows\system32\netshell.dll - clean, found in Trusted Objects Database
c:\windows\system32\credui.dll - clean, found in Trusted Objects Database
c:\windows\system32\dot3dlg.dll - clean, found in Trusted Objects Database
c:\windows\system32\onex.dll - clean, found in Trusted Objects Database
c:\windows\system32\eappcfg.dll - clean, found in Trusted Objects Database
c:\windows\system32\eappprxy.dll - clean, found in Trusted Objects Database
c:\windows\system32\wzcsapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\es.dll - clean, found in Trusted Objects Database
c:\windows\system32\ipnathlp.dll - clean, found in Trusted Objects Database
c:\windows\system32\schedsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\msidle.dll - clean, found in Trusted Objects Database
c:\windows\system32\audiosrv.dll - clean, found in Trusted Objects Database
c:\windows\system32\wkssvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\qmgr.dll - clean, found in Trusted Objects Database
c:\windows\system32\shfolder.dll - clean, found in Trusted Objects Database
c:\windows\system32\winhttp.dll - clean, found in Trusted Objects Database
c:\windows\system32\dmserver.dll - clean, found in Trusted Objects Database
c:\windows\system32\cryptsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\certcli.dll - clean, found in Trusted Objects Database
c:\windows\system32\ersvc.dll - clean, found in Trusted Objects Database
c:\windows\pchealth\helpctr\binaries\pchsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\hidserv.dll - clean, found in Trusted Objects Database
c:\windows\system32\hid.dll - clean, found in Trusted Objects Database
c:\windows\system32\srvsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\wbemcore.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\esscli.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\wmiutils.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\repdrvfs.dll - clean, found in Trusted Objects Database
c:\windows\system32\seclogon.dll - clean, found in Trusted Objects Database
c:\windows\system32\sens.dll - clean, found in Trusted Objects Database
c:\windows\system32\srsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\wmiprvsd.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\wbemess.dll - clean, found in Trusted Objects Database
c:\windows\system32\trkwks.dll - clean, found in Trusted Objects Database
c:\windows\system32\wscsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\wuauserv.dll - clean, found in Trusted Objects Database
c:\windows\system32\browser.dll - clean, found in Trusted Objects Database
c:\windows\system32\wuaueng.dll - clean, found in Trusted Objects Database
c:\windows\system32\cabinet.dll - clean, found in Trusted Objects Database
c:\windows\system32\mspatcha.dll - clean, found in Trusted Objects Database
c:\windows\system32\wbem\ncprov.dll - clean, found in Trusted Objects Database
c:\windows\system32\wups2.dll - clean, found in Trusted Objects Database
c:\windows\system32\comsvcs.dll - clean, found in Trusted Objects Database
c:\windows\system32\colbact.dll - clean, found in Trusted Objects Database
c:\windows\system32\mtxclu.dll - clean, found in Trusted Objects Database
c:\windows\system32\clusapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\resutils.dll - clean, found in Trusted Objects Database
c:\windows\system32\tapisrv.dll - clean, found in Trusted Objects Database
c:\windows\system32\rasmans.dll - clean, found in Trusted Objects Database
c:\windows\system32\netcfgx.dll - clean, found in Trusted Objects Database
c:\windows\system32\rastapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\unimdm.tsp - clean, found in Trusted Objects Database
c:\windows\system32\uniplat.dll - clean, found in Trusted Objects Database
c:\windows\system32\kmddsp.tsp - clean, found in Trusted Objects Database
c:\windows\system32\ndptsp.tsp - clean, found in Trusted Objects Database
c:\windows\system32\ipconf.tsp - clean, found in Trusted Objects Database
c:\windows\system32\h323.tsp - clean, found in Trusted Objects Database
c:\windows\system32\hidphone.tsp - clean, found in Trusted Objects Database
c:\windows\system32\rasppp.dll - clean, found in Trusted Objects Database
c:\windows\system32\ntlsapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\rasqec.dll - clean, found in Trusted Objects Database
c:\windows\system32\upnp.dll - clean, found in Trusted Objects Database
c:\windows\system32\ssdpapi.dll - clean, found in Trusted Objects Database
c:\windows\system32\rasdlg.dll - clean, found in Trusted Objects Database
c:\windows\system32\dnsrslvr.dll - clean, found in Trusted Objects Database
c:\windows\system32\lmhsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\regsvc.dll - clean, found in Trusted Objects Database
c:\windows\system32\ssdpsrv.dll - clean, found in Trusted Objects Database
c:\windows\system32\spoolss.dll - clean, found in Trusted Objects Database
c:\windows\system32\localspl.dll - clean, found in Trusted Objects Database
c:\windows\system32\cnbjmon.dll - clean, found in Trusted Objects Database
c:\windows\system32\zlm1120.dll - clean, found in Trusted Objects Database
c:\windows\system32\hpf3l70v.dll - clean, found in Trusted Objects Database
c:\windows\system32\pjlmon.dll - clean, found in Trusted Objects Database
c:\windows\system32\tcpmon.dll - clean, found in Trusted Objects Database
c:\windows\system32\usbmon.dll - clean, found in Trusted Objects Database
c:\windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll - clean, found in Trusted Objects Database
c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - clean, found in Trusted Objects Database
c:\windows\system32\spool\prtprocs\w32x86\zimfprnt.dll - clean, found in Trusted Objects Database
c:\windows\system32\zimf.dll - clean, found in Trusted Objects Database
c:\windows\system32\ztag.dll - clean, found in Trusted Objects Database
c:\windows\system32\zspool.dll - clean, found in Trusted Objects Database
c:\windows\system32\win32spl.dll - clean, found in Trusted Objects Database
c:\windows\system32\netrap.dll - clean, found in Trusted Objects Database
c:\windows\system32\inetpp.dll - clean, found in Trusted Objects Database
c:\windows\system32\browseui.dll - clean, found in Trusted Objects Database
c:\windows\system32\shdocvw.dll - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2hooks32.dll - clean, found in Trusted Objects Database
c:\windows\system32\themeui.dll - clean, found in Trusted Objects Database
c:\windows\system32\actxprxy.dll - clean, found in Trusted Objects Database
c:\windows\system32\msutb.dll - clean, found in Trusted Objects Database
c:\windows\system32\msctf.dll - clean, found in Trusted Objects Database
c:\windows\system32\linkinfo.dll - clean, found in Trusted Objects Database
c:\windows\system32\ntshrui.dll - clean, found in Trusted Objects Database
c:\windows\system32\ieframe.dll - clean, found in Trusted Objects Database
c:\windows\system32\mlang.dll - clean, found in Trusted Objects Database
c:\windows\system32\webcheck.dll - clean, found in Trusted Objects Database
c:\windows\system32\stobject.dll - clean, found in Trusted Objects Database
c:\windows\system32\batmeter.dll - clean, found in Trusted Objects Database
c:\windows\system32\wzcdlg.dll - clean, found in Trusted Objects Database
c:\windows\system32\drprov.dll - clean, found in Trusted Objects Database
c:\windows\system32\ntlanman.dll - clean, found in Trusted Objects Database
c:\windows\system32\netui0.dll - clean, found in Trusted Objects Database
c:\windows\system32\netui1.dll - clean, found in Trusted Objects Database
c:\windows\system32\davclnt.dll - clean, found in Trusted Objects Database
c:\program files\winrar\rarext.dll - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2contmenu.dll - clean, found in Trusted Objects Database
c:\windows\system32\browselc.dll - clean, found in Trusted Objects Database
c:\windows\system32\duser.dll - clean, found in Trusted Objects Database
c:\windows\system32\sti.dll - clean, found in Trusted Objects Database
c:\windows\system32\cfgmgr32.dll - clean, found in Trusted Objects Database
c:\windows\system32\shdoclc.dll - clean, found in Trusted Objects Database
c:\windows\system32\webclnt.dll - clean, found in Trusted Objects Database
c:\program files\comodo\dragon\distribution.dll - clean,IS NOT listed in Trusted Objects Database
c:\windows\system32\oleacc.dll - clean, found in Trusted Objects Database
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll - clean, found in Trusted Objects Database
c:\windows\system32\sensapi.dll - clean, found in Trusted Objects Database
c:\program files\intel\intel matrix storage manager\isdi.dll - clean, found in Trusted Objects Database
c:\program files\intel\intel matrix storage manager\pluginraid_ptg.dll - clean,IS NOT listed in Trusted Objects Database
c:\program files\java\jre7\bin\msvcr100.dll - clean, found in Trusted Objects Database
c:\windows\system32\pdh.dll - clean, found in Trusted Objects Database
c:\windows\system32\odbcbcp.dll - clean, found in Trusted Objects Database
c:\windows\system32\perfos.dll - clean, found in Trusted Objects Database
c:\windows\system32\perfdisk.dll - clean, found in Trusted Objects Database
c:\program files\common files\lightscribe\lssproxy.dll - clean, found in Trusted Objects Database
c:\program files\common files\lightscribe\lslog.dll - clean, found in Trusted Objects Database
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - clean, found in Trusted Objects Database
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - clean, found in Trusted Objects Database
c:\windows\system32\wiaservc.dll - clean, found in Trusted Objects Database
c:\windows\system32\mscms.dll - clean, found in Trusted Objects Database
c:\windows\system32\wiavusd.dll - clean, found in Trusted Objects Database
c:\windows\system32\ddraw.dll - clean, found in Trusted Objects Database
c:\windows\system32\dciman32.dll - clean, found in Trusted Objects Database
c:\program files\emsisoft anti-malware\a2framework.dll - clean, found in Trusted Objects Database
c:\windows\system32\riched20.dll - clean, found in Trusted Objects Database
c:\windows\system32\mscoree.dll - clean, found in Trusted Objects Database
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll - clean, found in Trusted Objects Database
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll - clean, found in Trusted Objects Database
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll - clean, found in Trusted Objects Database
c:\program files\hp\hp ut\bin\hpusagetracking.dll - clean, found in Trusted Objects Database
c:\windows\assembly\nativeimages_v2.0.50727_32\system\aeac298c43c77d8860db8e7634d9f2eb\system.ni.dll - clean, found in Trusted Objects Database
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\7782f356a838c403b4a8e9c80df5a577\system.drawing.ni.dll - clean, found in Trusted Objects Database
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\ba12e418b906593b7c9c18f971f36bf9\system.windows.forms.ni.dll - clean, found in Trusted Objects Database
c:\program files\hp\hp ut\bin\hptools.dll - clean, found in Trusted Objects Database
c:\program files\hp\hp ut\bin\hptoolkit.dll - clean, found in Trusted Objects Database
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\fe025743210c22bea2f009e1612c38bf\system.xml.ni.dll - clean, found in Trusted Objects Database
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\96b7a0136e9e72e8f4eb0230c20766d2\system.configuration.ni.dll - clean, found in Trusted Objects Database
c:\windows\assembly\nativeimages_v2.0.50727_32\system.runtime.seri#\07de14823c42ee36ffa303d9c89ded36\system.runtime.serialization.formatters.soap.ni.dll - clean, found in Trusted Objects Database
c:\program files\hp\hp ut\bin\enumeration.dll - clean, found in Trusted Objects Database
c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll - clean, found in Trusted Objects Database
c:\program files\hp\digital imaging\bin\hpqusg.dll - clean, found in Trusted Objects Database
c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll - clean, found in Trusted Objects Database
c:\program files\hp\hp ut\bin\hpstreamsinterface.dll - clean, found in Trusted Objects Database
c:\windows\system32\hppatusg01.dll - clean, found in Trusted Objects Database
c:\windows\system32\msxml3.dll - clean, found in Trusted Objects Database
c:\windows\system32\quartz.dll - clean, found in Trusted Objects Database
c:\windows\system32\olepro32.dll - clean, found in Trusted Objects Database
c:\program files\prosecurity\dvioctrl.dll - clean,IS NOT listed in Trusted Objects Database
c:\windows\system32\riched32.dll - clean, found in Trusted Objects Database
Scanning RAM - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
In the database 317 port descriptions
Opened at this PC: 14 TCP ports and 11 UDP ports
Checking - complete; no suspicious ports detected
7. Heuristic system check
Hidden startup suspected: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 338, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 21.03.2013 13:01:54
Time of scanning: 00:01:20
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
System Analysis in progress

System Analysis - complete



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 PM

Posted 27 March 2013 - 08:22 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

Please allow me some time to review your situation. While I am doing that consider and perform the following, if you would please.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and let me know.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

===================================================

Additional Information
  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
  • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
===================================================

Create DDS.txt and Attach.txt

I would like to see some information about what is happening in your machine. Please perform the following scan (again):
  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

DDS.com
DDS.pif

  • Double click on the icon and allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • DDS.txt
  • Attach.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 cutthroat

cutthroat
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 27 March 2013 - 09:43 AM

Thank you so much Gary.


We are friends now :)  :thumbup2:

 

My first name is Luis. 


Of course you can call me by my name.


I also prefer that.

 

First of all I want to thank you so much for your precious help and dedicated efforts to help us to solve problems with advanced techniques and very powerful tricks.

 

 

Additional Information:

 

When I restart my windows XP I have always an Runtime error saying the program:c:\program files\intel\intel matrix storage manager\iaantmon.exe - This application has requested the Runtime to terminate it in an unusual way.

Please contact the application's support team for more information.
 
On my posts I have combofix(1st post), AVZ and DDS logs.

I will send again DDS logs but please consider to see every combofix and AVZ logs, they tell very important things.
 
My Windows explorer is now much faster than before
 
My computer is much better now because I have deleted things with AVZ on scripts.
 
But I did not remove the drivers and other things because I was fearing Windows XP would not run anymore.
 
Kernel hooks by a rootkit detected by AVZ(red colour).
 
One strange thing keeps happening.
 
Some days before Tdsskiller detected an serial.sys file and I removed it from c:\windows\system32.
 
The file "serial.sys" from c:\windows\system32 is 63 KB on my Windows XP and I have another machine with Windows xp too and have serial.sys with 65 KB.
 
And I copied the file to c:\windows\system32 and after a few seconds the file "serial.sys" change from 65 Kb to 63 KB.
 
When I copied the file to another location, for example c:\ the file did not change and serial.sys stays with 65 KB.
 
But everytime I copy serial.sys (65KB) to c:\windows\system32 he changes the size to 63 KB.
 
I have several ports open detected on AVZ and I did not delete any.
 
I think I have several dlls created before and they infected my system like combofix tell on last log.
 
The windows startup is somehow slow.
 
AVZ detected kernel hooks by rootkits.
 
I think I have 2 internet connections on my computer,on control panel\network connections I can see "1394 connection 3" and "local area connection" both connected and firewalled.
 
I would like to remove everyline from combofix log posted here last time.
 
Remove registry entries and dlls and .sys files detected by combofix .
 
The combofix log is here on my 1st post.
 
My computer has another symptoms but I can't remember everything for now.
 
Sorry.
 
I want to thank you for all your efforts trying to help.
 
Here are the DDS logs again for your analysis.
 
P.S  These DDS logs are from right now(Today)
 
DDS.txt :
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Carlos Silva at 14:41:59 on 2013-03-27
Microsoft Windows XP Professional  5.1.2600.3.1252.351.1033.18.2046.1298 [GMT 0:00]
.
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
============== Running Processes ================
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yandex.ru/?clid=154464
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:347
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carlos silva\application data\mozilla\firefox\profiles\nahd6ha2.default\
FF - ExtSQL: 2013-03-17 11:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 3e4sbl0x;Vba32 Armour Driver;c:\windows\system32\drivers\3e4sbl0x.sys [2013-3-27 164240]
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2012-6-13 13616]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2012-6-13 13616]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2013-3-26 22056]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2013-3-26 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2013-3-26 14432]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2013-3-24 3968]
R1 uzexndg1;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzexndg1.sys [2013-3-25 11264]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2013-3-26 3089856]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2013-3-12 2074768]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2013-3-26 54072]
R3 NETwLx32;    Controlador da placa Intel® Wireless WiFi Link Série 5000 para Windows XP 32 Bits;c:\windows\system32\drivers\NETwLx32.sys [2012-11-29 6609920]
S0 iastor3;iastor3;c:\windows\system32\drivers\iastor3.sys [2012-6-13 308248]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-26 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-26 682344]
S3 APHbx0iE;BlackBox SR2; [x]
S3 k0wf4wx6;BlackBox SR2; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-26 21104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13c.tmp --> c:\windows\system32\13C.tmp [?]
S3 Qxg4rk0E;BlackBox SR2; [x]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-3-22 27064]
S3 RSPHOOKANALYZER;RSPHOOKANALYZER;\??\c:\docume~1\carlos~1\locals~1\temp\rspsc32.sys --> c:\docume~1\carlos~1\locals~1\temp\rspsc32.sys [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2013-3-4 27192]
S3 ujexndg1;AVZ-SG Kernel Driver;c:\windows\system32\drivers\ujexndg1.sys [2013-3-25 10240]
S3 utexndg1;AVZ Kernel Driver;c:\windows\system32\drivers\utexndg1.sys [2013-3-25 7168]
.
=============== Created Last 30 ================
.
2013-03-27 03:16:20 164240 ----a-w- c:\windows\system32\drivers\3e4sbl0x.sys
2013-03-27 03:02:14 -------- d-----w- C:\vbaactual
2013-03-26 15:10:52 315392 ----a-w- c:\windows\HideWin.exe
2013-03-26 15:04:47 -------- d-----w- c:\program files\Motorola
2013-03-26 12:53:29 -------- d-----w- c:\documents and settings\carlos silva\application data\Malwarebytes
2013-03-26 12:53:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-03-26 12:53:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 12:53:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-26 00:17:33 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2013-03-25 19:38:41 56576 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
2013-03-25 19:38:41 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2013-03-25 19:38:41 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2013-03-25 19:38:41 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2013-03-25 15:51:56 10240 ----a-w- c:\windows\system32\drivers\ujexndg1.sys
2013-03-25 13:49:56 7168 ----a-w- c:\windows\system32\drivers\utexndg1.sys
2013-03-25 13:42:49 11264 ----a-w- c:\windows\system32\drivers\uzexndg1.sys
2013-03-25 12:55:50 -------- d-----w- C:\VBA NORMAL
2013-03-25 12:55:23 -------- d-----w- C:\VBA BETA
2013-03-25 12:54:36 -------- d-----w- C:\VBABASES UPDATE
2013-03-25 00:32:02 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2013-03-24 23:58:31 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2013-03-23 03:20:13 -------- d-----w- c:\program files\Nemesis Anti-Spyware
2013-03-23 01:26:47 -------- d-----w- c:\program files\Tizer™ Rootkit Razor
2013-03-22 21:06:39 -------- d-----w- C:\FRST
2013-03-22 19:17:59 164240 ----a-w- c:\windows\system32\drivers\k7thf2xz.sys
2013-03-22 18:17:13 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\VS Revo Group
2013-03-22 18:17:07 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-03-22 18:17:07 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2013-03-22 18:17:05 -------- d-----w- c:\program files\VS Revo Group
2013-03-22 17:50:28 164240 ----a-w- c:\windows\system32\drivers\9dxphn9c.sys
2013-03-22 03:42:49 -------- d-----w- c:\program files\Sophos
2013-03-22 02:26:26 -------- d-----w- c:\windows\ERUNT
2013-03-22 02:25:59 -------- d-----w- C:\JRT
2013-03-22 01:40:58 -------- d-----w- C:\ifghww
2013-03-21 18:48:08 -------- d-----w- C:\is0ehsfd
2013-03-21 17:24:50 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2013-03-21 17:24:50 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2013-03-21 15:52:56 -------- d-sha-r- C:\cmdcons
2013-03-21 15:51:17 98816 ----a-w- c:\windows\sed.exe
2013-03-21 15:51:17 256000 ----a-w- c:\windows\PEV.exe
2013-03-21 15:51:17 208896 ----a-w- c:\windows\MBR.exe
2013-03-21 11:43:53 -------- d-----w- C:\avz4
2013-03-20 23:43:16 -------- d-----w- C:\Backreg
2013-03-20 21:56:47 164240 ----a-w- c:\windows\system32\drivers\k7ilmvwc.sys
2013-03-20 20:47:02 164240 ----a-w- c:\windows\system32\drivers\x2o982xx.sys
2013-03-20 20:25:46 -------- d-----w- c:\windows\system32\appmgmt
2013-03-20 20:22:22 -------- d-----w- C:\VBA32
2013-03-20 19:37:13 -------- d-----w- C:\bva
2013-03-20 19:19:11 -------- d-----w- C:\vba
2013-03-20 14:50:22 114688 ----a-w- c:\windows\system32\LOGONMONITOR.DLL.del
2013-03-19 13:15:21 -------- d-----w- c:\program files\CCleaner
2013-03-19 13:14:33 -------- d-----w- C:\DefenseWallVC_Apps
2013-03-19 11:03:35 457 ----a-w- C:\deletekeys.reg
2013-03-19 10:44:31 -------- d-----w- C:\Radix
2013-03-18 19:01:49 -------- d-----w- C:\DefenseWallVC
2013-03-18 04:45:33 -------- d---a-w- C:\Kernel Detective v1.3.1
2013-03-17 16:31:43 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\Help
2013-03-17 03:05:20 -------- d-----w- c:\windows\system32\XPSViewer
2013-03-17 03:04:58 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-03-17 03:04:38 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-03-17 03:04:38 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-03-17 03:04:38 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-03-17 03:04:38 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-03-17 03:04:38 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-03-17 03:04:38 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-03-17 03:04:38 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-03-17 03:04:38 117760 ------w- c:\windows\system32\prntvpt.dll
2013-03-17 03:04:37 -------- d-----w- C:\606fc27bf3b708e33d
2013-03-16 20:06:27 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\HP
2013-03-16 20:06:08 -------- d-----w- c:\documents and settings\all users\application data\WEBREG
2013-03-16 20:05:04 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2013-03-16 20:05:04 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2013-03-16 20:04:46 312832 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
2013-03-16 20:04:46 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2013-03-16 20:04:45 452408 ----a-r- c:\windows\system32\hpzids01.dll
2013-03-16 20:04:40 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2013-03-16 20:04:13 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2013-03-16 20:04:13 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2013-03-16 20:04:13 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2013-03-16 20:04:13 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2013-03-16 20:04:13 309760 ----a-r- c:\windows\system32\difxapi.dll
2013-03-16 19:59:19 -------- d-----w- c:\program files\common files\HP
2013-03-16 19:58:51 -------- d-----w- c:\program files\common files\Hewlett-Packard
2013-03-16 13:15:05 -------- d-----w- C:\Minha pen de 16 GB
2013-03-16 08:25:01 -------- d-----w- C:\emsisoft
2013-03-16 03:00:41 -------- d-----w- c:\windows\SxsCaPendDel
2013-03-15 21:20:36 -------- d-----w- C:\Pen azul 4 gb COPIA DOS FICHEIROS
2013-03-15 17:36:34 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-15 09:36:31 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2013-03-15 09:36:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-03-15 09:33:48 221184 ----a-w- c:\windows\brprs.exe
2013-03-15 09:29:08 -------- d-----w- C:\hp_LJ_M1120_Full_Solution
2013-03-13 22:16:46 -------- d-----w- c:\windows\system32\LogFiles
2013-03-13 17:38:24 -------- d-----w- c:\program files\VideoLAN
2013-03-13 06:48:07 -------- d-----w- C:\Regrun warrior
2013-03-12 07:52:25 -------- d-----w- c:\program files\UnHackMe
2013-03-12 06:46:26 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\temp
2013-03-11 15:13:50 -------- d-----w- c:\program files\Trusteer
2013-03-11 03:12:54 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\MigWiz
2013-03-08 13:42:12 -------- d-----w- c:\program files\NoVirusThanks
2013-03-08 13:34:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-07 09:01:48 -------- d-----w- c:\program files\eMule
2013-03-06 03:36:00 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\Mozilla
2013-03-05 05:42:19 -------- d-----w- C:\PEN EURO MOVIDA
2013-03-04 10:09:46 -------- d-----w- C:\PEN EUROAAA
2013-03-04 08:02:31 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-03-04 07:54:06 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-03-04 07:34:14 27232 ----a-w- c:\windows\system32\drivers\rspSanity32XP.sys
2013-03-04 07:34:14 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2013-03-01 23:19:15 -------- d-----w- c:\program files\JDownloader
2013-03-01 05:01:04 -------- d---a-w- C:\cce_linux
2013-02-28 17:00:29 -------- d-----w- C:\Megadatabase 2013
2013-02-27 05:40:38 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2013-02-27 03:52:09 -------- d-----w- c:\documents and settings\carlos silva\application data\InfraRecorder
2013-02-27 03:52:00 -------- d-----w- c:\program files\InfraRecorder
2013-02-26 15:00:45 -------- d-----w- c:\documents and settings\carlos silva\local settings\application data\Sun
.
==================== Find3M  ====================
.
2013-03-25 16:08:49 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-03-12 20:58:23 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 20:58:23 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-05 04:33:00 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:04:37 920064 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:04:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:04:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:40:26 385024 ----a-w- c:\windows\system32\html.iec
2013-02-01 14:26:50 357337 ----a-w- c:\program files\EAM Trial Reset 1.1.exe
2013-01-26 03:55:10 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:32:34 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:45:12 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:32:36 1876224 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:48:28 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:48:28 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-31 20:14:16 1448809 ----a-w- C:\DOSBox0.74-win32-installer (1).exe
.
============= FINISH: 14:42:10,81 ===============
 
 
Attach.txt :
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28-07-2012 16:19:20
System Uptime: 27-03-2013 3:19:46 (11 hours ago)
.
Motherboard: Quanta |  | 30D2
Processor: Intel® Core™2 Duo CPU     T5450  @ 1.66GHz | U2E1 | 1662/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 10,89 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 27-03-2013 0:47:11 - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
µTorrent
AVG Anti-Rootkit Free
Broadcom 802.11 Wireless LAN Adapter
BufferChm
CCleaner
ChessBase 9
Comodo Dragon
Deep Rybka 3
Disney's Aladdin Chess Adventures
DJ_AIO_06_F2400_SW_Min
Emsisoft Anti-Malware
eMule
F2400
Foxit Reader
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
HP LaserJet M1120 MFP Series
HP Wireless Assistant
hppusgM1120
hpWLPGInstaller
InfraRecorder
Intel® Matrix Storage Manager
JDownloader 0.9
LightScribe System Software  1.10.13.1
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Excel Viewer
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Motorola SM56 Data Fax Modem
Mozilla Firefox 4.0 (x86 ru)
MrvlUsgTracking
MSXML 4.0 SP3 Parser (KB2758694)
Nemesis Anti-Spyware
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA PhysX
Opera 12.14
Realtek High Definition Audio Driver
Revo Uninstaller Pro 3.0.2
Scan
Scan To
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Skype™ 5.1
Synaptics Pointing Device Driver
Tizer™ Rootkit Razor
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Vista Codec Package
VLC media player 2.0.5
WebFldrs XP
WebReg
WinDjView 1.0.3
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
26-03-2013 15:15:21, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
26-03-2013 12:58:35, error: System Error [1003]  - Error code 1000008e, parameter1 c0000005, parameter2 8054bfd2, parameter3 a7dcb6a4, parameter4 00000000.
25-03-2013 15:56:47, error: Service Control Manager [7034]  - The Intel® Matrix Storage Event Monitor service terminated unexpectedly.  It has done this 1 time(s).
25-03-2013 0:34:28, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the HOSTS Anti-PUPs service to connect.
25-03-2013 0:34:28, error: Service Control Manager [7000]  - The HOSTS Anti-PUPs service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
24-03-2013 13:14:17, error: System Error [1003]  - Error code 1000008e, parameter1 c0000005, parameter2 a578efc9, parameter3 a519abbc, parameter4 00000000.
24-03-2013 13:05:01, error: Service Control Manager [7034]  - The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
24-03-2013 11:46:24, error: System Error [1003]  - Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.
22-03-2013 17:49:47, error: PlugPlayManager [11]  - The device Root\LEGACY_TMCOMM\0000 disappeared from the system without first being prepared for removal.
21-03-2013 11:19:44, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
21-03-2013 10:26:41, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
20-03-2013 16:20:47, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  iastor3
20-03-2013 15:24:27, error: Service Control Manager [7034]  - The InfoProcess HipService Workstation Service service terminated unexpectedly.  It has done this 1 time(s).
20-03-2013 15:19:23, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 885d46a0, parameter3 885d4814, parameter4 805d22da.
20-03-2013 15:15:57, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20-03-2013 15:14:29, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  a2injectiondriver Fips HipEnforceDriver intelppm
20-03-2013 15:10:12, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
20-03-2013 15:04:29, error: Service Control Manager [7000]  - The Emsisoft Anti-Malware 7.0 - Service service failed to start due to the following error:  Waiting for a process to open the other end of the pipe.
20-03-2013 15:04:25, error: Service Control Manager [7034]  - The DefenseWall internal service service terminated unexpectedly.  It has done this 1 time(s).
20-03-2013 15:04:25, error: Service Control Manager [7031]  - The Emsisoft Anti-Malware 7.0 - Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================
 
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 PM

Posted 27 March 2013 - 11:14 AM

Greetings Luis,

It appears you have run numerous programs in your effort to address your situation. From this point forward please do not take any steps unlesss requested to do so.

Can you tell me if you set this web page:

uStart Page = http://www.yandex.ru/?clid=154464

Please consider the following and run these programs for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller zip file
  • RogueKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 cutthroat

cutthroat
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 27 March 2013 - 10:27 PM

Thank you for your fast reply dear Gary.
 
True I have run numerous programs. I promise from this point forward do not take any steps unlesss requested to do so.
 
By the way:

I forgot to mention:
 
I think I was infected only just after I have run this file "AntiHookWorkstationSetup30.msi". (This is antihook3.0 build23)
 
Only after running this file and after my 1st restart my computer was too slow and TDSSKiller found 28 threats and for the first time I have seen TDSSkiller giving a bsod(blue screen) and I could not remove any of them but the problem is:

TDSSkiller never could find any threat after blue screen and keep it giving no threats found.
 
And one very strange thing happened too.

I  had prevx previously installed but suddenly prevx disappeared and I had 
webroot internet security installed instead but I did not install webroot internet security.
 
The program webroot internet security appeared on my computer out of nothing, I did not install it.

I could uninstall the program without problems and I have noticed my clock it was changed his format from PM to AM and I could not adjust it correctly.
 
 
"Can you tell me if you set this web page:"

 

"uStart Page = http://www.yandex.ru/?clid=154464"

 

Answer: No, I never set that web page, I don't know what is http://www.yandex.ru and never did anything to set this web page.

 


Here are the logs you have requested:

 

2 logs from TDSSkiller are attached in 2 zip files.

 

 

RogueKiller logs :

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Carlos Silva [Admin rights]
Mode : Scan -- Date : 03/28/2013 01:07:28
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST9160821AS +++++
--- User ---
[MBR] 91c0d4256638f3d8d204356a530d1c40
[BSP] d6b74222edce0c6e05ed564beca35d3a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152626 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[35]_S_03282013_02d0107.txt >>
RKreport[10]_S_03122013_02d0456.txt ; RKreport[11]_PR_03122013_02d0457.txt ; RKreport[12]_DN_03122013_02d0457.txt ; RKreport[13]_H_03122013_02d0457.txt ; RKreport[14]_S_03122013_02d0458.txt ; 
RKreport[15]_S_03142013_02d0908.txt ; RKreport[16]_S_03222013_02d0134.txt ; RKreport[17]_D_03222013_02d0135.txt ; RKreport[18]_S_03222013_02d0136.txt ; RKreport[19]_S_03222013_02d1741.txt ; 
RKreport[1]_S_02252013_02d2000.txt ; RKreport[20]_D_03222013_02d1742.txt ; RKreport[21]_S_03222013_02d1742.txt ; RKreport[22]_S_03222013_02d1743.txt ; RKreport[23]_S_03222013_02d1808.txt ; 
RKreport[24]_S_03222013_02d1902.txt ; RKreport[25]_S_03222013_02d1905.txt ; RKreport[26]_S_03222013_02d1909.txt ; RKreport[27]_S_03252013_02d0041.txt ; RKreport[28]_H_03252013_02d0041.txt ; 
RKreport[29]_D_03252013_02d0041.txt ; RKreport[2]_D_02252013_02d2001.txt ; RKreport[30]_S_03252013_02d0042.txt ; RKreport[31]_S_03262013_02d1524.txt ; RKreport[32]_D_03262013_02d1525.txt ; 
RKreport[33]_S_03262013_02d1526.txt ; RKreport[34]_S_03262013_02d1527.txt ; RKreport[35]_S_03282013_02d0107.txt ; RKreport[3]_DN_02252013_02d2002.txt ; RKreport[4]_PR_02252013_02d2002.txt ; 
RKreport[5]_H_02252013_02d2002.txt ; RKreport[6]_S_02252013_02d2003.txt ; RKreport[7]_S_02272013_02d0248.txt ; RKreport[8]_S_02272013_02d0255.txt ; RKreport[9]_S_03112013_02d0312.txt
 
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Carlos Silva [Admin rights]
Mode : Remove -- Date : 03/28/2013 01:08:00
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST9160821AS +++++
--- User ---
[MBR] 91c0d4256638f3d8d204356a530d1c40
[BSP] d6b74222edce0c6e05ed564beca35d3a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152626 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[36]_D_03282013_02d0108.txt >>
RKreport[10]_S_03122013_02d0456.txt ; RKreport[11]_PR_03122013_02d0457.txt ; RKreport[12]_DN_03122013_02d0457.txt ; RKreport[13]_H_03122013_02d0457.txt ; RKreport[14]_S_03122013_02d0458.txt ; 
RKreport[15]_S_03142013_02d0908.txt ; RKreport[16]_S_03222013_02d0134.txt ; RKreport[17]_D_03222013_02d0135.txt ; RKreport[18]_S_03222013_02d0136.txt ; RKreport[19]_S_03222013_02d1741.txt ; 
RKreport[1]_S_02252013_02d2000.txt ; RKreport[20]_D_03222013_02d1742.txt ; RKreport[21]_S_03222013_02d1742.txt ; RKreport[22]_S_03222013_02d1743.txt ; RKreport[23]_S_03222013_02d1808.txt ; 
RKreport[24]_S_03222013_02d1902.txt ; RKreport[25]_S_03222013_02d1905.txt ; RKreport[26]_S_03222013_02d1909.txt ; RKreport[27]_S_03252013_02d0041.txt ; RKreport[28]_H_03252013_02d0041.txt ; 
RKreport[29]_D_03252013_02d0041.txt ; RKreport[2]_D_02252013_02d2001.txt ; RKreport[30]_S_03252013_02d0042.txt ; RKreport[31]_S_03262013_02d1524.txt ; RKreport[32]_D_03262013_02d1525.txt ; 
RKreport[33]_S_03262013_02d1526.txt ; RKreport[34]_S_03262013_02d1527.txt ; RKreport[35]_S_03282013_02d0107.txt ; RKreport[36]_D_03282013_02d0108.txt ; RKreport[3]_DN_02252013_02d2002.txt ; 
RKreport[4]_PR_02252013_02d2002.txt ; RKreport[5]_H_02252013_02d2002.txt ; RKreport[6]_S_02252013_02d2003.txt ; RKreport[7]_S_02272013_02d0248.txt ; RKreport[8]_S_02272013_02d0255.txt ; 
RKreport[9]_S_03112013_02d0312.txt
 
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Carlos Silva [Admin rights]
Mode : Scan -- Date : 03/28/2013 01:10:11
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST9160821AS +++++
--- User ---
[MBR] 91c0d4256638f3d8d204356a530d1c40
[BSP] d6b74222edce0c6e05ed564beca35d3a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152626 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[37]_S_03282013_02d0110.txt >>
RKreport[10]_S_03122013_02d0456.txt ; RKreport[11]_PR_03122013_02d0457.txt ; RKreport[12]_DN_03122013_02d0457.txt ; RKreport[13]_H_03122013_02d0457.txt ; RKreport[14]_S_03122013_02d0458.txt ; 
RKreport[15]_S_03142013_02d0908.txt ; RKreport[16]_S_03222013_02d0134.txt ; RKreport[17]_D_03222013_02d0135.txt ; RKreport[18]_S_03222013_02d0136.txt ; RKreport[19]_S_03222013_02d1741.txt ; 
RKreport[1]_S_02252013_02d2000.txt ; RKreport[20]_D_03222013_02d1742.txt ; RKreport[21]_S_03222013_02d1742.txt ; RKreport[22]_S_03222013_02d1743.txt ; RKreport[23]_S_03222013_02d1808.txt ; 
RKreport[24]_S_03222013_02d1902.txt ; RKreport[25]_S_03222013_02d1905.txt ; RKreport[26]_S_03222013_02d1909.txt ; RKreport[27]_S_03252013_02d0041.txt ; RKreport[28]_H_03252013_02d0041.txt ; 
RKreport[29]_D_03252013_02d0041.txt ; RKreport[2]_D_02252013_02d2001.txt ; RKreport[30]_S_03252013_02d0042.txt ; RKreport[31]_S_03262013_02d1524.txt ; RKreport[32]_D_03262013_02d1525.txt ; 
RKreport[33]_S_03262013_02d1526.txt ; RKreport[34]_S_03262013_02d1527.txt ; RKreport[35]_S_03282013_02d0107.txt ; RKreport[36]_D_03282013_02d0108.txt ; RKreport[37]_S_03282013_02d0110.txt ; 
RKreport[3]_DN_02252013_02d2002.txt ; RKreport[4]_PR_02252013_02d2002.txt ; RKreport[5]_H_02252013_02d2002.txt ; RKreport[6]_S_02252013_02d2003.txt ; RKreport[7]_S_02272013_02d0248.txt ; 
RKreport[8]_S_02272013_02d0255.txt ; RKreport[9]_S_03112013_02d0312.txt
 
 
aswMBR log :
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-28 01:17:15
-----------------------------
01:17:15.093    OS Version: Windows 5.1.2600 Service Pack 3
01:17:15.093    Number of processors: 2 586 0xF0D
01:17:15.093    ComputerName: HP_PAVILION  UserName: 
01:17:15.875    Initialize success
01:21:54.718    AVAST engine defs: 13032700
01:22:23.890    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:22:23.890    Disk 0 Vendor: ST916082 3.BH Size: 152627MB BusType: 3
01:22:24.140    Disk 0 MBR read successfully
01:22:24.140    Disk 0 MBR scan
01:22:24.203    Disk 0 Windows XP default MBR code
01:22:24.203    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152626 MB offset 2048
01:22:24.218    Disk 0 scanning sectors +312580096
01:22:24.250    Disk 0 scanning C:\WINDOWS\system32\drivers
01:22:34.203    Service scanning
01:22:54.765    Modules scanning
01:23:02.578    Disk 0 trace - called modules:
01:23:02.609    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys 
01:23:02.625    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9f8040]
01:23:03.140    3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8a9e6928]
01:23:03.140    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a9c9038]
01:23:03.546    AVAST engine scan C:\WINDOWS
01:23:09.062    AVAST engine scan C:\WINDOWS\system32
01:25:16.062    AVAST engine scan C:\WINDOWS\system32\drivers
01:25:31.203    AVAST engine scan C:\Documents and Settings\Carlos Silva
01:30:45.609    File: C:\Documents and Settings\Carlos Silva\My Documents\Downloads\PRT.exe  **INFECTED** Win32:Malware-gen
01:32:39.734    AVAST engine scan C:\Documents and Settings\All Users
01:33:02.937    Scan finished successfully
01:33:27.859    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carlos Silva\Desktop\MBR.dat"
01:33:27.859    The log file has been saved successfully to "C:\Documents and Settings\Carlos Silva\Desktop\aswMBR.txt"
 
 

Attached Files



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 PM

Posted 27 March 2013 - 10:58 PM

Thank you for providing the information. Let's see if we can find the initial TDSSKiller log. It may have been produced even though you Blue Screened.

The Webroot may have been downloaded along with one of the other programs you intended to use. Often times they are included and easily overlooked.

Please do these things for me.

===================================================

Posting Previous TDSSKiller log

--------------------
  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log around the time of the BSOD which will be named similar to:

TDSSKiller_version_date_time_log.txt

  • Copy and paste the contents of that document in your reply
===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • OTL log
  • Extra log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 cutthroat

cutthroat
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 28 March 2013 - 11:48 AM

Thank you once more Gary.


Quote:

 

"The Webroot may have been downloaded along with one of the other programs you intended to use."

 

No, I never have downloaded webroot before, and I have searched  webroot installer in all locations of my HD and I don't have it.

I think someone (a hacker) should have installed this program without my permission, I think it is possible, changing the policies on my computer.

 

There are explorer policies, System policies and firewall policies and other.

 

I have installed prevx previously but I don't think webroot it was included on prevx installation !?

 

Prevx disappeared and webroot appeared on his place.

 

Very weird !


First time that webroot appeared on my screen it appeared a window type pop-up saying there was no threats detected on lower right of screen
 

 

Also, the program I have installed before AntiHookWorkstationSetup30.msi (antihook3.0 build23) has created dll injections and hooking on my computer.


I have sure of it.

 

Combofix log shows evidence of it.

 


I found the TDSSKiller log around the time of the BSOD !!!!

 

But like the scan has not finished because of the BSOD, the log does not show in the ending "Detected object count".

But the log tell us all the suspicious files like for example this one :

 

15:05:13.0828 3872  [ 1E11951F62BBB0B590E697EC90E35D66 ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe

15:05:13.0859 3872  Suspicious file (Forged): C:\Program Files\Emsisoft Anti-Malware\a2service.exe. Real md5: 1E11951F62BBB0B590E697EC90E35D66, Fake md5: A7F08A73F2668FCD2B51A66751FA7FF3
15:05:13.0906 3872  a2AntiMalware ( ForgedFile.Multi.Generic ) - warning
15:05:13.0906 3872  a2AntiMalware - detected ForgedFile.Multi.Generic (1)
 
But one very weird thing happened after this BSOD , TDSSKiller has no more detected these threats, only detected 2 threats on the following scan  but I don't think it are really "infections".
 
I will copy paste now 5 TDSSKiller logs.
 
2 logs around the time of BSOD and 2 logs after BSOD which have detected 2 "threats" and 1 very important log 1 day after the BSOD with many threats deleted by me including a serial.sys file I have reported before with many problems.

My computer it was too slow around the time of BSOD and after I have restarted my computer was not slow anymore.
 
On OTL I have Clicked in the "LOP check" and "Purity check"  checkboxes.
 
 
Previous TDSSKiller logs
 
 
15:00:40.0140 0688  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:00:40.0640 0688  ============================================================
15:00:40.0640 0688  Current date / time: 2013/03/20 15:00:40.0640
15:00:40.0640 0688  SystemInfo:
15:00:40.0640 0688  
15:00:40.0640 0688  OS Version: 5.1.2600 ServicePack: 3.0
15:00:40.0640 0688  Product type: Workstation
15:00:40.0640 0688  ComputerName: HP_PAVILION
15:00:40.0640 0688  UserName: Carlos Silva
15:00:40.0640 0688  Windows directory: C:\WINDOWS
15:00:40.0640 0688  System windows directory: C:\WINDOWS
15:00:40.0640 0688  Processor architecture: Intel x86
15:00:40.0640 0688  Number of processors: 2
15:00:40.0640 0688  Page size: 0x1000
15:00:40.0640 0688  Boot type: Normal boot
15:00:40.0640 0688  ============================================================
15:00:42.0500 0688  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:00:42.0515 0688  Drive \Device\Harddisk1\DR2 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:00:42.0515 0688  ============================================================
15:00:42.0515 0688  \Device\Harddisk0\DR0:
15:00:42.0515 0688  MBR partitions:
15:00:42.0515 0688  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A19000
15:00:42.0515 0688  \Device\Harddisk1\DR2:
15:00:42.0531 0688  MBR partitions:
15:00:42.0531 0688  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x776127
15:00:42.0531 0688  ============================================================
15:00:42.0671 0688  C: <-> \Device\Harddisk0\DR0\Partition1
15:00:42.0671 0688  ============================================================
15:00:42.0671 0688  Initialize success
15:00:42.0671 0688  ============================================================
15:00:49.0031 3972  Deinitialize success
 
 
Very important log: 
 
15:03:37.0765 2740  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:03:38.0234 2740  ============================================================
15:03:38.0234 2740  Current date / time: 2013/03/20 15:03:38.0234
15:03:38.0234 2740  SystemInfo:
15:03:38.0234 2740  
15:03:38.0234 2740  OS Version: 5.1.2600 ServicePack: 3.0
15:03:38.0234 2740  Product type: Workstation
15:03:38.0234 2740  ComputerName: HP_PAVILION
15:03:38.0250 2740  UserName: Carlos Silva
15:03:38.0250 2740  Windows directory: C:\WINDOWS
15:03:38.0250 2740  System windows directory: C:\WINDOWS
15:03:38.0250 2740  Processor architecture: Intel x86
15:03:38.0250 2740  Number of processors: 2
15:03:38.0250 2740  Page size: 0x1000
15:03:38.0250 2740  Boot type: Normal boot
15:03:38.0250 2740  ============================================================
15:03:38.0609 2740  BG loaded
15:03:38.0984 2740  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:03:39.0000 2740  Drive \Device\Harddisk1\DR2 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:03:39.0000 2740  ============================================================
15:03:39.0000 2740  \Device\Harddisk0\DR0:
15:03:39.0000 2740  MBR partitions:
15:03:39.0000 2740  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A19000
15:03:39.0000 2740  \Device\Harddisk1\DR2:
15:03:39.0000 2740  MBR partitions:
15:03:39.0000 2740  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x776127
15:03:39.0000 2740  ============================================================
15:03:39.0031 2740  C: <-> \Device\Harddisk0\DR0\Partition1
15:03:39.0031 2740  ============================================================
15:03:39.0031 2740  Initialize success
15:03:39.0031 2740  ============================================================
15:04:43.0312 3872  ============================================================
15:04:43.0312 3872  Scan started
15:04:43.0312 3872  Mode: Manual; SigCheck; TDLFS; 
15:04:43.0312 3872  ============================================================
15:05:01.0171 3872  ================ Scan system memory ========================
15:05:01.0187 3872  System memory - ok
15:05:01.0187 3872  ================ Scan services =============================
15:05:02.0078 3872  [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc           C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
15:05:13.0765 3872  a2acc - ok
15:05:13.0828 3872  [ 1E11951F62BBB0B590E697EC90E35D66 ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
15:05:13.0859 3872  Suspicious file (Forged): C:\Program Files\Emsisoft Anti-Malware\a2service.exe. Real md5: 1E11951F62BBB0B590E697EC90E35D66, Fake md5: A7F08A73F2668FCD2B51A66751FA7FF3
15:05:13.0906 3872  a2AntiMalware ( ForgedFile.Multi.Generic ) - warning
15:05:13.0906 3872  a2AntiMalware - detected ForgedFile.Multi.Generic (1)
15:05:14.0015 3872  [ B0CC0B50441372157F31C4C023D43A3E ] A2DDA           C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
15:05:14.0078 3872  A2DDA - ok
15:05:14.0156 3872  [ 03BFDFAE9D150D43F4A19B5FBB892591 ] a2injectiondriver C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
15:05:14.0218 3872  a2injectiondriver - ok
15:05:14.0234 3872  [ 8DEA3FE12A6686573F16A06AD95D7AB9 ] a2util          C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
15:05:14.0312 3872  a2util - ok
15:05:14.0453 3872  Abiosdsk - ok
15:05:14.0453 3872  abp480n5 - ok
15:05:14.0546 3872  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:05:28.0796 3872  ACPI - ok
15:05:28.0875 3872  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:05:33.0406 3872  ACPIEC - ok
15:05:33.0500 3872  [ 316BED0CB074F14EA1C1198DFE9CDF09 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:05:33.0609 3872  Suspicious file (Forged): C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe. Real md5: 316BED0CB074F14EA1C1198DFE9CDF09, Fake md5: EA856F4A46320389D1899B2CAA7BF40F
15:05:33.0609 3872  AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - warning
15:05:33.0609 3872  AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Generic (1)
15:05:33.0609 3872  adpu160m - ok
15:05:33.0656 3872  [ 3E81C4B57E1A1FB18B82ACA9AC6EBD3C ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:05:33.0718 3872  Suspicious file (Forged): C:\WINDOWS\system32\drivers\aec.sys. Real md5: 3E81C4B57E1A1FB18B82ACA9AC6EBD3C, Fake md5: 8BED39E3C35D6A489438B8141717A557
15:05:33.0718 3872  aec ( ForgedFile.Multi.Generic ) - warning
15:05:33.0718 3872  aec - detected ForgedFile.Multi.Generic (1)
15:05:33.0921 3872  [ E024D10669A364C351CF9D68CA09A49A ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:05:33.0984 3872  Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: E024D10669A364C351CF9D68CA09A49A, Fake md5: F6B7B1ECD7B41736BDB6FF4B092BCB79
15:05:33.0984 3872  AFD ( ForgedFile.Multi.Generic ) - warning
15:05:33.0984 3872  AFD - detected ForgedFile.Multi.Generic (1)
15:05:34.0000 3872  Aha154x - ok
15:05:34.0000 3872  aic78u2 - ok
15:05:34.0015 3872  aic78xx - ok
15:05:34.0078 3872  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:05:37.0218 3872  Alerter - ok
15:05:37.0281 3872  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
15:05:39.0328 3872  ALG - ok
15:05:39.0328 3872  AliIde - ok
15:05:39.0359 3872  amsint - ok
15:05:39.0359 3872  APHbx0iE - ok
15:05:39.0406 3872  [ 6A3DD133BDAEDBECC4C987D6EBD207C0 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:05:39.0484 3872  Suspicious file (Forged): C:\WINDOWS\System32\appmgmts.dll. Real md5: 6A3DD133BDAEDBECC4C987D6EBD207C0, Fake md5: D8849F77C0B66226335A59D26CB4EDC6
15:05:39.0484 3872  AppMgmt ( ForgedFile.Multi.Generic ) - warning
15:05:39.0484 3872  AppMgmt - detected ForgedFile.Multi.Generic (1)
15:05:39.0500 3872  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:05:42.0078 3872  Arp1394 - ok
15:05:42.0078 3872  asc - ok
15:05:42.0093 3872  asc3350p - ok
15:05:42.0093 3872  asc3550 - ok
15:05:42.0375 3872  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:05:42.0546 3872  aspnet_state - ok
15:05:42.0609 3872  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:05:43.0890 3872  AsyncMac - ok
15:05:43.0968 3872  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:05:46.0796 3872  atapi - ok
15:05:46.0812 3872  Atdisk - ok
15:05:46.0875 3872  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:05:48.0156 3872  Atmarpc - ok
15:05:48.0218 3872  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:05:48.0828 3872  AudioSrv - ok
15:05:48.0875 3872  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:05:49.0328 3872  audstub - ok
15:05:49.0390 3872  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:05:49.0937 3872  Beep - ok
15:05:49.0953 3872  [ 32593BE9522C1A2E6448826BDC59E491 ] BITS            C:\WINDOWS\System32\qmgr.dll
15:05:50.0046 3872  Suspicious file (Forged): C:\WINDOWS\System32\qmgr.dll. Real md5: 32593BE9522C1A2E6448826BDC59E491, Fake md5: 574738F61FCA2935F5265DC4E5691314
15:05:50.0046 3872  BITS ( ForgedFile.Multi.Generic ) - warning
15:05:50.0046 3872  BITS - detected ForgedFile.Multi.Generic (1)
15:05:50.0109 3872  [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser         C:\WINDOWS\System32\browser.dll
15:05:50.0203 3872  Browser - ok
15:05:50.0265 3872  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:05:50.0859 3872  cbidf2k - ok
15:05:50.0906 3872  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:05:51.0515 3872  CCDECODE - ok
15:05:51.0515 3872  cd20xrnt - ok
15:05:51.0562 3872  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:05:52.0234 3872  Cdaudio - ok
15:05:52.0312 3872  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:05:52.0843 3872  Cdfs - ok
15:05:52.0875 3872  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:05:52.0921 3872  Cdrom - ok
15:05:52.0921 3872  Changer - ok
15:05:52.0953 3872  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:05:53.0484 3872  CiSvc - ok
15:05:53.0500 3872  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:05:54.0265 3872  ClipSrv - ok
15:05:54.0531 3872  [ EAC81949CDBDB8B084FBA12048D13350 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:05:54.0593 3872  Suspicious file (Forged): c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe. Real md5: EAC81949CDBDB8B084FBA12048D13350, Fake md5: D87ACAED61E417BBA546CED5E7E36D9C
15:05:54.0609 3872  clr_optimization_v2.0.50727_32 ( ForgedFile.Multi.Generic ) - warning
15:05:54.0609 3872  clr_optimization_v2.0.50727_32 - detected ForgedFile.Multi.Generic (1)
15:05:54.0656 3872  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:05:55.0250 3872  CmBatt - ok
15:05:55.0250 3872  CmdIde - ok
15:05:55.0343 3872  [ D6520CEA03C4726DC7466620DF42F626 ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:05:55.0390 3872  Suspicious file (Forged): C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe. Real md5: D6520CEA03C4726DC7466620DF42F626, Fake md5: 7795F8CEBC284A426B53F541E538695F
15:05:55.0390 3872  Com4QLBEx ( ForgedFile.Multi.Generic ) - warning
15:05:55.0390 3872  Com4QLBEx - detected ForgedFile.Multi.Generic (1)
15:05:55.0406 3872  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:05:56.0562 3872  Compbatt - ok
15:05:56.0578 3872  COMSysApp - ok
15:05:56.0593 3872  Cpqarray - ok
15:05:56.0625 3872  [ 10BF06E7D1F0A57D526258D32467C5CB ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:05:56.0656 3872  Suspicious file (Forged): C:\WINDOWS\System32\cryptsvc.dll. Real md5: 10BF06E7D1F0A57D526258D32467C5CB, Fake md5: 3D4E199942E29207970E04315D02AD3B
15:05:56.0656 3872  CryptSvc ( ForgedFile.Multi.Generic ) - warning
15:05:56.0656 3872  CryptSvc - detected ForgedFile.Multi.Generic (1)
15:05:56.0671 3872  dac2w2k - ok
15:05:56.0671 3872  dac960nt - ok
15:05:56.0718 3872  [ 05430DBCB8F5C55E9BD3534E07F8A5E8 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:05:56.0812 3872  Suspicious file (Forged): C:\WINDOWS\system32\rpcss.dll. Real md5: 05430DBCB8F5C55E9BD3534E07F8A5E8, Fake md5: 9222562D44021B988B9F9F62207FB6F2
15:05:56.0812 3872  DcomLaunch ( ForgedFile.Multi.Generic ) - warning
15:05:56.0812 3872  DcomLaunch - detected ForgedFile.Multi.Generic (1)
15:05:56.0859 3872  [ 93C0826CD8B704492835F143CCCBE4DA ] defensewall_serv C:\WINDOWS\system32\defensewall_serv.exe
15:05:56.0921 3872  Suspicious file (Forged): C:\WINDOWS\system32\defensewall_serv.exe. Real md5: 93C0826CD8B704492835F143CCCBE4DA, Fake md5: B01EF57049F77E88ED1F6943F5AE6731
15:05:56.0921 3872  defensewall_serv ( ForgedFile.Multi.Generic ) - warning
15:05:56.0921 3872  defensewall_serv - detected ForgedFile.Multi.Generic (1)
15:05:56.0968 3872  [ 5077987FC023B52732ED470D854F3361 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:05:57.0046 3872  Suspicious file (Forged): C:\WINDOWS\System32\dhcpcsvc.dll. Real md5: 5077987FC023B52732ED470D854F3361, Fake md5: C51DE19619D50CBD03708647ACA10E70
15:05:57.0046 3872  Dhcp ( ForgedFile.Multi.Generic ) - warning
15:05:57.0046 3872  Dhcp - detected ForgedFile.Multi.Generic (1)
15:05:57.0062 3872  [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:05:57.0187 3872  Disk - ok
15:05:57.0203 3872  dmadmin - ok
15:05:57.0234 3872  [ E8BD266C43CD750CAD9A0F503523FF48 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:05:57.0453 3872  Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmboot.sys. Real md5: E8BD266C43CD750CAD9A0F503523FF48, Fake md5: D992FE1274BDE0F84AD826ACAE022A41
15:05:57.0453 3872  dmboot ( ForgedFile.Multi.Generic ) - warning
15:05:57.0453 3872  dmboot - detected ForgedFile.Multi.Generic (1)
15:05:57.0468 3872  [ 77ADD54CFDAAA435DBC5CE5D98C09B25 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:05:57.0515 3872  Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 77ADD54CFDAAA435DBC5CE5D98C09B25, Fake md5: 7C824CF7BBDE77D95C08005717A95F6F
15:05:57.0531 3872  dmio ( ForgedFile.Multi.Generic ) - warning
15:05:57.0531 3872  dmio - detected ForgedFile.Multi.Generic (1)
15:05:57.0609 3872  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:06:01.0718 3872  dmload - ok
15:06:01.0781 3872  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:06:04.0375 3872  dmserver - ok
15:06:04.0406 3872  [ B6EEFEE9CAB6A5952A5CCB2667660AAB ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:06:04.0453 3872  Suspicious file (Forged): C:\WINDOWS\system32\drivers\DMusic.sys. Real md5: B6EEFEE9CAB6A5952A5CCB2667660AAB, Fake md5: 8A208DFCF89792A484E76C40E5F50B45
15:06:04.0453 3872  DMusic ( ForgedFile.Multi.Generic ) - warning
15:06:04.0453 3872  DMusic - detected ForgedFile.Multi.Generic (1)
15:06:04.0484 3872  [ 38DB21372EE1BFD22B95E3AFBA496147 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:06:04.0500 3872  Suspicious file (Forged): C:\WINDOWS\System32\dnsrslvr.dll. Real md5: 38DB21372EE1BFD22B95E3AFBA496147, Fake md5: D977659AE4D8ECE5286D99D1ED34614D
15:06:04.0500 3872  Dnscache ( ForgedFile.Multi.Generic ) - warning
15:06:04.0500 3872  Dnscache - detected ForgedFile.Multi.Generic (1)
15:06:04.0515 3872  [ 662D57727604CCAF459E8ADFD4E3A0A7 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:06:04.0578 3872  Suspicious file (Forged): C:\WINDOWS\System32\dot3svc.dll. Real md5: 662D57727604CCAF459E8ADFD4E3A0A7, Fake md5: B4109C8C3D54C83246997A777724F318
15:06:04.0578 3872  Dot3svc ( ForgedFile.Multi.Generic ) - warning
15:06:04.0578 3872  Dot3svc - detected ForgedFile.Multi.Generic (1)
15:06:04.0578 3872  dpti2o - ok
15:06:04.0765 3872  [ 88543501F3780425BB58C9E1DF9D8969 ] DragonUpdater   C:\Program Files\Comodo\Dragon\dragon_updater.exe
15:06:05.0312 3872  Suspicious file (Forged): C:\Program Files\Comodo\Dragon\dragon_updater.exe. Real md5: 88543501F3780425BB58C9E1DF9D8969, Fake md5: F8BCE77F950E5112D7087DCA2A2174D8
 
 
2 TDSSKiller Logs after restarted my machine :
 
 
15:11:39.0921 2512  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:11:40.0062 2512  ============================================================
15:11:40.0062 2512  Current date / time: 2013/03/20 15:11:40.0062
15:11:40.0062 2512  SystemInfo:
15:11:40.0062 2512  
15:11:40.0062 2512  OS Version: 5.1.2600 ServicePack: 3.0
15:11:40.0062 2512  Product type: Workstation
15:11:40.0062 2512  ComputerName: HP_PAVILION
15:11:40.0078 2512  UserName: Administrator
15:11:40.0078 2512  Windows directory: C:\WINDOWS
15:11:40.0078 2512  System windows directory: C:\WINDOWS
15:11:40.0078 2512  Processor architecture: Intel x86
15:11:40.0078 2512  Number of processors: 2
15:11:40.0078 2512  Page size: 0x1000
15:11:40.0078 2512  Boot type: Safe boot with network
15:11:40.0078 2512  ============================================================
15:11:42.0093 2512  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:11:42.0125 2512  Drive \Device\Harddisk1\DR2 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:11:42.0140 2512  ============================================================
15:11:42.0140 2512  \Device\Harddisk0\DR0:
15:11:42.0140 2512  MBR partitions:
15:11:42.0140 2512  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A19000
15:11:42.0140 2512  \Device\Harddisk1\DR2:
15:11:42.0140 2512  MBR partitions:
15:11:42.0140 2512  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x776127
15:11:42.0140 2512  ============================================================
15:11:42.0171 2512  C: <-> \Device\Harddisk0\DR0\Partition1
15:11:42.0171 2512  ============================================================
15:11:42.0171 2512  Initialize success
15:11:42.0171 2512  ============================================================
15:11:49.0109 2468  Deinitialize success
 
 
15:14:10.0796 0440  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:14:11.0125 0440  ============================================================
15:14:11.0125 0440  Current date / time: 2013/03/20 15:14:11.0125
15:14:11.0125 0440  SystemInfo:
15:14:11.0125 0440  
15:14:11.0125 0440  OS Version: 5.1.2600 ServicePack: 3.0
15:14:11.0125 0440  Product type: Workstation
15:14:11.0125 0440  ComputerName: HP_PAVILION
15:14:11.0125 0440  UserName: Administrator
15:14:11.0125 0440  Windows directory: C:\WINDOWS
15:14:11.0125 0440  System windows directory: C:\WINDOWS
15:14:11.0125 0440  Processor architecture: Intel x86
15:14:11.0125 0440  Number of processors: 2
15:14:11.0125 0440  Page size: 0x1000
15:14:11.0125 0440  Boot type: Safe boot with network
15:14:11.0125 0440  ============================================================
15:14:12.0546 0440  BG loaded
15:14:12.0906 0440  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:14:12.0906 0440  Drive \Device\Harddisk1\DR2 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:14:12.0906 0440  ============================================================
15:14:12.0906 0440  \Device\Harddisk0\DR0:
15:14:12.0921 0440  MBR partitions:
15:14:12.0921 0440  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A19000
15:14:12.0921 0440  \Device\Harddisk1\DR2:
15:14:12.0921 0440  MBR partitions:
15:14:12.0921 0440  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x776127
15:14:12.0921 0440  ============================================================
15:14:12.0953 0440  C: <-> \Device\Harddisk0\DR0\Partition1
15:14:12.0953 0440  ============================================================
15:14:12.0953 0440  Initialize success
15:14:12.0953 0440  ============================================================
15:14:19.0718 1248  ============================================================
15:14:19.0718 1248  Scan started
15:14:19.0718 1248  Mode: Manual; SigCheck; TDLFS; 
15:14:19.0718 1248  ============================================================
15:14:20.0062 1248  ================ Scan system memory ========================
15:14:20.0062 1248  System memory - ok
15:14:20.0062 1248  ================ Scan services =============================
15:14:20.0312 1248  [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc           C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
15:14:20.0718 1248  a2acc - ok
15:14:20.0921 1248  [ A7F08A73F2668FCD2B51A66751FA7FF3 ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
15:14:21.0171 1248  a2AntiMalware - ok
15:14:21.0281 1248  [ B0CC0B50441372157F31C4C023D43A3E ] A2DDA           C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
15:14:21.0296 1248  A2DDA - ok
15:14:21.0343 1248  [ 03BFDFAE9D150D43F4A19B5FBB892591 ] a2injectiondriver C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
15:14:21.0375 1248  a2injectiondriver - ok
15:14:21.0390 1248  [ 8DEA3FE12A6686573F16A06AD95D7AB9 ] a2util          C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
15:14:21.0421 1248  a2util - ok
15:14:21.0546 1248  Abiosdsk - ok
15:14:21.0562 1248  abp480n5 - ok
15:14:21.0656 1248  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:14:23.0343 1248  ACPI - ok
15:14:23.0406 1248  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:14:23.0640 1248  ACPIEC - ok
15:14:23.0828 1248  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:14:23.0859 1248  AdobeFlashPlayerUpdateSvc - ok
15:14:23.0890 1248  adpu160m - ok
15:14:23.0968 1248  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:14:24.0187 1248  aec - ok
15:14:24.0312 1248  [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:14:24.0421 1248  AFD - ok
15:14:24.0437 1248  Aha154x - ok
15:14:24.0468 1248  aic78u2 - ok
15:14:24.0515 1248  aic78xx - ok
15:14:24.0593 1248  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:14:24.0796 1248  Alerter - ok
15:14:24.0859 1248  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
15:14:25.0015 1248  ALG - ok
15:14:25.0031 1248  AliIde - ok
15:14:25.0062 1248  amsint - ok
15:14:25.0140 1248  APHbx0iE - ok
15:14:25.0203 1248  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:14:25.0328 1248  AppMgmt - ok
15:14:25.0375 1248  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:14:25.0546 1248  Arp1394 - ok
15:14:25.0562 1248  asc - ok
15:14:25.0609 1248  asc3350p - ok
15:14:25.0640 1248  asc3550 - ok
15:14:25.0859 1248  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:14:25.0937 1248  aspnet_state - ok
15:14:25.0984 1248  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:14:26.0187 1248  AsyncMac - ok
15:14:26.0296 1248  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:14:26.0484 1248  atapi - ok
15:14:26.0515 1248  Atdisk - ok
15:14:26.0546 1248  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:14:26.0781 1248  Atmarpc - ok
15:14:26.0875 1248  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:14:27.0078 1248  AudioSrv - ok
15:14:27.0156 1248  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:14:27.0375 1248  audstub - ok
15:14:27.0453 1248  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:14:27.0656 1248  Beep - ok
15:14:27.0734 1248  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\System32\qmgr.dll
15:14:28.0000 1248  BITS - ok
15:14:28.0109 1248  [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser         C:\WINDOWS\System32\browser.dll
15:14:28.0187 1248  Browser - ok
15:14:28.0250 1248  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:14:28.0453 1248  cbidf2k - ok
15:14:28.0515 1248  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:14:28.0703 1248  CCDECODE - ok
15:14:28.0734 1248  cd20xrnt - ok
15:14:28.0796 1248  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:14:29.0000 1248  Cdaudio - ok
15:14:29.0062 1248  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:14:29.0250 1248  Cdfs - ok
15:14:29.0296 1248  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:14:29.0343 1248  Cdrom - ok
15:14:29.0359 1248  Changer - ok
15:14:29.0437 1248  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:14:29.0625 1248  CiSvc - ok
15:14:29.0718 1248  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:14:29.0921 1248  ClipSrv - ok
15:14:29.0968 1248  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:14:30.0140 1248  clr_optimization_v2.0.50727_32 - ok
15:14:30.0218 1248  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:14:30.0406 1248  CmBatt - ok
15:14:30.0421 1248  CmdIde - ok
15:14:30.0578 1248  [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:14:30.0609 1248  Com4QLBEx - ok
15:14:30.0671 1248  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:14:30.0859 1248  Compbatt - ok
15:14:30.0875 1248  COMSysApp - ok
15:14:30.0953 1248  Cpqarray - ok
15:14:31.0078 1248  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:14:31.0281 1248  CryptSvc - ok
15:14:31.0296 1248  dac2w2k - ok
15:14:31.0343 1248  dac960nt - ok
15:14:31.0468 1248  [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:14:31.0593 1248  DcomLaunch - ok
15:14:31.0656 1248  [ B01EF57049F77E88ED1F6943F5AE6731 ] defensewall_serv C:\WINDOWS\system32\defensewall_serv.exe
15:14:31.0687 1248  defensewall_serv - ok
15:14:31.0765 1248  [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:14:31.0828 1248  Dhcp - ok
15:14:31.0875 1248  [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:14:31.0921 1248  Disk - ok
15:14:31.0937 1248  dmadmin - ok
15:14:32.0031 1248  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:14:32.0281 1248  dmboot - ok
15:14:32.0296 1248  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:14:32.0515 1248  dmio - ok
15:14:32.0562 1248  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:14:32.0734 1248  dmload - ok
15:14:32.0812 1248  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:14:33.0000 1248  dmserver - ok
15:14:33.0109 1248  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:14:33.0296 1248  DMusic - ok
15:14:33.0406 1248  [ D977659AE4D8ECE5286D99D1ED34614D ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:14:33.0500 1248  Dnscache - ok
15:14:33.0546 1248  [ B4109C8C3D54C83246997A777724F318 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:14:33.0609 1248  Dot3svc - ok
15:14:33.0625 1248  dpti2o - ok
15:14:33.0859 1248  [ F8BCE77F950E5112D7087DCA2A2174D8 ] DragonUpdater   C:\Program Files\Comodo\Dragon\dragon_updater.exe
15:14:34.0015 1248  DragonUpdater - ok
15:14:34.0093 1248  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:14:34.0265 1248  drmkaud - ok
15:14:34.0375 1248  [ B365DD809489354F56C1B38394C93CF3 ] dwall           C:\WINDOWS\system32\Drivers\dwall.sys
15:14:34.0421 1248  dwall - ok
15:14:34.0546 1248  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:14:34.0734 1248  EapHost - ok
15:14:34.0828 1248  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:14:35.0000 1248  ERSvc - ok
15:14:35.0078 1248  [ C519E15665CD89A91AD383FCE3CB556A ] Eventlog        C:\WINDOWS\system32\services.exe
15:14:35.0203 1248  Eventlog - ok
15:14:35.0250 1248  [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem     C:\WINDOWS\system32\es.dll
15:14:35.0328 1248  EventSystem - ok
15:14:35.0390 1248  [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat           C:\WINDOWS\system32\drivers\exFat.sys
15:14:35.0484 1248  exFat - ok
15:14:35.0562 1248  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:14:35.0765 1248  Fastfat - ok
15:14:35.0875 1248  [ 888CD7B39C37E13A2419BECFAAF0A28C ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:14:35.0984 1248  FastUserSwitchingCompatibility - ok
15:14:36.0015 1248  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
15:14:36.0203 1248  Fdc - ok
15:14:36.0296 1248  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:14:36.0500 1248  Fips - ok
15:14:36.0546 1248  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
15:14:36.0718 1248  Flpydisk - ok
15:14:36.0828 1248  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:14:37.0000 1248  FltMgr - ok
15:14:37.0125 1248  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:14:37.0156 1248  FontCache3.0.0.0 - ok
15:14:37.0218 1248  [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:14:37.0281 1248  Fs_Rec - ok
15:14:37.0343 1248  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:14:37.0531 1248  Ftdisk - ok
15:14:37.0609 1248  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:14:37.0812 1248  Gpc - ok
15:14:37.0937 1248  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:14:37.0968 1248  gupdate - ok
15:14:37.0984 1248  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:14:38.0015 1248  gupdatem - ok
15:14:38.0078 1248  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:14:38.0281 1248  HDAudBus - ok
15:14:38.0437 1248  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:14:38.0609 1248  helpsvc - ok
15:14:38.0656 1248  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
15:14:38.0843 1248  HidServ - ok
15:14:38.0937 1248  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:14:39.0140 1248  HidUsb - ok
15:14:39.0328 1248  [ A1E0956D758A1BCEC8599EAD2E37329A ] HipEnforceDriver C:\Program Files\InfoProcess\AntiHook\3.0\HipEnforceDriver.sys
15:14:39.0343 1248  HipEnforceDriver ( UnsignedFile.Multi.Generic ) - warning
15:14:39.0343 1248  HipEnforceDriver - detected UnsignedFile.Multi.Generic (1)
15:14:39.0390 1248  [ 184BC9A87A2CA0C8D152519894630655 ] HipService      C:\Program Files\InfoProcess\AntiHook\3.0\HipService.exe
15:14:39.0406 1248  HipService ( UnsignedFile.Multi.Generic ) - warning
15:14:39.0406 1248  HipService - detected UnsignedFile.Multi.Generic (1)
15:14:39.0468 1248  [ 7602D89068E124D55B91ED3072B7F442 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
15:14:39.0500 1248  HitmanProScheduler - ok
15:14:39.0562 1248  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:14:39.0734 1248  hkmsvc - ok
15:14:39.0765 1248  hpn - ok
15:14:39.0890 1248  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
15:14:39.0937 1248  HpqKbFiltr - ok
15:14:39.0984 1248  [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid       C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys
15:14:40.0031 1248  HpqRemHid - ok
15:14:40.0093 1248  [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:14:40.0125 1248  hpqwmiex - ok
15:14:40.0171 1248  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:14:40.0390 1248  HPZid412 - ok
15:14:40.0421 1248  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:14:40.0500 1248  HPZipr12 - ok
15:14:40.0546 1248  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:14:40.0625 1248  HPZius12 - ok
15:14:40.0687 1248  [ 937031C085718C1C04A9C0864625EC6B ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:14:40.0765 1248  HTTP - ok
15:14:40.0843 1248  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:14:41.0046 1248  HTTPFilter - ok
15:14:41.0078 1248  i2omgmt - ok
15:14:41.0109 1248  i2omp - ok
15:14:41.0234 1248  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:14:41.0421 1248  i8042prt - ok
15:14:41.0593 1248  [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
15:14:41.0625 1248  IAANTMON - ok
15:14:41.0718 1248  [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:14:41.0750 1248  iaStor - ok
15:14:41.0765 1248  [ E5A0034847537EAEE3C00349D5C34C5F ] iastor3         C:\WINDOWS\system32\drivers\iastor3.sys
15:14:41.0843 1248  iastor3 - ok
15:14:41.0953 1248  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:14:42.0031 1248  idsvc - ok
15:14:42.0109 1248  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:14:42.0312 1248  Imapi - ok
15:14:42.0375 1248  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:14:42.0562 1248  ImapiService - ok
15:14:42.0593 1248  ini910u - ok
15:14:42.0953 1248  [ 921F2452A8D3A10083DDD824FC8C267F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:14:43.0453 1248  IntcAzAudAddService - ok
15:14:43.0468 1248  IntelIde - ok
15:14:43.0562 1248  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:14:43.0765 1248  intelppm - ok
15:14:43.0812 1248  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:14:43.0984 1248  Ip6Fw - ok
15:14:44.0046 1248  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:14:44.0234 1248  IpFilterDriver - ok
15:14:44.0328 1248  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:14:44.0515 1248  IpInIp - ok
15:14:44.0562 1248  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:14:44.0765 1248  IpNat - ok
15:14:44.0843 1248  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:14:45.0015 1248  IPSec - ok
15:14:45.0109 1248  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:14:45.0234 1248  IRENUM - ok
15:14:45.0296 1248  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:14:45.0500 1248  isapnp - ok
15:14:45.0609 1248  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:14:45.0640 1248  JavaQuickStarterService - ok
15:14:45.0671 1248  k0wf4wx6 - ok
15:14:45.0750 1248  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:14:45.0953 1248  Kbdclass - ok
15:14:46.0046 1248  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:14:46.0218 1248  kbdhid - ok
15:14:46.0296 1248  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:14:46.0500 1248  kmixer - ok
15:14:46.0562 1248  [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:14:46.0671 1248  KSecDD - ok
15:14:46.0718 1248  [ 79D1DBFEC599EC47244AF7B06AE2A04E ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:14:46.0750 1248  L8042Kbd - ok
15:14:46.0828 1248  [ 3695B8D03745B2F8022B161238347A9D ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
15:14:46.0937 1248  LanmanServer - ok
15:14:47.0015 1248  [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:14:47.0078 1248  lanmanworkstation - ok
15:14:47.0109 1248  lbrtfdc - ok
15:14:47.0281 1248  [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:14:47.0312 1248  LightScribeService - ok
15:14:47.0359 1248  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:14:47.0546 1248  LmHosts - ok
15:14:47.0578 1248  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
15:14:47.0781 1248  Messenger - ok
15:14:47.0875 1248  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
15:14:48.0046 1248  mnmdd - ok
15:14:48.0125 1248  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:14:48.0296 1248  mnmsrvc - ok
15:14:48.0406 1248  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:14:48.0593 1248  Modem - ok
15:14:48.0656 1248  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:14:48.0843 1248  MODEMCSA - ok
15:14:48.0906 1248  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:14:49.0078 1248  Mouclass - ok
15:14:49.0156 1248  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:14:49.0359 1248  mouhid - ok
15:14:49.0468 1248  [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:14:49.0531 1248  MountMgr - ok
15:14:49.0546 1248  mraid35x - ok
15:14:49.0593 1248  [ 4FEFD389D71126EE581B9F9CB2918BE4 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:14:49.0687 1248  MRxDAV - ok
15:14:49.0734 1248  [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:14:49.0812 1248  MRxSmb - ok
15:14:49.0875 1248  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:14:50.0078 1248  MSDTC - ok
15:14:50.0156 1248  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:14:50.0359 1248  Msfs - ok
15:14:50.0375 1248  MSIServer - ok
15:14:50.0468 1248  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:14:50.0671 1248  MSKSSRV - ok
15:14:50.0687 1248  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:14:50.0875 1248  MSPCLOCK - ok
15:14:50.0953 1248  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:14:51.0140 1248  MSPQM - ok
15:14:51.0234 1248  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:14:51.0453 1248  mssmbios - ok
15:14:51.0484 1248  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
15:14:51.0656 1248  MSTEE - ok
15:14:51.0781 1248  [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:14:51.0875 1248  Mup - ok
15:14:51.0890 1248  [ D74224C4D52AC609A89C83791E5A709C ] mv61xxmm        C:\WINDOWS\system32\drivers\mv61xxmm.sys
15:14:51.0921 1248  mv61xxmm - ok
15:14:51.0968 1248  [ 93A609C515C87F604C09F78E80E03F1D ] mvxxmm          C:\WINDOWS\system32\drivers\mvxxmm.sys
15:14:51.0984 1248  mvxxmm - ok
15:14:52.0031 1248  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:14:52.0218 1248  NABTSFEC - ok
15:14:52.0328 1248  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:14:52.0531 1248  napagent - ok
15:14:52.0609 1248  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:14:52.0812 1248  NDIS - ok
15:14:52.0890 1248  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:14:53.0062 1248  NdisIP - ok
15:14:53.0140 1248  [ 091735A5F20ACB1DC147383A905AE002 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:14:53.0218 1248  NdisTapi - ok
15:14:53.0281 1248  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:14:53.0468 1248  Ndisuio - ok
15:14:53.0484 1248  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:14:53.0687 1248  NdisWan - ok
15:14:53.0750 1248  [ 816460BD4B4ACD27937D1D0813E2E9E9 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:14:53.0859 1248  NDProxy - ok
15:14:53.0937 1248  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:14:54.0140 1248  NetBIOS - ok
15:14:54.0218 1248  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:14:54.0406 1248  NetBT - ok
15:14:54.0500 1248  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:14:54.0687 1248  NetDDE - ok
15:14:54.0703 1248  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:14:54.0890 1248  NetDDEdsdm - ok
15:14:54.0968 1248  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:14:55.0156 1248  Netlogon - ok
15:14:55.0250 1248  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
15:14:55.0453 1248  Netman - ok
15:14:55.0515 1248  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:14:55.0546 1248  NetTcpPortSharing - ok
15:14:55.0890 1248  [ 72062B53186E4A3F5FCBC41EBB62B905 ] NETwLx32        C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
15:14:56.0265 1248  NETwLx32 - ok
15:14:56.0312 1248  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:14:56.0515 1248  NIC1394 - ok
15:14:56.0578 1248  [ FCEE5FCB99F7C724593365C706D28388 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:14:56.0625 1248  Nla - ok
15:14:56.0671 1248  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:14:56.0875 1248  Npfs - ok
15:14:56.0968 1248  [ 4C51D5275AE8A16999EDFE7E647D00DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:14:57.0078 1248  Ntfs - ok
15:14:57.0125 1248  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:14:57.0296 1248  NtLmSsp - ok
15:14:57.0375 1248  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:14:57.0593 1248  NtmsSvc - ok
15:14:57.0656 1248  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:14:57.0843 1248  Null - ok
15:14:58.0375 1248  [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:14:59.0296 1248  nv - ok
15:14:59.0359 1248  [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
15:14:59.0390 1248  nvsvc - ok
15:14:59.0453 1248  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:14:59.0640 1248  NwlnkFlt - ok
15:14:59.0671 1248  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:14:59.0875 1248  NwlnkFwd - ok
15:14:59.0937 1248  [ 2553F7C60B8D291B5A812245E6D4DA6E ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:15:00.0015 1248  ohci1394 - ok
15:15:00.0109 1248  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:15:00.0140 1248  ose - ok
15:15:00.0187 1248  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
15:15:00.0375 1248  Parport - ok
15:15:00.0468 1248  [ 6DDCF3F801EC15FE698F6A215CF30A1F ] Partizan        C:\WINDOWS\system32\drivers\Partizan.sys
15:15:00.0500 1248  Partizan - ok
15:15:00.0546 1248  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:15:00.0718 1248  PartMgr - ok
15:15:00.0812 1248  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:15:01.0000 1248  ParVdm - ok
15:15:01.0109 1248  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:15:01.0312 1248  PCI - ok
15:15:01.0328 1248  PCIDump - ok
15:15:01.0421 1248  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:15:01.0609 1248  PCIIde - ok
15:15:01.0656 1248  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:15:01.0828 1248  Pcmcia - ok
15:15:01.0843 1248  PDCOMP - ok
15:15:01.0890 1248  PDFRAME - ok
15:15:01.0953 1248  PDRELI - ok
15:15:01.0984 1248  PDRFRAME - ok
15:15:02.0031 1248  perc2 - ok
15:15:02.0062 1248  perc2hib - ok
15:15:02.0234 1248  [ C519E15665CD89A91AD383FCE3CB556A ] PlugPlay        C:\WINDOWS\system32\services.exe
15:15:02.0265 1248  PlugPlay - ok
15:15:02.0296 1248  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:15:02.0468 1248  PolicyAgent - ok
15:15:02.0531 1248  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:15:02.0718 1248  PptpMiniport - ok
15:15:02.0765 1248  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:15:02.0937 1248  ProtectedStorage - ok
15:15:03.0046 1248  [ D8E11D311785F89F1D70A28B0E879127 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:15:03.0125 1248  PSched - ok
15:15:03.0156 1248  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:15:03.0343 1248  Ptilink - ok
15:15:03.0359 1248  ql1080 - ok
15:15:03.0390 1248  Ql10wnt - ok
15:15:03.0437 1248  ql12160 - ok
15:15:03.0468 1248  ql1240 - ok
15:15:03.0515 1248  ql1280 - ok
15:15:03.0546 1248  Qxg4rk0E - ok
15:15:03.0750 1248  [ AE845C6B4305AAD70B9FE2C1F2D4593D ] RapportIaso     c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
15:15:03.0781 1248  RapportIaso - ok
15:15:03.0843 1248  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:15:04.0031 1248  RasAcd - ok
15:15:04.0093 1248  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:15:04.0265 1248  RasAuto - ok
15:15:04.0343 1248  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:15:04.0546 1248  Rasl2tp - ok
15:15:04.0656 1248  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:15:04.0828 1248  RasMan - ok
15:15:04.0859 1248  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:15:05.0046 1248  RasPppoe - ok
15:15:05.0125 1248  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:15:05.0312 1248  Raspti - ok
15:15:05.0437 1248  [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:15:05.0500 1248  Rdbss - ok
15:15:05.0562 1248  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:15:05.0734 1248  RDPCDD - ok
15:15:05.0859 1248  [ 47EA20320E3D6FDC7B7BB22B2B881CA6 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:15:05.0937 1248  rdpdr - ok
15:15:06.0000 1248  [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:15:06.0078 1248  RDPWD - ok
15:15:06.0140 1248  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:15:06.0328 1248  RDSessMgr - ok
15:15:06.0421 1248  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:15:06.0609 1248  redbook - ok
15:15:06.0703 1248  [ 37ECEBDD930395A9C399FB18A3C236D3 ] RegGuard        C:\WINDOWS\system32\Drivers\regguard.sys
15:15:06.0718 1248  RegGuard - ok
15:15:06.0781 1248  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:15:06.0984 1248  RemoteAccess - ok
15:15:07.0078 1248  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
15:15:07.0265 1248  RemoteRegistry - ok
15:15:07.0375 1248  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:15:07.0421 1248  rimmptsk - ok
15:15:07.0453 1248  [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:15:07.0546 1248  rimsptsk - ok
15:15:07.0609 1248  [ ACE2CE73D7B04EAC48FB80482E05E770 ] risdptsk        C:\WINDOWS\system32\DRIVERS\risdptsk.sys
15:15:07.0671 1248  risdptsk - ok
15:15:07.0734 1248  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:15:07.0796 1248  rismxdp - ok
15:15:07.0859 1248  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:15:08.0031 1248  RpcLocator - ok
15:15:08.0078 1248  [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
15:15:08.0140 1248  RpcSs - ok
15:15:08.0328 1248  RSPHOOKANALYZER - ok
15:15:08.0390 1248  [ 743D7D59767073A617B1DCC6C546F234 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
15:15:08.0437 1248  rspndr - ok
15:15:08.0500 1248  [ BCBF88FABF84F0F76FD7B11DF65921FA ] rspSanity       C:\WINDOWS\system32\DRIVERS\rspSanity32.sys
15:15:08.0515 1248  rspSanity - ok
15:15:08.0593 1248  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:15:08.0765 1248  RSVP - ok
15:15:08.0875 1248  [ 1323BA3CA4E8D863EB00CD81C0AAF356 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:15:08.0906 1248  RTLE8023xp - ok
15:15:08.0937 1248  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:15:09.0109 1248  SamSs - ok
15:15:09.0203 1248  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:15:09.0390 1248  SCardSvr - ok
15:15:09.0515 1248  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:15:09.0703 1248  Schedule - ok
15:15:09.0812 1248  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:15:10.0000 1248  sdbus - ok
15:15:10.0078 1248  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:15:10.0203 1248  Secdrv - ok
15:15:10.0234 1248  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:15:10.0406 1248  seclogon - ok
15:15:10.0484 1248  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
15:15:10.0687 1248  SENS - ok
15:15:10.0734 1248  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
15:15:10.0921 1248  Serial - ok
15:15:11.0046 1248  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
15:15:11.0250 1248  Sfloppy - ok
15:15:11.0328 1248  [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:15:11.0390 1248  SharedAccess - ok
15:15:11.0437 1248  [ 888CD7B39C37E13A2419BECFAAF0A28C ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:15:11.0468 1248  ShellHWDetection - ok
15:15:11.0484 1248  Simbad - ok
15:15:11.0546 1248  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:15:11.0718 1248  SLIP - ok
15:15:11.0765 1248  Sparrow - ok
15:15:11.0828 1248  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:15:12.0031 1248  splitter - ok
15:15:12.0125 1248  [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:15:12.0203 1248  Spooler - ok
15:15:12.0281 1248  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:15:12.0406 1248  sr - ok
15:15:12.0453 1248  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:15:12.0593 1248  srservice - ok
15:15:12.0656 1248  [ 9B390283569EA58D43D2586032B892F5 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:15:12.0703 1248  Srv - ok
15:15:12.0796 1248  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:15:12.0937 1248  SSDPSRV - ok
15:15:13.0000 1248  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:15:13.0203 1248  stisvc - ok
15:15:13.0281 1248  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:15:13.0468 1248  streamip - ok
15:15:13.0531 1248  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:15:13.0703 1248  swenum - ok
15:15:13.0781 1248  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:15:13.0984 1248  swmidi - ok
15:15:14.0046 1248  SwPrv - ok
15:15:14.0078 1248  symc810 - ok
15:15:14.0125 1248  symc8xx - ok
15:15:14.0156 1248  sym_hi - ok
15:15:14.0187 1248  sym_u3 - ok
15:15:14.0296 1248  [ 996E2B85AB79C30500EDC1683A2CEFC6 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:15:14.0343 1248  SynTP - ok
15:15:14.0390 1248  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:15:14.0578 1248  sysaudio - ok
15:15:14.0640 1248  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:15:14.0812 1248  SysmonLog - ok
15:15:14.0875 1248  [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:15:14.0953 1248  TapiSrv - ok
15:15:15.0000 1248  [ 51E41F16ACD80B8B39C0AE703A213F09 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:15:15.0078 1248  Tcpip - ok
15:15:15.0140 1248  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:15:15.0312 1248  TDPIPE - ok
15:15:15.0406 1248  [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:15:15.0453 1248  TDTCP - ok
15:15:15.0484 1248  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:15:15.0671 1248  TermDD - ok
15:15:15.0750 1248  [ 5128852A18AE46C387F87BF27DA4C9DD ] TermService     C:\WINDOWS\System32\termsrv.dll
15:15:15.0812 1248  TermService - ok
15:15:15.0859 1248  [ 888CD7B39C37E13A2419BECFAAF0A28C ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:15:15.0890 1248  Themes - ok
15:15:15.0953 1248  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
15:15:16.0078 1248  TlntSvr - ok
15:15:16.0093 1248  TosIde - ok
15:15:16.0171 1248  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:15:16.0359 1248  TrkWks - ok
15:15:16.0468 1248  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:15:16.0656 1248  Udfs - ok
15:15:16.0671 1248  ultra - ok
15:15:16.0765 1248  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:15:16.0937 1248  Update - ok
15:15:17.0046 1248  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:15:17.0171 1248  upnphost - ok
15:15:17.0218 1248  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
15:15:17.0390 1248  UPS - ok
15:15:17.0484 1248  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:15:17.0671 1248  usbccgp - ok
15:15:17.0734 1248  [ 52674B5DBEE499342A599C7771ABECAA ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:15:17.0812 1248  usbehci - ok
15:15:17.0859 1248  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:15:18.0046 1248  usbhub - ok
15:15:18.0125 1248  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:15:18.0312 1248  usbprint - ok
15:15:18.0406 1248  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:15:18.0593 1248  usbscan - ok
15:15:18.0671 1248  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:15:18.0859 1248  USBSTOR - ok
15:15:18.0953 1248  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:15:19.0109 1248  usbuhci - ok
15:15:19.0218 1248  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
15:15:19.0390 1248  usbvideo - ok
15:15:19.0484 1248  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:15:19.0671 1248  VgaSave - ok
15:15:19.0703 1248  ViaIde - ok
15:15:19.0781 1248  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:15:19.0968 1248  VolSnap - ok
15:15:20.0062 1248  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
15:15:20.0203 1248  VSS - ok
15:15:20.0250 1248  [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time         C:\WINDOWS\system32\w32time.dll
15:15:20.0312 1248  W32Time - ok
15:15:20.0375 1248  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:15:20.0546 1248  Wanarp - ok
15:15:20.0640 1248  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:15:20.0671 1248  Wdf01000 - ok
15:15:20.0703 1248  WDICA - ok
15:15:20.0750 1248  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:15:20.0937 1248  wdmaud - ok
15:15:21.0031 1248  [ 703591CD1403BC19E7198CA7B314E132 ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:15:21.0109 1248  WebClient - ok
15:15:21.0250 1248  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:15:21.0437 1248  winmgmt - ok
15:15:21.0578 1248  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
15:15:21.0750 1248  WmdmPmSN - ok
15:15:21.0890 1248  [ C8A6C82F90B055149925DC7526B2D78C ] Wmi             C:\WINDOWS\System32\advapi32.dll
15:15:21.0968 1248  Wmi - ok
15:15:22.0000 1248  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:15:22.0171 1248  WmiAcpi - ok
15:15:22.0312 1248  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:15:22.0500 1248  WmiApSrv - ok
15:15:22.0593 1248  [ 05A73672C9D78F8AAA0B710983A74EB9 ] WRkrn           C:\WINDOWS\system32\drivers\WRkrn.sys
15:15:22.0625 1248  WRkrn - ok
15:15:22.0718 1248  [ 01BBF0A39294DF6FCDB5FEF555A740C2 ] WRSVC           C:\Program Files\Webroot\WRSA.exe
15:15:22.0765 1248  WRSVC - ok
15:15:22.0843 1248  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
15:15:23.0046 1248  wscsvc - ok
15:15:23.0078 1248  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:15:23.0250 1248  WSTCODEC - ok
15:15:23.0343 1248  [ DCB24800BF4616DC2DF5D38ED3EF4C27 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:15:23.0375 1248  wuauserv - ok
15:15:23.0453 1248  [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:15:23.0562 1248  WZCSVC - ok
15:15:23.0625 1248  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:15:23.0796 1248  xmlprov - ok
15:15:23.0906 1248  ================ Scan global ===============================
15:15:23.0953 1248  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:15:23.0953 1248  [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
15:15:23.0984 1248  [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
15:15:24.0015 1248  [ C519E15665CD89A91AD383FCE3CB556A ] C:\WINDOWS\system32\services.exe
15:15:24.0015 1248  [Global] - ok
15:15:24.0031 1248  ================ Scan MBR ==================================
15:15:24.0078 1248  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:15:24.0281 1248  \Device\Harddisk0\DR0 - ok
15:15:24.0312 1248  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR2
15:15:25.0125 1248  \Device\Harddisk1\DR2 - ok
15:15:25.0125 1248  ================ Scan VBR ==================================
15:15:25.0156 1248  [ 1FD967BF05882CAF837FB8E34CBA4189 ] \Device\Harddisk0\DR0\Partition1
15:15:25.0156 1248  \Device\Harddisk0\DR0\Partition1 - ok
15:15:25.0187 1248  [ 0D659F63968BB839F08827F6D317A97F ] \Device\Harddisk1\DR2\Partition1
15:15:25.0187 1248  \Device\Harddisk1\DR2\Partition1 - ok
15:15:25.0203 1248  ================ Scan active images ========================
15:15:25.0218 1248  [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
15:15:25.0218 1248  C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
15:15:25.0265 1248  [ 52674B5DBEE499342A599C7771ABECAA ] C:\WINDOWS\system32\drivers\usbehci.sys
15:15:25.0265 1248  C:\WINDOWS\system32\drivers\usbehci.sys - ok
15:15:25.0281 1248  [ 810834AA294A79B3B718EF55A6A58A48 ] C:\WINDOWS\system32\drivers\usbport.sys
15:15:25.0281 1248  C:\WINDOWS\system32\drivers\usbport.sys - ok
15:15:25.0312 1248  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
15:15:25.0312 1248  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
15:15:25.0359 1248  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
15:15:25.0359 1248  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
15:15:25.0390 1248  [ 72062B53186E4A3F5FCBC41EBB62B905 ] C:\WINDOWS\system32\drivers\NETwLx32.sys
15:15:25.0390 1248  C:\WINDOWS\system32\drivers\NETwLx32.sys - ok
15:15:25.0421 1248  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] C:\WINDOWS\system32\drivers\rimmptsk.sys
15:15:25.0421 1248  C:\WINDOWS\system32\drivers\rimmptsk.sys - ok
15:15:25.0468 1248  [ 9BFB54D3559F2FF7301271D29D383564 ] C:\WINDOWS\system32\drivers\rimsptsk.sys
15:15:25.0468 1248  C:\WINDOWS\system32\drivers\rimsptsk.sys - ok
15:15:25.0500 1248  [ 1323BA3CA4E8D863EB00CD81C0AAF356 ] C:\WINDOWS\system32\drivers\Rtenicxp.sys
15:15:25.0500 1248  C:\WINDOWS\system32\drivers\Rtenicxp.sys - ok
15:15:25.0515 1248  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] C:\WINDOWS\system32\drivers\rixdptsk.sys
15:15:25.0515 1248  C:\WINDOWS\system32\drivers\rixdptsk.sys - ok
15:15:25.0562 1248  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
15:15:25.0562 1248  C:\WINDOWS\system32\drivers\hidclass.sys - ok
15:15:25.0593 1248  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
15:15:25.0593 1248  C:\WINDOWS\system32\drivers\hidparse.sys - ok
15:15:25.0625 1248  [ 115C0933B3ED51DFBEC4449348C8065B ] C:\WINDOWS\system32\drivers\HpqRemHid.sys
15:15:25.0625 1248  C:\WINDOWS\system32\drivers\HpqRemHid.sys - ok
15:15:25.0671 1248  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
15:15:25.0671 1248  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
15:15:25.0703 1248  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
15:15:25.0703 1248  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
15:15:25.0734 1248  [ 79D1DBFEC599EC47244AF7B06AE2A04E ] C:\WINDOWS\system32\drivers\L8042Kbd.sys
15:15:25.0734 1248  C:\WINDOWS\system32\drivers\L8042Kbd.sys - ok
15:15:25.0765 1248  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
15:15:25.0765 1248  C:\WINDOWS\system32\drivers\usbd.sys - ok
15:15:25.0796 1248  [ 996E2B85AB79C30500EDC1683A2CEFC6 ] C:\WINDOWS\system32\drivers\SynTP.sys
15:15:25.0796 1248  C:\WINDOWS\system32\drivers\SynTP.sys - ok
15:15:25.0828 1248  [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
15:15:25.0828 1248  C:\WINDOWS\system32\drivers\wdfldr.sys - ok
15:15:25.0875 1248  [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
15:15:25.0875 1248  C:\WINDOWS\system32\drivers\wdf01000.sys - ok
15:15:25.0906 1248  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
15:15:25.0906 1248  C:\WINDOWS\system32\drivers\mouclass.sys - ok
15:15:25.0937 1248  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
15:15:25.0937 1248  C:\WINDOWS\system32\drivers\imapi.sys - ok
15:15:25.0984 1248  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] C:\WINDOWS\system32\drivers\cdrom.sys
15:15:25.0984 1248  C:\WINDOWS\system32\drivers\cdrom.sys - ok
15:15:26.0015 1248  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
15:15:26.0015 1248  C:\WINDOWS\system32\drivers\ks.sys - ok
15:15:26.0031 1248  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
15:15:26.0031 1248  C:\WINDOWS\system32\drivers\redbook.sys - ok
15:15:26.0078 1248  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
15:15:26.0078 1248  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
15:15:26.0109 1248  [ 091735A5F20ACB1DC147383A905AE002 ] C:\WINDOWS\system32\drivers\ndistapi.sys
15:15:26.0109 1248  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
15:15:26.0140 1248  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
15:15:26.0140 1248  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
15:15:26.0187 1248  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
15:15:26.0187 1248  C:\WINDOWS\system32\drivers\msgpc.sys - ok
15:15:26.0218 1248  [ D8E11D311785F89F1D70A28B0E879127 ] C:\WINDOWS\system32\drivers\psched.sys
15:15:26.0218 1248  C:\WINDOWS\system32\drivers\psched.sys - ok
15:15:26.0250 1248  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
15:15:26.0250 1248  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
15:15:26.0281 1248  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
15:15:26.0281 1248  C:\WINDOWS\system32\drivers\raspptp.sys - ok
15:15:26.0312 1248  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
15:15:26.0312 1248  C:\WINDOWS\system32\drivers\ptilink.sys - ok
15:15:26.0343 1248  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
15:15:26.0343 1248  C:\WINDOWS\system32\drivers\raspti.sys - ok
15:15:26.0390 1248  [ 47EA20320E3D6FDC7B7BB22B2B881CA6 ] C:\WINDOWS\system32\drivers\rdpdr.sys
15:15:26.0390 1248  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
15:15:26.0421 1248  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
15:15:26.0421 1248  C:\WINDOWS\system32\drivers\termdd.sys - ok
15:15:26.0453 1248  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
15:15:26.0453 1248  C:\WINDOWS\system32\drivers\swenum.sys - ok
15:15:26.0500 1248  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
15:15:26.0500 1248  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
15:15:26.0531 1248  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
15:15:26.0531 1248  C:\WINDOWS\system32\drivers\update.sys - ok
15:15:26.0546 1248  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
15:15:26.0546 1248  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
15:15:26.0593 1248  [ 816460BD4B4ACD27937D1D0813E2E9E9 ] C:\WINDOWS\system32\drivers\ndproxy.sys
15:15:26.0593 1248  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
15:15:26.0625 1248  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
15:15:26.0625 1248  C:\WINDOWS\system32\drivers\usbhub.sys - ok
15:15:26.0656 1248  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
15:15:26.0656 1248  C:\WINDOWS\system32\drivers\fdc.sys - ok
15:15:26.0703 1248  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
15:15:26.0703 1248  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
15:15:26.0734 1248  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
15:15:26.0734 1248  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
15:15:26.0765 1248  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
15:15:26.0765 1248  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
15:15:26.0796 1248  [ 30D42943A54704EF13E2562911DBFCEA ] C:\WINDOWS\system32\drivers\fs_rec.sys
15:15:26.0796 1248  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
15:15:26.0828 1248  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
15:15:26.0828 1248  C:\WINDOWS\system32\drivers\beep.sys - ok
15:15:26.0859 1248  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
15:15:26.0859 1248  C:\WINDOWS\system32\drivers\null.sys - ok
15:15:26.0906 1248  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
15:15:26.0906 1248  C:\WINDOWS\system32\drivers\vga.sys - ok
15:15:26.0937 1248  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
15:15:26.0937 1248  C:\WINDOWS\system32\drivers\videoprt.sys - ok
15:15:26.0968 1248  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
15:15:26.0968 1248  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
15:15:27.0015 1248  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
15:15:27.0015 1248  C:\WINDOWS\system32\drivers\msfs.sys - ok
15:15:27.0046 1248  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
15:15:27.0046 1248  C:\WINDOWS\system32\drivers\npfs.sys - ok
15:15:27.0062 1248  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
15:15:27.0062 1248  C:\WINDOWS\system32\drivers\rasacd.sys - ok
15:15:27.0109 1248  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
15:15:27.0109 1248  C:\WINDOWS\system32\drivers\ipsec.sys - ok
15:15:27.0140 1248  [ 51E41F16ACD80B8B39C0AE703A213F09 ] C:\WINDOWS\system32\drivers\tcpip.sys
15:15:27.0140 1248  C:\WINDOWS\system32\drivers\tcpip.sys - ok
15:15:27.0171 1248  [ B365DD809489354F56C1B38394C93CF3 ] C:\WINDOWS\system32\drivers\dwall.sys
15:15:27.0171 1248  C:\WINDOWS\system32\drivers\dwall.sys - ok
15:15:27.0218 1248  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
15:15:27.0218 1248  C:\WINDOWS\system32\drivers\ipnat.sys - ok
15:15:27.0250 1248  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
15:15:27.0250 1248  C:\WINDOWS\system32\drivers\netbt.sys - ok
15:15:27.0281 1248  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
15:15:27.0281 1248  C:\WINDOWS\system32\drivers\cdfs.sys - ok
15:15:27.0312 1248  [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] C:\WINDOWS\system32\drivers\afd.sys
15:15:27.0312 1248  C:\WINDOWS\system32\drivers\afd.sys - ok
15:15:27.0343 1248  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
15:15:27.0343 1248  C:\WINDOWS\system32\drivers\netbios.sys - ok
15:15:27.0375 1248  [ 77050C6615F6EB5402F832B27FD695E0 ] C:\WINDOWS\system32\drivers\rdbss.sys
15:15:27.0375 1248  C:\WINDOWS\system32\drivers\rdbss.sys - ok
15:15:27.0421 1248  [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
15:15:27.0421 1248  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
15:15:27.0453 1248  [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\USBSTOR.SYS
15:15:27.0453 1248  C:\WINDOWS\system32\drivers\USBSTOR.SYS - ok
15:15:27.0484 1248  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
15:15:27.0484 1248  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
15:15:27.0531 1248  [ 15CE4DBC22FAB90B3CA5352AF1FFF81C ] C:\WINDOWS\system32\ntdll.dll
15:15:27.0531 1248  C:\WINDOWS\system32\ntdll.dll - ok
15:15:27.0562 1248  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
15:15:27.0562 1248  C:\WINDOWS\system32\smss.exe - ok
15:15:27.0578 1248  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
15:15:27.0578 1248  C:\WINDOWS\system32\drivers\hidusb.sys - ok
15:15:27.0625 1248  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
15:15:27.0625 1248  C:\WINDOWS\system32\drivers\mouhid.sys - ok
15:15:27.0656 1248  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
15:15:27.0656 1248  C:\WINDOWS\system32\autochk.exe - ok
15:15:27.0687 1248  [ E17798E1E6FF1CA9C67B8576570E05EE ] C:\WINDOWS\system32\sfcfiles.dll
15:15:27.0687 1248  C:\WINDOWS\system32\sfcfiles.dll - ok
15:15:27.0734 1248  [ F4037A3FEDB92DD97C95F320766EA5C9 ] C:\WINDOWS\system32\drivers\iaStor.sys
15:15:27.0734 1248  C:\WINDOWS\system32\drivers\iaStor.sys - ok
15:15:27.0765 1248  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
15:15:27.0765 1248  C:\WINDOWS\system32\drivers\dxapi.sys - ok
15:15:27.0796 1248  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
15:15:27.0796 1248  C:\WINDOWS\system32\watchdog.sys - ok
15:15:27.0828 1248  [ B57F6110AC77DFE6BA7E58A0FF699915 ] C:\WINDOWS\system32\win32k.sys
15:15:27.0828 1248  C:\WINDOWS\system32\win32k.sys - ok
15:15:27.0859 1248  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
15:15:27.0859 1248  C:\WINDOWS\system32\csrss.exe - ok
15:15:27.0890 1248  [ 693AD11C59926428871C11FA3C348A2A ] C:\WINDOWS\system32\csrsrv.dll
15:15:27.0890 1248  C:\WINDOWS\system32\csrsrv.dll - ok
15:15:27.0937 1248  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:15:27.0937 1248  C:\WINDOWS\system32\basesrv.dll - ok
15:15:27.0968 1248  [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
15:15:27.0968 1248  C:\WINDOWS\system32\winsrv.dll - ok
15:15:28.0000 1248  [ 1C0D6C10F3E6B8EC4938ECF2ABA862ED ] C:\WINDOWS\system32\gdi32.dll
15:15:28.0000 1248  C:\WINDOWS\system32\gdi32.dll - ok
15:15:28.0046 1248  [ 6CBFEEB384F04681AF75F495AA48DD32 ] C:\WINDOWS\system32\kernel32.dll
15:15:28.0046 1248  C:\WINDOWS\system32\kernel32.dll - ok
15:15:28.0078 1248  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
15:15:28.0078 1248  C:\WINDOWS\system32\user32.dll - ok
15:15:28.0093 1248  [ 012DF358CEBAA23ACB26D82077820817 ] C:\WINDOWS\system32\lpk.dll
15:15:28.0093 1248  C:\WINDOWS\system32\lpk.dll - ok
15:15:28.0125 1248  [ F8894BCC961D461674002B4BAE7AECC1 ] C:\WINDOWS\system32\usp10.dll
15:15:28.0125 1248  C:\WINDOWS\system32\usp10.dll - ok
15:15:28.0171 1248  [ C8A6C82F90B055149925DC7526B2D78C ] C:\WINDOWS\system32\advapi32.dll
15:15:28.0171 1248  C:\WINDOWS\system32\advapi32.dll - ok
15:15:28.0203 1248  [ 9A96A012E0D484AE4FEE9F5973515423 ] C:\WINDOWS\system32\rpcrt4.dll
15:15:28.0203 1248  C:\WINDOWS\system32\rpcrt4.dll - ok
15:15:28.0234 1248  [ 0A8D7A185B60F4C38B052824B0FC51DC ] C:\WINDOWS\system32\secur32.dll
15:15:28.0234 1248  C:\WINDOWS\system32\secur32.dll - ok
15:15:28.0281 1248  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
15:15:28.0281 1248  C:\WINDOWS\system32\drivers\dxg.sys - ok
15:15:28.0312 1248  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
15:15:28.0312 1248  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
15:15:28.0328 1248  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
15:15:28.0328 1248  C:\WINDOWS\system32\vga.dll - ok
15:15:28.0375 1248  [ C669A8B0A436641AAD3C2EADA780CBB9 ] C:\WINDOWS\system32\framebuf.dll
15:15:28.0375 1248  C:\WINDOWS\system32\framebuf.dll - ok
15:15:28.0406 1248  [ 1FB5E4AD68B9091148D2A28CF6831D77 ] C:\WINDOWS\system32\vga256.dll
15:15:28.0406 1248  C:\WINDOWS\system32\vga256.dll - ok
15:15:28.0437 1248  [ D5A9D4E5DFD788A5F427DEC60A278FBD ] C:\WINDOWS\system32\vga64k.dll
15:15:28.0437 1248  C:\WINDOWS\system32\vga64k.dll - ok
15:15:28.0484 1248  [ 53A8857723277B1D6D5EE60A9F85B117 ] C:\WINDOWS\system32\winlogon.exe
15:15:28.0484 1248  C:\WINDOWS\system32\winlogon.exe - ok
15:15:28.0515 1248  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
15:15:28.0515 1248  C:\WINDOWS\system32\authz.dll - ok
15:15:28.0546 1248  [ 06B8485FB1DA9A552B10AB978CD1AC85 ] C:\WINDOWS\system32\msvcrt.dll
15:15:28.0546 1248  C:\WINDOWS\system32\msvcrt.dll - ok
15:15:28.0578 1248  [ 59AF12635DE27D06019977BCF8621BBA ] C:\WINDOWS\system32\crypt32.dll
15:15:28.0578 1248  C:\WINDOWS\system32\crypt32.dll - ok
15:15:28.0609 1248  [ FC9E716B2913F6D40FA1A8720ED3E73A ] C:\WINDOWS\system32\msasn1.dll
15:15:28.0609 1248  C:\WINDOWS\system32\msasn1.dll - ok
15:15:28.0640 1248  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
15:15:28.0640 1248  C:\WINDOWS\system32\nddeapi.dll - ok
15:15:28.0687 1248  [ 6F8DCD60628DA34AB303CEADB5186043 ] C:\WINDOWS\system32\netapi32.dll
15:15:28.0687 1248  C:\WINDOWS\system32\netapi32.dll - ok
15:15:28.0718 1248  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
15:15:28.0718 1248  C:\WINDOWS\system32\profmap.dll - ok
15:15:28.0750 1248  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
15:15:28.0750 1248  C:\WINDOWS\system32\userenv.dll - ok
15:15:28.0796 1248  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
15:15:28.0796 1248  C:\WINDOWS\system32\psapi.dll - ok
15:15:28.0828 1248  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
15:15:28.0828 1248  C:\WINDOWS\system32\regapi.dll - ok
15:15:28.0843 1248  [ ED0CE2DEEC594778004306E3FA8CAC33 ] C:\WINDOWS\system32\setupapi.dll
15:15:28.0843 1248  C:\WINDOWS\system32\setupapi.dll - ok
15:15:28.0890 1248  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
15:15:28.0890 1248  C:\WINDOWS\system32\version.dll - ok
15:15:28.0921 1248  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
15:15:28.0921 1248  C:\WINDOWS\system32\winsta.dll - ok
15:15:28.0953 1248  [ BA529C83AD2F49693DE42FFBDE8D37AE ] C:\WINDOWS\system32\wintrust.dll
15:15:28.0953 1248  C:\WINDOWS\system32\wintrust.dll - ok
15:15:29.0000 1248  [ 2557B78A91D24E68C8873B04D7D6D9BB ] C:\WINDOWS\system32\imagehlp.dll
15:15:29.0000 1248  C:\WINDOWS\system32\imagehlp.dll - ok
15:15:29.0031 1248  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
15:15:29.0031 1248  C:\WINDOWS\system32\ws2_32.dll - ok
15:15:29.0062 1248  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
15:15:29.0062 1248  C:\WINDOWS\system32\ws2help.dll - ok
15:15:29.0078 1248  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
15:15:29.0078 1248  C:\WINDOWS\system32\imm32.dll - ok
15:15:29.0125 1248  [ 5713A519619FC93C30BF9AB23B14885A ] C:\WINDOWS\system32\kbdpo.dll
15:15:29.0125 1248  C:\WINDOWS\system32\kbdpo.dll - ok
15:15:29.0156 1248  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
15:15:29.0156 1248  C:\WINDOWS\system32\msgina.dll - ok
15:15:29.0203 1248  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
15:15:29.0203 1248  C:\WINDOWS\system32\comctl32.dll - ok
15:15:29.0234 1248  [ 1D604A51408D039E5692160C2DC44FF7 ] C:\WINDOWS\system32\odbc32.dll
15:15:29.0234 1248  C:\WINDOWS\system32\odbc32.dll - ok
15:15:29.0265 1248  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
15:15:29.0265 1248  C:\WINDOWS\system32\comdlg32.dll - ok
15:15:29.0312 1248  [ 0E235315C8FF6D9C0198F1E74604A681 ] C:\WINDOWS\system32\shell32.dll
15:15:29.0312 1248  C:\WINDOWS\system32\shell32.dll - ok
15:15:29.0328 1248  [ E2A710E33C19E5E9C1ACBF5DF4156109 ] C:\WINDOWS\system32\shlwapi.dll
15:15:29.0328 1248  C:\WINDOWS\system32\shlwapi.dll - ok
15:15:29.0359 1248  [ A3336EBD2527F6EB214F4593DCF67F6C ] C:\WINDOWS\system32\sxs.dll
15:15:29.0359 1248  C:\WINDOWS\system32\sxs.dll - ok
15:15:29.0406 1248  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
15:15:29.0406 1248  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
15:15:29.0437 1248  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
15:15:29.0437 1248  C:\WINDOWS\system32\odbcint.dll - ok
15:15:29.0468 1248  [ 888CD7B39C37E13A2419BECFAAF0A28C ] C:\WINDOWS\system32\shsvcs.dll
15:15:29.0468 1248  C:\WINDOWS\system32\shsvcs.dll - ok
15:15:29.0515 1248  [ 7D9DDE1AB4B00DDB173F5A16E9206517 ] C:\WINDOWS\system32\ole32.dll
15:15:29.0515 1248  C:\WINDOWS\system32\ole32.dll - ok
15:15:29.0546 1248  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
15:15:29.0546 1248  C:\WINDOWS\system32\sfc.dll - ok
15:15:29.0578 1248  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
15:15:29.0578 1248  C:\WINDOWS\system32\sfc_os.dll - ok
15:15:29.0593 1248  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
15:15:29.0593 1248  C:\WINDOWS\system32\apphelp.dll - ok
15:15:29.0640 1248  [ C519E15665CD89A91AD383FCE3CB556A ] C:\WINDOWS\system32\services.exe
15:15:29.0640 1248  C:\WINDOWS\system32\services.exe - ok
15:15:29.0671 1248  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
15:15:29.0671 1248  C:\WINDOWS\system32\lsass.exe - ok
15:15:29.0703 1248  [ 5C53AEAC3FD476088E7985C842B9B048 ] C:\WINDOWS\system32\lsasrv.dll
15:15:29.0703 1248  C:\WINDOWS\system32\lsasrv.dll - ok
15:15:29.0750 1248  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
15:15:29.0750 1248  C:\WINDOWS\system32\msvcp60.dll - ok
15:15:29.0781 1248  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
15:15:29.0781 1248  C:\WINDOWS\system32\ncobjapi.dll - ok
15:15:29.0812 1248  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
15:15:29.0812 1248  C:\WINDOWS\system32\scesrv.dll - ok
15:15:29.0843 1248  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
15:15:29.0843 1248  C:\WINDOWS\system32\mpr.dll - ok
15:15:29.0875 1248  [ 30FE5893927F94CBBC84C2BDD0765093 ] C:\WINDOWS\system32\ntdsapi.dll
15:15:29.0875 1248  C:\WINDOWS\system32\ntdsapi.dll - ok
15:15:29.0906 1248  [ 774619D46B04F75614261F1BE274BA5D ] C:\WINDOWS\system32\umpnpmgr.dll
15:15:29.0906 1248  C:\WINDOWS\system32\umpnpmgr.dll - ok
15:15:29.0953 1248  [ 64AA11D53A4A84CDF43370D7036517C3 ] C:\WINDOWS\system32\dnsapi.dll
15:15:29.0953 1248  C:\WINDOWS\system32\dnsapi.dll - ok
15:15:29.0984 1248  [ FE04792B53C9633AE1E6F86B2E9C1E5A ] C:\WINDOWS\system32\shimeng.dll
15:15:29.0984 1248  C:\WINDOWS\system32\shimeng.dll - ok
15:15:30.0015 1248  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
15:15:30.0015 1248  C:\WINDOWS\system32\wldap32.dll - ok
15:15:30.0062 1248  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
15:15:30.0062 1248  C:\WINDOWS\AppPatch\AcAdProc.dll - ok
15:15:30.0093 1248  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
15:15:30.0093 1248  C:\WINDOWS\system32\samlib.dll - ok
15:15:30.0109 1248  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
15:15:30.0109 1248  C:\WINDOWS\system32\samsrv.dll - ok
15:15:30.0156 1248  [ 9DFD64B063DA0D19C988D54041D5F744 ] C:\WINDOWS\system32\dwall_service.dll
15:15:30.0156 1248  C:\WINDOWS\system32\dwall_service.dll - ok
15:15:30.0187 1248  [ 6874D2A757F06DC1D8B3C80A47755013 ] C:\WINDOWS\system32\oleaut32.dll
15:15:30.0187 1248  C:\WINDOWS\system32\oleaut32.dll - ok
15:15:30.0218 1248  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
15:15:30.0218 1248  C:\WINDOWS\system32\cryptdll.dll - ok
15:15:30.0265 1248  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
15:15:30.0265 1248  C:\WINDOWS\AppPatch\AcGenral.dll - ok
15:15:30.0296 1248  [ B01EF57049F77E88ED1F6943F5AE6731 ] C:\WINDOWS\system32\defensewall_serv.exe
15:15:30.0296 1248  C:\WINDOWS\system32\defensewall_serv.exe - ok
15:15:30.0328 1248  [ 68A2A86C78D46C6A79A6E93C340B1AE5 ] C:\WINDOWS\system32\winmm.dll
15:15:30.0328 1248  C:\WINDOWS\system32\winmm.dll - ok
15:15:30.0343 1248  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
15:15:30.0343 1248  C:\WINDOWS\system32\uxtheme.dll - ok
15:15:30.0390 1248  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
15:15:30.0390 1248  C:\WINDOWS\system32\msacm32.dll - ok
15:15:30.0421 1248  [ E73F18195CCF4AAAA87B2D22E83F791C ] C:\WINDOWS\system32\serwvdrv.dll
15:15:30.0421 1248  C:\WINDOWS\system32\serwvdrv.dll - ok
15:15:30.0468 1248  [ EC2AD9AC452E0A8D976FB1B1718517CE ] C:\WINDOWS\system32\umdmxfrm.dll
15:15:30.0468 1248  C:\WINDOWS\system32\umdmxfrm.dll - ok
15:15:30.0500 1248  [ 8E20D83D04076A3682706A2BE1BBA80E ] C:\WINDOWS\system32\credssp.dll
15:15:30.0500 1248  C:\WINDOWS\system32\credssp.dll - ok
15:15:30.0531 1248  [ 30B7D847BA9075AA8E1122FB6AF3D1B5 ] C:\WINDOWS\system32\MSCTFIME.IME
15:15:30.0531 1248  C:\WINDOWS\system32\MSCTFIME.IME - ok
15:15:30.0578 1248  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
15:15:30.0578 1248  C:\WINDOWS\system32\msprivs.dll - ok
15:15:30.0593 1248  [ 4260BDCD96976DA6F44E9CA8B2E029E5 ] C:\WINDOWS\system32\kerberos.dll
15:15:30.0593 1248  C:\WINDOWS\system32\kerberos.dll - ok
15:15:30.0625 1248  [ 1C59CE39DF670CA45E3962BDA56D22CD ] C:\WINDOWS\system32\msv1_0.dll
15:15:30.0625 1248  C:\WINDOWS\system32\msv1_0.dll - ok
15:15:30.0656 1248  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
15:15:30.0656 1248  C:\WINDOWS\system32\iphlpapi.dll - ok
15:15:30.0703 1248  [ 5CF24526CC522D81EE83C0417B2DFE5F ] C:\Program Files\DefenseWall\defensewall.exe
15:15:30.0703 1248  C:\Program Files\DefenseWall\defensewall.exe - ok
15:15:30.0734 1248  [ 2214E60599F431573E93646210022D88 ] C:\WINDOWS\system32\atmfd.dll
15:15:30.0734 1248  C:\WINDOWS\system32\atmfd.dll - ok
15:15:30.0765 1248  [ 06CF9EEDB7E827205C6948C9DAF56974 ] C:\WINDOWS\system32\netlogon.dll
15:15:30.0765 1248  C:\WINDOWS\system32\netlogon.dll - ok
15:15:30.0812 1248  [ 9F8A0D0CBB2FA265A754516128C00E22 ] C:\WINDOWS\system32\w32time.dll
15:15:30.0812 1248  C:\WINDOWS\system32\w32time.dll - ok
15:15:30.0843 1248  [ 26F1193092B9AC2586DEB38DD1CBB25C ] C:\WINDOWS\system32\schannel.dll
15:15:30.0843 1248  C:\WINDOWS\system32\schannel.dll - ok
15:15:30.0859 1248  [ BE30BEF4C13065D09772F9895FCB9D22 ] C:\WINDOWS\system32\wininet.dll
15:15:30.0859 1248  C:\WINDOWS\system32\wininet.dll - ok
15:15:30.0906 1248  [ BAE413E34804DDD5C763B3BEC1005FCB ] C:\WINDOWS\system32\wdigest.dll
15:15:30.0906 1248  C:\WINDOWS\system32\wdigest.dll - ok
15:15:30.0937 1248  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
15:15:30.0937 1248  C:\WINDOWS\system32\rsaenh.dll - ok
15:15:30.0968 1248  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
15:15:30.0968 1248  C:\WINDOWS\system32\normaliz.dll - ok
15:15:31.0015 1248  [ D19839BB0C719B42BE43EED9AEAFE007 ] C:\WINDOWS\system32\urlmon.dll
15:15:31.0015 1248  C:\WINDOWS\system32\urlmon.dll - ok
15:15:31.0046 1248  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
15:15:31.0046 1248  C:\WINDOWS\system32\winscard.dll - ok
15:15:31.0078 1248  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
15:15:31.0078 1248  C:\WINDOWS\system32\wtsapi32.dll - ok
15:15:31.0093 1248  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
15:15:31.0093 1248  C:\WINDOWS\system32\scecli.dll - ok
15:15:31.0140 1248  [ 01BBF0A39294DF6FCDB5FEF555A740C2 ] C:\Program Files\Webroot\WRSA.exe
15:15:31.0140 1248  C:\Program Files\Webroot\WRSA.exe - ok
15:15:31.0171 1248  [ 3F13CAF18CC007DEB34824B4AC7E5D5C ] C:\WINDOWS\system32\iertutil.dll
15:15:31.0171 1248  C:\WINDOWS\system32\iertutil.dll - ok
15:15:31.0203 1248  [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
15:15:31.0203 1248  C:\WINDOWS\system32\ddraw.dll - ok
15:15:31.0250 1248  [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
15:15:31.0250 1248  C:\WINDOWS\system32\dciman32.dll - ok
15:15:31.0281 1248  [ 83B41EAE6B2EF9E9E3E772FBE078781C ] C:\WINDOWS\system32\dwall_lnk.dll
15:15:31.0281 1248  C:\WINDOWS\system32\dwall_lnk.dll - ok
15:15:31.0312 1248  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
15:15:31.0312 1248  C:\WINDOWS\system32\dsound.dll - ok
15:15:31.0343 1248  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
15:15:31.0343 1248  C:\WINDOWS\system32\winspool.drv - ok
15:15:31.0375 1248  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
15:15:31.0375 1248  C:\WINDOWS\system32\logonui.exe - ok
15:15:31.0406 1248  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
15:15:31.0406 1248  C:\WINDOWS\system32\duser.dll - ok
15:15:31.0453 1248  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
15:15:31.0453 1248  C:\WINDOWS\system32\msimg32.dll - ok
15:15:31.0484 1248  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
15:15:31.0484 1248  C:\WINDOWS\system32\oleacc.dll - ok
15:15:31.0515 1248  [ FCEE5FCB99F7C724593365C706D28388 ] C:\WINDOWS\system32\mswsock.dll
15:15:31.0515 1248  C:\WINDOWS\system32\mswsock.dll - ok
15:15:31.0562 1248  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
15:15:31.0562 1248  C:\WINDOWS\system32\winrnr.dll - ok
15:15:31.0593 1248  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
15:15:31.0593 1248  C:\WINDOWS\system32\rasadhlp.dll - ok
15:15:31.0609 1248  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
15:15:31.0609 1248  C:\WINDOWS\system32\svchost.exe - ok
15:15:31.0656 1248  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
15:15:31.0656 1248  C:\WINDOWS\system32\clbcatq.dll - ok
15:15:31.0687 1248  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
15:15:31.0687 1248  C:\WINDOWS\system32\ntmarta.dll - ok
15:15:31.0718 1248  [ 9222562D44021B988B9F9F62207FB6F2 ] C:\WINDOWS\system32\rpcss.dll
15:15:31.0718 1248  C:\WINDOWS\system32\rpcss.dll - ok
15:15:31.0765 1248  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
15:15:31.0765 1248  C:\WINDOWS\system32\comres.dll - ok
15:15:31.0796 1248  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
15:15:31.0796 1248  C:\WINDOWS\system32\eventlog.dll - ok
15:15:31.0828 1248  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
15:15:31.0828 1248  C:\WINDOWS\system32\xpsp2res.dll - ok
15:15:31.0843 1248  [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
15:15:31.0843 1248  C:\WINDOWS\system32\fltlib.dll - ok
15:15:31.0890 1248  [ 0A878AA66E4DD3E2608192A1ECCD9F8F ] C:\WINDOWS\system32\hnetcfg.dll
15:15:31.0890 1248  C:\WINDOWS\system32\hnetcfg.dll - ok
15:15:31.0921 1248  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
15:15:31.0921 1248  C:\WINDOWS\system32\shgina.dll - ok
15:15:31.0968 1248  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
15:15:31.0968 1248  C:\WINDOWS\system32\wshtcpip.dll - ok
15:15:32.0000 1248  [ D0A8A9FAD0A3ECC77D545498651C79EB ] C:\WINDOWS\system32\winhttp.dll
15:15:32.0000 1248  C:\WINDOWS\system32\winhttp.dll - ok
15:15:32.0031 1248  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
15:15:32.0031 1248  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
15:15:32.0078 1248  [ E69BDCDA821E8BE9DE1BA1EF72F8C94D ] C:\WINDOWS\system32\cscdll.dll
15:15:32.0078 1248  C:\WINDOWS\system32\cscdll.dll - ok
15:15:32.0093 1248  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
15:15:32.0093 1248  C:\WINDOWS\system32\dimsntfy.dll - ok
15:15:32.0125 1248  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
15:15:32.0125 1248  C:\WINDOWS\system32\actxprxy.dll - ok
15:15:32.0156 1248  [ 2877365235A8A0377910C8F24765C7A2 ] C:\WINDOWS\system32\LogonMonitor.dll
15:15:32.0156 1248  C:\WINDOWS\system32\LogonMonitor.dll - ok
15:15:32.0203 1248  [ C51DE19619D50CBD03708647ACA10E70 ] C:\WINDOWS\system32\dhcpcsvc.dll
15:15:32.0203 1248  C:\WINDOWS\system32\dhcpcsvc.dll - ok
15:15:32.0234 1248  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
15:15:32.0234 1248  C:\WINDOWS\system32\wlnotify.dll - ok
15:15:32.0265 1248  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
15:15:32.0265 1248  C:\WINDOWS\system32\linkinfo.dll - ok
15:15:32.0312 1248  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
15:15:32.0312 1248  C:\WINDOWS\system32\ntshrui.dll - ok
15:15:32.0343 1248  [ 7AD83A294F5446608743F4E90CCFAC96 ] C:\WINDOWS\system32\atl.dll
15:15:32.0343 1248  C:\WINDOWS\system32\atl.dll - ok
15:15:32.0359 1248  [ D977659AE4D8ECE5286D99D1ED34614D ] C:\WINDOWS\system32\dnsrslvr.dll
15:15:32.0359 1248  C:\WINDOWS\system32\dnsrslvr.dll - ok
15:15:32.0406 1248  [ 73F0042E038069E0B9364DA30127F0B8 ] C:\WINDOWS\system32\WRusr.dll
15:15:32.0406 1248  C:\WINDOWS\system32\WRusr.dll - ok
15:15:32.0437 1248  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
15:15:32.0437 1248  C:\WINDOWS\system32\lmhsvc.dll - ok
15:15:32.0468 1248  [ 349B8D2BB755E8C3B0E3E82A87663E55 ] C:\WINDOWS\system32\wzcsvc.dll
15:15:32.0468 1248  C:\WINDOWS\system32\wzcsvc.dll - ok
15:15:32.0515 1248  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
15:15:32.0515 1248  C:\WINDOWS\system32\rtutils.dll - ok
15:15:32.0546 1248  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
15:15:32.0546 1248  C:\WINDOWS\system32\wmi.dll - ok
15:15:32.0578 1248  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
15:15:32.0578 1248  C:\WINDOWS\system32\eapolqec.dll - ok
15:15:32.0593 1248  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
15:15:32.0593 1248  C:\WINDOWS\system32\qutil.dll - ok
15:15:32.0640 1248  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
15:15:32.0640 1248  C:\WINDOWS\system32\dot3api.dll - ok
15:15:32.0671 1248  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
15:15:32.0671 1248  C:\WINDOWS\system32\esent.dll - ok
15:15:32.0718 1248  [ C84B060A6181A2E70DE0A77142DF975E ] C:\WINDOWS\system32\rastls.dll
15:15:32.0718 1248  C:\WINDOWS\system32\rastls.dll - ok
15:15:32.0750 1248  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
15:15:32.0750 1248  C:\WINDOWS\system32\cryptui.dll - ok
15:15:32.0781 1248  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
15:15:32.0781 1248  C:\WINDOWS\system32\mprapi.dll - ok
15:15:32.0828 1248  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
15:15:32.0828 1248  C:\WINDOWS\system32\activeds.dll - ok
15:15:32.0843 1248  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
15:15:32.0843 1248  C:\WINDOWS\system32\adsldpc.dll - ok
15:15:32.0875 1248  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
15:15:32.0875 1248  C:\WINDOWS\system32\rasapi32.dll - ok
15:15:32.0906 1248  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
15:15:32.0906 1248  C:\WINDOWS\system32\rasman.dll - ok
15:15:32.0953 1248  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
15:15:32.0953 1248  C:\WINDOWS\system32\tapi32.dll - ok
15:15:32.0984 1248  [ 4D6C16BA8BEE975E7518DDD2B3C6C66D ] C:\WINDOWS\system32\riched20.dll
15:15:32.0984 1248  C:\WINDOWS\system32\riched20.dll - ok
15:15:33.0015 1248  [ AFFF5C71FB6D60F8A0486C5D5118C24D ] C:\WINDOWS\system32\raschap.dll
15:15:33.0015 1248  C:\WINDOWS\system32\raschap.dll - ok
15:15:33.0062 1248  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
15:15:33.0062 1248  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
15:15:33.0093 1248  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
15:15:33.0093 1248  C:\WINDOWS\system32\vssapi.dll - ok
15:15:33.0109 1248  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
15:15:33.0109 1248  C:\WINDOWS\system32\netman.dll - ok
15:15:33.0156 1248  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
15:15:33.0156 1248  C:\WINDOWS\system32\netshell.dll - ok
15:15:33.0187 1248  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
15:15:33.0187 1248  C:\WINDOWS\system32\credui.dll - ok
15:15:33.0218 1248  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
15:15:33.0218 1248  C:\WINDOWS\system32\dot3dlg.dll - ok
15:15:33.0265 1248  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
15:15:33.0265 1248  C:\WINDOWS\system32\eappcfg.dll - ok
15:15:33.0296 1248  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
15:15:33.0296 1248  C:\WINDOWS\system32\onex.dll - ok
15:15:33.0328 1248  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
15:15:33.0328 1248  C:\WINDOWS\system32\eappprxy.dll - ok
15:15:33.0359 1248  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
15:15:33.0359 1248  C:\WINDOWS\system32\wzcsapi.dll - ok
15:15:33.0390 1248  [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] C:\WINDOWS\system32\ipnathlp.dll
15:15:33.0390 1248  C:\WINDOWS\system32\ipnathlp.dll - ok
15:15:33.0421 1248  [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] C:\WINDOWS\system32\wkssvc.dll
15:15:33.0421 1248  C:\WINDOWS\system32\wkssvc.dll - ok
15:15:33.0468 1248  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
15:15:33.0468 1248  C:\WINDOWS\system32\cscui.dll - ok
15:15:33.0500 1248  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
15:15:33.0500 1248  C:\WINDOWS\system32\powrprof.dll - ok
15:15:33.0531 1248  [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
15:15:33.0531 1248  C:\WINDOWS\system32\dpcdll.dll - ok
15:15:33.0578 1248  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
15:15:33.0578 1248  C:\WINDOWS\system32\msacm32.drv - ok
15:15:33.0609 1248  [ 577E496F0D41411BF149394D80959D53 ] C:\WINDOWS\system32\imaadp32.acm
15:15:33.0609 1248  C:\WINDOWS\system32\imaadp32.acm - ok
15:15:33.0625 1248  [ C5648BE5409E0AABDA8C9047BAC8F603 ] C:\WINDOWS\system32\msadp32.acm
15:15:33.0625 1248  C:\WINDOWS\system32\msadp32.acm - ok
15:15:33.0656 1248  [ 33271A2667334B9A8842C65A079EF375 ] C:\WINDOWS\system32\msg711.acm
15:15:33.0656 1248  C:\WINDOWS\system32\msg711.acm - ok
15:15:33.0703 1248  [ 3A9846E207DAFC13009C048A2F6F8C2A ] C:\WINDOWS\system32\msgsm32.acm
15:15:33.0703 1248  C:\WINDOWS\system32\msgsm32.acm - ok
15:15:33.0734 1248  [ E8CD0D7E169ECCE2D4FD829DAAB786ED ] C:\WINDOWS\system32\tssoft32.acm
15:15:33.0734 1248  C:\WINDOWS\system32\tssoft32.acm - ok
15:15:33.0765 1248  [ 735F504DEEFE4E2AD06360FCE2842DD4 ] C:\WINDOWS\system32\tsd32.dll
15:15:33.0765 1248  C:\WINDOWS\system32\tsd32.dll - ok
15:15:33.0812 1248  [ B87F759738C52E8D6FBCDAAA84C6486F ] C:\WINDOWS\system32\msg723.acm
15:15:33.0812 1248  C:\WINDOWS\system32\msg723.acm - ok
15:15:33.0843 1248  [ 36427ED6CEC83DA7023F5C718579D634 ] C:\WINDOWS\system32\msaud32.acm
15:15:33.0843 1248  C:\WINDOWS\system32\msaud32.acm - ok
15:15:33.0859 1248  [ 0DBB250A89E2E1C9281009AC269F0805 ] C:\WINDOWS\system32\sl_anet.acm
15:15:33.0859 1248  C:\WINDOWS\system32\sl_anet.acm - ok
15:15:33.0906 1248  [ 877C90686858D899B042BBA45E9B7F2C ] C:\WINDOWS\system32\iac25_32.ax
15:15:33.0906 1248  C:\WINDOWS\system32\iac25_32.ax - ok
15:15:33.0937 1248  [ 3FEAF4C0A44906309DC628F495AA07F1 ] C:\WINDOWS\system32\iacenc.dll
15:15:33.0937 1248  C:\WINDOWS\system32\iacenc.dll - ok
15:15:33.0968 1248  [ 499EDF986588A3A0B55DD5EFAD922C9E ] C:\WINDOWS\system32\l3codeca.acm
15:15:33.0968 1248  C:\WINDOWS\system32\l3codeca.acm - ok
15:15:34.0015 1248  [ C6C028945BB63D7809830651078F644B ] C:\WINDOWS\system32\lameACM.acm
15:15:34.0015 1248  C:\WINDOWS\system32\lameACM.acm - ok
15:15:34.0046 1248  [ 9899022D316FC351A8830C1090F9661C ] C:\WINDOWS\system32\url.dll
15:15:34.0046 1248  C:\WINDOWS\system32\url.dll - ok
15:15:34.0078 1248  [ 3C8E0CB8C8B31483BFDE35B82855B600 ] C:\WINDOWS\system32\ieframe.dll
15:15:34.0078 1248  C:\WINDOWS\system32\ieframe.dll - ok
15:15:34.0109 1248  [ FC726DD94F4DD4028A976FCC4DBF0C43 ] C:\WINDOWS\system32\ac3acm.acm
15:15:34.0109 1248  C:\WINDOWS\system32\ac3acm.acm - ok
15:15:34.0140 1248  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
15:15:34.0140 1248  C:\WINDOWS\system32\userinit.exe - ok
15:15:34.0171 1248  [ 2BB75B7F548D82A099125D0C5971DE7D ] C:\WINDOWS\explorer.exe
15:15:34.0171 1248  C:\WINDOWS\explorer.exe - ok
15:15:34.0218 1248  [ C534D4D567E1B084AE2EEDB0B38C0ADE ] C:\WINDOWS\system32\browseui.dll
15:15:34.0218 1248  C:\WINDOWS\system32\browseui.dll - ok
15:15:34.0250 1248  [ 4AE9129EAFFE54A2C52909E5E3175483 ] C:\WINDOWS\system32\shdocvw.dll
15:15:34.0250 1248  C:\WINDOWS\system32\shdocvw.dll - ok
15:15:34.0281 1248  [ 3923843B83EC49CD6F8DCADCE2F54D1D ] C:\WINDOWS\system32\dwall_mrk.dll
15:15:34.0281 1248  C:\WINDOWS\system32\dwall_mrk.dll - ok
15:15:34.0328 1248  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
15:15:34.0328 1248  C:\WINDOWS\system32\desk.cpl - ok
15:15:34.0359 1248  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
15:15:34.0359 1248  C:\WINDOWS\system32\themeui.dll - ok
15:15:34.0375 1248  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
15:15:34.0375 1248  C:\WINDOWS\system32\cryptsvc.dll - ok
15:15:34.0406 1248  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
15:15:34.0406 1248  C:\WINDOWS\system32\certcli.dll - ok
15:15:34.0453 1248  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
15:15:34.0453 1248  C:\WINDOWS\system32\dmserver.dll - ok
15:15:34.0484 1248  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
15:15:34.0484 1248  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
15:15:34.0531 1248  [ 3695B8D03745B2F8022B161238347A9D ] C:\WINDOWS\system32\srvsvc.dll
15:15:34.0531 1248  C:\WINDOWS\system32\srvsvc.dll - ok
15:15:34.0562 1248  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
15:15:34.0562 1248  C:\WINDOWS\system32\srsvc.dll - ok
15:15:34.0593 1248  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
15:15:34.0593 1248  C:\WINDOWS\system32\netmsg.dll - ok
15:15:34.0609 1248  [ 9B390283569EA58D43D2586032B892F5 ] C:\WINDOWS\system32\drivers\srv.sys
15:15:34.0609 1248  C:\WINDOWS\system32\drivers\srv.sys - ok
15:15:34.0656 1248  [ FC6D1D80588D371F0321E15A75B2F8F2 ] C:\WINDOWS\system32\browser.dll
15:15:34.0656 1248  C:\WINDOWS\system32\browser.dll - ok
15:15:34.0687 1248  [ 5128852A18AE46C387F87BF27DA4C9DD ] C:\WINDOWS\system32\termsrv.dll
15:15:34.0687 1248  C:\WINDOWS\system32\termsrv.dll - ok
15:15:34.0718 1248  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
15:15:34.0718 1248  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
15:15:34.0765 1248  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
15:15:34.0765 1248  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
15:15:34.0796 1248  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
15:15:34.0796 1248  C:\WINDOWS\system32\icaapi.dll - ok
15:15:34.0828 1248  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
15:15:34.0828 1248  C:\WINDOWS\system32\mstlsapi.dll - ok
15:15:34.0859 1248  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
15:15:34.0859 1248  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
15:15:34.0890 1248  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
15:15:34.0890 1248  C:\WINDOWS\system32\wbem\esscli.dll - ok
15:15:34.0921 1248  [ 600519339671DCFA3DD20216A19817BB ] C:\WINDOWS\system32\wbem\fastprox.dll
15:15:34.0921 1248  C:\WINDOWS\system32\wbem\fastprox.dll - ok
15:15:34.0968 1248  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
15:15:34.0968 1248  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
15:15:35.0000 1248  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
15:15:35.0000 1248  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
15:15:35.0031 1248  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
15:15:35.0031 1248  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
15:15:35.0078 1248  [ A688715EE6D068140180BD16B9A95150 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
15:15:35.0078 1248  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
15:15:35.0109 1248  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
15:15:35.0109 1248  C:\WINDOWS\system32\wbem\wbemess.dll - ok
15:15:35.0125 1248  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
15:15:35.0125 1248  C:\WINDOWS\system32\netcfgx.dll - ok
15:15:35.0171 1248  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
15:15:35.0171 1248  C:\WINDOWS\system32\clusapi.dll - ok
15:15:35.0203 1248  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
15:15:35.0203 1248  C:\WINDOWS\system32\verclsid.exe - ok
15:15:35.0234 1248  [ 8B28221C3D95B0477572F58AD6C7039C ] C:\WINDOWS\system32\msi.dll
15:15:35.0234 1248  C:\WINDOWS\system32\msi.dll - ok
15:15:35.0281 1248  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
15:15:35.0281 1248  C:\WINDOWS\system32\upnp.dll - ok
15:15:35.0312 1248  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
15:15:35.0312 1248  C:\WINDOWS\system32\ssdpapi.dll - ok
15:15:35.0343 1248  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
15:15:35.0343 1248  C:\WINDOWS\system32\rasmans.dll - ok
15:15:35.0375 1248  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
15:15:35.0375 1248  C:\WINDOWS\system32\sens.dll - ok
15:15:35.0406 1248  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
15:15:35.0406 1248  C:\WINDOWS\system32\winipsec.dll - ok
15:15:35.0437 1248  [ 1C22A3866112ED41E1F3684DAE9AD5D2 ] C:\WINDOWS\system32\mmcshext.dll
15:15:35.0437 1248  C:\WINDOWS\system32\mmcshext.dll - ok
15:15:35.0484 1248  [ D3E868700D9B5E3C54B7EED060215CC1 ] C:\WINDOWS\system32\hhsetup.dll
15:15:35.0484 1248  C:\WINDOWS\system32\hhsetup.dll - ok
15:15:35.0515 1248  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
15:15:35.0515 1248  C:\WINDOWS\system32\mlang.dll - ok
15:15:35.0546 1248  [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] C:\WINDOWS\system32\es.dll
15:15:35.0546 1248  C:\WINDOWS\system32\es.dll - ok
15:15:35.0593 1248  [ EE683D2BA1F6459616E7BE2098BB2574 ] C:\Program Files\Emsisoft Anti-Malware\a2contmenu.dll
15:15:35.0593 1248  C:\Program Files\Emsisoft Anti-Malware\a2contmenu.dll - ok
15:15:35.0625 1248  [ B2764E34DD2D5DAB113C2AF3F7315FA9 ] C:\Program Files\WinRAR\RarExt.dll
15:15:35.0625 1248  C:\Program Files\WinRAR\RarExt.dll - ok
15:15:35.0640 1248  [ D715DA70DE81649E52C5B4BA8D4B6CEF ] C:\Program Files\WinRAR\Formats\tar.fmt
15:15:35.0640 1248  C:\Program Files\WinRAR\Formats\tar.fmt - ok
15:15:35.0687 1248  [ 285E990B160BE9A5A7D939A39735F8F8 ] C:\Program Files\WinRAR\Formats\gz.fmt
15:15:35.0687 1248  C:\Program Files\WinRAR\Formats\gz.fmt - ok
15:15:35.0718 1248  [ A0D1E713764895EF4351D5E3D26DCAAB ] C:\Program Files\WinRAR\Formats\z.fmt
15:15:35.0718 1248  C:\Program Files\WinRAR\Formats\z.fmt - ok
15:15:35.0750 1248  [ F078C3A5FBE4BC63A8B985F95DAD2AA9 ] C:\Program Files\WinRAR\Formats\arj.fmt
15:15:35.0750 1248  C:\Program Files\WinRAR\Formats\arj.fmt - ok
15:15:35.0796 1248  [ 56641E5C153886221A829D17B1C861AC ] C:\Program Files\WinRAR\Formats\bz2.fmt
15:15:35.0796 1248  C:\Program Files\WinRAR\Formats\bz2.fmt - ok
15:15:35.0828 1248  [ 44EA31320FACB6D42E5F32A549BCF8B3 ] C:\WINDOWS\system32\dwall_ext.dll
15:15:35.0828 1248  C:\WINDOWS\system32\dwall_ext.dll - ok
15:15:35.0859 1248  [ 019FA621561758FDFE8A3905163E9914 ] C:\WINDOWS\system32\DefenseWall HIPS\dwall_res.dll
15:15:35.0859 1248  C:\WINDOWS\system32\DefenseWall HIPS\dwall_res.dll - ok
15:15:35.0890 1248  [ 95151D7903FEF5F221A3B5BE603E69BF ] C:\Program Files\7-Zip\7-zip.dll
15:15:35.0890 1248  C:\Program Files\7-Zip\7-zip.dll - ok
15:15:35.0921 1248  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
15:15:35.0921 1248  C:\WINDOWS\system32\cryptnet.dll - ok
15:15:35.0953 1248  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
15:15:35.0953 1248  C:\WINDOWS\system32\sensapi.dll - ok
15:15:36.0000 1248  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
15:15:36.0000 1248  C:\WINDOWS\system32\cabinet.dll - ok
15:15:36.0031 1248  [ D5FB8F0882BA6D21D5842C89AA72AC72 ] C:\WINDOWS\system32\certsentry.dll
15:15:36.0031 1248  C:\WINDOWS\system32\certsentry.dll - ok
15:15:36.0062 1248  [ 178A34E5554DCE485E1262DDF027960C ] C:\Documents and Settings\Administrator\Desktop\odheoeah.exe
15:15:36.0062 1248  C:\Documents and Settings\Administrator\Desktop\odheoeah.exe - ok
15:15:36.0109 1248  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\57831251.sys
15:15:36.0109 1248  C:\WINDOWS\system32\drivers\57831251.sys - ok
15:15:36.0140 1248  [ 1944F6E04DEFD811BD46E4F227BA6FB1 ] C:\WINDOWS\system32\drprov.dll
15:15:36.0140 1248  C:\WINDOWS\system32\drprov.dll - ok
15:15:36.0156 1248  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
15:15:36.0156 1248  C:\WINDOWS\system32\ntlanman.dll - ok
15:15:36.0203 1248  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
15:15:36.0203 1248  C:\WINDOWS\system32\netui0.dll - ok
15:15:36.0234 1248  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
15:15:36.0234 1248  C:\WINDOWS\system32\netui1.dll - ok
15:15:36.0265 1248  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
15:15:36.0265 1248  C:\WINDOWS\system32\netrap.dll - ok
15:15:36.0296 1248  [ C70DBB09FF4705167FCFD12C1B2FD03D ] C:\WINDOWS\system32\davclnt.dll
15:15:36.0312 1248  C:\WINDOWS\system32\davclnt.dll - ok
15:15:36.0328 1248  ============================================================
15:15:36.0328 1248  Scan finished
15:15:36.0328 1248  ============================================================
15:15:36.0484 0888  Detected object count: 2
15:15:36.0484 0888  Actual detected object count: 2
15:15:50.0218 0888  HipEnforceDriver ( UnsignedFile.Multi.Generic ) - skipped by user
15:15:50.0218 0888  HipEnforceDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:15:50.0218 0888  HipService ( UnsignedFile.Multi.Generic ) - skipped by user
15:15:50.0218 0888  HipService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:15:52.0562 0596  Deinitialize success


#12 cutthroat

cutthroat
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 28 March 2013 - 11:49 AM

TDSSKiller Log ,very important log 1 day after the BSOD with many threats deleted by me:

 

 

 

11:12:46.0968 1512  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:12:47.0171 1512  ============================================================
11:12:47.0171 1512  Current date / time: 2013/03/21 11:12:47.0171
11:12:47.0171 1512  SystemInfo:
11:12:47.0171 1512  
11:12:47.0171 1512  OS Version: 5.1.2600 ServicePack: 3.0
11:12:47.0171 1512  Product type: Workstation
11:12:47.0171 1512  ComputerName: HP_PAVILION
11:12:47.0171 1512  UserName: Carlos Silva
11:12:47.0171 1512  Windows directory: C:\WINDOWS
11:12:47.0171 1512  System windows directory: C:\WINDOWS
11:12:47.0171 1512  Processor architecture: Intel x86
11:12:47.0171 1512  Number of processors: 2
11:12:47.0171 1512  Page size: 0x1000
11:12:47.0171 1512  Boot type: Normal boot
11:12:47.0171 1512  ============================================================
11:12:47.0578 1512  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:12:47.0593 1512  Drive \Device\Harddisk1\DR2 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:12:47.0593 1512  ============================================================
11:12:47.0593 1512  \Device\Harddisk0\DR0:
11:12:47.0593 1512  MBR partitions:
11:12:47.0593 1512  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A19000
11:12:47.0593 1512  \Device\Harddisk1\DR2:
11:12:47.0593 1512  MBR partitions:
11:12:47.0593 1512  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x776127
11:12:47.0593 1512  ============================================================
11:12:47.0640 1512  C: <-> \Device\Harddisk0\DR0\Partition1
11:12:47.0640 1512  ============================================================
11:12:47.0640 1512  Initialize success
11:12:47.0640 1512  ============================================================
11:12:52.0265 0224  Deinitialize success
 
11:15:03.0578 2552  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:15:04.0062 2552  ============================================================
11:15:04.0062 2552  Current date / time: 2013/03/21 11:15:04.0062
11:15:04.0062 2552  SystemInfo:
11:15:04.0062 2552  
11:15:04.0062 2552  OS Version: 5.1.2600 ServicePack: 3.0
11:15:04.0062 2552  Product type: Workstation
11:15:04.0062 2552  ComputerName: HP_PAVILION
11:15:04.0062 2552  UserName: Carlos Silva
11:15:04.0062 2552  Windows directory: C:\WINDOWS
11:15:04.0062 2552  System windows directory: C:\WINDOWS
11:15:04.0062 2552  Processor architecture: Intel x86
11:15:04.0062 2552  Number of processors: 2
11:15:04.0062 2552  Page size: 0x1000
11:15:04.0062 2552  Boot type: Normal boot
11:15:04.0062 2552  ============================================================
11:15:08.0875 2552  BG loaded
11:15:10.0078 2552  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:15:10.0250 2552  Drive \Device\Harddisk1\DR2 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:15:10.0250 2552  ============================================================
11:15:10.0250 2552  \Device\Harddisk0\DR0:
11:15:10.0296 2552  MBR partitions:
11:15:10.0296 2552  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A19000
11:15:10.0296 2552  \Device\Harddisk1\DR2:
11:15:10.0296 2552  MBR partitions:
11:15:10.0296 2552  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x776127
11:15:10.0296 2552  ============================================================
11:15:11.0078 2552  C: <-> \Device\Harddisk0\DR0\Partition1
11:15:13.0015 2552  ============================================================
11:15:13.0015 2552  Initialize success
11:15:13.0015 2552  ============================================================
11:15:19.0578 3316  ============================================================
11:15:19.0578 3316  Scan started
11:15:19.0578 3316  Mode: Manual; SigCheck; TDLFS; 
11:15:19.0578 3316  ============================================================
11:15:24.0406 3316  ================ Scan system memory ========================
11:15:24.0406 3316  System memory - ok
11:15:24.0406 3316  ================ Scan services =============================
11:15:29.0437 3316  [ 68221F7EA61A3053E3FF49FBBA19A413 ] 21m5yy3j        C:\WINDOWS\system32\drivers\21m5yy3j.sys
11:15:30.0265 3316  21m5yy3j - ok
11:15:31.0281 3316  [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc           C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
11:15:31.0593 3316  a2acc - ok
11:15:33.0234 3316  [ A7F08A73F2668FCD2B51A66751FA7FF3 ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
11:15:49.0562 3316  a2AntiMalware - ok
11:15:49.0718 3316  [ B0CC0B50441372157F31C4C023D43A3E ] A2DDA           C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
11:15:49.0875 3316  A2DDA - ok
11:15:50.0015 3316  [ 03BFDFAE9D150D43F4A19B5FBB892591 ] a2injectiondriver C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
11:15:50.0328 3316  a2injectiondriver - ok
11:15:50.0359 3316  [ 8DEA3FE12A6686573F16A06AD95D7AB9 ] a2util          C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
11:15:50.0562 3316  a2util - ok
11:15:50.0578 3316  Abiosdsk - ok
11:15:50.0578 3316  abp480n5 - ok
11:15:50.0765 3316  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:16:16.0687 3316  ACPI - ok
11:16:16.0781 3316  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:16:17.0125 3316  ACPIEC - ok
11:16:17.0359 3316  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:16:17.0531 3316  AdobeFlashPlayerUpdateSvc - ok
11:16:17.0531 3316  adpu160m - ok
11:16:17.0671 3316  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:16:17.0921 3316  aec - ok
11:16:18.0078 3316  [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:16:18.0328 3316  AFD - ok
11:16:18.0328 3316  Aha154x - ok
11:16:18.0343 3316  aic78u2 - ok
11:16:18.0343 3316  aic78xx - ok
11:16:18.0421 3316  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:16:18.0718 3316  Alerter - ok
11:16:18.0750 3316  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
11:16:18.0843 3316  ALG - ok
11:16:18.0843 3316  AliIde - ok
11:16:18.0859 3316  amsint - ok
11:16:18.0859 3316  APHbx0iE - ok
11:16:18.0921 3316  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:16:19.0062 3316  AppMgmt - ok
11:16:19.0078 3316  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:16:19.0281 3316  Arp1394 - ok
11:16:19.0281 3316  asc - ok
11:16:19.0312 3316  asc3350p - ok
11:16:19.0312 3316  asc3550 - ok
11:16:19.0578 3316  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:16:19.0781 3316  aspnet_state - ok
11:16:19.0828 3316  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:16:20.0031 3316  AsyncMac - ok
11:16:20.0093 3316  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:16:20.0234 3316  atapi - ok
11:16:20.0296 3316  Atdisk - ok
11:16:20.0359 3316  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:16:20.0546 3316  Atmarpc - ok
11:16:20.0578 3316  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:16:20.0718 3316  AudioSrv - ok
11:16:20.0796 3316  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:16:20.0937 3316  audstub - ok
11:16:21.0015 3316  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:16:21.0140 3316  Beep - ok
11:16:21.0359 3316  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\System32\qmgr.dll
11:16:21.0593 3316  BITS - ok
11:16:21.0671 3316  [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser         C:\WINDOWS\System32\browser.dll
11:16:22.0031 3316  Browser - ok
11:16:22.0078 3316  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:16:22.0328 3316  cbidf2k - ok
11:16:22.0390 3316  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:16:22.0546 3316  CCDECODE - ok
11:16:22.0546 3316  cd20xrnt - ok
11:16:22.0562 3316  [ 38B7908C14FA2CCF8C9023E703C6E064 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:16:22.0625 3316  Cdaudio ( UnsignedFile.Multi.Generic ) - warning
11:16:22.0625 3316  Cdaudio - detected UnsignedFile.Multi.Generic (1)
11:16:22.0703 3316  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:16:22.0859 3316  Cdfs - ok
11:16:22.0890 3316  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:16:23.0015 3316  Cdrom - ok
11:16:23.0015 3316  Changer - ok
11:16:23.0046 3316  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:16:23.0218 3316  CiSvc - ok
11:16:23.0250 3316  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:16:23.0437 3316  ClipSrv - ok
11:16:23.0562 3316  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:16:24.0062 3316  clr_optimization_v2.0.50727_32 - ok
11:16:24.0171 3316  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:16:24.0375 3316  CmBatt - ok
11:16:24.0375 3316  CmdIde - ok
11:16:24.0484 3316  [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:16:24.0531 3316  Com4QLBEx - ok
11:16:24.0625 3316  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:16:24.0781 3316  Compbatt - ok
11:16:24.0796 3316  COMSysApp - ok
11:16:24.0812 3316  Cpqarray - ok
11:16:24.0859 3316  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:16:25.0109 3316  CryptSvc - ok
11:16:25.0125 3316  dac2w2k - ok
11:16:25.0125 3316  dac960nt - ok
11:16:25.0328 3316  [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:16:25.0437 3316  DcomLaunch - ok
11:16:25.0500 3316  [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:16:25.0546 3316  Dhcp - ok
11:16:25.0578 3316  [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:16:25.0625 3316  Disk - ok
11:16:25.0625 3316  dmadmin - ok
11:16:25.0687 3316  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:16:26.0187 3316  dmboot - ok
11:16:26.0218 3316  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:16:26.0437 3316  dmio - ok
11:16:26.0468 3316  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:16:26.0656 3316  dmload - ok
11:16:26.0718 3316  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:16:26.0859 3316  dmserver - ok
11:16:26.0906 3316  [ B6EEFEE9CAB6A5952A5CCB2667660AAB ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:16:26.0921 3316  DMusic ( UnsignedFile.Multi.Generic ) - warning
11:16:26.0921 3316  DMusic - detected UnsignedFile.Multi.Generic (1)
11:16:26.0953 3316  [ D977659AE4D8ECE5286D99D1ED34614D ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:16:27.0078 3316  Dnscache - ok
11:16:27.0109 3316  [ B4109C8C3D54C83246997A777724F318 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:16:27.0171 3316  Dot3svc - ok
11:16:27.0171 3316  dpti2o - ok
11:16:28.0031 3316  [ F8BCE77F950E5112D7087DCA2A2174D8 ] DragonUpdater   C:\Program Files\Comodo\Dragon\dragon_updater.exe
11:16:28.0375 3316  DragonUpdater - ok
11:16:28.0406 3316  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:16:28.0625 3316  drmkaud - ok
11:16:28.0671 3316  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:16:28.0828 3316  EapHost - ok
11:16:28.0875 3316  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:16:28.0984 3316  ERSvc - ok
11:16:29.0046 3316  [ C519E15665CD89A91AD383FCE3CB556A ] Eventlog        C:\WINDOWS\system32\services.exe
11:16:29.0281 3316  Eventlog - ok
11:16:29.0375 3316  [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem     C:\WINDOWS\system32\es.dll
11:16:29.0468 3316  EventSystem - ok
11:16:29.0546 3316  [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat           C:\WINDOWS\system32\drivers\exFat.sys
11:16:29.0609 3316  exFat - ok
11:16:29.0671 3316  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:16:29.0875 3316  Fastfat - ok
11:16:29.0937 3316  [ 888CD7B39C37E13A2419BECFAAF0A28C ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:16:30.0000 3316  FastUserSwitchingCompatibility - ok
11:16:30.0031 3316  [ FB313DCFBB70C062989C333EDFB4D2BB ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
11:16:30.0046 3316  Fdc ( UnsignedFile.Multi.Generic ) - warning
11:16:30.0046 3316  Fdc - detected UnsignedFile.Multi.Generic (1)
11:16:30.0062 3316  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:16:30.0250 3316  Fips - ok
11:16:30.0250 3316  [ DAA100DF6E6711906B61C9AB5AA16032 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
11:16:30.0296 3316  Flpydisk ( UnsignedFile.Multi.Generic ) - warning
11:16:30.0296 3316  Flpydisk - detected UnsignedFile.Multi.Generic (1)
11:16:30.0343 3316  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:16:30.0484 3316  FltMgr - ok
11:16:30.0562 3316  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:16:30.0578 3316  FontCache3.0.0.0 - ok
11:16:30.0609 3316  [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:16:30.0625 3316  Fs_Rec - ok
11:16:30.0625 3316  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:16:30.0765 3316  Ftdisk - ok
11:16:30.0828 3316  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:16:30.0968 3316  Gpc - ok
11:16:31.0062 3316  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:16:31.0078 3316  gupdate - ok
11:16:31.0093 3316  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:16:31.0109 3316  gupdatem - ok
11:16:31.0171 3316  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:16:31.0312 3316  HDAudBus - ok
11:16:31.0406 3316  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:16:31.0562 3316  helpsvc - ok
11:16:31.0593 3316  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:16:31.0718 3316  HidServ - ok
11:16:31.0750 3316  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:16:31.0890 3316  HidUsb - ok
11:16:31.0937 3316  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:16:32.0062 3316  hkmsvc - ok
11:16:32.0062 3316  hpn - ok
11:16:32.0109 3316  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
11:16:32.0156 3316  HpqKbFiltr - ok
11:16:32.0171 3316  [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid       C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys
11:16:32.0234 3316  HpqRemHid - ok
11:16:32.0281 3316  [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
11:16:32.0312 3316  hpqwmiex - ok
11:16:32.0343 3316  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:16:32.0546 3316  HPZid412 - ok
11:16:32.0578 3316  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:16:32.0625 3316  HPZipr12 - ok
11:16:32.0656 3316  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:16:32.0703 3316  HPZius12 - ok
11:16:32.0765 3316  [ 937031C085718C1C04A9C0864625EC6B ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:16:32.0828 3316  HTTP - ok
11:16:32.0890 3316  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:16:33.0062 3316  HTTPFilter - ok
11:16:33.0062 3316  i2omgmt - ok
11:16:33.0062 3316  i2omp - ok
11:16:33.0140 3316  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:16:33.0281 3316  i8042prt - ok
11:16:33.0406 3316  [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
11:16:33.0421 3316  IAANTMON - ok
11:16:33.0484 3316  [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:16:33.0515 3316  iaStor - ok
11:16:33.0531 3316  [ E5A0034847537EAEE3C00349D5C34C5F ] iastor3         C:\WINDOWS\system32\drivers\iastor3.sys
11:16:33.0578 3316  iastor3 - ok
11:16:33.0687 3316  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:16:33.0750 3316  idsvc - ok
11:16:33.0828 3316  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:16:34.0015 3316  Imapi - ok
11:16:34.0046 3316  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:16:34.0156 3316  ImapiService - ok
11:16:34.0171 3316  ini910u - ok
11:16:34.0468 3316  [ 921F2452A8D3A10083DDD824FC8C267F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:16:34.0734 3316  IntcAzAudAddService - ok
11:16:34.0750 3316  IntelIde - ok
11:16:34.0812 3316  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:16:35.0000 3316  intelppm - ok
11:16:35.0015 3316  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:16:35.0125 3316  Ip6Fw - ok
11:16:35.0156 3316  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:16:35.0281 3316  IpFilterDriver - ok
11:16:35.0312 3316  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:16:35.0421 3316  IpInIp - ok
11:16:35.0468 3316  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:16:35.0593 3316  IpNat - ok
11:16:35.0640 3316  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:16:35.0750 3316  IPSec - ok
11:16:35.0781 3316  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:16:35.0843 3316  IRENUM - ok
11:16:35.0906 3316  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:16:36.0031 3316  isapnp - ok
11:16:36.0125 3316  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
11:16:36.0140 3316  JavaQuickStarterService - ok
11:16:36.0156 3316  k0wf4wx6 - ok
11:16:36.0203 3316  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:16:36.0359 3316  Kbdclass - ok
11:16:36.0390 3316  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:16:36.0531 3316  kbdhid - ok
11:16:36.0546 3316  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:16:36.0687 3316  kmixer - ok
11:16:36.0718 3316  [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:16:36.0796 3316  KSecDD - ok
11:16:36.0843 3316  [ 79D1DBFEC599EC47244AF7B06AE2A04E ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
11:16:36.0859 3316  L8042Kbd - ok
11:16:36.0906 3316  [ 3695B8D03745B2F8022B161238347A9D ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
11:16:37.0000 3316  LanmanServer - ok
11:16:37.0046 3316  [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:16:37.0109 3316  lanmanworkstation - ok
11:16:37.0109 3316  lbrtfdc - ok
11:16:37.0234 3316  [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:16:37.0250 3316  LightScribeService - ok
11:16:37.0312 3316  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:16:37.0500 3316  LmHosts - ok
11:16:37.0562 3316  [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
11:16:37.0578 3316  mbamchameleon - ok
11:16:37.0609 3316  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:16:37.0750 3316  Messenger - ok
11:16:37.0781 3316  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:16:37.0906 3316  mnmdd - ok
11:16:37.0937 3316  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:16:38.0046 3316  mnmsrvc - ok
11:16:38.0093 3316  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:16:38.0250 3316  Modem - ok
11:16:38.0265 3316  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:16:38.0406 3316  MODEMCSA - ok
11:16:38.0421 3316  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:16:38.0546 3316  Mouclass - ok
11:16:38.0562 3316  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:16:38.0687 3316  mouhid - ok
11:16:38.0734 3316  [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:16:38.0781 3316  MountMgr - ok
11:16:38.0781 3316  mraid35x - ok
11:16:38.0812 3316  [ 4FEFD389D71126EE581B9F9CB2918BE4 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:16:38.0890 3316  MRxDAV - ok
11:16:38.0906 3316  [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:16:38.0984 3316  MRxSmb - ok
11:16:39.0015 3316  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:16:39.0156 3316  MSDTC - ok
11:16:39.0171 3316  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:16:39.0296 3316  Msfs - ok
11:16:39.0296 3316  MSIServer - ok
11:16:39.0328 3316  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:16:39.0453 3316  MSKSSRV - ok
11:16:39.0468 3316  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:16:39.0593 3316  MSPCLOCK - ok
11:16:39.0609 3316  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:16:39.0718 3316  MSPQM - ok
11:16:39.0765 3316  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:16:39.0890 3316  mssmbios - ok
11:16:39.0921 3316  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:16:40.0031 3316  MSTEE - ok
11:16:40.0062 3316  [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:16:40.0125 3316  Mup - ok
11:16:40.0140 3316  [ D74224C4D52AC609A89C83791E5A709C ] mv61xxmm        C:\WINDOWS\system32\drivers\mv61xxmm.sys
11:16:40.0156 3316  mv61xxmm - ok
11:16:40.0187 3316  [ 93A609C515C87F604C09F78E80E03F1D ] mvxxmm          C:\WINDOWS\system32\drivers\mvxxmm.sys
11:16:40.0187 3316  mvxxmm - ok
11:16:40.0218 3316  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:16:40.0343 3316  NABTSFEC - ok
11:16:40.0406 3316  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:16:40.0531 3316  napagent - ok
11:16:40.0593 3316  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:16:40.0796 3316  NDIS - ok
11:16:40.0859 3316  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:16:41.0031 3316  NdisIP - ok
11:16:41.0046 3316  [ 091735A5F20ACB1DC147383A905AE002 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:16:41.0109 3316  NdisTapi - ok
11:16:41.0171 3316  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:16:41.0281 3316  Ndisuio - ok
11:16:41.0296 3316  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:16:41.0421 3316  NdisWan - ok
11:16:41.0453 3316  [ 816460BD4B4ACD27937D1D0813E2E9E9 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:16:41.0546 3316  NDProxy - ok
11:16:41.0593 3316  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:16:41.0765 3316  NetBIOS - ok
11:16:41.0796 3316  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:16:41.0953 3316  NetBT - ok
11:16:41.0984 3316  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:16:42.0140 3316  NetDDE - ok
11:16:42.0140 3316  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:16:42.0265 3316  NetDDEdsdm - ok
11:16:42.0312 3316  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:16:42.0437 3316  Netlogon - ok
11:16:42.0484 3316  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
11:16:42.0625 3316  Netman - ok
11:16:42.0671 3316  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:16:42.0687 3316  NetTcpPortSharing - ok
11:16:43.0109 3316  [ 72062B53186E4A3F5FCBC41EBB62B905 ] NETwLx32        C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
11:16:43.0468 3316  NETwLx32 - ok
11:16:43.0515 3316  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:16:43.0640 3316  NIC1394 - ok
11:16:43.0687 3316  [ FCEE5FCB99F7C724593365C706D28388 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:16:43.0718 3316  Nla - ok
11:16:43.0750 3316  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:16:43.0875 3316  Npfs - ok
11:16:43.0937 3316  [ 4C51D5275AE8A16999EDFE7E647D00DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:16:44.0015 3316  Ntfs - ok
11:16:44.0031 3316  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:16:44.0140 3316  NtLmSsp - ok
11:16:44.0203 3316  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:16:44.0328 3316  NtmsSvc - ok
11:16:44.0359 3316  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:16:44.0500 3316  Null - ok
11:16:44.0968 3316  [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:16:45.0468 3316  nv - ok
11:16:45.0531 3316  [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
11:16:45.0546 3316  nvsvc - ok
11:16:45.0578 3316  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:16:45.0687 3316  NwlnkFlt - ok
11:16:45.0703 3316  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:16:45.0843 3316  NwlnkFwd - ok
11:16:45.0859 3316  [ 2553F7C60B8D291B5A812245E6D4DA6E ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:16:45.0921 3316  ohci1394 - ok
11:16:45.0984 3316  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:16:46.0000 3316  ose - ok
11:16:46.0046 3316  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
11:16:46.0187 3316  Parport - ok
11:16:46.0187 3316  Partizan - ok
11:16:46.0203 3316  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:16:46.0312 3316  PartMgr - ok
11:16:46.0343 3316  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:16:46.0468 3316  ParVdm - ok
11:16:46.0515 3316  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:16:46.0656 3316  PCI - ok
11:16:46.0656 3316  PCIDump - ok
11:16:46.0671 3316  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:16:46.0781 3316  PCIIde - ok
11:16:46.0859 3316  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:16:46.0984 3316  Pcmcia - ok
11:16:47.0000 3316  PDCOMP - ok
11:16:47.0000 3316  PDFRAME - ok
11:16:47.0015 3316  PDRELI - ok
11:16:47.0015 3316  PDRFRAME - ok
11:16:47.0015 3316  perc2 - ok
11:16:47.0031 3316  perc2hib - ok
11:16:47.0078 3316  [ C519E15665CD89A91AD383FCE3CB556A ] PlugPlay        C:\WINDOWS\system32\services.exe
11:16:47.0109 3316  PlugPlay - ok
11:16:47.0109 3316  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:16:47.0218 3316  PolicyAgent - ok
11:16:47.0265 3316  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:16:47.0406 3316  PptpMiniport - ok
11:16:47.0421 3316  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:16:47.0531 3316  ProtectedStorage - ok
11:16:47.0546 3316  [ D8E11D311785F89F1D70A28B0E879127 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:16:47.0593 3316  PSched - ok
11:16:47.0640 3316  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:16:47.0765 3316  Ptilink - ok
11:16:47.0765 3316  ql1080 - ok
11:16:47.0781 3316  Ql10wnt - ok
11:16:47.0781 3316  ql12160 - ok
11:16:47.0796 3316  ql1240 - ok
11:16:47.0796 3316  ql1280 - ok
11:16:47.0812 3316  Qxg4rk0E - ok
11:16:48.0000 3316  [ AE845C6B4305AAD70B9FE2C1F2D4593D ] RapportIaso     c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
11:16:48.0015 3316  RapportIaso - ok
11:16:48.0046 3316  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:16:48.0234 3316  RasAcd - ok
11:16:48.0343 3316  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:16:48.0453 3316  RasAuto - ok
11:16:48.0468 3316  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:16:48.0593 3316  Rasl2tp - ok
11:16:48.0640 3316  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:16:48.0750 3316  RasMan - ok
11:16:48.0781 3316  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:16:48.0937 3316  RasPppoe - ok
11:16:48.0984 3316  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:16:49.0125 3316  Raspti - ok
11:16:49.0171 3316  [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:16:49.0218 3316  Rdbss - ok
11:16:49.0250 3316  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:16:49.0359 3316  RDPCDD - ok
11:16:49.0406 3316  [ 47EA20320E3D6FDC7B7BB22B2B881CA6 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:16:49.0453 3316  rdpdr - ok
11:16:49.0484 3316  [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:16:49.0546 3316  RDPWD - ok
11:16:49.0609 3316  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:16:49.0750 3316  RDSessMgr - ok
11:16:49.0812 3316  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:16:50.0000 3316  redbook - ok
11:16:50.0078 3316  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:16:50.0281 3316  RemoteAccess - ok
11:16:50.0359 3316  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:16:50.0500 3316  RemoteRegistry - ok
11:16:50.0546 3316  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
11:16:50.0578 3316  rimmptsk - ok
11:16:50.0593 3316  [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
11:16:50.0625 3316  rimsptsk - ok
11:16:50.0671 3316  [ ACE2CE73D7B04EAC48FB80482E05E770 ] risdptsk        C:\WINDOWS\system32\DRIVERS\risdptsk.sys
11:16:50.0703 3316  risdptsk - ok
11:16:50.0718 3316  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
11:16:50.0765 3316  rismxdp - ok
11:16:50.0796 3316  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:16:50.0968 3316  RpcLocator - ok
11:16:51.0015 3316  [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:16:51.0062 3316  RpcSs - ok
11:16:51.0218 3316  RSPHOOKANALYZER - ok
11:16:51.0265 3316  [ 743D7D59767073A617B1DCC6C546F234 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
11:16:51.0296 3316  rspndr - ok
11:16:51.0343 3316  [ BCBF88FABF84F0F76FD7B11DF65921FA ] rspSanity       C:\WINDOWS\system32\DRIVERS\rspSanity32.sys
11:16:51.0390 3316  rspSanity - ok
11:16:51.0437 3316  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:16:51.0562 3316  RSVP - ok
11:16:51.0609 3316  [ 1323BA3CA4E8D863EB00CD81C0AAF356 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:16:51.0640 3316  RTLE8023xp - ok
11:16:51.0640 3316  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:16:51.0812 3316  SamSs - ok
11:16:51.0859 3316  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:16:51.0984 3316  SCardSvr - ok
11:16:52.0031 3316  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:16:52.0171 3316  Schedule - ok
11:16:52.0203 3316  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:16:52.0343 3316  sdbus - ok
11:16:52.0359 3316  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:16:52.0406 3316  Secdrv - ok
11:16:52.0437 3316  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:16:52.0546 3316  seclogon - ok
11:16:52.0578 3316  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
11:16:52.0703 3316  SENS - ok
11:16:52.0734 3316  [ 84954907CE800B42A5A5FBD0BB0B99D1 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
11:16:52.0750 3316  Serial ( UnsignedFile.Multi.Generic ) - warning
11:16:52.0750 3316  Serial - detected UnsignedFile.Multi.Generic (1)
11:16:52.0781 3316  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:16:52.0906 3316  Sfloppy - ok
11:16:52.0953 3316  [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:16:53.0000 3316  SharedAccess - ok
11:16:53.0046 3316  [ 888CD7B39C37E13A2419BECFAAF0A28C ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:16:53.0078 3316  ShellHWDetection - ok
11:16:53.0093 3316  Simbad - ok
11:16:53.0109 3316  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:16:53.0234 3316  SLIP - ok
11:16:53.0250 3316  Sparrow - ok
11:16:53.0281 3316  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:16:53.0390 3316  splitter - ok
11:16:53.0437 3316  [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:16:53.0500 3316  Spooler - ok
11:16:53.0546 3316  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:16:53.0656 3316  sr - ok
11:16:53.0687 3316  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:16:53.0796 3316  srservice - ok
11:16:53.0859 3316  [ 9B390283569EA58D43D2586032B892F5 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:16:53.0890 3316  Srv - ok
11:16:53.0937 3316  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:16:54.0015 3316  SSDPSRV - ok
11:16:54.0062 3316  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:16:54.0265 3316  stisvc - ok
11:16:54.0281 3316  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:16:54.0468 3316  streamip - ok
11:16:54.0546 3316  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:16:54.0656 3316  swenum - ok
11:16:54.0687 3316  [ 923F5DBA1DD5638AC0D1C45AE194441B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:16:54.0718 3316  swmidi ( UnsignedFile.Multi.Generic ) - warning
11:16:54.0718 3316  swmidi - detected UnsignedFile.Multi.Generic (1)
11:16:54.0734 3316  SwPrv - ok
11:16:54.0734 3316  symc810 - ok
11:16:54.0750 3316  symc8xx - ok
11:16:54.0750 3316  sym_hi - ok
11:16:54.0750 3316  sym_u3 - ok
11:16:54.0843 3316  [ 996E2B85AB79C30500EDC1683A2CEFC6 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:16:54.0890 3316  SynTP - ok
11:16:54.0921 3316  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:16:55.0062 3316  sysaudio - ok
11:16:55.0109 3316  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:16:55.0250 3316  SysmonLog - ok
11:16:55.0296 3316  [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:16:55.0343 3316  TapiSrv - ok
11:16:55.0375 3316  [ 51E41F16ACD80B8B39C0AE703A213F09 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:16:55.0437 3316  Tcpip - ok
11:16:55.0484 3316  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:16:55.0609 3316  TDPIPE - ok
11:16:55.0640 3316  [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:16:55.0687 3316  TDTCP - ok
11:16:55.0703 3316  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:16:55.0843 3316  TermDD - ok
11:16:55.0906 3316  [ 5128852A18AE46C387F87BF27DA4C9DD ] TermService     C:\WINDOWS\System32\termsrv.dll
11:16:55.0953 3316  TermService - ok
11:16:55.0984 3316  [ 888CD7B39C37E13A2419BECFAAF0A28C ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:16:56.0015 3316  Themes - ok
11:16:56.0046 3316  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:16:56.0140 3316  TlntSvr - ok
11:16:56.0156 3316  TosIde - ok
11:16:56.0203 3316  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:16:56.0390 3316  TrkWks - ok
11:16:56.0453 3316  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:16:56.0656 3316  Udfs - ok
11:16:56.0671 3316  ultra - ok
11:16:56.0718 3316  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:16:56.0890 3316  Update - ok
11:16:56.0937 3316  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:16:56.0984 3316  upnphost - ok
11:16:57.0015 3316  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
11:16:57.0125 3316  UPS - ok
11:16:57.0171 3316  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:16:57.0296 3316  usbccgp - ok
11:16:57.0343 3316  [ 52674B5DBEE499342A599C7771ABECAA ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:16:57.0390 3316  usbehci - ok
11:16:57.0421 3316  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:16:57.0546 3316  usbhub - ok
11:16:57.0578 3316  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:16:57.0718 3316  usbprint - ok
11:16:57.0765 3316  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:16:57.0921 3316  usbscan - ok
11:16:57.0953 3316  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:16:58.0109 3316  USBSTOR - ok
11:16:58.0140 3316  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:16:58.0250 3316  usbuhci - ok
11:16:58.0281 3316  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
11:16:58.0390 3316  usbvideo - ok
11:16:58.0437 3316  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:16:58.0562 3316  VgaSave - ok
11:16:58.0562 3316  ViaIde - ok
11:16:58.0609 3316  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:16:58.0734 3316  VolSnap - ok
11:16:58.0765 3316  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
11:16:58.0843 3316  VSS - ok
11:16:58.0890 3316  [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:16:58.0937 3316  W32Time - ok
11:16:58.0968 3316  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:16:59.0140 3316  Wanarp - ok
11:16:59.0203 3316  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:16:59.0218 3316  Wdf01000 - ok
11:16:59.0234 3316  WDICA - ok
11:16:59.0250 3316  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:16:59.0437 3316  wdmaud - ok
11:16:59.0484 3316  [ 703591CD1403BC19E7198CA7B314E132 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:16:59.0546 3316  WebClient - ok
11:16:59.0671 3316  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:16:59.0875 3316  winmgmt - ok
11:16:59.0937 3316  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
11:17:00.0062 3316  WmdmPmSN - ok
11:17:00.0125 3316  [ C8A6C82F90B055149925DC7526B2D78C ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:17:00.0171 3316  Wmi - ok
11:17:00.0203 3316  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:17:00.0328 3316  WmiAcpi - ok
11:17:00.0375 3316  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:17:00.0531 3316  WmiApSrv - ok
11:17:00.0593 3316  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:17:00.0750 3316  wscsvc - ok
11:17:00.0765 3316  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:17:00.0890 3316  WSTCODEC - ok
11:17:00.0937 3316  [ DCB24800BF4616DC2DF5D38ED3EF4C27 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:17:00.0953 3316  wuauserv - ok
11:17:01.0046 3316  [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:17:01.0140 3316  WZCSVC - ok
11:17:01.0171 3316  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:17:01.0328 3316  xmlprov - ok
11:17:01.0343 3316  ================ Scan global ===============================
11:17:01.0406 3316  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:17:01.0406 3316  [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
11:17:01.0421 3316  [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
11:17:01.0437 3316  [ C519E15665CD89A91AD383FCE3CB556A ] C:\WINDOWS\system32\services.exe
11:17:01.0437 3316  [Global] - ok
11:17:01.0437 3316  ================ Scan MBR ==================================
11:17:01.0468 3316  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:17:01.0765 3316  \Device\Harddisk0\DR0 - ok
11:17:01.0781 3316  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR2
11:17:03.0218 3316  \Device\Harddisk1\DR2 - ok
11:17:03.0218 3316  ================ Scan VBR ==================================
11:17:03.0234 3316  [ 1FD967BF05882CAF837FB8E34CBA4189 ] \Device\Harddisk0\DR0\Partition1
11:17:03.0234 3316  \Device\Harddisk0\DR0\Partition1 - ok
11:17:03.0234 3316  [ 0D659F63968BB839F08827F6D317A97F ] \Device\Harddisk1\DR2\Partition1
11:17:03.0250 3316  \Device\Harddisk1\DR2\Partition1 - ok
11:17:03.0250 3316  ================ Scan active images ========================
11:17:03.0250 3316  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
11:17:03.0250 3316  C:\WINDOWS\system32\drivers\nic1394.sys - ok
11:17:03.0265 3316  [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\CmBatt.sys
11:17:03.0265 3316  C:\WINDOWS\system32\drivers\CmBatt.sys - ok
11:17:03.0265 3316  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
11:17:03.0265 3316  C:\WINDOWS\system32\drivers\intelppm.sys - ok
11:17:03.0281 3316  [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
11:17:03.0281 3316  C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
11:17:03.0281 3316  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
11:17:03.0281 3316  C:\WINDOWS\system32\drivers\videoprt.sys - ok
11:17:03.0296 3316  [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] C:\WINDOWS\system32\drivers\nv4_mini.sys
11:17:03.0296 3316  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
11:17:03.0296 3316  [ 52674B5DBEE499342A599C7771ABECAA ] C:\WINDOWS\system32\drivers\usbehci.sys
11:17:03.0296 3316  C:\WINDOWS\system32\drivers\usbehci.sys - ok
11:17:03.0312 3316  [ 810834AA294A79B3B718EF55A6A58A48 ] C:\WINDOWS\system32\drivers\usbport.sys
11:17:03.0312 3316  C:\WINDOWS\system32\drivers\usbport.sys - ok
11:17:03.0312 3316  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
11:17:03.0312 3316  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
11:17:03.0328 3316  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
11:17:03.0328 3316  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
11:17:03.0328 3316  [ 72062B53186E4A3F5FCBC41EBB62B905 ] C:\WINDOWS\system32\drivers\NETwLx32.sys
11:17:03.0328 3316  C:\WINDOWS\system32\drivers\NETwLx32.sys - ok
11:17:03.0343 3316  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] C:\WINDOWS\system32\drivers\rimmptsk.sys
11:17:03.0343 3316  C:\WINDOWS\system32\drivers\rimmptsk.sys - ok
11:17:03.0359 3316  [ 9BFB54D3559F2FF7301271D29D383564 ] C:\WINDOWS\system32\drivers\rimsptsk.sys
11:17:03.0359 3316  C:\WINDOWS\system32\drivers\rimsptsk.sys - ok
11:17:03.0359 3316  [ 1323BA3CA4E8D863EB00CD81C0AAF356 ] C:\WINDOWS\system32\drivers\Rtenicxp.sys
11:17:03.0359 3316  C:\WINDOWS\system32\drivers\Rtenicxp.sys - ok
11:17:03.0375 3316  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
11:17:03.0375 3316  C:\WINDOWS\system32\drivers\hidclass.sys - ok
11:17:03.0375 3316  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
11:17:03.0375 3316  C:\WINDOWS\system32\drivers\hidparse.sys - ok
11:17:03.0390 3316  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] C:\WINDOWS\system32\drivers\rixdptsk.sys
11:17:03.0390 3316  C:\WINDOWS\system32\drivers\rixdptsk.sys - ok
11:17:03.0390 3316  [ 115C0933B3ED51DFBEC4449348C8065B ] C:\WINDOWS\system32\drivers\HpqRemHid.sys
11:17:03.0390 3316  C:\WINDOWS\system32\drivers\HpqRemHid.sys - ok
11:17:03.0406 3316  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
11:17:03.0406 3316  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
11:17:03.0406 3316  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
11:17:03.0406 3316  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
11:17:03.0421 3316  [ 79D1DBFEC599EC47244AF7B06AE2A04E ] C:\WINDOWS\system32\drivers\L8042Kbd.sys
11:17:03.0421 3316  C:\WINDOWS\system32\drivers\L8042Kbd.sys - ok
11:17:03.0421 3316  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
11:17:03.0421 3316  C:\WINDOWS\system32\drivers\usbd.sys - ok
11:17:03.0437 3316  [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
11:17:03.0437 3316  C:\WINDOWS\system32\drivers\wdfldr.sys - ok
11:17:03.0437 3316  [ 996E2B85AB79C30500EDC1683A2CEFC6 ] C:\WINDOWS\system32\drivers\SynTP.sys
11:17:03.0437 3316  C:\WINDOWS\system32\drivers\SynTP.sys - ok
11:17:03.0437 3316  [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
11:17:03.0437 3316  C:\WINDOWS\system32\drivers\wdf01000.sys - ok
11:17:03.0453 3316  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
11:17:03.0453 3316  C:\WINDOWS\system32\drivers\mouclass.sys - ok
11:17:03.0453 3316  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] C:\WINDOWS\system32\drivers\cdrom.sys
11:17:03.0453 3316  C:\WINDOWS\system32\drivers\cdrom.sys - ok
11:17:03.0453 3316  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
11:17:03.0453 3316  C:\WINDOWS\system32\drivers\imapi.sys - ok
11:17:03.0468 3316  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
11:17:03.0468 3316  C:\WINDOWS\system32\drivers\audstub.sys - ok
11:17:03.0468 3316  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
11:17:03.0468 3316  C:\WINDOWS\system32\drivers\ks.sys - ok
11:17:03.0468 3316  [ 091735A5F20ACB1DC147383A905AE002 ] C:\WINDOWS\system32\drivers\ndistapi.sys
11:17:03.0468 3316  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
11:17:03.0484 3316  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
11:17:03.0484 3316  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
11:17:03.0484 3316  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
11:17:03.0484 3316  C:\WINDOWS\system32\drivers\redbook.sys - ok
11:17:03.0500 3316  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
11:17:03.0500 3316  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
11:17:03.0500 3316  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
11:17:03.0500 3316  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
11:17:03.0500 3316  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
11:17:03.0500 3316  C:\WINDOWS\system32\drivers\tdi.sys - ok
11:17:03.0515 3316  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
11:17:03.0515 3316  C:\WINDOWS\system32\drivers\msgpc.sys - ok
11:17:03.0515 3316  [ D8E11D311785F89F1D70A28B0E879127 ] C:\WINDOWS\system32\drivers\psched.sys
11:17:03.0515 3316  C:\WINDOWS\system32\drivers\psched.sys - ok
11:17:03.0515 3316  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
11:17:03.0515 3316  C:\WINDOWS\system32\drivers\ptilink.sys - ok
11:17:03.0531 3316  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
11:17:03.0531 3316  C:\WINDOWS\system32\drivers\raspptp.sys - ok
11:17:03.0531 3316  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
11:17:03.0531 3316  C:\WINDOWS\system32\drivers\raspti.sys - ok
11:17:03.0546 3316  [ 47EA20320E3D6FDC7B7BB22B2B881CA6 ] C:\WINDOWS\system32\drivers\rdpdr.sys
11:17:03.0546 3316  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
11:17:03.0546 3316  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
11:17:03.0546 3316  C:\WINDOWS\system32\drivers\swenum.sys - ok
11:17:03.0546 3316  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
11:17:03.0546 3316  C:\WINDOWS\system32\drivers\termdd.sys - ok
11:17:03.0562 3316  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
11:17:03.0562 3316  C:\WINDOWS\system32\drivers\update.sys - ok
11:17:03.0562 3316  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
11:17:03.0562 3316  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
11:17:03.0562 3316  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
11:17:03.0562 3316  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
11:17:03.0578 3316  [ 816460BD4B4ACD27937D1D0813E2E9E9 ] C:\WINDOWS\system32\drivers\ndproxy.sys
11:17:03.0578 3316  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
11:17:03.0578 3316  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
11:17:03.0578 3316  C:\WINDOWS\system32\drivers\usbhub.sys - ok
11:17:03.0578 3316  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
11:17:03.0578 3316  C:\WINDOWS\system32\drivers\drmk.sys - ok
11:17:03.0593 3316  [ AEF54BF915BF5C2ED1B856EF94E89721 ] C:\WINDOWS\system32\drivers\portcls.sys
11:17:03.0593 3316  C:\WINDOWS\system32\drivers\portcls.sys - ok
11:17:03.0593 3316  [ 921F2452A8D3A10083DDD824FC8C267F ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:17:03.0593 3316  C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
11:17:03.0609 3316  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
11:17:03.0609 3316  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
11:17:03.0609 3316  [ 03BFDFAE9D150D43F4A19B5FBB892591 ] C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
11:17:03.0609 3316  C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys - ok
11:17:03.0609 3316  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
11:17:03.0609 3316  C:\WINDOWS\system32\drivers\beep.sys - ok
11:17:03.0625 3316  [ 30D42943A54704EF13E2562911DBFCEA ] C:\WINDOWS\system32\drivers\fs_rec.sys
11:17:03.0625 3316  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
11:17:03.0625 3316  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
11:17:03.0625 3316  C:\WINDOWS\system32\drivers\null.sys - ok
11:17:03.0625 3316  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
11:17:03.0625 3316  C:\WINDOWS\system32\drivers\vga.sys - ok
11:17:03.0640 3316  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
11:17:03.0640 3316  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
11:17:03.0640 3316  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
11:17:03.0640 3316  C:\WINDOWS\system32\drivers\msfs.sys - ok
11:17:03.0640 3316  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
11:17:03.0640 3316  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
11:17:03.0656 3316  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
11:17:03.0656 3316  C:\WINDOWS\system32\drivers\npfs.sys - ok
11:17:03.0656 3316  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
11:17:03.0656 3316  C:\WINDOWS\system32\drivers\ipsec.sys - ok
11:17:03.0671 3316  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
11:17:03.0671 3316  C:\WINDOWS\system32\drivers\rasacd.sys - ok
11:17:03.0671 3316  [ 51E41F16ACD80B8B39C0AE703A213F09 ] C:\WINDOWS\system32\drivers\tcpip.sys
11:17:03.0671 3316  C:\WINDOWS\system32\drivers\tcpip.sys - ok
11:17:03.0671 3316  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
11:17:03.0671 3316  C:\WINDOWS\system32\drivers\netbt.sys - ok
11:17:03.0687 3316  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
11:17:03.0687 3316  C:\WINDOWS\system32\drivers\ipnat.sys - ok
11:17:03.0687 3316  [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] C:\WINDOWS\system32\drivers\afd.sys
11:17:03.0687 3316  C:\WINDOWS\system32\drivers\afd.sys - ok
11:17:03.0687 3316  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
11:17:03.0687 3316  C:\WINDOWS\system32\drivers\wanarp.sys - ok
11:17:03.0703 3316  [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
11:17:03.0703 3316  C:\WINDOWS\system32\drivers\arp1394.sys - ok
11:17:03.0703 3316  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
11:17:03.0703 3316  C:\WINDOWS\system32\drivers\netbios.sys - ok
11:17:03.0718 3316  [ 77050C6615F6EB5402F832B27FD695E0 ] C:\WINDOWS\system32\drivers\rdbss.sys
11:17:03.0718 3316  C:\WINDOWS\system32\drivers\rdbss.sys - ok
11:17:03.0718 3316  [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
11:17:03.0718 3316  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
11:17:03.0718 3316  [ B0CC0B50441372157F31C4C023D43A3E ] C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
11:17:03.0718 3316  C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys - ok
11:17:03.0734 3316  [ 8DEA3FE12A6686573F16A06AD95D7AB9 ] C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
11:17:03.0734 3316  C:\Program Files\Emsisoft Anti-Malware\a2util32.sys - ok
11:17:03.0734 3316  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
11:17:03.0734 3316  C:\WINDOWS\system32\drivers\fips.sys - ok
11:17:03.0734 3316  [ 15CE4DBC22FAB90B3CA5352AF1FFF81C ] C:\WINDOWS\system32\ntdll.dll
11:17:03.0734 3316  C:\WINDOWS\system32\ntdll.dll - ok
11:17:03.0750 3316  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
11:17:03.0750 3316  C:\WINDOWS\system32\smss.exe - ok
11:17:03.0750 3316  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
11:17:03.0750 3316  C:\WINDOWS\system32\autochk.exe - ok
11:17:03.0765 3316  [ E17798E1E6FF1CA9C67B8576570E05EE ] C:\WINDOWS\system32\sfcfiles.dll
11:17:03.0765 3316  C:\WINDOWS\system32\sfcfiles.dll - ok
11:17:03.0765 3316  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
11:17:03.0765 3316  C:\WINDOWS\system32\drivers\cdfs.sys - ok
11:17:03.0765 3316  [ F4037A3FEDB92DD97C95F320766EA5C9 ] C:\WINDOWS\system32\drivers\iaStor.sys
11:17:03.0765 3316  C:\WINDOWS\system32\drivers\iaStor.sys - ok
11:17:03.0781 3316  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
11:17:03.0781 3316  C:\WINDOWS\system32\drivers\dxapi.sys - ok
11:17:03.0781 3316  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
11:17:03.0781 3316  C:\WINDOWS\system32\watchdog.sys - ok
11:17:03.0781 3316  [ B57F6110AC77DFE6BA7E58A0FF699915 ] C:\WINDOWS\system32\win32k.sys
11:17:03.0781 3316  C:\WINDOWS\system32\win32k.sys - ok
11:17:03.0796 3316  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:17:03.0796 3316  C:\WINDOWS\system32\basesrv.dll - ok
11:17:03.0796 3316  [ 693AD11C59926428871C11FA3C348A2A ] C:\WINDOWS\system32\csrsrv.dll
11:17:03.0796 3316  C:\WINDOWS\system32\csrsrv.dll - ok
11:17:03.0796 3316  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
11:17:03.0796 3316  C:\WINDOWS\system32\csrss.exe - ok
11:17:03.0812 3316  [ 1C0D6C10F3E6B8EC4938ECF2ABA862ED ] C:\WINDOWS\system32\gdi32.dll
11:17:03.0812 3316  C:\WINDOWS\system32\gdi32.dll - ok
11:17:03.0812 3316  [ 6CBFEEB384F04681AF75F495AA48DD32 ] C:\WINDOWS\system32\kernel32.dll
11:17:03.0812 3316  C:\WINDOWS\system32\kernel32.dll - ok
11:17:03.0812 3316  [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
11:17:03.0812 3316  C:\WINDOWS\system32\winsrv.dll - ok
11:17:03.0828 3316  [ C8A6C82F90B055149925DC7526B2D78C ] C:\WINDOWS\system32\advapi32.dll
11:17:03.0828 3316  C:\WINDOWS\system32\advapi32.dll - ok
11:17:03.0828 3316  [ 012DF358CEBAA23ACB26D82077820817 ] C:\WINDOWS\system32\lpk.dll
11:17:03.0828 3316  C:\WINDOWS\system32\lpk.dll - ok
11:17:03.0828 3316  [ 9A96A012E0D484AE4FEE9F5973515423 ] C:\WINDOWS\system32\rpcrt4.dll
11:17:03.0828 3316  C:\WINDOWS\system32\rpcrt4.dll - ok
11:17:03.0843 3316  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
11:17:03.0843 3316  C:\WINDOWS\system32\user32.dll - ok
11:17:03.0843 3316  [ F8894BCC961D461674002B4BAE7AECC1 ] C:\WINDOWS\system32\usp10.dll
11:17:03.0843 3316  C:\WINDOWS\system32\usp10.dll - ok
11:17:03.0859 3316  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
11:17:03.0859 3316  C:\WINDOWS\system32\drivers\dxg.sys - ok
11:17:03.0859 3316  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
11:17:03.0859 3316  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
11:17:03.0859 3316  [ 0A8D7A185B60F4C38B052824B0FC51DC ] C:\WINDOWS\system32\secur32.dll
11:17:03.0859 3316  C:\WINDOWS\system32\secur32.dll - ok
11:17:03.0875 3316  [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\USBSTOR.SYS
11:17:03.0875 3316  C:\WINDOWS\system32\drivers\USBSTOR.SYS - ok
11:17:03.0875 3316  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
11:17:03.0875 3316  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
11:17:03.0875 3316  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] C:\WINDOWS\system32\drivers\usbvideo.sys
11:17:03.0875 3316  C:\WINDOWS\system32\drivers\usbvideo.sys - ok
11:17:03.0890 3316  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
11:17:03.0890 3316  C:\WINDOWS\system32\drivers\hidusb.sys - ok
11:17:03.0890 3316  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
11:17:03.0890 3316  C:\WINDOWS\system32\drivers\mouhid.sys - ok
11:17:03.0890 3316  [ 82173D3AAAB2AE8A9BE61B45173E1659 ] C:\WINDOWS\system32\nv4_disp.dll
11:17:03.0890 3316  C:\WINDOWS\system32\nv4_disp.dll - ok
11:17:03.0906 3316  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
11:17:03.0906 3316  C:\WINDOWS\system32\vga.dll - ok
11:17:03.0906 3316  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
11:17:03.0906 3316  C:\WINDOWS\system32\authz.dll - ok
11:17:03.0906 3316  [ 06B8485FB1DA9A552B10AB978CD1AC85 ] C:\WINDOWS\system32\msvcrt.dll
11:17:03.0906 3316  C:\WINDOWS\system32\msvcrt.dll - ok
11:17:03.0921 3316  [ 53A8857723277B1D6D5EE60A9F85B117 ] C:\WINDOWS\system32\winlogon.exe
11:17:03.0921 3316  C:\WINDOWS\system32\winlogon.exe - ok
11:17:03.0921 3316  [ 59AF12635DE27D06019977BCF8621BBA ] C:\WINDOWS\system32\crypt32.dll
11:17:03.0921 3316  C:\WINDOWS\system32\crypt32.dll - ok
11:17:03.0921 3316  [ FC9E716B2913F6D40FA1A8720ED3E73A ] C:\WINDOWS\system32\msasn1.dll
11:17:03.0921 3316  C:\WINDOWS\system32\msasn1.dll - ok
11:17:03.0937 3316  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
11:17:03.0937 3316  C:\WINDOWS\system32\nddeapi.dll - ok
11:17:03.0937 3316  [ 6F8DCD60628DA34AB303CEADB5186043 ] C:\WINDOWS\system32\netapi32.dll
11:17:03.0937 3316  C:\WINDOWS\system32\netapi32.dll - ok
11:17:03.0937 3316  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
11:17:03.0937 3316  C:\WINDOWS\system32\profmap.dll - ok
11:17:03.0953 3316  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
11:17:03.0953 3316  C:\WINDOWS\system32\psapi.dll - ok
11:17:03.0953 3316  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
11:17:03.0953 3316  C:\WINDOWS\system32\regapi.dll - ok
11:17:03.0953 3316  [ ED0CE2DEEC594778004306E3FA8CAC33 ] C:\WINDOWS\system32\setupapi.dll
11:17:03.0953 3316  C:\WINDOWS\system32\setupapi.dll - ok
11:17:03.0968 3316  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
11:17:03.0968 3316  C:\WINDOWS\system32\userenv.dll - ok
11:17:03.0968 3316  [ 2557B78A91D24E68C8873B04D7D6D9BB ] C:\WINDOWS\system32\imagehlp.dll
11:17:03.0968 3316  C:\WINDOWS\system32\imagehlp.dll - ok
11:17:03.0968 3316  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
11:17:03.0968 3316  C:\WINDOWS\system32\imm32.dll - ok
11:17:03.0984 3316  [ 5713A519619FC93C30BF9AB23B14885A ] C:\WINDOWS\system32\kbdpo.dll
11:17:03.0984 3316  C:\WINDOWS\system32\kbdpo.dll - ok
11:17:03.0984 3316  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
11:17:03.0984 3316  C:\WINDOWS\system32\version.dll - ok
11:17:03.0984 3316  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
11:17:03.0984 3316  C:\WINDOWS\system32\winsta.dll - ok
11:17:04.0000 3316  [ BA529C83AD2F49693DE42FFBDE8D37AE ] C:\WINDOWS\system32\wintrust.dll
11:17:04.0000 3316  C:\WINDOWS\system32\wintrust.dll - ok
11:17:04.0000 3316  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
11:17:04.0000 3316  C:\WINDOWS\system32\ws2help.dll - ok
11:17:04.0015 3316  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
11:17:04.0015 3316  C:\WINDOWS\system32\ws2_32.dll - ok
11:17:04.0015 3316  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
11:17:04.0015 3316  C:\WINDOWS\system32\comctl32.dll - ok
11:17:04.0015 3316  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
11:17:04.0015 3316  C:\WINDOWS\system32\msgina.dll - ok
11:17:04.0031 3316  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
11:17:04.0031 3316  C:\WINDOWS\system32\comdlg32.dll - ok
11:17:04.0031 3316  [ 1D604A51408D039E5692160C2DC44FF7 ] C:\WINDOWS\system32\odbc32.dll
11:17:04.0031 3316  C:\WINDOWS\system32\odbc32.dll - ok
11:17:04.0031 3316  [ 0E235315C8FF6D9C0198F1E74604A681 ] C:\WINDOWS\system32\shell32.dll
11:17:04.0031 3316  C:\WINDOWS\system32\shell32.dll - ok
11:17:04.0046 3316  [ E2A710E33C19E5E9C1ACBF5DF4156109 ] C:\WINDOWS\system32\shlwapi.dll
11:17:04.0046 3316  C:\WINDOWS\system32\shlwapi.dll - ok
11:17:04.0046 3316  [ A3336EBD2527F6EB214F4593DCF67F6C ] C:\WINDOWS\system32\sxs.dll
11:17:04.0046 3316  C:\WINDOWS\system32\sxs.dll - ok
11:17:04.0046 3316  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
11:17:04.0046 3316  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
11:17:04.0062 3316  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
11:17:04.0062 3316  C:\WINDOWS\system32\odbcint.dll - ok
11:17:04.0062 3316  [ 7D9DDE1AB4B00DDB173F5A16E9206517 ] C:\WINDOWS\system32\ole32.dll
11:17:04.0062 3316  C:\WINDOWS\system32\ole32.dll - ok
11:17:04.0062 3316  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
11:17:04.0062 3316  C:\WINDOWS\system32\sfc.dll - ok
11:17:04.0078 3316  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
11:17:04.0078 3316  C:\WINDOWS\system32\sfc_os.dll - ok
11:17:04.0078 3316  [ 888CD7B39C37E13A2419BECFAAF0A28C ] C:\WINDOWS\system32\shsvcs.dll
11:17:04.0078 3316  C:\WINDOWS\system32\shsvcs.dll - ok
11:17:04.0078 3316  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
11:17:04.0078 3316  C:\WINDOWS\system32\apphelp.dll - ok
11:17:04.0093 3316  [ C519E15665CD89A91AD383FCE3CB556A ] C:\WINDOWS\system32\services.exe
11:17:04.0093 3316  C:\WINDOWS\system32\services.exe - ok
11:17:04.0093 3316  [ 5C53AEAC3FD476088E7985C842B9B048 ] C:\WINDOWS\system32\lsasrv.dll
11:17:04.0093 3316  C:\WINDOWS\system32\lsasrv.dll - ok
11:17:04.0109 3316  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
11:17:04.0109 3316  C:\WINDOWS\system32\lsass.exe - ok
11:17:04.0109 3316  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
11:17:04.0109 3316  C:\WINDOWS\system32\mpr.dll - ok
11:17:04.0109 3316  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
11:17:04.0109 3316  C:\WINDOWS\system32\msvcp60.dll - ok
11:17:04.0125 3316  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
11:17:04.0125 3316  C:\WINDOWS\system32\ncobjapi.dll - ok
11:17:04.0125 3316  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
11:17:04.0125 3316  C:\WINDOWS\system32\scesrv.dll - ok
11:17:04.0125 3316  [ 774619D46B04F75614261F1BE274BA5D ] C:\WINDOWS\system32\umpnpmgr.dll
11:17:04.0125 3316  C:\WINDOWS\system32\umpnpmgr.dll - ok
11:17:04.0140 3316  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
11:17:04.0140 3316  C:\WINDOWS\AppPatch\AcAdProc.dll - ok
11:17:04.0140 3316  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
11:17:04.0140 3316  C:\WINDOWS\AppPatch\AcGenral.dll - ok
11:17:04.0140 3316  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
11:17:04.0140 3316  C:\WINDOWS\system32\cryptdll.dll - ok
11:17:04.0140 3316  [ 64AA11D53A4A84CDF43370D7036517C3 ] C:\WINDOWS\system32\dnsapi.dll
11:17:04.0140 3316  C:\WINDOWS\system32\dnsapi.dll - ok
11:17:04.0156 3316  [ 30FE5893927F94CBBC84C2BDD0765093 ] C:\WINDOWS\system32\ntdsapi.dll
11:17:04.0156 3316  C:\WINDOWS\system32\ntdsapi.dll - ok
11:17:04.0156 3316  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
11:17:04.0156 3316  C:\WINDOWS\system32\samlib.dll - ok
11:17:04.0156 3316  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
11:17:04.0156 3316  C:\WINDOWS\system32\samsrv.dll - ok
11:17:04.0171 3316  [ FE04792B53C9633AE1E6F86B2E9C1E5A ] C:\WINDOWS\system32\shimeng.dll
11:17:04.0171 3316  C:\WINDOWS\system32\shimeng.dll - ok
11:17:04.0171 3316  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
11:17:04.0171 3316  C:\WINDOWS\system32\wldap32.dll - ok
11:17:04.0171 3316  [ 68A2A86C78D46C6A79A6E93C340B1AE5 ] C:\WINDOWS\system32\winmm.dll
11:17:04.0187 3316  C:\WINDOWS\system32\winmm.dll - ok
11:17:04.0187 3316  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
11:17:04.0187 3316  C:\WINDOWS\system32\msacm32.dll - ok
11:17:04.0187 3316  [ 6874D2A757F06DC1D8B3C80A47755013 ] C:\WINDOWS\system32\oleaut32.dll
11:17:04.0187 3316  C:\WINDOWS\system32\oleaut32.dll - ok
11:17:04.0203 3316  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
11:17:04.0203 3316  C:\WINDOWS\system32\uxtheme.dll - ok
11:17:04.0203 3316  [ E73F18195CCF4AAAA87B2D22E83F791C ] C:\WINDOWS\system32\serwvdrv.dll
11:17:04.0203 3316  C:\WINDOWS\system32\serwvdrv.dll - ok
11:17:04.0203 3316  [ EC2AD9AC452E0A8D976FB1B1718517CE ] C:\WINDOWS\system32\umdmxfrm.dll
11:17:04.0203 3316  C:\WINDOWS\system32\umdmxfrm.dll - ok
11:17:04.0218 3316  [ 8E20D83D04076A3682706A2BE1BBA80E ] C:\WINDOWS\system32\credssp.dll
11:17:04.0218 3316  C:\WINDOWS\system32\credssp.dll - ok
11:17:04.0218 3316  [ 4260BDCD96976DA6F44E9CA8B2E029E5 ] C:\WINDOWS\system32\kerberos.dll
11:17:04.0218 3316  C:\WINDOWS\system32\kerberos.dll - ok
11:17:04.0218 3316  [ 30B7D847BA9075AA8E1122FB6AF3D1B5 ] C:\WINDOWS\system32\MSCTFIME.IME
11:17:04.0218 3316  C:\WINDOWS\system32\MSCTFIME.IME - ok
11:17:04.0234 3316  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
11:17:04.0234 3316  C:\WINDOWS\system32\msprivs.dll - ok
11:17:04.0234 3316  [ 2214E60599F431573E93646210022D88 ] C:\WINDOWS\system32\atmfd.dll
11:17:04.0234 3316  C:\WINDOWS\system32\atmfd.dll - ok
11:17:04.0234 3316  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
11:17:04.0234 3316  C:\WINDOWS\system32\iphlpapi.dll - ok
11:17:04.0250 3316  [ 1C59CE39DF670CA45E3962BDA56D22CD ] C:\WINDOWS\system32\msv1_0.dll
11:17:04.0250 3316  C:\WINDOWS\system32\msv1_0.dll - ok
11:17:04.0250 3316  [ 06CF9EEDB7E827205C6948C9DAF56974 ] C:\WINDOWS\system32\netlogon.dll
11:17:04.0250 3316  C:\WINDOWS\system32\netlogon.dll - ok
11:17:04.0250 3316  [ 26F1193092B9AC2586DEB38DD1CBB25C ] C:\WINDOWS\system32\schannel.dll
11:17:04.0250 3316  C:\WINDOWS\system32\schannel.dll - ok
11:17:04.0265 3316  [ 9F8A0D0CBB2FA265A754516128C00E22 ] C:\WINDOWS\system32\w32time.dll
11:17:04.0265 3316  C:\WINDOWS\system32\w32time.dll - ok
11:17:04.0265 3316  [ BAE413E34804DDD5C763B3BEC1005FCB ] C:\WINDOWS\system32\wdigest.dll
11:17:04.0265 3316  C:\WINDOWS\system32\wdigest.dll - ok
11:17:04.0281 3316  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
11:17:04.0281 3316  C:\WINDOWS\system32\rsaenh.dll - ok
11:17:04.0281 3316  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
11:17:04.0281 3316  C:\WINDOWS\system32\winscard.dll - ok
11:17:04.0281 3316  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
11:17:04.0281 3316  C:\WINDOWS\system32\wtsapi32.dll - ok
11:17:04.0296 3316  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
11:17:04.0296 3316  C:\WINDOWS\system32\scecli.dll - ok
11:17:04.0296 3316  [ A7F08A73F2668FCD2B51A66751FA7FF3 ] C:\Program Files\Emsisoft Anti-Malware\a2service.exe
11:17:04.0296 3316  C:\Program Files\Emsisoft Anti-Malware\a2service.exe - ok
11:17:04.0296 3316  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
11:17:04.0296 3316  C:\WINDOWS\system32\msimg32.dll - ok
11:17:04.0312 3316  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
11:17:04.0312 3316  C:\WINDOWS\system32\winspool.drv - ok
11:17:04.0312 3316  [ 08DC19A76EBC0DCC2563BFCBA7425854 ] C:\Program Files\Emsisoft Anti-Malware\a2engine.dll
11:17:04.0312 3316  C:\Program Files\Emsisoft Anti-Malware\a2engine.dll - ok
11:17:04.0312 3316  [ 1755023407FDE00D9916505A557569D5 ] C:\Program Files\Emsisoft Anti-Malware\bdcore.dll
11:17:04.0312 3316  C:\Program Files\Emsisoft Anti-Malware\bdcore.dll - ok
11:17:04.0328 3316  [ FCEE5FCB99F7C724593365C706D28388 ] C:\WINDOWS\system32\mswsock.dll
11:17:04.0328 3316  C:\WINDOWS\system32\mswsock.dll - ok
11:17:04.0328 3316  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
11:17:04.0328 3316  C:\WINDOWS\system32\wsock32.dll - ok
11:17:04.0328 3316  [ 496E8656BDA277EF2A7BBA3D948A4664 ] C:\Program Files\Emsisoft Anti-Malware\quarantine.dll
11:17:04.0343 3316  C:\Program Files\Emsisoft Anti-Malware\quarantine.dll - ok
11:17:04.0343 3316  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
11:17:04.0343 3316  C:\WINDOWS\system32\logonui.exe - ok
11:17:04.0343 3316  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
11:17:04.0343 3316  C:\WINDOWS\system32\duser.dll - ok
11:17:04.0359 3316  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
11:17:04.0359 3316  C:\WINDOWS\system32\oleacc.dll - ok
11:17:04.0359 3316  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
11:17:04.0359 3316  C:\WINDOWS\system32\clbcatq.dll - ok
11:17:04.0359 3316  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
11:17:04.0359 3316  C:\WINDOWS\system32\comres.dll - ok
11:17:04.0375 3316  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
11:17:04.0375 3316  C:\WINDOWS\system32\shgina.dll - ok
11:17:04.0375 3316  [ 5A72AD2C0DD3DC226F9407F582913E84 ] C:\Program Files\Emsisoft Anti-Malware\a2core32.dll
11:17:04.0375 3316  C:\Program Files\Emsisoft Anti-Malware\a2core32.dll - ok
11:17:04.0375 3316  [ EB38F568D21259B410D252A40B39366A ] C:\Program Files\Emsisoft Anti-Malware\a2dix86.dll
11:17:04.0375 3316  C:\Program Files\Emsisoft Anti-Malware\a2dix86.dll - ok
11:17:04.0390 3316  [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
11:17:04.0390 3316  C:\WINDOWS\system32\fltlib.dll - ok
11:17:04.0390 3316  [ 14140AA65B8AC9ED2ED38052FD3D5BB2 ] C:\Program Files\Emsisoft Anti-Malware\a2update.dll
11:17:04.0390 3316  C:\Program Files\Emsisoft Anti-Malware\a2update.dll - ok
11:17:04.0390 3316  [ E255B2CAB18194ABE1CFF3587A9365D9 ] C:\Program Files\Emsisoft Anti-Malware\a2acc.dll
11:17:04.0390 3316  C:\Program Files\Emsisoft Anti-Malware\a2acc.dll - ok
11:17:04.0406 3316  [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys
11:17:04.0406 3316  C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys - ok
11:17:04.0406 3316  [ F432EB8D1D84A565167107E2EF001473 ] C:\Program Files\Emsisoft Anti-Malware\a2wsc.dll
11:17:04.0406 3316  C:\Program Files\Emsisoft Anti-Malware\a2wsc.dll - ok
11:17:04.0406 3316  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
11:17:04.0406 3316  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
11:17:04.0421 3316  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
11:17:04.0421 3316  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
11:17:04.0421 3316  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
11:17:04.0421 3316  C:\WINDOWS\system32\ntmarta.dll - ok
11:17:04.0437 3316  [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] C:\WINDOWS\system32\nvsvc32.exe
11:17:04.0437 3316  C:\WINDOWS\system32\nvsvc32.exe - ok
11:17:04.0437 3316  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
11:17:04.0437 3316  C:\WINDOWS\system32\powrprof.dll - ok
11:17:04.0437 3316  [ 229EF72A47F7EF9233F3A52FA519E01B ] C:\WINDOWS\system32\nvcpl.dll
11:17:04.0437 3316  C:\WINDOWS\system32\nvcpl.dll - ok
11:17:04.0453 3316  [ 17BCAE6A90E918224AA4D3654F48DBD5 ] C:\WINDOWS\system32\nvrspt.dll
11:17:04.0453 3316  C:\WINDOWS\system32\nvrspt.dll - ok
11:17:04.0453 3316  [ 3DA3F03E76A6D9630C148EFE0FC74230 ] C:\WINDOWS\system32\nvapi.dll
11:17:04.0453 3316  C:\WINDOWS\system32\nvapi.dll - ok
11:17:04.0453 3316  [ 60B8EA7642CEFDBFB85CFAFBAE4BE816 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
11:17:04.0453 3316  C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
11:17:04.0468 3316  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
11:17:04.0468 3316  C:\WINDOWS\system32\svchost.exe - ok
11:17:04.0468 3316  [ 9222562D44021B988B9F9F62207FB6F2 ] C:\WINDOWS\system32\rpcss.dll
11:17:04.0468 3316  C:\WINDOWS\system32\rpcss.dll - ok
11:17:04.0468 3316  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
11:17:04.0468 3316  C:\WINDOWS\system32\xpsp2res.dll - ok
11:17:04.0484 3316  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
11:17:04.0484 3316  C:\WINDOWS\system32\eventlog.dll - ok
11:17:04.0484 3316  [ 0A878AA66E4DD3E2608192A1ECCD9F8F ] C:\WINDOWS\system32\hnetcfg.dll
11:17:04.0484 3316  C:\WINDOWS\system32\hnetcfg.dll - ok
11:17:04.0484 3316  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
11:17:04.0500 3316  C:\WINDOWS\system32\wshtcpip.dll - ok
11:17:04.0500 3316  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
11:17:04.0500 3316  C:\WINDOWS\system32\rasadhlp.dll - ok
11:17:04.0500 3316  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
11:17:04.0500 3316  C:\WINDOWS\system32\winrnr.dll - ok
11:17:04.0515 3316  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
11:17:04.0515 3316  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
11:17:04.0515 3316  [ E69BDCDA821E8BE9DE1BA1EF72F8C94D ] C:\WINDOWS\system32\cscdll.dll
11:17:04.0515 3316  C:\WINDOWS\system32\cscdll.dll - ok
11:17:04.0515 3316  [ C51DE19619D50CBD03708647ACA10E70 ] C:\WINDOWS\system32\dhcpcsvc.dll
11:17:04.0515 3316  C:\WINDOWS\system32\dhcpcsvc.dll - ok
11:17:04.0531 3316  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
11:17:04.0531 3316  C:\WINDOWS\system32\dimsntfy.dll - ok
11:17:04.0531 3316  [ 743D7D59767073A617B1DCC6C546F234 ] C:\WINDOWS\system32\drivers\rspndr.sys
11:17:04.0531 3316  C:\WINDOWS\system32\drivers\rspndr.sys - ok
11:17:04.0531 3316  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
11:17:04.0531 3316  C:\WINDOWS\system32\wlnotify.dll - ok
11:17:04.0546 3316  [ D977659AE4D8ECE5286D99D1ED34614D ] C:\WINDOWS\system32\dnsrslvr.dll
11:17:04.0546 3316  C:\WINDOWS\system32\dnsrslvr.dll - ok
11:17:04.0546 3316  [ 7AD83A294F5446608743F4E90CCFAC96 ] C:\WINDOWS\system32\atl.dll
11:17:04.0546 3316  C:\WINDOWS\system32\atl.dll - ok
11:17:04.0546 3316  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
11:17:04.0546 3316  C:\WINDOWS\system32\dot3api.dll - ok
11:17:04.0562 3316  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
11:17:04.0562 3316  C:\WINDOWS\system32\eapolqec.dll - ok
11:17:04.0562 3316  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
11:17:04.0562 3316  C:\WINDOWS\system32\lmhsvc.dll - ok
11:17:04.0562 3316  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
11:17:04.0562 3316  C:\WINDOWS\system32\qutil.dll - ok
11:17:04.0578 3316  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
11:17:04.0578 3316  C:\WINDOWS\system32\rtutils.dll - ok
11:17:04.0578 3316  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
11:17:04.0578 3316  C:\WINDOWS\system32\wmi.dll - ok
11:17:04.0578 3316  [ 349B8D2BB755E8C3B0E3E82A87663E55 ] C:\WINDOWS\system32\wzcsvc.dll
11:17:04.0578 3316  C:\WINDOWS\system32\wzcsvc.dll - ok
11:17:04.0593 3316  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
11:17:04.0593 3316  C:\WINDOWS\system32\esent.dll - ok
11:17:04.0593 3316  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
11:17:04.0593 3316  C:\WINDOWS\system32\cryptui.dll - ok
11:17:04.0609 3316  [ C84B060A6181A2E70DE0A77142DF975E ] C:\WINDOWS\system32\rastls.dll
11:17:04.0609 3316  C:\WINDOWS\system32\rastls.dll - ok
11:17:04.0609 3316  [ 3F13CAF18CC007DEB34824B4AC7E5D5C ] C:\WINDOWS\system32\iertutil.dll
11:17:04.0609 3316  C:\WINDOWS\system32\iertutil.dll - ok
11:17:04.0609 3316  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
11:17:04.0609 3316  C:\WINDOWS\system32\normaliz.dll - ok
11:17:04.0625 3316  [ D19839BB0C719B42BE43EED9AEAFE007 ] C:\WINDOWS\system32\urlmon.dll
11:17:04.0625 3316  C:\WINDOWS\system32\urlmon.dll - ok
11:17:04.0625 3316  [ BE30BEF4C13065D09772F9895FCB9D22 ] C:\WINDOWS\system32\wininet.dll
11:17:04.0625 3316  C:\WINDOWS\system32\wininet.dll - ok
11:17:04.0625 3316  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
11:17:04.0625 3316  C:\WINDOWS\system32\activeds.dll - ok
11:17:04.0640 3316  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
11:17:04.0640 3316  C:\WINDOWS\system32\adsldpc.dll - ok
11:17:04.0640 3316  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
11:17:04.0640 3316  C:\WINDOWS\system32\mprapi.dll - ok
11:17:04.0640 3316  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
11:17:04.0640 3316  C:\WINDOWS\system32\rasapi32.dll - ok
11:17:04.0640 3316  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
11:17:04.0640 3316  C:\WINDOWS\system32\rasman.dll - ok
11:17:04.0656 3316  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
11:17:04.0656 3316  C:\WINDOWS\system32\tapi32.dll - ok
11:17:04.0656 3316  [ 4D6C16BA8BEE975E7518DDD2B3C6C66D ] C:\WINDOWS\system32\riched20.dll
11:17:04.0656 3316  C:\WINDOWS\system32\riched20.dll - ok
11:17:04.0671 3316  [ AFFF5C71FB6D60F8A0486C5D5118C24D ] C:\WINDOWS\system32\raschap.dll
11:17:04.0671 3316  C:\WINDOWS\system32\raschap.dll - ok
11:17:04.0671 3316  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
11:17:04.0671 3316  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
11:17:04.0671 3316  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
11:17:04.0671 3316  C:\WINDOWS\system32\netman.dll - ok
11:17:04.0687 3316  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
11:17:04.0687 3316  C:\WINDOWS\system32\netshell.dll - ok
11:17:04.0687 3316  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
11:17:04.0687 3316  C:\WINDOWS\system32\vssapi.dll - ok
11:17:04.0687 3316  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
11:17:04.0687 3316  C:\WINDOWS\system32\credui.dll - ok
11:17:04.0703 3316  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
11:17:04.0703 3316  C:\WINDOWS\system32\cscui.dll - ok
11:17:04.0703 3316  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
11:17:04.0703 3316  C:\WINDOWS\system32\dot3dlg.dll - ok
11:17:04.0703 3316  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
11:17:04.0703 3316  C:\WINDOWS\system32\eappcfg.dll - ok
11:17:04.0718 3316  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
11:17:04.0718 3316  C:\WINDOWS\system32\eappprxy.dll - ok
11:17:04.0718 3316  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
11:17:04.0718 3316  C:\WINDOWS\system32\onex.dll - ok
11:17:04.0718 3316  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
11:17:04.0718 3316  C:\WINDOWS\system32\wzcsapi.dll - ok
11:17:04.0734 3316  [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
11:17:04.0734 3316  C:\WINDOWS\system32\dpcdll.dll - ok
11:17:04.0734 3316  [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] C:\WINDOWS\system32\es.dll
11:17:04.0734 3316  C:\WINDOWS\system32\es.dll - ok
11:17:04.0734 3316  [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] C:\WINDOWS\system32\ipnathlp.dll
11:17:04.0734 3316  C:\WINDOWS\system32\ipnathlp.dll - ok
11:17:04.0750 3316  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
11:17:04.0750 3316  C:\WINDOWS\system32\schedsvc.dll - ok
11:17:04.0750 3316  [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] C:\WINDOWS\system32\spoolsv.exe
11:17:04.0750 3316  C:\WINDOWS\system32\spoolsv.exe - ok
11:17:04.0750 3316  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
11:17:04.0750 3316  C:\WINDOWS\system32\msidle.dll - ok
11:17:04.0765 3316  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
11:17:04.0765 3316  C:\WINDOWS\system32\userinit.exe - ok
11:17:04.0765 3316  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
11:17:04.0765 3316  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
11:17:04.0765 3316  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
11:17:04.0765 3316  C:\WINDOWS\system32\audiosrv.dll - ok
11:17:04.0781 3316  [ FD526000A4DA0AE0ABE0A8DD970D0D65 ] C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
11:17:04.0781 3316  C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll - ok
11:17:04.0781 3316  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
11:17:04.0781 3316  C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
11:17:04.0796 3316  [ 2BB75B7F548D82A099125D0C5971DE7D ] C:\WINDOWS\explorer.exe
11:17:04.0796 3316  C:\WINDOWS\explorer.exe - ok
11:17:04.0796 3316  [ 8B28221C3D95B0477572F58AD6C7039C ] C:\WINDOWS\system32\msi.dll
11:17:04.0796 3316  C:\WINDOWS\system32\msi.dll - ok
11:17:04.0812 3316  [ C534D4D567E1B084AE2EEDB0B38C0ADE ] C:\WINDOWS\system32\browseui.dll
11:17:04.0812 3316  C:\WINDOWS\system32\browseui.dll - ok
11:17:04.0812 3316  [ 4AE9129EAFFE54A2C52909E5E3175483 ] C:\WINDOWS\system32\shdocvw.dll
11:17:04.0812 3316  C:\WINDOWS\system32\shdocvw.dll - ok
11:17:04.0812 3316  [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] C:\WINDOWS\system32\wkssvc.dll
11:17:04.0812 3316  C:\WINDOWS\system32\wkssvc.dll - ok
11:17:04.0828 3316  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
11:17:04.0828 3316  C:\WINDOWS\system32\desk.cpl - ok
11:17:04.0828 3316  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
11:17:04.0828 3316  C:\WINDOWS\system32\themeui.dll - ok
11:17:04.0828 3316  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
11:17:04.0828 3316  C:\WINDOWS\system32\dbghelp.dll - ok
11:17:04.0843 3316  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
11:17:04.0843 3316  C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
11:17:04.0843 3316  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
11:17:04.0843 3316  C:\WINDOWS\system32\mstask.dll - ok
11:17:04.0843 3316  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
11:17:04.0843 3316  C:\WINDOWS\system32\actxprxy.dll - ok
11:17:04.0859 3316  [ 3C8E0CB8C8B31483BFDE35B82855B600 ] C:\WINDOWS\system32\ieframe.dll
11:17:04.0859 3316  C:\WINDOWS\system32\ieframe.dll - ok
11:17:04.0859 3316  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
11:17:04.0859 3316  C:\WINDOWS\system32\cmd.exe - ok
11:17:04.0859 3316  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
11:17:04.0875 3316  C:\WINDOWS\system32\cryptnet.dll - ok
11:17:04.0875 3316  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
11:17:04.0875 3316  C:\WINDOWS\system32\sensapi.dll - ok
11:17:04.0875 3316  [ D0A8A9FAD0A3ECC77D545498651C79EB ] C:\WINDOWS\system32\winhttp.dll
11:17:04.0875 3316  C:\WINDOWS\system32\winhttp.dll - ok
11:17:04.0890 3316  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
11:17:04.0890 3316  C:\WINDOWS\system32\cabinet.dll - ok
11:17:04.0890 3316  [ D5FB8F0882BA6D21D5842C89AA72AC72 ] C:\WINDOWS\system32\certsentry.dll
11:17:04.0890 3316  C:\WINDOWS\system32\certsentry.dll - ok
11:17:04.0890 3316  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
11:17:04.0890 3316  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
11:17:04.0890 3316  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
11:17:04.0890 3316  C:\WINDOWS\system32\wdmaud.drv - ok
11:17:04.0906 3316  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
11:17:04.0906 3316  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
11:17:04.0906 3316  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
11:17:04.0906 3316  C:\WINDOWS\system32\drivers\splitter.sys - ok
11:17:04.0921 3316  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
11:17:04.0921 3316  C:\WINDOWS\system32\drivers\aec.sys - ok
11:17:04.0921 3316  [ 4FEFD389D71126EE581B9F9CB2918BE4 ] C:\WINDOWS\system32\drivers\mrxdav.sys
11:17:04.0921 3316  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
11:17:04.0921 3316  [ 703591CD1403BC19E7198CA7B314E132 ] C:\WINDOWS\system32\webclnt.dll
11:17:04.0921 3316  C:\WINDOWS\system32\webclnt.dll - ok
11:17:04.0937 3316  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
11:17:04.0937 3316  C:\WINDOWS\system32\drivers\parport.sys - ok
11:17:04.0937 3316  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
11:17:04.0937 3316  C:\WINDOWS\system32\qmgr.dll - ok
11:17:04.0937 3316  [ F8BCE77F950E5112D7087DCA2A2174D8 ] C:\Program Files\Comodo\Dragon\dragon_updater.exe
11:17:04.0937 3316  C:\Program Files\Comodo\Dragon\dragon_updater.exe - ok
11:17:04.0953 3316  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
11:17:04.0953 3316  C:\WINDOWS\system32\cryptsvc.dll - ok
11:17:04.0953 3316  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
11:17:04.0953 3316  C:\WINDOWS\system32\shfolder.dll - ok
11:17:04.0953 3316  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
11:17:04.0953 3316  C:\WINDOWS\system32\certcli.dll - ok
11:17:04.0968 3316  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
11:17:04.0968 3316  C:\WINDOWS\system32\dmserver.dll - ok
11:17:04.0968 3316  [ 4E1FE876CD8BB20B21D8A3DFBD62D4C3 ] C:\Program Files\Comodo\Dragon\distribution.dll
11:17:04.0968 3316  C:\Program Files\Comodo\Dragon\distribution.dll - ok
11:17:04.0984 3316  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
11:17:04.0984 3316  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
11:17:04.0984 3316  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
11:17:04.0984 3316  C:\WINDOWS\system32\ersvc.dll - ok
11:17:04.0984 3316  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
11:17:04.0984 3316  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
11:17:05.0000 3316  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
11:17:05.0000 3316  C:\WINDOWS\system32\hidserv.dll - ok
11:17:05.0000 3316  [ 72B53E9C8924949DEC8F3799BCBA2251 ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
11:17:05.0000 3316  C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok
11:17:05.0000 3316  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
11:17:05.0000 3316  C:\WINDOWS\system32\hid.dll - ok
11:17:05.0015 3316  [ 3A1E66A261DEA3187EF5DCC746CDE971 ] C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
11:17:05.0015 3316  C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll - ok
11:17:05.0015 3316  [ 10C0B399D136966199DE03FE0188920C ] C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_PTG.dll
11:17:05.0015 3316  C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_PTG.dll - ok
11:17:05.0031 3316  [ B591E761161D1EF547D76EF236EAA6A5 ] C:\Program Files\Java\jre7\bin\jqs.exe
11:17:05.0031 3316  C:\Program Files\Java\jre7\bin\jqs.exe - ok
11:17:05.0031 3316  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
11:17:05.0031 3316  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
11:17:05.0031 3316  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
11:17:05.0031 3316  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
11:17:05.0046 3316  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
11:17:05.0046 3316  C:\WINDOWS\system32\wbem\esscli.dll - ok
11:17:05.0046 3316  [ 600519339671DCFA3DD20216A19817BB ] C:\WINDOWS\system32\wbem\fastprox.dll
11:17:05.0046 3316  C:\WINDOWS\system32\wbem\fastprox.dll - ok
11:17:05.0046 3316  [ 054BD21220B8A99B7E8F32B2FBCBDFDB ] C:\WINDOWS\system32\pdh.dll
11:17:05.0046 3316  C:\WINDOWS\system32\pdh.dll - ok
11:17:05.0062 3316  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
11:17:05.0062 3316  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
11:17:05.0062 3316  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
11:17:05.0062 3316  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
11:17:05.0062 3316  [ 98786BE1ADF623D957105689510BC81D ] C:\WINDOWS\system32\odbcbcp.dll
11:17:05.0062 3316  C:\WINDOWS\system32\odbcbcp.dll - ok
11:17:05.0078 3316  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
11:17:05.0078 3316  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
11:17:05.0078 3316  [ 53710476495886D9961BE46983A6A33F ] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:17:05.0078 3316  C:\Program Files\Common Files\LightScribe\LSSrvc.exe - ok
11:17:05.0093 3316  [ 3695B8D03745B2F8022B161238347A9D ] C:\WINDOWS\system32\srvsvc.dll
11:17:05.0093 3316  C:\WINDOWS\system32\srvsvc.dll - ok
11:17:05.0093 3316  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
11:17:05.0093 3316  C:\WINDOWS\system32\netmsg.dll - ok
11:17:05.0093 3316  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
11:17:05.0093 3316  C:\WINDOWS\system32\perfos.dll - ok
11:17:05.0109 3316  [ F686D5839A3B0079D20D57FB7683880F ] C:\Program Files\Common Files\LightScribe\LSSProxy.dll
11:17:05.0109 3316  C:\Program Files\Common Files\LightScribe\LSSProxy.dll - ok
11:17:05.0109 3316  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
11:17:05.0109 3316  C:\WINDOWS\system32\perfdisk.dll - ok
11:17:05.0109 3316  [ C227B31C13D80CBE59742B0C858CC0FA ] C:\Program Files\Common Files\LightScribe\LSLog.dll
11:17:05.0109 3316  C:\Program Files\Common Files\LightScribe\LSLog.dll - ok
11:17:05.0125 3316  [ 9B390283569EA58D43D2586032B892F5 ] C:\WINDOWS\system32\drivers\srv.sys
11:17:05.0125 3316  C:\WINDOWS\system32\drivers\srv.sys - ok
11:17:05.0125 3316  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
11:17:05.0125 3316  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
11:17:05.0140 3316  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
11:17:05.0140 3316  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
11:17:05.0140 3316  [ A688715EE6D068140180BD16B9A95150 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
11:17:05.0140 3316  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
11:17:05.0140 3316  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
11:17:05.0140 3316  C:\WINDOWS\system32\wbem\wbemess.dll - ok
11:17:05.0156 3316  [ A1F734BDE374EDE1AE4A16EB8F0E254F ] C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID.pin
11:17:05.0156 3316  C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID.pin - ok
11:17:05.0156 3316  [ 4C3C30FA8DC2F16DD89759882935477E ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizM.dll
11:17:05.0156 3316  C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizM.dll - ok
11:17:05.0171 3316  [ FBF1C00F54579BB7A66EE497427E9885 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizD.dll
11:17:05.0171 3316  C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizD.dll - ok
11:17:05.0171 3316  [ A3B6CBB71BD7C54B8E7DC4EB2C4B7E21 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll
11:17:05.0171 3316  C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll - ok
11:17:05.0171 3316  [ 3D525A7AB3C01793A94DC89E9FFCF8C0 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll
11:17:05.0171 3316  C:\Program Files\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll - ok
11:17:05.0187 3316  [ A8590E33BCF59D4D75FCB940F95E7BBB ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizC.dll
11:17:05.0187 3316  C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizC.dll - ok
11:17:05.0187 3316  [ 623ECC167CE924D4B13D4791157446F1 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll
11:17:05.0187 3316  C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll - ok
11:17:05.0187 3316  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
11:17:05.0187 3316  C:\WINDOWS\system32\cfgmgr32.dll - ok
11:17:05.0203 3316  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
11:17:05.0203 3316  C:\WINDOWS\system32\ipsecsvc.dll - ok
11:17:05.0203 3316  [ 7EADBA6D371C60CCA9E4DB57C28C8045 ] C:\WINDOWS\system32\oakley.dll
11:17:05.0203 3316  C:\WINDOWS\system32\oakley.dll - ok
11:17:05.0218 3316  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
11:17:05.0218 3316  C:\WINDOWS\system32\regsvc.dll - ok
11:17:05.0218 3316  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
11:17:05.0218 3316  C:\WINDOWS\system32\seclogon.dll - ok
11:17:05.0218 3316  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
11:17:05.0218 3316  C:\WINDOWS\system32\sens.dll - ok
11:17:05.0234 3316  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
11:17:05.0234 3316  C:\WINDOWS\system32\srsvc.dll - ok
11:17:05.0234 3316  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
11:17:05.0234 3316  C:\WINDOWS\system32\wiaservc.dll - ok
11:17:05.0234 3316  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
11:17:05.0234 3316  C:\WINDOWS\system32\winipsec.dll - ok
11:17:05.0250 3316  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
11:17:05.0250 3316  C:\WINDOWS\system32\trkwks.dll - ok
11:17:05.0250 3316  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
11:17:05.0250 3316  C:\WINDOWS\system32\pstorsvc.dll - ok
11:17:05.0250 3316  [ 9C300A0CA0A6CBD50D22B3D725EDEA30 ] C:\WINDOWS\system32\psbase.dll
11:17:05.0250 3316  C:\WINDOWS\system32\psbase.dll - ok
11:17:05.0265 3316  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
11:17:05.0265 3316  C:\WINDOWS\system32\dssenh.dll - ok
11:17:05.0265 3316  [ DCB24800BF4616DC2DF5D38ED3EF4C27 ] C:\WINDOWS\system32\wuauserv.dll
11:17:05.0265 3316  C:\WINDOWS\system32\wuauserv.dll - ok
11:17:05.0265 3316  [ 7ED9AF3E29A3F6A22B7B039CDE5E7D32 ] C:\WINDOWS\system32\mscms.dll
11:17:05.0265 3316  C:\WINDOWS\system32\mscms.dll - ok
11:17:05.0281 3316  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
11:17:05.0281 3316  C:\WINDOWS\system32\wuaueng.dll - ok
11:17:05.0281 3316  [ 39DD0C97932CDFDCF006569E1A942728 ] C:\WINDOWS\system32\wiavusd.dll
11:17:05.0281 3316  C:\WINDOWS\system32\wiavusd.dll - ok
11:17:05.0281 3316  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
11:17:05.0281 3316  C:\WINDOWS\system32\spoolss.dll - ok
11:17:05.0296 3316  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
11:17:05.0296 3316  C:\WINDOWS\system32\mspatcha.dll - ok
11:17:05.0296 3316  [ 355C90CF387E6D7FF5CE8E221D85CB17 ] C:\WINDOWS\system32\localspl.dll
11:17:05.0296 3316  C:\WINDOWS\system32\localspl.dll - ok
11:17:05.0296 3316  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
11:17:05.0296 3316  C:\WINDOWS\system32\wscsvc.dll - ok
11:17:05.0312 3316  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
11:17:05.0312 3316  C:\WINDOWS\system32\cnbjmon.dll - ok
11:17:05.0312 3316  [ BB0C92B2C055D321E17D5CD28D0588F0 ] C:\WINDOWS\system32\ZLM1120.dll
11:17:05.0312 3316  C:\WINDOWS\system32\ZLM1120.dll - ok
11:17:05.0312 3316  [ FC6D1D80588D371F0321E15A75B2F8F2 ] C:\WINDOWS\system32\browser.dll
11:17:05.0312 3316  C:\WINDOWS\system32\browser.dll - ok
11:17:05.0328 3316  [ B4BF52A20BFF53B74D8E037AE9F119ED ] C:\WINDOWS\system32\hpf3l70v.dll
11:17:05.0328 3316  C:\WINDOWS\system32\hpf3l70v.dll - ok
11:17:05.0328 3316  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
11:17:05.0328 3316  C:\WINDOWS\system32\pjlmon.dll - ok
11:17:05.0328 3316  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
11:17:05.0328 3316  C:\WINDOWS\system32\tcpmon.dll - ok
11:17:05.0343 3316  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
11:17:05.0343 3316  C:\WINDOWS\system32\usbmon.dll - ok
11:17:05.0343 3316  [ 446853099F258D87DD20A13DB3CD6933 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
11:17:05.0343 3316  C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll - ok
11:17:05.0359 3316  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
11:17:05.0359 3316  C:\WINDOWS\system32\wups.dll - ok
11:17:05.0359 3316  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
11:17:05.0359 3316  C:\WINDOWS\system32\wups2.dll - ok
11:17:05.0359 3316  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
11:17:05.0359 3316  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
11:17:05.0375 3316  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
11:17:05.0375 3316  C:\WINDOWS\system32\wuapi.dll - ok
11:17:05.0375 3316  [ CDD90FA1AF84F483C37CA60FB56DE5D2 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\zimfprnt.dll
11:17:05.0375 3316  C:\WINDOWS\system32\spool\prtprocs\w32x86\zimfprnt.dll - ok
11:17:05.0375 3316  [ 0CC7DA54F5FED71160C3FC13E9F972FC ] C:\WINDOWS\system32\ZIMF.DLL
11:17:05.0375 3316  C:\WINDOWS\system32\ZIMF.DLL - ok
11:17:05.0390 3316  [ 26CB061D38512FE493EE8E7D4272A8B3 ] C:\WINDOWS\system32\ZTAG.dll
11:17:05.0390 3316  C:\WINDOWS\system32\ZTAG.dll - ok
11:17:05.0390 3316  [ 067239789BD7591F5EAA24DAB63D261A ] C:\WINDOWS\system32\ZSPOOL.dll
11:17:05.0390 3316  C:\WINDOWS\system32\ZSPOOL.dll - ok
11:17:05.0390 3316  [ 53CE541B4B1F2D227B0F1FA08915DC7A ] C:\WINDOWS\system32\win32spl.dll
11:17:05.0390 3316  C:\WINDOWS\system32\win32spl.dll - ok
11:17:05.0406 3316  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
11:17:05.0406 3316  C:\WINDOWS\system32\wuauclt.exe - ok
11:17:05.0406 3316  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
11:17:05.0406 3316  C:\WINDOWS\system32\netrap.dll - ok
11:17:05.0406 3316  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
11:17:05.0406 3316  C:\WINDOWS\system32\inetpp.dll - ok
11:17:05.0421 3316  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
11:17:05.0421 3316  C:\WINDOWS\system32\wbem\ncprov.dll - ok
11:17:05.0421 3316  [ 5128852A18AE46C387F87BF27DA4C9DD ] C:\WINDOWS\system32\termsrv.dll
11:17:05.0421 3316  C:\WINDOWS\system32\termsrv.dll - ok
11:17:05.0421 3316  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
11:17:05.0421 3316  C:\WINDOWS\system32\icaapi.dll - ok
11:17:05.0437 3316  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
11:17:05.0437 3316  C:\WINDOWS\system32\mstlsapi.dll - ok
11:17:05.0437 3316  [ E2B32B10ACC5D97623275AAFB67E5F03 ] C:\WINDOWS\system32\tapisrv.dll
11:17:05.0437 3316  C:\WINDOWS\system32\tapisrv.dll - ok
11:17:05.0453 3316  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
11:17:05.0453 3316  C:\WINDOWS\system32\rundll32.exe - ok
11:17:05.0453 3316  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
11:17:05.0453 3316  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
11:17:05.0453 3316  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
11:17:05.0453 3316  C:\WINDOWS\system32\comsvcs.dll - ok
11:17:05.0468 3316  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
11:17:05.0468 3316  C:\WINDOWS\system32\colbact.dll - ok
11:17:05.0468 3316  [ 46954876ED60FED39C10E527D56C8E19 ] C:\WINDOWS\system32\mtxclu.dll
11:17:05.0468 3316  C:\WINDOWS\system32\mtxclu.dll - ok
11:17:05.0468 3316  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
11:17:05.0468 3316  C:\WINDOWS\system32\clusapi.dll - ok
11:17:05.0484 3316  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
11:17:05.0484 3316  C:\WINDOWS\system32\resutils.dll - ok
11:17:05.0484 3316  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
11:17:05.0484 3316  C:\WINDOWS\system32\rasmans.dll - ok
11:17:05.0484 3316  [ A21C2A8E47D40FCC40A2B1573E666A53 ] C:\Program Files\Java\jre7\bin\awt.dll
11:17:05.0484 3316  C:\Program Files\Java\jre7\bin\awt.dll - ok
11:17:05.0500 3316  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
11:17:05.0500 3316  C:\WINDOWS\system32\netcfgx.dll - ok
11:17:05.0500 3316  [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\system32\wscntfy.exe
11:17:05.0500 3316  C:\WINDOWS\system32\wscntfy.exe - ok
11:17:05.0515 3316  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
11:17:05.0515 3316  C:\WINDOWS\system32\rastapi.dll - ok
11:17:05.0515 3316  [ 1E178FDBAD2FBF68032A808A9F4DEC4C ] C:\WINDOWS\system32\unimdm.tsp
11:17:05.0515 3316  C:\WINDOWS\system32\unimdm.tsp - ok
11:17:05.0515 3316  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
11:17:05.0515 3316  C:\WINDOWS\system32\alg.exe - ok
11:17:05.0531 3316  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
11:17:05.0531 3316  C:\WINDOWS\system32\uniplat.dll - ok
11:17:05.0531 3316  [ 966CD21542A62F9AB237D84C451CC137 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
11:17:05.0531 3316  C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
11:17:05.0531 3316  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
11:17:05.0531 3316  C:\WINDOWS\system32\kmddsp.tsp - ok
11:17:05.0546 3316  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
11:17:05.0546 3316  C:\WINDOWS\system32\ndptsp.tsp - ok
11:17:05.0546 3316  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
11:17:05.0546 3316  C:\WINDOWS\system32\ipconf.tsp - ok
11:17:05.0546 3316  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
11:17:05.0546 3316  C:\WINDOWS\system32\h323.tsp - ok
11:17:05.0562 3316  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
11:17:05.0562 3316  C:\WINDOWS\system32\hidphone.tsp - ok
11:17:05.0562 3316  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
11:17:05.0562 3316  C:\WINDOWS\system32\rasppp.dll - ok
11:17:05.0562 3316  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
11:17:05.0562 3316  C:\WINDOWS\system32\ntlsapi.dll - ok
11:17:05.0578 3316  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
11:17:05.0578 3316  C:\WINDOWS\system32\rasqec.dll - ok
11:17:05.0578 3316  [ 90760987BCCCF34D05EF6093EC278A96 ] C:\Program Files\Java\jre7\bin\dcpr.dll
11:17:05.0578 3316  C:\Program Files\Java\jre7\bin\dcpr.dll - ok
11:17:05.0578 3316  [ D2D31D7A394A70040FCAC5F54A130FBA ] C:\Program Files\Java\jre7\bin\deploy.dll
11:17:05.0578 3316  C:\Program Files\Java\jre7\bin\deploy.dll - ok
11:17:05.0593 3316  [ C09775FEB73BDF16BB87A509C5FF12AD ] C:\Program Files\Java\jre7\bin\fontmanager.dll
11:17:05.0593 3316  C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
11:17:05.0593 3316  [ B98F28229D292B99FF449FF3647F31BA ] C:\Program Files\Java\jre7\bin\java.dll
11:17:05.0593 3316  C:\Program Files\Java\jre7\bin\java.dll - ok
11:17:05.0609 3316  [ 23C84DBECF3BD95687623F23BCD66441 ] C:\Program Files\Java\jre7\bin\javaw.exe
11:17:05.0609 3316  C:\Program Files\Java\jre7\bin\javaw.exe - ok
11:17:05.0609 3316  [ 0384126B913AC2E090804C642302945E ] C:\Program Files\Java\jre7\bin\jp2native.dll
11:17:05.0609 3316  C:\Program Files\Java\jre7\bin\jp2native.dll - ok
11:17:05.0609 3316  [ CB91CCFA95601066772A004550B55A85 ] C:\Program Files\Java\jre7\bin\jpeg.dll
11:17:05.0609 3316  C:\Program Files\Java\jre7\bin\jpeg.dll - ok
11:17:05.0625 3316  [ 2E4A927544CDA0279501AA757FFFB538 ] C:\Program Files\Java\jre7\bin\net.dll
11:17:05.0625 3316  C:\Program Files\Java\jre7\bin\net.dll - ok
11:17:05.0625 3316  [ 805766A11E747A44C7C5FBD7F26E9001 ] C:\Program Files\Java\jre7\bin\nio.dll
11:17:05.0625 3316  C:\Program Files\Java\jre7\bin\nio.dll - ok
11:17:05.0640 3316  [ 2D168A9627CFCE9C5AC20A90E54D66D4 ] C:\Program Files\Java\jre7\bin\verify.dll
11:17:05.0640 3316  C:\Program Files\Java\jre7\bin\verify.dll - ok
11:17:05.0640 3316  [ 9D54D4A8C18081F398FEC0D839340542 ] C:\Program Files\Java\jre7\bin\zip.dll
11:17:05.0640 3316  C:\Program Files\Java\jre7\bin\zip.dll - ok
11:17:05.0640 3316  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\B9215366-EF04-4D0C-8EE7-7DC4836C06DF.exe
11:17:05.0640 3316  C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\B9215366-EF04-4D0C-8EE7-7DC4836C06DF.exe - ok
11:17:05.0656 3316  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
11:17:05.0656 3316  C:\WINDOWS\system32\msutb.dll - ok
11:17:05.0656 3316  [ F258CD340F6FCE21274F06A6A997C1CE ] C:\WINDOWS\system32\MSCTF.dll
11:17:05.0656 3316  C:\WINDOWS\system32\MSCTF.dll - ok
11:17:05.0656 3316  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
11:17:05.0656 3316  C:\WINDOWS\system32\linkinfo.dll - ok
11:17:05.0671 3316  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
11:17:05.0671 3316  C:\WINDOWS\system32\ntshrui.dll - ok
11:17:05.0671 3316  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
11:17:05.0671 3316  C:\WINDOWS\system32\verclsid.exe - ok
11:17:05.0671 3316  [ 165AE7A443F2139DD2C078AD87699F91 ] C:\PROGRA~1\MICROS~2\OFFICE11\MSOHEV.DLL
11:17:05.0671 3316  C:\PROGRA~1\MICROS~2\OFFICE11\MSOHEV.DLL - ok
11:17:05.0687 3316  [ E6476B55AB986A74AADF55700C4D466D ] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
11:17:05.0687 3316  C:\Program Files\Emsisoft Anti-Malware\a2guard.exe - ok
11:17:05.0687 3316  [ A38F52503DCBA40270643C7877FEC404 ] C:\Program Files\ProSecurity\Alarm.exe
11:17:05.0687 3316  C:\Program Files\ProSecurity\Alarm.exe - ok
11:17:05.0687 3316  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\30248508.sys
11:17:05.0687 3316  C:\WINDOWS\system32\drivers\30248508.sys - ok
11:17:05.0703 3316  [ 2851CC3412A9A1CB3C68B2F8BFB75AFD ] C:\Program Files\ProSecurity\RuleEditor.exe
11:17:05.0703 3316  C:\Program Files\ProSecurity\RuleEditor.exe - ok
11:17:05.0703 3316  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
11:17:05.0703 3316  C:\WINDOWS\system32\webcheck.dll - ok
11:17:05.0703 3316  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
11:17:05.0703 3316  C:\WINDOWS\system32\upnp.dll - ok
11:17:05.0703 3316  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
11:17:05.0703 3316  C:\WINDOWS\system32\ssdpapi.dll - ok
11:17:05.0718 3316  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
11:17:05.0718 3316  C:\WINDOWS\system32\mlang.dll - ok
11:17:05.0718 3316  [ 937031C085718C1C04A9C0864625EC6B ] C:\WINDOWS\system32\drivers\http.sys
11:17:05.0718 3316  C:\WINDOWS\system32\drivers\http.sys - ok
11:17:05.0718 3316  [ 71E3DB881623853E6F8D4F7AA3BD5E72 ] C:\Program Files\ProSecurity\DvIoCtrl.dll
11:17:05.0718 3316  C:\Program Files\ProSecurity\DvIoCtrl.dll - ok
11:17:05.0718 3316  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
11:17:05.0718 3316  C:\WINDOWS\system32\ssdpsrv.dll - ok
11:17:05.0734 3316  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
11:17:05.0734 3316  C:\WINDOWS\system32\stobject.dll - ok
11:17:05.0734 3316  [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
11:17:05.0734 3316  C:\WINDOWS\system32\ddraw.dll - ok
11:17:05.0734 3316  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
11:17:05.0734 3316  C:\WINDOWS\system32\batmeter.dll - ok
11:17:05.0750 3316  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
11:17:05.0750 3316  C:\WINDOWS\system32\imapi.exe - ok
11:17:05.0750 3316  [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
11:17:05.0750 3316  C:\WINDOWS\system32\dciman32.dll - ok
11:17:05.0765 3316  [ C5CE1443B0BCA5D2CF425C68C283E0ED ] C:\Program Files\Hp\HP UT\bin\hppusg.exe
11:17:05.0765 3316  C:\Program Files\Hp\HP UT\bin\hppusg.exe - ok
11:17:05.0765 3316  [ 21293443961A4E2597453EE7A9347F22 ] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
11:17:05.0765 3316  C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe - ok
11:17:05.0765 3316  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
11:17:05.0765 3316  C:\WINDOWS\system32\ctfmon.exe - ok
11:17:05.0765 3316  [ 6922BCC481136E0E3F141A2047689D29 ] C:\Program Files\Ares\Ares.exe
11:17:05.0765 3316  C:\Program Files\Ares\Ares.exe - ok
11:17:05.0781 3316  [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\SPTIP.dll
11:17:05.0781 3316  C:\WINDOWS\ime\SPTIP.dll - ok
11:17:05.0781 3316  [ 317C54DCAB9EE29CD4B9F55D197A90D1 ] C:\WINDOWS\system32\msisip.dll
11:17:05.0781 3316  C:\WINDOWS\system32\msisip.dll - ok
11:17:05.0781 3316  [ 128DD9AF8640DBCC711940903C8B554F ] C:\WINDOWS\system32\mscoree.dll
11:17:05.0781 3316  C:\WINDOWS\system32\mscoree.dll - ok
11:17:05.0796 3316  [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
11:17:05.0796 3316  C:\WINDOWS\system32\riched32.dll - ok
11:17:05.0796 3316  [ E55547EFD03559997B83F3E7159C40D5 ] C:\WINDOWS\system32\wshext.dll
11:17:05.0796 3316  C:\WINDOWS\system32\wshext.dll - ok
11:17:05.0796 3316  [ FB53A700132D9A97D1E10E9F80BD6174 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11:17:05.0812 3316  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
11:17:05.0812 3316  [ B9C876AF88A150D80882EFCF6299917E ] C:\WINDOWS\system32\quartz.dll
11:17:05.0812 3316  C:\WINDOWS\system32\quartz.dll - ok
11:17:05.0812 3316  [ ECF45E3FC8C63E44ED45D38A8672E7F1 ] C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
11:17:05.0812 3316  C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe - ok
11:17:05.0828 3316  [ 6DE5C66E434A9C1729575763D891C6C2 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
11:17:05.0828 3316  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll - ok
11:17:05.0828 3316  ============================================================
11:17:05.0828 3316  Scan finished
11:17:05.0828 3316  ============================================================
11:17:05.0937 3308  Detected object count: 6
11:17:05.0937 3308  Actual detected object count: 6
11:17:38.0500 3308  C:\WINDOWS\system32\drivers\Cdaudio.sys - copied to quarantine
11:17:38.0515 3308  HKLM\SYSTEM\ControlSet002\services\Cdaudio - will be deleted on reboot
11:17:38.0531 3308  HKLM\SYSTEM\ControlSet003\services\Cdaudio - will be deleted on reboot
11:17:38.0546 3308  HKLM\SYSTEM\ControlSet004\services\Cdaudio - will be deleted on reboot
11:17:38.0578 3308  C:\WINDOWS\system32\drivers\Cdaudio.sys - will be deleted on reboot
11:17:38.0578 3308  Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Delete 
11:17:38.0625 3308  C:\WINDOWS\system32\drivers\DMusic.sys - copied to quarantine
11:17:38.0625 3308  HKLM\SYSTEM\ControlSet002\services\DMusic - will be deleted on reboot
11:17:38.0625 3308  HKLM\SYSTEM\ControlSet003\services\DMusic - will be deleted on reboot
11:17:38.0625 3308  HKLM\SYSTEM\ControlSet004\services\DMusic - will be deleted on reboot
11:17:38.0625 3308  C:\WINDOWS\system32\drivers\DMusic.sys - will be deleted on reboot
11:17:38.0625 3308  DMusic ( UnsignedFile.Multi.Generic ) - User select action: Delete 
11:17:38.0656 3308  C:\WINDOWS\system32\drivers\Fdc.sys - copied to quarantine
11:17:38.0656 3308  HKLM\SYSTEM\ControlSet002\services\Fdc - will be deleted on reboot
11:17:38.0656 3308  HKLM\SYSTEM\ControlSet003\services\Fdc - will be deleted on reboot
11:17:38.0656 3308  HKLM\SYSTEM\ControlSet004\services\Fdc - will be deleted on reboot
11:17:38.0656 3308  C:\WINDOWS\system32\drivers\Fdc.sys - will be deleted on reboot
11:17:38.0656 3308  Fdc ( UnsignedFile.Multi.Generic ) - User select action: Delete 
11:17:38.0703 3308  C:\WINDOWS\system32\drivers\Flpydisk.sys - copied to quarantine
11:17:38.0703 3308  HKLM\SYSTEM\ControlSet002\services\Flpydisk - will be deleted on reboot
11:17:38.0703 3308  HKLM\SYSTEM\ControlSet003\services\Flpydisk - will be deleted on reboot
11:17:38.0703 3308  HKLM\SYSTEM\ControlSet004\services\Flpydisk - will be deleted on reboot
11:17:38.0718 3308  C:\WINDOWS\system32\drivers\Flpydisk.sys - will be deleted on reboot
11:17:38.0718 3308  Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Delete 
11:17:38.0734 3308  C:\WINDOWS\system32\drivers\Serial.sys - copied to quarantine
11:17:38.0734 3308  HKLM\SYSTEM\ControlSet002\services\Serial - will be deleted on reboot
11:17:38.0734 3308  HKLM\SYSTEM\ControlSet003\services\Serial - will be deleted on reboot
11:17:38.0734 3308  HKLM\SYSTEM\ControlSet004\services\Serial - will be deleted on reboot
11:17:38.0750 3308  C:\WINDOWS\system32\drivers\Serial.sys - will be deleted on reboot
11:17:38.0750 3308  Serial ( UnsignedFile.Multi.Generic ) - User select action: Delete 
11:17:38.0765 3308  C:\WINDOWS\system32\drivers\swmidi.sys - copied to quarantine
11:17:38.0765 3308  HKLM\SYSTEM\ControlSet002\services\swmidi - will be deleted on reboot
11:17:38.0765 3308  HKLM\SYSTEM\ControlSet003\services\swmidi - will be deleted on reboot
11:17:38.0765 3308  HKLM\SYSTEM\ControlSet004\services\swmidi - will be deleted on reboot
11:17:38.0765 3308  C:\WINDOWS\system32\drivers\swmidi.sys - will be deleted on reboot
11:17:38.0765 3308  swmidi ( UnsignedFile.Multi.Generic ) - User select action: Delete 
11:17:57.0781 2516  Deinitialize success
 


#13 cutthroat

cutthroat
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 28 March 2013 - 11:56 AM


OTL.txt log:
 
 

OTL logfile created on: 28-03-2013 15:52:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Carlos Silva\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,37% Memory free
3,85 Gb Paging File | 2,67 Gb Available in Paging File | 69,41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 10,78 Gb Free Space | 7,24% Space Free | Partition Type: NTFS
 
Computer Name: HP_PAVILION | User Name: Carlos Silva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-03-28 15:50:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlos Silva\Desktop\OTL.exe
PRC - [2013-03-26 00:20:37 | 003,089,856 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2013-03-26 00:20:33 | 003,363,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
PRC - [2013-03-12 11:08:06 | 002,074,768 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2013-03-12 11:08:06 | 001,788,048 | ---- | M] (Comodo) -- C:\Program Files\Comodo\Dragon\dragon.exe
PRC - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-12-14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-06-13 15:34:31 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-01-16 22:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013-03-12 11:08:06 | 002,074,768 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
MOD - [2013-03-12 11:08:06 | 001,155,728 | ---- | M] () -- C:\Program Files\Comodo\Dragon\ffmpegsumo.dll
MOD - [2013-03-12 11:08:06 | 000,742,544 | ---- | M] () -- C:\Program Files\Comodo\Dragon\libGLESv2.dll
MOD - [2013-03-12 11:08:06 | 000,136,336 | ---- | M] () -- C:\Program Files\Comodo\Dragon\libEGL.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013-03-26 00:20:37 | 003,089,856 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013-03-12 20:58:26 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-03-12 11:08:06 | 002,074,768 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2007-10-03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\rspsc32.sys -- (RSPHOOKANALYZER)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys -- (RapportIaso)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Qxg4rk0E)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\13C.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (k0wf4wx6)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (APHbx0iE)
DRV - [2013-03-26 00:20:50 | 000,022,056 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2013-03-26 00:20:50 | 000,014,432 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2013-03-25 15:51:57 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utexndg1.sys -- (utexndg1)
DRV - [2013-03-25 15:51:56 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ujexndg1.sys -- (ujexndg1)
DRV - [2013-03-25 13:42:49 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzexndg1.sys -- (uzexndg1)
DRV - [2012-12-14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-06-13 15:45:08 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2012-06-13 15:45:08 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2012-06-13 15:45:07 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iastor3.sys -- (iastor3)
DRV - [2012-04-30 17:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2012-04-30 17:45:00 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2011-01-25 18:54:04 | 006,321,768 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011-01-14 07:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010-10-07 05:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010-08-24 17:30:06 | 000,020,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2010-08-23 17:07:28 | 000,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2009-12-30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-06-26 03:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009-06-26 03:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009-06-26 03:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-07-11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-06-18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007-01-31 13:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007-01-18 12:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2007-01-16 22:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005-07-14 16:14:00 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yandsearch?clid=154468&text={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=154464
IE - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/persons/?clid=154468&charset=utf-8&keywords={searchTerms}&submitted=1
IE - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yandsearch?clid=154468&text={searchTerms}
IE - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-11-29 09:17:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013-03-06 03:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carlos Silva\Application Data\Mozilla\Extensions
[2012-11-29 09:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carlos Silva\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2012-11-29 09:16:02 | 000,000,000 | ---D | M] (ЯндекÑ.Бар) -- C:\Documents and Settings\Carlos Silva\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru
[2012-11-29 09:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-03-17 11:36:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-03-18 18:05:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-01-01 08:00:00 | 000,002,549 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mailru.xml
[2010-01-01 08:00:00 | 000,005,568 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
[2010-01-01 08:00:00 | 000,001,133 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\priceru.xml
[2010-01-01 08:00:00 | 000,001,304 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml
[2010-01-01 08:00:00 | 000,001,548 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
[2010-01-01 08:00:00 | 000,001,719 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yandex.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013-03-25 00:41:28 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SLastActive1 = 00 08 26 ED F0 1E CE 01  [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SFT1 = 00 08 26 ED F0 1E CE 01  [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 347
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D4DFF2-DA91-4C68-A528-0D4E74D2E88E}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-07-28 15:16:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-19..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-20..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1757981266-507921405-1644491937-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-19\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-20\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-03-28 15:50:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carlos Silva\Desktop\OTL.exe
[2013-03-28 01:16:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Carlos Silva\Desktop\aswMBR.exe
[2013-03-28 00:50:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\tdsskiller.exe
[2013-03-27 14:39:28 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\dds.scr
[2013-03-27 03:02:14 | 000,000,000 | ---D | C] -- C:\vbaactual
[2013-03-26 15:10:52 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2013-03-26 15:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2013-03-26 12:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Application Data\Malwarebytes
[2013-03-26 12:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-03-26 12:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013-03-26 12:53:19 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013-03-26 12:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-03-26 00:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2013-03-26 00:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2013-03-25 19:38:41 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2013-03-25 19:38:41 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2013-03-25 19:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
[2013-03-25 16:21:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013-03-25 16:19:44 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Carlos Silva\My Documents\mbam-setup-1.70.0.1100.exe
[2013-03-25 16:07:29 | 034,118,904 | ---- | C] (COMODO) -- C:\Documents and Settings\Carlos Silva\My Documents\DragonSetup.exe
[2013-03-25 15:51:56 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\ujexndg1.sys
[2013-03-25 13:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Desktop\avz4
[2013-03-25 13:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Desktop\BASE
[2013-03-25 12:55:50 | 000,000,000 | ---D | C] -- C:\VBA NORMAL
[2013-03-25 12:55:23 | 000,000,000 | ---D | C] -- C:\VBA BETA
[2013-03-25 12:54:36 | 000,000,000 | ---D | C] -- C:\VBABASES UPDATE
[2013-03-25 00:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2013-03-24 23:58:31 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2013-03-24 23:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2013-03-24 23:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2013-03-24 13:33:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013-03-24 13:11:56 | 005,043,597 | R--- | C] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\ingissa.exe
[2013-03-24 13:11:56 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\noebhsa.exe
[2013-03-23 03:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Nemesis Anti-Spyware
[2013-03-23 03:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nemesis Anti-Spyware
[2013-03-23 01:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Tizer™ Rootkit Razor
[2013-03-23 01:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tizer™ Rootkit Razor
[2013-03-23 01:20:20 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\ihu87g.exe
[2013-03-23 01:06:43 | 005,042,224 | R--- | C] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\irhgbw.exe
[2013-03-22 21:06:39 | 000,000,000 | ---D | C] -- C:\FRST
[2013-03-22 19:17:59 | 000,164,240 | ---- | C] (VirusBlokAda Ltd.) -- C:\WINDOWS\System32\drivers\k7thf2xz.sys
[2013-03-22 19:06:58 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\yhe6fga.exe
[2013-03-22 18:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\VS Revo Group
[2013-03-22 18:17:07 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013-03-22 18:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013-03-22 18:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013-03-22 18:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013-03-22 17:50:28 | 000,164,240 | ---- | C] (VirusBlokAda Ltd.) -- C:\WINDOWS\System32\drivers\9dxphn9c.sys
[2013-03-22 03:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Start Menu\Programs\Sophos
[2013-03-22 03:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013-03-22 03:41:54 | 085,525,104 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\Carlos Silva\Desktop\fhapshs43).exe
[2013-03-22 02:26:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013-03-22 02:26:14 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Carlos Silva\Desktop\JRT.exe
[2013-03-22 02:25:59 | 000,000,000 | ---D | C] -- C:\JRT
[2013-03-22 02:13:04 | 002,239,840 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\8hugu.exe
[2013-03-22 01:40:58 | 000,000,000 | ---D | C] -- C:\ifghww
[2013-03-22 01:37:19 | 005,042,493 | R--- | C] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\ifghww.exe
[2013-03-22 01:30:27 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Carlos Silva\Desktop\iExplore.exe
[2013-03-21 18:48:08 | 000,000,000 | ---D | C] -- C:\is0ehsfd
[2013-03-21 18:47:35 | 005,042,493 | R--- | C] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\is0ehsfd.exe
[2013-03-21 17:24:50 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serial.sys
[2013-03-21 15:52:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013-03-21 15:51:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013-03-21 15:51:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013-03-21 15:51:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013-03-21 15:51:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013-03-21 15:51:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-03-21 15:51:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carlos Silva\My Documents\My Videos
[2013-03-21 15:51:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carlos Silva\Start Menu\Programs\Administrative Tools
[2013-03-21 15:50:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013-03-21 15:50:40 | 005,042,493 | R--- | C] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\9rutwbhw.exe
[2013-03-21 11:43:53 | 000,000,000 | ---D | C] -- C:\avz4
[2013-03-21 11:12:41 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\ijfaph.exe
[2013-03-20 23:43:16 | 000,000,000 | ---D | C] -- C:\Backreg
[2013-03-20 21:56:47 | 000,164,240 | ---- | C] (VirusBlokAda Ltd.) -- C:\WINDOWS\System32\drivers\k7ilmvwc.sys
[2013-03-20 20:47:02 | 000,164,240 | ---- | C] (VirusBlokAda Ltd.) -- C:\WINDOWS\System32\drivers\x2o982xx.sys
[2013-03-20 20:25:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013-03-20 20:22:22 | 000,000,000 | ---D | C] -- C:\VBA32
[2013-03-20 19:37:13 | 000,000,000 | ---D | C] -- C:\bva
[2013-03-20 19:19:11 | 000,000,000 | ---D | C] -- C:\vba
[2013-03-20 15:54:23 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\iodhfa.exe
[2013-03-20 15:00:17 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\okwihbsdf.exe
[2013-03-20 14:50:22 | 000,114,688 | ---- | C] (InfoProcess Pty Ltd.) -- C:\WINDOWS\System32\LOGONMONITOR.DLL.del
[2013-03-19 13:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013-03-19 13:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-03-19 13:14:33 | 000,000,000 | ---D | C] -- C:\DefenseWallVC_Apps
[2013-03-19 12:53:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\euswnfso.exe
[2013-03-19 10:44:31 | 000,000,000 | ---D | C] -- C:\Radix
[2013-03-18 19:01:49 | 000,000,000 | ---D | C] -- C:\DefenseWallVC
[2013-03-18 04:45:33 | 000,000,000 | ---D | C] -- C:\Kernel Detective v1.3.1
[2013-03-17 16:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\Help
[2013-03-17 16:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Application Data\Help
[2013-03-17 03:05:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013-03-17 03:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013-03-17 03:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013-03-17 03:04:38 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2013-03-17 03:04:38 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2013-03-17 03:04:38 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2013-03-17 03:04:38 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2013-03-17 03:04:38 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2013-03-17 03:04:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2013-03-17 03:04:37 | 000,000,000 | ---D | C] -- C:\606fc27bf3b708e33d
[2013-03-16 20:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\My Documents\Minhas digitalizações
[2013-03-16 20:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\HP
[2013-03-16 20:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2013-03-16 20:04:46 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l70v.dll
[2013-03-16 20:04:45 | 000,452,408 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2013-03-16 20:04:13 | 000,712,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hposwia_d02c.dll
[2013-03-16 20:04:13 | 000,589,824 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpost_d02c.dll
[2013-03-16 20:04:13 | 000,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2013-03-16 20:04:13 | 000,315,392 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hposc_d02a.dll
[2013-03-16 20:04:13 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2013-03-16 19:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2013-03-16 19:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2013-03-16 19:57:09 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013-03-16 13:15:05 | 000,000,000 | ---D | C] -- C:\Minha pen de 16 GB
[2013-03-16 08:25:01 | 000,000,000 | ---D | C] -- C:\emsisoft
[2013-03-16 03:00:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2013-03-15 21:20:36 | 000,000,000 | ---D | C] -- C:\Pen azul 4 gb COPIA DOS FICHEIROS
[2013-03-15 17:36:34 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013-03-15 17:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2013-03-15 16:46:43 | 000,734,992 | ---- | C] (Greatis Software LLC.) -- C:\Documents and Settings\Carlos Silva\Desktop\TDLdetect.exe
[2013-03-15 09:39:25 | 000,106,496 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZSPOOL.dll
[2013-03-15 09:39:25 | 000,053,248 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG.dll
[2013-03-15 09:39:24 | 000,135,168 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZLM1120.dll
[2013-03-15 09:39:24 | 000,114,688 | ---- | C] (Marvell) -- C:\WINDOWS\System32\HPMCoSetup.dll
[2013-03-15 09:39:24 | 000,061,440 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZIMF.DLL
[2013-03-15 09:39:21 | 000,068,752 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltpdg15u.dll
[2013-03-15 09:39:21 | 000,024,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfbmp15u.dll
[2013-03-15 09:39:20 | 002,219,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltwvc15u.dll
[2013-03-15 09:39:20 | 001,711,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltclr15u.dll
[2013-03-15 09:39:20 | 001,035,408 | ---- | C] (The OpenSSL Project) -- C:\WINDOWS\System32\ltcry15u.dll
[2013-03-15 09:39:20 | 000,482,448 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn15u.dll
[2013-03-15 09:39:20 | 000,445,584 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimgsfx15u.dll
[2013-03-15 09:39:20 | 000,302,224 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimgcor15u.dll
[2013-03-15 09:39:20 | 000,261,264 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTDIS15u.dll
[2013-03-15 09:39:20 | 000,257,168 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltefx15u.dll
[2013-03-15 09:39:20 | 000,216,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimgefx15u.dll
[2013-03-15 09:39:20 | 000,212,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimgclr15u.dll
[2013-03-15 09:39:20 | 000,172,032 | ---- | C] (Marvell) -- C:\WINDOWS\System32\agmcrdrv.dll
[2013-03-15 09:39:20 | 000,150,672 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil15u.dll
[2013-03-15 09:39:20 | 000,117,904 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltimgutl15u.dll
[2013-03-15 09:39:20 | 000,105,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltpnt15u.dll
[2013-03-15 09:39:20 | 000,064,656 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTCON15u.dll
[2013-03-15 09:39:20 | 000,038,032 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimgopt15u.dll
[2013-03-15 09:39:19 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013-03-15 09:36:31 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2013-03-15 09:33:48 | 000,221,184 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\brprs.exe
[2013-03-15 09:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2013-03-15 09:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Application Data\HP
[2013-03-15 09:29:08 | 000,000,000 | ---D | C] -- C:\hp_LJ_M1120_Full_Solution
[2013-03-13 22:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013-03-13 17:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Application Data\vlc
[2013-03-13 17:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013-03-13 17:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013-03-13 15:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Desktop\Warrior
[2013-03-13 06:48:07 | 000,000,000 | ---D | C] -- C:\Regrun warrior
[2013-03-12 07:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2013-03-12 06:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\temp
[2013-03-12 02:12:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\ok9e8h2w.exe
[2013-03-11 15:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2013-03-11 03:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\MigWiz
[2013-03-11 03:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Desktop\log
[2013-03-11 03:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Desktop\TMRBLog
[2013-03-11 03:06:49 | 009,950,232 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Carlos Silva\Desktop\u857heo3.exe
[2013-03-11 03:04:10 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\yujia389fh).exe
[2013-03-08 18:43:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013-03-08 13:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks
[2013-03-08 13:34:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013-03-08 13:28:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\9igjr9wda.exe
[2013-03-07 09:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Desktop\My Shared Folder
[2013-03-07 09:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eMule
[2013-03-07 09:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2013-03-06 03:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\Mozilla
[2013-03-05 05:42:19 | 000,000,000 | ---D | C] -- C:\PEN EURO MOVIDA
[2013-03-04 20:30:26 | 008,790,920 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Carlos Silva\Desktop\HitmanPro (1).exe
[2013-03-04 10:09:46 | 000,000,000 | ---D | C] -- C:\PEN EUROAAA
[2013-03-04 08:02:31 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013-03-04 07:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013-03-04 07:34:14 | 000,027,232 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32XP.sys
[2013-03-04 07:34:14 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys
[2013-03-01 23:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2013-03-01 05:01:04 | 000,000,000 | ---D | C] -- C:\cce_linux
[2013-02-28 17:00:29 | 000,000,000 | ---D | C] -- C:\Megadatabase 2013
[2013-02-27 05:40:38 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2013-02-27 03:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Silva\Application Data\InfraRecorder
[2013-02-27 03:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InfraRecorder
[2013-02-27 03:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013-03-28 15:58:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-03-28 15:50:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlos Silva\Desktop\OTL.exe
[2013-03-28 15:25:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-28 01:33:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\MBR.dat
[2013-03-28 01:13:42 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Carlos Silva\Desktop\aswMBR.exe
[2013-03-28 01:04:15 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\RogueKiller.exe
[2013-03-28 00:59:06 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-28 00:47:47 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\tdsskiller.exe
[2013-03-27 14:39:13 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\dds.scr
[2013-03-27 00:45:51 | 000,002,779 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\attach.zip
[2013-03-26 15:10:52 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2013-03-26 12:53:22 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013-03-26 00:18:15 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013-03-26 00:18:15 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2013-03-25 20:42:29 | 000,441,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-03-25 20:42:29 | 000,071,816 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-03-25 16:23:35 | 001,233,816 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\My Documents\MalAware.exe
[2013-03-25 16:19:52 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Carlos Silva\My Documents\mbam-setup-1.70.0.1100.exe
[2013-03-25 16:08:58 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013-03-25 16:08:49 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013-03-25 16:08:10 | 034,118,904 | ---- | M] (COMODO) -- C:\Documents and Settings\Carlos Silva\My Documents\DragonSetup.exe
[2013-03-25 15:51:57 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utexndg1.sys
[2013-03-25 15:51:56 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\ujexndg1.sys
[2013-03-25 15:29:38 | 000,060,955 | ---- | M] () -- C:\bookmarks_3_25_13.html
[2013-03-25 13:42:49 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzexndg1.sys
[2013-03-25 13:35:38 | 007,469,468 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\avz4 (5).zip
[2013-03-25 13:15:41 | 008,608,641 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\avz4.zip
[2013-03-25 00:41:28 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013-03-24 23:58:32 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2013-03-24 13:11:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\noebhsa.exe
[2013-03-24 13:11:06 | 005,043,597 | R--- | M] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\ingissa.exe
[2013-03-24 11:45:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-03-23 01:26:47 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tizer™ Rootkit Razor.lnk
[2013-03-23 01:26:47 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Tizer™ Rootkit Razor.lnk
[2013-03-23 01:20:11 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\ihu87g.exe
[2013-03-23 01:06:20 | 005,042,224 | R--- | M] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\irhgbw.exe
[2013-03-23 00:10:58 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\SystemLook (2).exe
[2013-03-22 19:18:00 | 000,164,240 | ---- | M] (VirusBlokAda Ltd.) -- C:\WINDOWS\System32\drivers\k7thf2xz.sys
[2013-03-22 19:05:44 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\yhe6fga.exe
[2013-03-22 18:35:43 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-03-22 18:17:08 | 000,000,982 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013-03-22 18:17:08 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013-03-22 17:50:29 | 000,164,240 | ---- | M] (VirusBlokAda Ltd.) -- C:\WINDOWS\System32\drivers\9dxphn9c.sys
[2013-03-22 03:41:22 | 085,525,104 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\Carlos Silva\Desktop\fhapshs43).exe
[2013-03-22 02:12:26 | 002,239,840 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\8hugu.exe
[2013-03-22 01:40:35 | 005,042,493 | R--- | M] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\ifghww.exe
[2013-03-22 01:32:55 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\jsojf.exe
[2013-03-22 01:27:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\defogger_reenable
[2013-03-21 20:18:07 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Carlos Silva\Desktop\JRT.exe
[2013-03-21 19:20:00 | 000,890,798 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\SecurityCheck.exe
[2013-03-21 18:47:14 | 005,042,493 | R--- | M] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\is0ehsfd.exe
[2013-03-21 16:49:11 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\AdwCleaner.exe
[2013-03-21 16:48:26 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Carlos Silva\Desktop\iExplore.exe
[2013-03-21 15:53:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013-03-21 15:50:15 | 005,042,493 | R--- | M] (Swearware) -- C:\Documents and Settings\Carlos Silva\Desktop\9rutwbhw.exe
[2013-03-21 11:12:19 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\ijfaph.exe
[2013-03-20 23:41:07 | 000,000,514 | -H-- | M] () -- C:\regrun.war
[2013-03-20 21:56:47 | 000,164,240 | ---- | M] (VirusBlokAda Ltd.) -- C:\WINDOWS\System32\drivers\k7ilmvwc.sys
[2013-03-20 20:47:02 | 000,164,240 | ---- | M] (VirusBlokAda Ltd.) -- C:\WINDOWS\System32\drivers\x2o982xx.sys
[2013-03-20 14:59:36 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\okwihbsdf.exe
[2013-03-20 14:59:36 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\iodhfa.exe
[2013-03-19 13:15:24 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013-03-19 12:52:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\euswnfso.exe
[2013-03-19 11:03:35 | 000,000,457 | ---- | M] () -- C:\deletekeys.reg
[2013-03-19 00:05:33 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\ojteoh.lnk
[2013-03-18 19:01:48 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\ojosa.lnk
[2013-03-16 19:59:09 | 000,002,026 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Galeria de Fotos.lnk
[2013-03-16 10:00:55 | 000,002,711 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\Disney's Aladdin Chess Adventures.lnk
[2013-03-15 14:34:06 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-13 17:39:16 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013-03-12 20:58:23 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-03-12 20:58:23 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-03-12 07:52:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013-03-12 07:52:37 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2013-03-12 01:37:28 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\ok9e8h2w.exe
[2013-03-11 17:03:57 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\settings.dat
[2013-03-11 03:06:34 | 009,950,232 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Carlos Silva\Desktop\u857heo3.exe
[2013-03-11 03:02:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\yujia389fh).exe
[2013-03-08 13:53:08 | 001,642,041 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\requested-files[2013-03-08_13_53].cab
[2013-03-08 13:28:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlos Silva\Desktop\9igjr9wda.exe
[2013-03-07 09:01:57 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eMule.lnk
[2013-03-07 05:46:19 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Carlos Silva\Desktop\r9n49f30wnf.exe
[2013-03-05 04:33:00 | 000,256,904 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013-03-04 20:29:30 | 008,790,920 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Carlos Silva\Desktop\HitmanPro (1).exe
[2013-03-04 08:02:31 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013-03-01 23:20:23 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\JDownloader.lnk
[2013-03-01 23:05:11 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Carlos Silva\Desktop\µTorrent.lnk
[2013-03-01 02:31:49 | 006,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013-02-27 05:40:39 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2013-02-27 03:52:06 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013-03-28 01:33:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\MBR.dat
[2013-03-28 01:04:37 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\RogueKiller.exe
[2013-03-27 00:45:50 | 000,002,779 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\attach.zip
[2013-03-26 12:53:22 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013-03-26 00:18:15 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013-03-26 00:18:15 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2013-03-25 16:23:31 | 001,233,816 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\My Documents\MalAware.exe
[2013-03-25 16:08:58 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013-03-25 15:29:23 | 000,060,955 | ---- | C] () -- C:\bookmarks_3_25_13.html
[2013-03-25 13:49:56 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utexndg1.sys
[2013-03-25 13:42:49 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzexndg1.sys
[2013-03-25 13:40:26 | 008,608,641 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\avz4.zip
[2013-03-25 13:36:07 | 007,469,468 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\avz4 (5).zip
[2013-03-24 23:58:32 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2013-03-23 01:26:47 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tizer™ Rootkit Razor.lnk
[2013-03-23 01:26:47 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Tizer™ Rootkit Razor.lnk
[2013-03-23 00:11:10 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\SystemLook (2).exe
[2013-03-22 18:17:08 | 000,000,982 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013-03-22 18:17:08 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013-03-22 01:33:06 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\jsojf.exe
[2013-03-22 01:28:15 | 000,890,798 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\SecurityCheck.exe
[2013-03-22 01:27:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\defogger_reenable
[2013-03-22 01:21:44 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\AdwCleaner.exe
[2013-03-21 15:53:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013-03-21 15:52:58 | 000,261,920 | RHS- | C] () -- C:\cmldr
[2013-03-21 15:51:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013-03-21 15:51:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013-03-21 15:51:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013-03-21 15:51:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013-03-21 15:51:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013-03-19 13:15:24 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013-03-19 11:03:35 | 000,000,457 | ---- | C] () -- C:\deletekeys.reg
[2013-03-19 00:05:33 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\ojteoh.lnk
[2013-03-18 19:02:20 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\ojosa.lnk
[2013-03-16 19:59:09 | 000,002,026 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Galeria de Fotos.lnk
[2013-03-16 19:54:32 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat
[2013-03-15 09:39:25 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\ZSM1120.exe
[2013-03-15 09:39:25 | 000,004,324 | ---- | C] () -- C:\WINDOWS\M1120OS.htm
[2013-03-15 09:39:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2013-03-15 09:39:24 | 000,024,772 | ---- | C] () -- C:\WINDOWS\M1120DEF.css
[2013-03-15 09:39:24 | 000,009,731 | ---- | C] () -- C:\WINDOWS\M1120BTN.js
[2013-03-15 09:39:24 | 000,008,085 | ---- | C] () -- C:\WINDOWS\M1120GLB.js
[2013-03-15 09:39:24 | 000,002,944 | ---- | C] () -- C:\WINDOWS\M1120SIG.gif
[2013-03-13 17:39:16 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013-03-13 07:31:02 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\µTorrent.lnk
[2013-03-13 07:03:08 | 000,000,514 | -H-- | C] () -- C:\regrun.war
[2013-03-11 02:30:14 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\settings.dat
[2013-03-11 02:30:04 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Carlos Silva\Desktop\r9n49f30wnf.exe
[2013-03-08 13:53:08 | 001,642,041 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\requested-files[2013-03-08_13_53].cab
[2013-03-07 09:01:57 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eMule.lnk
[2013-03-01 23:20:23 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Desktop\JDownloader.lnk
[2013-03-01 23:20:19 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2013-03-01 23:20:18 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2013-03-01 23:20:18 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2013-02-27 18:52:42 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-02-27 03:52:06 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2013-02-22 18:48:40 | 000,357,337 | ---- | C] () -- C:\Program Files\EAM Trial Reset 1.1.exe
[2012-11-29 09:11:12 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-11-29 09:10:14 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-11-29 09:10:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-11-29 09:08:45 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012-11-29 09:07:34 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012-09-06 08:57:26 | 004,399,616 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2012-07-28 15:13:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012-07-02 19:28:06 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012-06-13 15:36:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-06-13 15:36:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
[2012-06-09 09:21:56 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
 
========== ZeroAccess Check ==========
 
[2012-11-26 06:18:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012-06-13 15:35:29 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-06-13 15:34:32 | 000,473,600 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013-03-04 08:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013-03-20 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegRun
[2012-11-29 06:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
[2013-03-22 18:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2012-11-29 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Silva\Application Data\ChessBase
[2013-02-22 18:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Silva\Application Data\EurekaLog
[2012-11-29 11:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Silva\Application Data\Foxit Software
[2013-02-27 04:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Silva\Application Data\InfraRecorder
[2012-11-29 09:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Silva\Application Data\Opera
[2013-03-15 09:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Silva\Application Data\uTorrent
[2012-11-29 06:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Silva\Application Data\VistaCodecs
[2013-03-20 20:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Silva\Application Data\Yandex
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
Extra.txt log:
 
 
OTL Extras logfile created on: 28-03-2013 15:52:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Carlos Silva\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,37% Memory free
3,85 Gb Paging File | 2,67 Gb Available in Paging File | 69,41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 10,78 Gb Free Space | 7,24% Space Free | Partition Type: NTFS
 
Computer Name: HP_PAVILION | User Name: Carlos Silva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = DragonHTML] -- C:\Program Files\Comodo\Dragon\dragon.exe (Comodo)
.url [@ = internetshortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1757981266-507921405-1644491937-1003\SOFTWARE\Classes\<extension>]
.html [@ = DragonHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"AntiSpywareDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
"C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\Hp\HP Software Update\HPWUCli.exe" = C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\Carlos Silva\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\Carlos Silva\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1204162A-1E08-4BB4-8F9C-D963D6375834}" = Scan To
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DACACEC-5F90-4CEF-AB6B-77E0AF71BF5C}" = hppusgM1120
"{3FD2223E-C8A2-48C4-AA81-0A0EC47B7860}" = ChessBase 9
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{54DF35BD-4A36-35DA-B029-A0C083C88614}" = Google Chrome
"{6255EA85-9BCB-4360-994C-CADADD783517}" = Tizer™ Rootkit Razor
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.2
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{942EEA05-E3B1-4183-95BC-F6504BE05E45}" = Deep Rybka 3
"{95120000-003F-0816-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}" = Skype™ 5.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE8A1CE1-EFBD-4ED9-9672-A50DB2D944E5}" = Deep Rybka 3
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D60F533D-0CBF-475F-8300-8B13799775D0}" = Foxit Reader
"{DF27BAF0-47DB-42A7-9B17-DFAC05050C91}" = Disney's Aladdin Chess Adventures
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVGantiRootkit" = AVG Anti-Rootkit Free
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Comodo Dragon" = Comodo Dragon
"eMule" = eMule
"HP LaserJet M1120 MFP" = HP LaserJet M1120 MFP Series
"InfraRecorder" = InfraRecorder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 ru)" = Mozilla Firefox 4.0 (x86 ru)
"Nemesis_usec" = Nemesis Anti-Spyware
"Opera 12.14.1738" = Opera 12.14
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinDjView" = WinDjView 1.0.3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 27-03-2013 3:20:43 | Computer Name = HP_PAVILION | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   iastor3
 
Error - 27-03-2013 9:35:17 | Computer Name = HP_PAVILION | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 27-03-2013 17:27:22 | Computer Name = HP_PAVILION | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   iastor3
 
Error - 27-03-2013 17:28:07 | Computer Name = HP_PAVILION | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the nvsvc service.
 
Error - 27-03-2013 17:28:07 | Computer Name = HP_PAVILION | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
 Service service to connect.
 
Error - 27-03-2013 17:28:08 | Computer Name = HP_PAVILION | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due 
to the following error:   %%1053
 
Error - 27-03-2013 17:28:08 | Computer Name = HP_PAVILION | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 27-03-2013 20:43:10 | Computer Name = HP_PAVILION | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 27-03-2013 20:52:41 | Computer Name = HP_PAVILION | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 27-03-2013 20:59:41 | Computer Name = HP_PAVILION | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
  It has done this 1 time(s).
 
 
< End of report >
 
 
 
 
 
 


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 PM

Posted 28 March 2013 - 02:34 PM

Greetings,

I have installed prevx previously but I don't think webroot it was included on prevx installation !?

It is the same company.

We have a bit to accomplish in this post. Please complete the following for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Setting Chrome Homepage

--------------------
  • Launch Chrome and navigate to the web site you would like to set as your homepage
  • Open a second tab, type chrome://settings, then press Enter
  • Under On startup click Open a specific page or set of pages
  • Click the Set pages link
  • Click Use current pages then click OK
  • Restart Chrome to verify the change
===================================================

Windows Repair (All in One)

--------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the icon and select Run
  • Continually click Next, then Finish
  • Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif

  • Go to Start Repairs tab and click Start button.

p22001166.gif

  • Please ensure that ONLY the following items are checked (they're all checked by default):

Reset Registry Permissions
Remove Policies Set By Infections
Remove Temp Files
Unhide Non System Files
Repair Windows Updates
Set Windows Services To Default Startup

  • Click on box next to the Restart System when Finished. Then click on Start
  • Your computer will reboot upon completion
  • Copy and paste the contents of the following log in your reply:

C:\Tweaking.com_Windows_Repair_Logs\_Windows_Repair_Log.txt

===================================================

Run OTL Fix

--------------------
  • Double click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\rspsc32.sys -- (RSPHOOKANALYZER)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys -- (RapportIaso)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Qxg4rk0E)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\13C.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (k0wf4wx6)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (APHbx0iE)
DRV - [2013-03-25 15:51:57 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utexndg1.sys -- (utexndg1)
DRV - [2013-03-25 15:51:56 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ujexndg1.sys -- (ujexndg1)
DRV - [2013-03-25 13:42:49 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzexndg1.sys -- (uzexndg1)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
[2013-03-20 20:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Silva\Application Data\Yandex
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Were you able to successfully change Chrome homepage?
  • Windows Repair Log
  • OTL log
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 cutthroat

cutthroat
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 28 March 2013 - 10:32 PM

 have installed prevx previously but I don't think webroot it was included on prevx installation !?

It is the same company.

 

Yes, I know It is the same company but the program is different and I think that just only prevx was installed before and not webroot.

I mean that prevx it's a program and webroot it's another completely different.

 

 

AdwCleaner log :

 

# AdwCleaner v2.115 - Logfile created 03/29/2013 at 00:07:55

# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Carlos Silva - HP_PAVILION
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Carlos Silva\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v4.0 (ru)
 
File : C:\Documents and Settings\Carlos Silva\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Documents and Settings\Carlos Silva\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
-\\ Opera v12.14.1738.0
 
File : C:\Documents and Settings\Carlos Silva\Application Data\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [1190 octets] - [22/03/2013 01:20:51]
AdwCleaner[R2].txt - [1294 octets] - [22/03/2013 01:21:50]
AdwCleaner[R3].txt - [1433 octets] - [25/03/2013 00:26:56]
AdwCleaner[R4].txt - [1553 octets] - [25/03/2013 00:31:14]
AdwCleaner[S1].txt - [365 octets] - [22/03/2013 01:21:32]
AdwCleaner[S2].txt - [1354 octets] - [22/03/2013 01:22:05]
AdwCleaner[S3].txt - [1493 octets] - [25/03/2013 00:28:11]
AdwCleaner[S4].txt - [1613 octets] - [25/03/2013 00:32:26]
AdwCleaner[S5].txt - [1526 octets] - [29/03/2013 00:07:55]
 
########## EOF - C:\AdwCleaner[S5].txt - [1586 octets] ##########
 
 
 

Junkware log :

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Microsoft Windows XP x86
Ran by Carlos Silva on 29-03-2013 at  0:45:06,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29-03-2013 at  0:54:53,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Were you able to successfully change Chrome homepage?
 
Answer: Yes, I was able to successfully change chrome homepage without any problems.
 
 
Windows Repair Log :
 
 
Starting Repairs...
   Start (29-03-2013 1:43:42)
 
Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (29-03-2013 1:43:42)
   Running Repair Under Current User Account
   Done (29-03-2013 1:43:45)
 
Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (29-03-2013 1:43:45)
   Running Repair Under System Account
   Done (29-03-2013 1:44:17)
 
Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (29-03-2013 1:44:17)
   Running Repair Under System Account
   Done (29-03-2013 1:44:39)
 
Remove Policies Set By Infections
   Start (29-03-2013 1:44:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (29-03-2013 1:44:43)
 
Remove Temp Files
   Start (29-03-2013 1:44:43)
   Running Repair Under System Account
The process cannot access the file because it is being used by another process.
C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\~DF6E0F.tmp - The process cannot access the file because it is being used by another process.
C:\WINDOWS\Temp\TM2DED~1\tmp00000000 - Access is denied.
   Done (29-03-2013 1:44:46)
 
Unhide Non System Files
   Start (29-03-2013 1:44:46)
   C:\ - Total Files Unhidden: 319
   Done (29-03-2013 1:47:23)
 
Repair Windows Updates
   Start (29-03-2013 1:47:23)
   Running Repair Under Current User Account
The BITS service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The system cannot find the file specified.
   Running Repair Under System Account
The BITS service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Automatic Updates service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The system cannot find the file specified.
   Done (29-03-2013 1:48:30)
 
Set Windows Services To Default Startup
   Start (29-03-2013 1:48:30)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (29-03-2013 1:48:51)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done (29-03-2013 1:48:51)
   Total Repair Time: 00:05:09
 
 
...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under System Account
 
 
OTL log :
 
 
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File system32\DRIVERS\UIUSYS.SYS not found.
Service RSPHOOKANALYZER stopped successfully!
Service RSPHOOKANALYZER deleted successfully!
File C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\rspsc32.sys not found.
Service RapportIaso stopped successfully!
Service RapportIaso deleted successfully!
File c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys not found.
Service Qxg4rk0E stopped successfully!
Service Qxg4rk0E deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Error: No service named Partizan was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Partizan deleted successfully.
File system32\drivers\Partizan.sys not found.
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File C:\WINDOWS\system32\13C.tmp not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service k0wf4wx6 stopped successfully!
Service k0wf4wx6 deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\catchme.sys not found.
Error: No service named aswMBR was found to stop!
Service\Driver key aswMBR not found.
File C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\aswMBR.sys not found.
Service APHbx0iE stopped successfully!
Service APHbx0iE deleted successfully!
Service utexndg1 stopped successfully!
Service utexndg1 deleted successfully!
C:\WINDOWS\system32\drivers\utexndg1.sys moved successfully.
Service ujexndg1 stopped successfully!
Service ujexndg1 deleted successfully!
C:\WINDOWS\system32\drivers\ujexndg1.sys moved successfully.
Error: Unable to stop service uzexndg1!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uzexndg1 deleted successfully.
C:\WINDOWS\system32\drivers\uzexndg1.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Documents and Settings\Carlos Silva\Application Data\Yandex\Punto Switcher\3.1 folder moved successfully.
C:\Documents and Settings\Carlos Silva\Application Data\Yandex\Punto Switcher folder moved successfully.
C:\Documents and Settings\Carlos Silva\Application Data\Yandex folder moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 03292013_015907
 
 
How is your computer running now?
 
Basically I don't notice any difference.
 
When I restart my computer I still have the following error:
 
Runtime error c:\program files\intel\intel matrix storage manager\iaantmon.exe - This application has requested the Runtime to terminate it in an unusual way.
 
When I open Internet Explorer I still have this homepage http://www.yandex.ru/.
 
 
I think there are a few problems to solve yet:

Radix now just have detected Hidden Registry entries, Patched modules and IAT hooks.
 
Hidden Registry entries:
 
Found hidden key:   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.
[.] Found hidden value: 
[REG_SZ] (Standard)
VLC ActiveX Plugin and IE Web Plugin 
[*] Found hidden key:   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.\CLSID
[.] Found hidden value: 
[REG_SZ] (Standard)
{E23FE9C6-778E-49D4-B537-38FCDE4887D8}
[*] Found hidden key:   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.
[.] Found hidden value: 
[REG_SZ] (Standard)
VLC ActiveX Plugin and IE Web Plugin 
[*] Found hidden key:   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.\CLSID
[.] Found hidden value: 
[REG_SZ] (Standard)
{9BE31822-FDAD-461B-AD51-BE1D1C159921}
 
 
Unable to open key: HKEY_USERS\S-1-5-21-1757981266-507921405-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\??????: The system cannot find the file specified.
 
Found hidden key:   HKEY_USERS\S-1-5-21-1757981266-507921405-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\7-Zip
 
[.] Found hidden value: 
[REG_BINARY] Order
08 00 00 00 02 00 00 00 18 01 00 00 01 00 00 00    
02 00 00 00 8E 00 00 00 00 00 00 00 80 00 00 00     Ž€
41 75 67 4D 02 00 00 00 01 00 00 00 6E 00 32 00     AugMn2
57 02 00 00 7D 41 26 4A 20 00 37 2D 5A 49 50 46     W}A&J 7-ZIPF
7E 31 2E 4C 4E 4B 00 00 44 00 03 00 04 00 EF BE     ~1.LNKDï¾
7D 41 26 4A 7D 42 6B 0E 14 00 00 00 37 00 2D 00     }A&J}Bk7-
5A 00 69 00 70 00 20 00 46 00 69 00 6C 00 65 00     Zip File
20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 72 00      Manager
2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00     .lnk
0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00     
ï¾
00 00 7E 00 00 00 01 00 00 00 70 00 00 00 41 75     ~pAu
67 4D 02 00 00 00 01 00 00 00 5E 00 32 00 5C 02     gM^2\
00 00 7D 41 26 4A 20 00 37 2D 5A 49 50 48 7E 31     }A&J 7-ZIPH~1
2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 7D 41     .LNK4ï¾}A
26 4A 7D 42 6B 0E 14 00 00 00 37 00 2D 00 5A 00     &J}Bk7-Z
69 00 70 00 20 00 48 00 65 00 6C 00 70 00 2E 00     ip Help.
6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00     lnk
 
EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00     ...............
 
 
Patched modules:  
 
System module c:\windows\system32\drivers\nv4_mini.sys was patched at B5B896C0
 
041 B542A000 0096F000 nv4_mini.sys     nv               YES YESThe code of nvDumpConfig at B5B896C0 (16) got patched. Here is the diff:
Address   New-Original
B5B896C0: 40 - 00  
B5B896C1: 62 - 00  
B5B896C2: 5D - 00  
B5B896C3: B5 - 00  
B5B896C4: FF - 00  
B5B896C5: FF - 00  
B5B896C6: FF - 00  
B5B896C7: FF - 00  
Disassembly old code:
B5B896C0: 0000         ADD BYTE PTR DS:[EAX],AL 
B5B896C2: 0000         ADD BYTE PTR DS:[EAX],AL 
B5B896C4: 0000         ADD BYTE PTR DS:[EAX],AL 
B5B896C6: 0000         ADD BYTE PTR DS:[EAX],AL 
 
Disassembly new code:
B5B896C0: 40           INC EAX 
B5B896C1: 625DB5       BOUND EBX,QWORD PTR SS:[EBP-4BH] 
B5B896C4: FFFF         ??? EDI ; Illegal Instruction
B5B896C6: FFFF         ??? EDI ; Illegal Instruction
 
 
System module c:\windows\system32\ntdll.dll was patched at 7C90D0AE
 
 
IAT hooks: 
 
C:\Program files\Comodo\Dragon\dragon.exe: kernel32.dll: dragon.exe : CreateNamedPipeW  --[HOOKED]-- @002D0010
 
C:\Program files\Comodo\Dragon\dragon.exe: kernel32.dll: RPCRT4.dll : CreateNamedPipeW  --[HOOKED]-- @002D0010
 
C:\Program files\Comodo\Dragon\dragon.exe: kernel32.dll: dragon.dll : CreateNamedPipeW  --[HOOKED]-- @002D0010





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users