Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe virus


  • This topic is locked This topic is locked
31 replies to this topic

#1 david93b

david93b

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 27 April 2013 - 03:58 PM

Hello I was redirected from the am I infected? What do I do? forum. Here is the link to the oringinal:

http://www.bleepingcomputer.com/forums/t/492824/iexploreexe-virus/

 

My name is David. I am brand new to this forum and first let me say thank you. It’s very generous for all the members and contributors to share their knowledge and expertise with lay people. This is a mark of excellence and I am very appreciative of this.

 

I have dealt with malware and viruses before, many of them actually, but this one has left me at the end of my rope and skill set, so I will need extra guidance.

 

My cpu usage is cycling between 2-100% even if it is idle. I have two iexplore.exe running in my task manage and one of them grows from under 100,000k mem usage to close to 500,000k if not more if I let the cpu run for a while.

 

I have a windows xp 2002 and I am using internet explorer 8. Unfortunatly I was desperate enough to use combo fix it and cc cleaner, but this was before I found your site and instructions.

 

Believe me, I am reading to follow whatever advice and guidelines that you provide to the T and I.

 

Thank you,

 

David

 

P.S. I think it might be worth noting that I cannot do a system restore, and when I ran malware bytes I removed a lot of infections. Also used Norton power eraser to fix registry errors. I am still quite certain that my CPU is still infected.

 

Here is the dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Compaq_Owner at 15:40:50 on 2013-04-27
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.703.158 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTTimer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uProxyServer = hxxp=122.0.66.102:8080
uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - <orphaned>
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {1827766B-9F49-4854-8034-F6EE26FCB1EC} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - c:\program files\speedbit video downloader\tbu18\tbcore3.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\tbu18\Grabber.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\tbu18\tbcore3.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\tbu18\tbcore3.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SMSERIAL] "sm56hlpr.exe"
mRun: [LSBWatcher] "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
mRun: [Media Codec Update Service] "c:\documents and settings\compaq_owner\desktop\essentials codec pack\WECPUpdate.exe" -s
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1327290035406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{57F62FC5-51AF-4079-918E-26916E8FFDD9} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\wtsfn219.default-1358031358448\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8555
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-2-22 545576]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-2-22 389928]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-6-22 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-6-22 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-6-22 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-6-22 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-6-22 25704]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-1-11 14424]
.
=============== File Associations ===============
.
ShellExec: pixillion.exe: Convert with Pixillion="c:\program files\nch software\pixillion\pixillion" "%L"
.
=============== Created Last 30 ================
.
2013-04-27 20:29:06 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-27 20:29:06 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-26 23:43:48 -------- d-----w- c:\documents and settings\compaq_owner\application data\Toolbar4
2013-04-26 23:17:05 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2013-04-26 23:17:05 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2013-04-26 22:53:04 98816 ----a-w- c:\windows\sed.exe
2013-04-26 22:53:04 256000 ----a-w- c:\windows\PEV.exe
2013-04-26 22:53:04 208896 ----a-w- c:\windows\MBR.exe
2013-04-26 22:47:55 -------- d-----w- c:\program files\CCleaner
2013-04-13 02:00:01 -------- d-----w- c:\program files\common files\SpeedBit
2013-04-13 01:59:57 90824 ----a-w- c:\windows\system32\EasyHook32.dll
2013-04-13 01:59:57 109256 ----a-w- c:\windows\system32\EasyHook64.dll
2013-04-10 03:08:26 -------- d-----w- C:\Jts
.
==================== Find3M  ====================
.
2013-04-27 20:28:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-27 20:28:40 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 20:46:28 40648 ----a-w- c:\windows\system32\drivers\hssdrv.sys
.
============= FINISH: 15:41:47.21 ===============
 

Attached File  attach.txt   18.11KB   1 downloads



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 PM

Posted 27 April 2013 - 04:11 PM


Hello david93b

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 david93b

david93b
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 27 April 2013 - 06:25 PM

Hello Gringo,

 

Thanks for taking the time out to help me and share all your knowledge and skills. It is extremely generous of you, and for that I thank you.

 

I followed your instructions step by step. The mem usage of the iexplore.exe is down to 110,000 k, the cpu usage is all down to cycling between 2 and 30%.

 

Here are the logs:

 

Security Check

 

 Results of screen317's Security Check version 0.99.63 
 Windows XP Service Pack 2 x86  
 Out of date service pack!!
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
`````````Anti-malware/Other Utilities Check:`````````
 Spy Sweeper Core  
 SUPERAntiSpyware    
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java 7 Update 21 
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 19.0.2 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

ADW Cleaner:

 

# AdwCleaner v2.202 - Logfile created 04/27/2013 at 18:01:20
# Updated 23/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Compaq_Owner - COMPAQ-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Speedbit
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\Speedbit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Program Files\SearchPredict
Folder Deleted : C:\Program Files\Speedbit Video Downloader
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\SBConvert
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209604
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SPEEDbit Video Downloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
Key Deleted : HKLM\Software\Orbit\OpenCandy
Key Deleted : HKLM\Software\SpeedBit
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wtsfn219.default-1358031358448\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [14292 octets] - [27/04/2013 18:01:20]

########## EOF - C:\AdwCleaner[S1].txt - [14353 octets] ##########

 

 

Rogue Killer (please note there was 2 logs but I am only posted the first one as instructed)

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Compaq_Owner [Admin rights]
Mode : Scan -- Date : 04/27/2013 18:08:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] sm56hlpr.exe -- C:\WINDOWS\sm56hlpr.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Media Codec Update Service ("C:\Documents and Settings\Compaq_Owner\Desktop\Essentials Codec Pack\WECPUpdate.exe" -s) [-] -> FOUND
[TASK][SUSP PATH] Compaq_Owner.job : C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe "C:\Documents and Settings\Compaq_Owner\Application Data\Nero\Nero BackItUp 5\Files\Compaq_Owner.nji" [-] -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=122.0.66.102:8080) -> FOUND
[PROXY FF] wtsfn219.default-1358031358448\ 127.0.0.1:8555 -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{9828fb19-c390-7462-5c4b-f4d546b13697}\@ [-] --> FOUND
[ZeroAccess][FILE] @ : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{9828fb19-c390-7462-5c4b-f4d546b13697}\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{9828fb19-c390-7462-5c4b-f4d546b13697}\U --> FOUND
[ZeroAccess][FOLDER] U : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{9828fb19-c390-7462-5c4b-f4d546b13697}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{9828fb19-c390-7462-5c4b-f4d546b13697}\L --> FOUND
[ZeroAccess][FOLDER] L : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{9828fb19-c390-7462-5c4b-f4d546b13697}\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[17] : NtAllocateVirtualMemory @ 0x80568024 -> HOOKED (Unknown @ 0x82B12A08)
SSDT[41] : NtCreateKey @ 0x8056EA01 -> HOOKED (Unknown @ 0x82BAB9C8)
SSDT[47] : NtCreateProcess @ 0x805B246F -> HOOKED (Unknown @ 0x82B12F30)
SSDT[48] : NtCreateProcessEx @ 0x805820F6 -> HOOKED (Unknown @ 0x82B12EB8)
SSDT[53] : NtCreateThread @ 0x8057C713 -> HOOKED (Unknown @ 0x82B12CD8)
SSDT[63] : NtDeleteKey @ 0x80594F21 -> HOOKED (Unknown @ 0x82BE42D8)
SSDT[65] : NtDeleteValueKey @ 0x8059295F -> HOOKED (Unknown @ 0x82B12FA8)
SSDT[180] : NtQueueApcThread @ 0x8058CDA6 -> HOOKED (Unknown @ 0x82B12A80)
SSDT[186] : NtReadVirtualMemory @ 0x8057A7AD -> HOOKED (Unknown @ 0x82B12918)
SSDT[192] : NtRenameKey @ 0x8064D48B -> HOOKED (Unknown @ 0x82BDF020)
SSDT[213] : NtSetContextThread @ 0x8062C7FB -> HOOKED (Unknown @ 0x82B12B70)
SSDT[226] : NtSetInformationKey @ 0x8064CBA6 -> HOOKED (Unknown @ 0x82B270A8)
SSDT[228] : NtSetInformationProcess @ 0x8056BFA7 -> HOOKED (Unknown @ 0x82B12DC8)
SSDT[229] : NtSetInformationThread @ 0x80574A0E -> HOOKED (Unknown @ 0x82B12BE8)
SSDT[247] : NtSetValueKey @ 0x80573EF5 -> HOOKED (Unknown @ 0x82B130A8)
SSDT[253] : NtSuspendProcess @ 0x8062E3DD -> HOOKED (Unknown @ 0x82B12D50)
SSDT[254] : NtSuspendThread @ 0x805DFB80 -> HOOKED (Unknown @ 0x82B12AF8)
SSDT[257] : NtTerminateProcess @ 0x805849B4 -> HOOKED (Unknown @ 0x82B12E40)
SSDT[258] : NtTerminateThread @ 0x8057BE2C -> HOOKED (Unknown @ 0x82B12C60)
SSDT[277] : NtWriteVirtualMemory @ 0x8057A8FF -> HOOKED (Unknown @ 0x82B12990)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDS728080PLAT20 +++++
--- User ---
[MBR] f3e142378bbad1a1656aec1ded95ba73
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 6142 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12579840 | Size: 70173 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04272013_02d1808.txt >>
RKreport[1]_S_04272013_02d1808.txt

 

 

 

Thank you for your help and time.



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 PM

Posted 27 April 2013 - 08:45 PM


Hello david93b

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 david93b

david93b
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 27 April 2013 - 10:56 PM

Thanks for sticking with, I appreciate it.

 

Here is the combo fix log:

 

ComboFix 13-04-27.04 - Compaq_Owner 04/27/2013  21:54:07.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.703.525 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-28 to 2013-04-28  )))))))))))))))))))))))))))))))
.
.
2013-04-28 03:19 . 2013-04-28 03:19 -------- d-----w- C:\66f047f89cc08c6eefb0ee0507cc13
2013-04-27 20:29 . 2013-04-27 20:28 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-27 20:29 . 2013-04-27 20:28 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-27 20:27 . 2013-04-27 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-04-26 23:17 . 2004-08-04 19:00 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2013-04-26 23:17 . 2004-08-04 19:00 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2013-04-26 22:47 . 2013-04-26 22:47 -------- d-----w- c:\program files\CCleaner
2013-04-13 01:59 . 2013-04-13 01:58 90824 ----a-w- c:\windows\system32\EasyHook32.dll
2013-04-13 01:59 . 2013-04-13 01:58 109256 ----a-w- c:\windows\system32\EasyHook64.dll
2013-04-10 03:08 . 2013-04-10 19:11 -------- d-----w- C:\Jts
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-27 20:28 . 2003-04-11 05:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-27 20:28 . 2010-05-11 21:10 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-04 19:50 . 2010-02-01 20:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 20:46 . 2010-01-08 23:42 40648 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2013-03-12 03:29 . 2013-03-12 03:28 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-07 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2009-09-01 1086760]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2/22/2013 8:36 PM 545576]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2/22/2013 8:33 PM 389928]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [6/22/2010 7:44 PM 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [6/22/2010 7:45 PM 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [6/22/2010 7:45 PM 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [6/22/2010 7:45 PM 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [6/22/2010 7:45 PM 25704]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [1/11/2010 12:17 PM 14424]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Settings,ProxyServer = http=122.0.66.102:8080
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wtsfn219.default-1358031358448\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8555
FF - prefs.js: network.proxy.type - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-27 22:20
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1240)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2013-04-27  22:29:10
ComboFix-quarantined-files.txt  2013-04-28 03:29
ComboFix2.txt  2013-04-26 23:27
.
Pre-Run: 3,190,263,808 bytes free
Post-Run: 3,227,566,080 bytes free
.
- - End Of File - - DF3554CB4D74DB31B62279DE63AC3E90
 

I didn't have any problems downloading or running combo fix.

 

Before at around 6 pm when I ran rogue killer and adwcleaner my cpu was running much better. I still had two iexplore.exe with one using 110,000k and the other 7,000k mem usage.

 

After a few hours the cpu became very slow again with one iexplore.exe using over 560,000 k in mem usage.

 

After combo fix, I still have two iexplore.exe with one using 170,000k and growing!



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 PM

Posted 27 April 2013 - 11:16 PM



Hello david93b


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 david93b

david93b
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 28 April 2013 - 12:31 AM

Here is tdsskiller

 

23:26:09.0468 0876  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:26:10.0109 0876  ============================================================
23:26:10.0109 0876  Current date / time: 2013/04/27 23:26:10.0109
23:26:10.0109 0876  SystemInfo:
23:26:10.0109 0876 
23:26:10.0109 0876  OS Version: 5.1.2600 ServicePack: 2.0
23:26:10.0109 0876  Product type: Workstation
23:26:10.0109 0876  ComputerName: COMPAQ-PC
23:26:10.0125 0876  UserName: Compaq_Owner
23:26:10.0125 0876  Windows directory: C:\WINDOWS
23:26:10.0125 0876  System windows directory: C:\WINDOWS
23:26:10.0125 0876  Processor architecture: Intel x86
23:26:10.0125 0876  Number of processors: 1
23:26:10.0125 0876  Page size: 0x1000
23:26:10.0125 0876  Boot type: Normal boot
23:26:10.0125 0876  ============================================================
23:26:18.0718 0876  BG loaded
23:26:25.0453 0876  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
23:26:25.0703 0876  ============================================================
23:26:25.0765 0876  \Device\Harddisk0\DR0:
23:26:26.0375 0876  MBR partitions:
23:26:26.0375 0876  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xBFF3C1
23:26:26.0375 0876  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBFF400, BlocksNum 0x890ED10
23:26:26.0375 0876  ============================================================
23:26:27.0578 0876  C: <-> \Device\Harddisk0\DR0\Partition2
23:26:27.0687 0876  D: <-> \Device\Harddisk0\DR0\Partition1
23:26:28.0765 0876  ============================================================
23:26:28.0765 0876  Initialize success
23:26:28.0765 0876  ============================================================
23:28:46.0500 3764  ============================================================
23:28:46.0500 3764  Scan started
23:28:46.0500 3764  Mode: Manual; SigCheck; TDLFS;
23:28:46.0500 3764  ============================================================
23:28:46.0984 3764  ================ Scan system memory ========================
23:28:46.0984 3764  System memory - ok
23:28:46.0984 3764  ================ Scan services =============================
23:28:47.0312 3764  Abiosdsk - ok
23:28:47.0328 3764  abp480n5 - ok
23:28:47.0406 3764  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:28:52.0781 3764  ACPI - ok
23:28:52.0828 3764  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
23:28:53.0109 3764  ACPIEC - ok
23:28:53.0125 3764  adpu160m - ok
23:28:53.0203 3764  [ 1EE7B434BA961EF845DE136224C30FEC ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:28:53.0859 3764  aec - ok
23:28:53.0906 3764  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:28:53.0937 3764  AFD - ok
23:28:53.0953 3764  Aha154x - ok
23:28:53.0968 3764  aic78u2 - ok
23:28:53.0984 3764  aic78xx - ok
23:28:54.0140 3764  [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:28:54.0281 3764  ALCXWDM - ok
23:28:54.0328 3764  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:28:54.0562 3764  Alerter - ok
23:28:54.0593 3764  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe
23:28:54.0703 3764  ALG - ok
23:28:54.0718 3764  AliIde - ok
23:28:54.0781 3764  [ 680AD1C1BB16239E28D8F33A54A7A3C7 ] AmdK7           C:\WINDOWS\system32\DRIVERS\amdk7.sys
23:28:55.0015 3764  AmdK7 - ok
23:28:55.0031 3764  amsint - ok
23:28:55.0046 3764  AppMgmt - ok
23:28:55.0078 3764  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:28:55.0328 3764  Arp1394 - ok
23:28:55.0328 3764  asc - ok
23:28:55.0359 3764  asc3350p - ok
23:28:55.0375 3764  asc3550 - ok
23:28:55.0593 3764  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:28:55.0593 3764  aspnet_state - ok
23:28:55.0671 3764  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:28:55.0937 3764  AsyncMac - ok
23:28:55.0984 3764  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:28:56.0250 3764  atapi - ok
23:28:56.0265 3764  Atdisk - ok
23:28:56.0296 3764  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:28:56.0546 3764  Atmarpc - ok
23:28:56.0625 3764  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:28:56.0859 3764  AudioSrv - ok
23:28:56.0890 3764  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:28:57.0125 3764  audstub - ok
23:28:57.0140 3764  avipbb - ok
23:28:57.0218 3764  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:28:57.0453 3764  Beep - ok
23:28:57.0546 3764  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll
23:28:58.0000 3764  BITS - ok
23:28:58.0078 3764  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll
23:28:58.0328 3764  Browser - ok
23:28:58.0500 3764  [ 3014CA345E8AD68587BABFB162DDDEC5 ] Capture Device Service C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
23:28:58.0515 3764  Capture Device Service ( UnsignedFile.Multi.Generic ) - warning
23:28:58.0515 3764  Capture Device Service - detected UnsignedFile.Multi.Generic (1)
23:28:58.0734 3764  catchme - ok
23:28:58.0781 3764  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:28:59.0031 3764  cbidf2k - ok
23:28:59.0046 3764  cd20xrnt - ok
23:28:59.0078 3764  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:28:59.0343 3764  Cdaudio - ok
23:28:59.0359 3764  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:28:59.0593 3764  Cdfs - ok
23:28:59.0656 3764  [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:29:00.0390 3764  Cdrom - ok
23:29:00.0406 3764  Changer - ok
23:29:00.0484 3764  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:29:00.0734 3764  CiSvc - ok
23:29:00.0781 3764  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:29:01.0031 3764  ClipSrv - ok
23:29:01.0093 3764  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:29:01.0109 3764  clr_optimization_v2.0.50727_32 - ok
23:29:01.0140 3764  CmdIde - ok
23:29:01.0156 3764  COMSysApp - ok
23:29:01.0187 3764  Cpqarray - ok
23:29:01.0265 3764  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:29:01.0500 3764  CryptSvc - ok
23:29:01.0500 3764  dac2w2k - ok
23:29:01.0531 3764  dac960nt - ok
23:29:01.0687 3764  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:29:01.0875 3764  DcomLaunch - ok
23:29:01.0953 3764  [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:29:02.0703 3764  Dhcp - ok
23:29:02.0765 3764  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:29:03.0015 3764  Disk - ok
23:29:03.0031 3764  dmadmin - ok
23:29:03.0093 3764  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:29:03.0375 3764  dmboot - ok
23:29:03.0453 3764  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:29:03.0687 3764  dmio - ok
23:29:03.0734 3764  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:29:03.0937 3764  dmload - ok
23:29:03.0984 3764  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:29:04.0234 3764  dmserver - ok
23:29:04.0312 3764  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:29:04.0531 3764  DMusic - ok
23:29:04.0609 3764  [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:29:05.0390 3764  Dnscache - ok
23:29:05.0421 3764  dpti2o - ok
23:29:05.0453 3764  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:29:05.0671 3764  drmkaud - ok
23:29:05.0718 3764  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:29:05.0953 3764  ERSvc - ok
23:29:06.0046 3764  [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog        C:\WINDOWS\system32\services.exe
23:29:06.0125 3764  Eventlog - ok
23:29:06.0218 3764  [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem     C:\WINDOWS\system32\es.dll
23:29:06.0250 3764  EventSystem - ok
23:29:06.0312 3764  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:29:06.0546 3764  Fastfat - ok
23:29:06.0562 3764  [ 1E580770BDECE924494B368AC980749E ] fasttx2k        C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
23:29:06.0656 3764  fasttx2k - ok
23:29:06.0718 3764  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:29:07.0562 3764  FastUserSwitchingCompatibility - ok
23:29:07.0609 3764  [ FCBD571FA0EE8DC238944AE5FAB74461 ] Fax             C:\WINDOWS\system32\fxssvc.exe
23:29:07.0828 3764  Fax - ok
23:29:07.0859 3764  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:29:08.0109 3764  Fdc - ok
23:29:08.0171 3764  [ CFC4CC73C903152A23E1DB28EABA1F03 ] FETND5BV        C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
23:29:08.0218 3764  FETND5BV - ok
23:29:08.0265 3764  [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS         C:\WINDOWS\system32\DRIVERS\fetnd5.sys
23:29:08.0468 3764  FETNDIS - ok
23:29:08.0500 3764  [ B7186B33B6CF3A23841015531E6E7D68 ] FETNDISB        C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
23:29:08.0515 3764  FETNDISB - ok
23:29:08.0609 3764  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:29:08.0859 3764  Fips - ok
23:29:08.0890 3764  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:29:09.0078 3764  Flpydisk - ok
23:29:09.0156 3764  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:29:10.0000 3764  FltMgr - ok
23:29:10.0109 3764  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:29:10.0125 3764  FontCache3.0.0.0 - ok
23:29:10.0140 3764  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:29:10.0359 3764  Fs_Rec - ok
23:29:10.0437 3764  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:29:10.0671 3764  Ftdisk - ok
23:29:10.0718 3764  [ 2FB04DB459C71F416EE8B05448CA4AC3 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:29:10.0718 3764  GEARAspiWDM - ok
23:29:10.0750 3764  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:29:10.0937 3764  Gpc - ok
23:29:11.0093 3764  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:29:11.0312 3764  helpsvc - ok
23:29:11.0328 3764  HidServ - ok
23:29:11.0406 3764  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:29:11.0593 3764  HidUsb - ok
23:29:11.0609 3764  hpn - ok
23:29:11.0796 3764  [ CCFA6A6925E4544A8167B753C7DDE345 ] hshld           C:\Program Files\Hotspot Shield\bin\openvpnas.exe
23:29:11.0828 3764  hshld - ok
23:29:11.0875 3764  [ 55FDBB52BD26E6A135D1158C5AD8BB1C ] HssDrv          C:\WINDOWS\system32\DRIVERS\HssDrv.sys
23:29:12.0140 3764  HssDrv - ok
23:29:12.0281 3764  [ 7321BCA90DD53CC46EFDF1D4D44964E1 ] HssSrv          C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
23:29:12.0312 3764  HssSrv - ok
23:29:12.0375 3764  [ 01BEF3BF1C5262B76981D430E430E89B ] HssTrayService  C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
23:29:12.0390 3764  HssTrayService - ok
23:29:12.0453 3764  [ 2E1DF960A48BDE321881823ABBB2E1C7 ] HssWd           C:\Program Files\Hotspot Shield\bin\hsswd.exe
23:29:12.0484 3764  HssWd - ok
23:29:12.0546 3764  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:29:12.0625 3764  HTTP - ok
23:29:12.0671 3764  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:29:12.0937 3764  HTTPFilter - ok
23:29:12.0953 3764  i2omgmt - ok
23:29:12.0984 3764  i2omp - ok
23:29:13.0046 3764  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:29:13.0234 3764  i8042prt - ok
23:29:13.0328 3764  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:29:13.0343 3764  IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:29:13.0343 3764  IDriverT - detected UnsignedFile.Multi.Generic (1)
23:29:13.0437 3764  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:29:13.0500 3764  idsvc - ok
23:29:13.0531 3764  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:29:13.0734 3764  Imapi - ok
23:29:13.0796 3764  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:29:13.0984 3764  ImapiService - ok
23:29:14.0015 3764  ini910u - ok
23:29:14.0062 3764  [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
23:29:14.0250 3764  IntelIde - ok
23:29:14.0296 3764  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:29:14.0515 3764  intelppm - ok
23:29:14.0578 3764  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:29:14.0812 3764  Ip6Fw - ok
23:29:14.0859 3764  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:29:15.0046 3764  IpFilterDriver - ok
23:29:15.0062 3764  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:29:15.0265 3764  IpInIp - ok
23:29:15.0328 3764  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:29:16.0203 3764  IpNat - ok
23:29:16.0296 3764  [ 6D1DD86EA58AD1B2F57301042D819436 ] iPodService     C:\Program Files\iPod\bin\iPodService.exe
23:29:16.0375 3764  iPodService ( UnsignedFile.Multi.Generic ) - warning
23:29:16.0375 3764  iPodService - detected UnsignedFile.Multi.Generic (1)
23:29:16.0437 3764  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:29:16.0640 3764  IPSec - ok
23:29:16.0687 3764  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:29:16.0812 3764  IRENUM - ok
23:29:16.0843 3764  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:29:17.0046 3764  isapnp - ok
23:29:17.0281 3764  [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:29:17.0296 3764  JavaQuickStarterService - ok
23:29:17.0328 3764  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:29:17.0531 3764  Kbdclass - ok
23:29:17.0625 3764  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:29:18.0578 3764  kmixer - ok
23:29:18.0625 3764  [ 674D3E5A593475915DC6643317192403 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:29:18.0718 3764  KSecDD - ok
23:29:18.0796 3764  [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
23:29:19.0765 3764  lanmanserver - ok
23:29:19.0812 3764  [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:29:19.0906 3764  lanmanworkstation - ok
23:29:19.0937 3764  lbrtfdc - ok
23:29:20.0046 3764  [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:29:20.0062 3764  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:29:20.0062 3764  LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:29:20.0140 3764  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:29:20.0328 3764  LmHosts - ok
23:29:20.0453 3764  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:29:20.0468 3764  MDM - ok
23:29:20.0531 3764  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:29:20.0734 3764  Messenger - ok
23:29:20.0796 3764  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:29:20.0968 3764  mnmdd - ok
23:29:21.0031 3764  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
23:29:21.0265 3764  mnmsrvc - ok
23:29:21.0328 3764  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:29:21.0531 3764  Modem - ok
23:29:21.0593 3764  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:29:21.0781 3764  MODEMCSA - ok
23:29:21.0812 3764  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:29:21.0984 3764  Mouclass - ok
23:29:22.0046 3764  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:29:22.0218 3764  mouhid - ok
23:29:22.0265 3764  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:29:22.0453 3764  MountMgr - ok
23:29:22.0546 3764  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:29:22.0562 3764  MozillaMaintenance - ok
23:29:22.0578 3764  mraid35x - ok
23:29:22.0656 3764  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:29:23.0734 3764  MRxDAV - ok
23:29:23.0812 3764  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:29:23.0890 3764  MRxSmb - ok
23:29:23.0937 3764  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:29:24.0109 3764  MSDTC - ok
23:29:24.0140 3764  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:29:24.0328 3764  Msfs - ok
23:29:24.0343 3764  MSIServer - ok
23:29:24.0375 3764  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:29:24.0562 3764  MSKSSRV - ok
23:29:24.0609 3764  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:29:24.0812 3764  MSPCLOCK - ok
23:29:24.0875 3764  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:29:25.0062 3764  MSPQM - ok
23:29:25.0078 3764  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:29:25.0281 3764  mssmbios - ok
23:29:25.0296 3764  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:29:25.0484 3764  Mup - ok
23:29:25.0515 3764  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:29:25.0718 3764  NDIS - ok
23:29:25.0718 3764  NDISRD - ok
23:29:25.0781 3764  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:29:25.0968 3764  NdisTapi - ok
23:29:25.0984 3764  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:29:26.0171 3764  Ndisuio - ok
23:29:26.0218 3764  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:29:26.0406 3764  NdisWan - ok
23:29:26.0437 3764  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:29:26.0609 3764  NDProxy - ok
23:29:26.0765 3764  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
23:29:26.0812 3764  Nero BackItUp Scheduler 4.0 - ok
23:29:26.0828 3764  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:29:27.0015 3764  NetBIOS - ok
23:29:27.0093 3764  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:29:27.0296 3764  NetBT - ok
23:29:27.0359 3764  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:29:27.0531 3764  NetDDE - ok
23:29:27.0562 3764  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:29:27.0734 3764  NetDDEdsdm - ok
23:29:27.0781 3764  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:29:27.0968 3764  Netlogon - ok
23:29:28.0046 3764  [ 36739B39267914BA69AD0610A0299732 ] Netman          C:\WINDOWS\System32\netman.dll
23:29:29.0093 3764  Netman - ok
23:29:29.0140 3764  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:29:29.0156 3764  NetTcpPortSharing - ok
23:29:29.0187 3764  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:29:29.0375 3764  NIC1394 - ok
23:29:29.0437 3764  [ 097722F235A1FB698BF9234E01B52637 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:29:29.0531 3764  Nla - ok
23:29:29.0593 3764  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:29:29.0765 3764  Npfs - ok
23:29:29.0843 3764  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:29:30.0843 3764  Ntfs - ok
23:29:30.0875 3764  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:29:31.0046 3764  NtLmSsp - ok
23:29:31.0125 3764  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:29:31.0375 3764  NtmsSvc - ok
23:29:31.0406 3764  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:29:31.0562 3764  Null - ok
23:29:31.0625 3764  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:29:31.0796 3764  NwlnkFlt - ok
23:29:31.0812 3764  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:29:31.0984 3764  NwlnkFwd - ok
23:29:32.0015 3764  [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:29:32.0218 3764  ohci1394 - ok
23:29:32.0265 3764  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:29:32.0281 3764  ose - ok
23:29:32.0359 3764  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:29:32.0562 3764  Parport - ok
23:29:32.0609 3764  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:29:32.0781 3764  PartMgr - ok
23:29:32.0843 3764  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:29:33.0031 3764  ParVdm - ok
23:29:33.0156 3764  [ 65FB0C4AA30D84849E0E4C97CB5501CE ] pbfilter        C:\Program Files\PeerBlock\pbfilter.sys
23:29:33.0156 3764  pbfilter - ok
23:29:33.0187 3764  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:29:33.0375 3764  PCI - ok
23:29:33.0390 3764  PCIDump - ok
23:29:33.0421 3764  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:29:33.0578 3764  PCIIde - ok
23:29:33.0625 3764  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
23:29:33.0812 3764  Pcmcia - ok
23:29:33.0828 3764  PDCOMP - ok
23:29:33.0843 3764  PDFRAME - ok
23:29:33.0859 3764  PDRELI - ok
23:29:33.0875 3764  PDRFRAME - ok
23:29:33.0890 3764  perc2 - ok
23:29:33.0921 3764  perc2hib - ok
23:29:34.0015 3764  [ E406A33046228BD89F0C2DB5C172F19C ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
23:29:34.0031 3764  PLFlash DeviceIoControl Service - ok
23:29:34.0046 3764  [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay        C:\WINDOWS\system32\services.exe
23:29:34.0140 3764  PlugPlay - ok
23:29:34.0171 3764  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:29:34.0328 3764  PolicyAgent - ok
23:29:34.0390 3764  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:29:34.0562 3764  PptpMiniport - ok
23:29:34.0578 3764  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:29:34.0750 3764  ProtectedStorage - ok
23:29:34.0765 3764  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:29:34.0968 3764  PSched - ok
23:29:34.0984 3764  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:29:35.0156 3764  Ptilink - ok
23:29:35.0171 3764  ql1080 - ok
23:29:35.0203 3764  Ql10wnt - ok
23:29:35.0218 3764  ql12160 - ok
23:29:35.0234 3764  ql1240 - ok
23:29:35.0265 3764  ql1280 - ok
23:29:35.0281 3764  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:29:35.0453 3764  RasAcd - ok
23:29:35.0515 3764  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:29:35.0718 3764  RasAuto - ok
23:29:35.0765 3764  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:29:35.0937 3764  Rasl2tp - ok
23:29:36.0015 3764  [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:29:37.0078 3764  RasMan - ok
23:29:37.0093 3764  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:29:37.0296 3764  RasPppoe - ok
23:29:37.0343 3764  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:29:37.0500 3764  Raspti - ok
23:29:37.0578 3764  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:29:38.0671 3764  Rdbss - ok
23:29:38.0718 3764  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:29:38.0890 3764  RDPCDD - ok
23:29:38.0984 3764  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:29:39.0937 3764  RDPWD - ok
23:29:40.0015 3764  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:29:40.0187 3764  RDSessMgr - ok
23:29:40.0250 3764  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:29:40.0437 3764  redbook - ok
23:29:40.0484 3764  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:29:40.0687 3764  RemoteAccess - ok
23:29:40.0765 3764  RoxLiveShare9 - ok
23:29:40.0828 3764  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:29:41.0015 3764  RpcLocator - ok
23:29:41.0046 3764  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
23:29:41.0187 3764  RpcSs - ok
23:29:41.0265 3764  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:29:41.0453 3764  RSVP - ok
23:29:41.0515 3764  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:29:41.0703 3764  rtl8139 - ok
23:29:41.0718 3764  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:29:41.0890 3764  SamSs - ok
23:29:42.0015 3764  [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:29:42.0015 3764  SASDIFSV - ok
23:29:42.0078 3764  [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:29:42.0078 3764  SASKUTIL - ok
23:29:42.0156 3764  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:29:42.0328 3764  SCardSvr - ok
23:29:42.0390 3764  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:29:42.0578 3764  Schedule - ok
23:29:42.0687 3764  [ CA7E42E0B8D117165ED553A7D681352A ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:29:42.0703 3764  SeaPort - ok
23:29:42.0765 3764  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:29:43.0734 3764  Secdrv - ok
23:29:43.0812 3764  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:29:44.0000 3764  seclogon - ok
23:29:44.0015 3764  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll
23:29:44.0187 3764  SENS - ok
23:29:44.0265 3764  [ A2D868AEEFF612E70E213C451A70CAFB ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:29:44.0437 3764  Serenum - ok
23:29:44.0468 3764  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:29:44.0656 3764  Serial - ok
23:29:44.0703 3764  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:29:44.0875 3764  Sfloppy - ok
23:29:44.0953 3764  [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:29:45.0171 3764  SharedAccess - ok
23:29:45.0203 3764  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:29:46.0265 3764  ShellHWDetection - ok
23:29:46.0265 3764  Simbad - ok
23:29:46.0359 3764  [ 0C81C75A42A4E920A91A8BB729B10449 ] smserial        C:\WINDOWS\system32\DRIVERS\smserial.sys
23:29:46.0437 3764  smserial - ok
23:29:46.0453 3764  Sparrow - ok
23:29:46.0500 3764  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:29:47.0562 3764  splitter - ok
23:29:47.0687 3764  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:29:48.0875 3764  Spooler - ok
23:29:48.0906 3764  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:29:49.0093 3764  sr - ok
23:29:49.0203 3764  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
23:29:49.0296 3764  srservice - ok
23:29:49.0359 3764  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:29:49.0437 3764  Srv - ok
23:29:49.0484 3764  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:29:49.0593 3764  SSDPSRV - ok
23:29:49.0640 3764  [ A3CC244F1E043C2B7AE32899FF99A0A0 ] ssfs0bbc        C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
23:29:49.0640 3764  ssfs0bbc - ok
23:29:49.0671 3764  [ E041026DAFA17AF2610AFC4DA8F4EA14 ] sshrmd          C:\WINDOWS\system32\DRIVERS\sshrmd.sys
23:29:49.0671 3764  sshrmd - ok
23:29:49.0703 3764  [ 5A40B485825CC31B3A49BB4701B30D35 ] ssidrv          C:\WINDOWS\system32\DRIVERS\ssidrv.sys
23:29:49.0718 3764  ssidrv - ok
23:29:49.0796 3764  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
23:29:49.0968 3764  StillCam - ok
23:29:50.0046 3764  [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:29:51.0250 3764  stisvc - ok
23:29:51.0296 3764  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:29:51.0484 3764  swenum - ok
23:29:51.0500 3764  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:29:51.0671 3764  swmidi - ok
23:29:51.0703 3764  SwPrv - ok
23:29:51.0718 3764  symc810 - ok
23:29:51.0734 3764  symc8xx - ok
23:29:51.0750 3764  sym_hi - ok
23:29:51.0765 3764  sym_u3 - ok
23:29:51.0812 3764  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:29:52.0000 3764  sysaudio - ok
23:29:52.0078 3764  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:29:52.0265 3764  SysmonLog - ok
23:29:52.0312 3764  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys
23:29:52.0328 3764  taphss - ok
23:29:52.0390 3764  [ FB78839B36025AA286A51289ED28B73E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:29:53.0671 3764  TapiSrv - ok
23:29:53.0718 3764  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:29:53.0828 3764  Tcpip - ok
23:29:53.0890 3764  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:29:54.0078 3764  TDPIPE - ok
23:29:54.0093 3764  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:29:54.0265 3764  TDTCP - ok
23:29:54.0328 3764  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:29:54.0500 3764  TermDD - ok
23:29:54.0578 3764  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll
23:29:54.0781 3764  TermService - ok
23:29:54.0812 3764  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:29:55.0843 3764  Themes - ok
23:29:55.0875 3764  TosIde - ok
23:29:55.0921 3764  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:29:56.0109 3764  TrkWks - ok
23:29:56.0203 3764  [ 49C805D42D75EDDC9B6A7130999C9054 ] uagp35          C:\WINDOWS\system32\DRIVERS\uagp35.sys
23:29:56.0375 3764  uagp35 - ok
23:29:56.0406 3764  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:29:56.0593 3764  Udfs - ok
23:29:56.0609 3764  ultra - ok
23:29:56.0656 3764  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:29:56.0843 3764  Update - ok
23:29:56.0921 3764  [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:29:57.0843 3764  upnphost - ok
23:29:57.0906 3764  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe
23:29:58.0093 3764  UPS - ok
23:29:58.0171 3764  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:29:58.0328 3764  usbccgp - ok
23:29:58.0406 3764  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:29:58.0578 3764  usbehci - ok
23:29:58.0625 3764  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:29:58.0796 3764  usbhub - ok
23:29:58.0875 3764  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:29:59.0046 3764  usbprint - ok
23:29:59.0078 3764  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:29:59.0265 3764  usbscan - ok
23:29:59.0296 3764  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:29:59.0468 3764  USBSTOR - ok
23:29:59.0546 3764  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:29:59.0765 3764  usbuhci - ok
23:29:59.0796 3764  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:29:59.0968 3764  VgaSave - ok
23:30:00.0046 3764  [ 45489356501EC6CBB789DECE991D393F ] viagfx          C:\WINDOWS\system32\DRIVERS\vtmini.sys
23:30:00.0093 3764  viagfx - ok
23:30:00.0125 3764  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
23:30:00.0296 3764  ViaIde - ok
23:30:00.0375 3764  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:30:00.0546 3764  VolSnap - ok
23:30:00.0640 3764  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe
23:30:00.0765 3764  VSS - ok
23:30:00.0812 3764  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
23:30:01.0000 3764  W32Time - ok
23:30:01.0031 3764  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:30:01.0218 3764  Wanarp - ok
23:30:01.0234 3764  WDICA - ok
23:30:01.0312 3764  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:30:02.0531 3764  wdmaud - ok
23:30:02.0609 3764  [ 265F534EF76832435AFBF771EC97176D ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:30:03.0906 3764  WebClient - ok
23:30:04.0015 3764  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:30:04.0203 3764  winmgmt - ok
23:30:04.0375 3764  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:30:04.0453 3764  wlidsvc - ok
23:30:04.0515 3764  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
23:30:04.0640 3764  WmdmPmSN - ok
23:30:04.0718 3764  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:30:04.0890 3764  WmiApSrv - ok
23:30:05.0031 3764  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
23:30:05.0125 3764  WMPNetworkSvc - ok
23:30:05.0187 3764  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:30:05.0375 3764  WS2IFSL - ok
23:30:05.0437 3764  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
23:30:05.0453 3764  WsAudio_DeviceS(1) - ok
23:30:05.0468 3764  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
23:30:05.0468 3764  WsAudio_DeviceS(2) - ok
23:30:05.0515 3764  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
23:30:05.0515 3764  WsAudio_DeviceS(3) - ok
23:30:05.0546 3764  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
23:30:05.0546 3764  WsAudio_DeviceS(4) - ok
23:30:05.0562 3764  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
23:30:05.0578 3764  WsAudio_DeviceS(5) - ok
23:30:05.0625 3764  [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:30:05.0843 3764  wscsvc - ok
23:30:05.0875 3764  [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:30:06.0046 3764  wuauserv - ok
23:30:06.0109 3764  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:30:06.0156 3764  WudfPf - ok
23:30:06.0203 3764  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:30:06.0234 3764  WudfRd - ok
23:30:06.0250 3764  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
23:30:06.0328 3764  WudfSvc - ok
23:30:06.0406 3764  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:30:06.0640 3764  WZCSVC - ok
23:30:06.0687 3764  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:30:06.0890 3764  xmlprov - ok
23:30:06.0921 3764  ================ Scan global ===============================
23:30:06.0984 3764  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
23:30:07.0062 3764  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
23:30:07.0093 3764  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
23:30:07.0109 3764  [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
23:30:07.0125 3764  [Global] - ok
23:30:07.0140 3764  ================ Scan MBR ==================================
23:30:07.0156 3764  [ 0AC6D996BCE152AED9600E6D6B797E2E ] \Device\Harddisk0\DR0
23:30:07.0468 3764  \Device\Harddisk0\DR0 - ok
23:30:07.0484 3764  ================ Scan VBR ==================================
23:30:07.0484 3764  [ 3CA07C75DD6095227F3F9DC331EC94B8 ] \Device\Harddisk0\DR0\Partition1
23:30:07.0500 3764  \Device\Harddisk0\DR0\Partition1 - ok
23:30:07.0546 3764  [ 1604A80E4EE7437DA5BE1DDAA4A23106 ] \Device\Harddisk0\DR0\Partition2
23:30:07.0546 3764  \Device\Harddisk0\DR0\Partition2 - ok
23:30:07.0546 3764  ================ Scan active images ========================
23:30:07.0546 3764  [ 680AD1C1BB16239E28D8F33A54A7A3C7 ] C:\WINDOWS\system32\drivers\amdk7.sys
23:30:07.0546 3764  C:\WINDOWS\system32\drivers\amdk7.sys - ok
23:30:07.0562 3764  [ D5A9D123F5ED7C9965A481BD20CF66D8 ] C:\WINDOWS\system32\drivers\videoprt.sys
23:30:07.0562 3764  C:\WINDOWS\system32\drivers\videoprt.sys - ok
23:30:07.0578 3764  [ 45489356501EC6CBB789DECE991D393F ] C:\WINDOWS\system32\drivers\vtmini.sys
23:30:07.0578 3764  C:\WINDOWS\system32\drivers\vtmini.sys - ok
23:30:07.0593 3764  [ 0C81C75A42A4E920A91A8BB729B10449 ] C:\WINDOWS\system32\drivers\smserial.sys
23:30:07.0593 3764  C:\WINDOWS\system32\drivers\smserial.sys - ok
23:30:07.0609 3764  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] C:\WINDOWS\system32\drivers\modem.sys
23:30:07.0609 3764  C:\WINDOWS\system32\drivers\modem.sys - ok
23:30:07.0625 3764  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] C:\WINDOWS\system32\drivers\nic1394.sys
23:30:07.0625 3764  C:\WINDOWS\system32\drivers\nic1394.sys - ok
23:30:07.0640 3764  [ 7B53584D94E9D8716B2DE91D5F1CB42D ] C:\WINDOWS\system32\drivers\cdrom.sys
23:30:07.0640 3764  C:\WINDOWS\system32\drivers\cdrom.sys - ok
23:30:07.0656 3764  [ 2034CA78F9C6E787B4B76D81AC888351 ] C:\WINDOWS\system32\drivers\usbport.sys
23:30:07.0656 3764  C:\WINDOWS\system32\drivers\usbport.sys - ok
23:30:07.0671 3764  [ F8FD1400092E23C8F2F31406EF06167B ] C:\WINDOWS\system32\drivers\usbuhci.sys
23:30:07.0671 3764  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
23:30:07.0687 3764  [ 15E993BA2F6946B2BFBBFCD30398621E ] C:\WINDOWS\system32\drivers\usbehci.sys
23:30:07.0687 3764  C:\WINDOWS\system32\drivers\usbehci.sys - ok
23:30:07.0687 3764  [ 8D6C30E515717248E0E52B85FD7AC466 ] C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:30:07.0687 3764  C:\WINDOWS\system32\drivers\ALCXWDM.SYS - ok
23:30:07.0703 3764  [ FF86422268DE771D571E123EB7092C6A ] C:\WINDOWS\system32\drivers\drmk.sys
23:30:07.0703 3764  C:\WINDOWS\system32\drivers\drmk.sys - ok
23:30:07.0718 3764  [ B9540E258F952650DE8DEC68719A5C97 ] C:\WINDOWS\system32\drivers\ks.sys
23:30:07.0718 3764  C:\WINDOWS\system32\drivers\ks.sys - ok
23:30:07.0734 3764  [ 5B0F00E43A7094C0B7E433CB42C79164 ] C:\WINDOWS\system32\drivers\portcls.sys
23:30:07.0734 3764  C:\WINDOWS\system32\drivers\portcls.sys - ok
23:30:07.0750 3764  [ CFC4CC73C903152A23E1DB28EABA1F03 ] C:\WINDOWS\system32\drivers\fetnd5bv.sys
23:30:07.0750 3764  C:\WINDOWS\system32\drivers\fetnd5bv.sys - ok
23:30:07.0765 3764  [ CD9404D115A00D249F70A371B46D5A26 ] C:\WINDOWS\system32\drivers\serial.sys
23:30:07.0765 3764  C:\WINDOWS\system32\drivers\serial.sys - ok
23:30:07.0781 3764  [ A2D868AEEFF612E70E213C451A70CAFB ] C:\WINDOWS\system32\drivers\serenum.sys
23:30:07.0781 3764  C:\WINDOWS\system32\drivers\serenum.sys - ok
23:30:07.0796 3764  [ 29744EB4CE659DFE3B4122DEB45BC478 ] C:\WINDOWS\system32\drivers\parport.sys
23:30:07.0796 3764  C:\WINDOWS\system32\drivers\parport.sys - ok
23:30:07.0812 3764  [ 5502B58EEF7486EE6F93F3F164DCB808 ] C:\WINDOWS\system32\drivers\i8042prt.sys
23:30:07.0812 3764  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
23:30:07.0828 3764  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] C:\WINDOWS\system32\drivers\kbdclass.sys
23:30:07.0828 3764  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
23:30:07.0843 3764  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
23:30:07.0843 3764  C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys - ok
23:30:07.0859 3764  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
23:30:07.0859 3764  C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys - ok
23:30:07.0875 3764  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
23:30:07.0875 3764  C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys - ok
23:30:07.0875 3764  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
23:30:07.0875 3764  C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys - ok
23:30:07.0890 3764  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
23:30:07.0890 3764  C:\WINDOWS\system32\drivers\audstub.sys - ok
23:30:07.0906 3764  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
23:30:07.0906 3764  C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys - ok
23:30:07.0921 3764  [ 55FDBB52BD26E6A135D1158C5AD8BB1C ] C:\WINDOWS\system32\drivers\hssdrv.sys
23:30:07.0921 3764  C:\WINDOWS\system32\drivers\hssdrv.sys - ok
23:30:07.0937 3764  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] C:\WINDOWS\system32\drivers\rasl2tp.sys
23:30:07.0937 3764  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
23:30:07.0953 3764  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] C:\WINDOWS\system32\drivers\ndistapi.sys
23:30:07.0953 3764  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
23:30:07.0968 3764  [ 0B90E255A9490166AB368CD55A529893 ] C:\WINDOWS\system32\drivers\ndiswan.sys
23:30:07.0968 3764  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
23:30:07.0984 3764  [ 7306EEED8895454CBED4669BE9F79FAA ] C:\WINDOWS\system32\drivers\raspppoe.sys
23:30:07.0984 3764  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
23:30:08.0000 3764  [ 1C5CC65AAC0783C344F16353E60B72AC ] C:\WINDOWS\system32\drivers\raspptp.sys
23:30:08.0000 3764  C:\WINDOWS\system32\drivers\raspptp.sys - ok
23:30:08.0000 3764  [ C0F1D4A21DE5A415DF8170616703DEBF ] C:\WINDOWS\system32\drivers\msgpc.sys
23:30:08.0000 3764  C:\WINDOWS\system32\drivers\msgpc.sys - ok
23:30:08.0015 3764  [ 48671F327553DCF1D27F6197F622A668 ] C:\WINDOWS\system32\drivers\psched.sys
23:30:08.0015 3764  C:\WINDOWS\system32\drivers\psched.sys - ok
23:30:08.0031 3764  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
23:30:08.0031 3764  C:\WINDOWS\system32\drivers\ptilink.sys - ok
23:30:08.0046 3764  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
23:30:08.0046 3764  C:\WINDOWS\system32\drivers\raspti.sys - ok
23:30:08.0062 3764  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] C:\WINDOWS\system32\drivers\taphss.sys
23:30:08.0062 3764  C:\WINDOWS\system32\drivers\taphss.sys - ok
23:30:08.0078 3764  [ 34E1F0031153E491910E12551400192C ] C:\WINDOWS\system32\drivers\mouclass.sys
23:30:08.0078 3764  C:\WINDOWS\system32\drivers\mouclass.sys - ok
23:30:08.0093 3764  [ 03C1BAE4766E2450219D20B993D6E046 ] C:\WINDOWS\system32\drivers\swenum.sys
23:30:08.0093 3764  C:\WINDOWS\system32\drivers\swenum.sys - ok
23:30:08.0109 3764  [ A540A99C281D933F3D69D55E48727F47 ] C:\WINDOWS\system32\drivers\termdd.sys
23:30:08.0109 3764  C:\WINDOWS\system32\drivers\termdd.sys - ok
23:30:08.0125 3764  [ AFF2E5045961BBC0A602BB6F95EB1345 ] C:\WINDOWS\system32\drivers\update.sys
23:30:08.0125 3764  C:\WINDOWS\system32\drivers\update.sys - ok
23:30:08.0140 3764  [ 469541F8BFD2B32659D5D463A6714BCE ] C:\WINDOWS\system32\drivers\mssmbios.sys
23:30:08.0140 3764  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
23:30:08.0156 3764  [ 59FC3FB44D2669BC144FD87826BB571F ] C:\WINDOWS\system32\drivers\ndproxy.sys
23:30:08.0156 3764  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
23:30:08.0171 3764  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:30:08.0171 3764  C:\WINDOWS\system32\drivers\MODEMCSA.sys - ok
23:30:08.0171 3764  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
23:30:08.0187 3764  C:\WINDOWS\system32\drivers\usbd.sys - ok
23:30:08.0187 3764  [ C72F40947F92CEA56A8FB532EDF025F1 ] C:\WINDOWS\system32\drivers\usbhub.sys
23:30:08.0187 3764  C:\WINDOWS\system32\drivers\usbhub.sys - ok
23:30:08.0203 3764  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] C:\WINDOWS\system32\drivers\sfloppy.sys
23:30:08.0203 3764  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
23:30:08.0218 3764  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
23:30:08.0218 3764  C:\WINDOWS\system32\drivers\beep.sys - ok
23:30:08.0234 3764  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
23:30:08.0234 3764  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
23:30:08.0250 3764  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
23:30:08.0250 3764  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
23:30:08.0265 3764  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
23:30:08.0265 3764  C:\WINDOWS\system32\drivers\null.sys - ok
23:30:08.0281 3764  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
23:30:08.0281 3764  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
23:30:08.0296 3764  [ 561B3A4333CA2DBDBA28B5B956822519 ] C:\WINDOWS\system32\drivers\msfs.sys
23:30:08.0296 3764  C:\WINDOWS\system32\drivers\msfs.sys - ok
23:30:08.0312 3764  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
23:30:08.0312 3764  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
23:30:08.0328 3764  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] C:\WINDOWS\system32\drivers\vga.sys
23:30:08.0328 3764  C:\WINDOWS\system32\drivers\vga.sys - ok
23:30:08.0343 3764  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] C:\WINDOWS\system32\drivers\npfs.sys
23:30:08.0343 3764  C:\WINDOWS\system32\drivers\npfs.sys - ok
23:30:08.0359 3764  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
23:30:08.0359 3764  C:\WINDOWS\system32\drivers\rasacd.sys - ok
23:30:08.0375 3764  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] C:\WINDOWS\system32\drivers\ipsec.sys
23:30:08.0375 3764  C:\WINDOWS\system32\drivers\ipsec.sys - ok
23:30:08.0375 3764  [ 0C80E410CD2F47134407EE7DD19CC86B ] C:\WINDOWS\system32\drivers\netbt.sys
23:30:08.0375 3764  C:\WINDOWS\system32\drivers\netbt.sys - ok
23:30:08.0390 3764  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] C:\WINDOWS\system32\drivers\tcpip.sys
23:30:08.0390 3764  C:\WINDOWS\system32\drivers\tcpip.sys - ok
23:30:08.0406 3764  [ E2168CBC7098FFE963C6F23F472A3593 ] C:\WINDOWS\system32\drivers\ipnat.sys
23:30:08.0406 3764  C:\WINDOWS\system32\drivers\ipnat.sys - ok
23:30:08.0421 3764  [ 984EF0B9788ABF89974CFED4BFBAACBC ] C:\WINDOWS\system32\drivers\wanarp.sys
23:30:08.0421 3764  C:\WINDOWS\system32\drivers\wanarp.sys - ok
23:30:08.0437 3764  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
23:30:08.0437 3764  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
23:30:08.0453 3764  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] C:\WINDOWS\system32\drivers\arp1394.sys
23:30:08.0453 3764  C:\WINDOWS\system32\drivers\arp1394.sys - ok
23:30:08.0468 3764  [ 55E6E1C51B6D30E54335750955453702 ] C:\WINDOWS\system32\drivers\afd.sys
23:30:08.0468 3764  C:\WINDOWS\system32\drivers\afd.sys - ok
23:30:08.0484 3764  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] C:\WINDOWS\system32\drivers\netbios.sys
23:30:08.0484 3764  C:\WINDOWS\system32\drivers\netbios.sys - ok
23:30:08.0484 3764  [ 279FB78702454DFF2BB445F238C048D2 ] C:\WINDOWS\system32\drivers\intelppm.sys
23:30:08.0484 3764  C:\WINDOWS\system32\drivers\intelppm.sys - ok
23:30:08.0500 3764  [ 61DB0D0756A99506207FD724E3692B25 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:30:08.0500 3764  C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok
23:30:08.0515 3764  [ A3281AEC37E0720A2BC28034C2DF2A56 ] C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
23:30:08.0515 3764  C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok
23:30:08.0531 3764  [ B31B4588E4086D8D84ADBF9845C2402B ] C:\WINDOWS\system32\drivers\redbook.sys
23:30:08.0531 3764  C:\WINDOWS\system32\drivers\redbook.sys - ok
23:30:08.0546 3764  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] C:\WINDOWS\system32\drivers\rdbss.sys
23:30:08.0546 3764  C:\WINDOWS\system32\drivers\rdbss.sys - ok
23:30:08.0562 3764  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
23:30:08.0562 3764  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
23:30:08.0578 3764  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] C:\WINDOWS\system32\drivers\imapi.sys
23:30:08.0578 3764  C:\WINDOWS\system32\drivers\imapi.sys - ok
23:30:08.0593 3764  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] C:\WINDOWS\system32\drivers\usbccgp.sys
23:30:08.0593 3764  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
23:30:08.0609 3764  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] C:\WINDOWS\system32\drivers\fips.sys
23:30:08.0609 3764  C:\WINDOWS\system32\drivers\fips.sys - ok
23:30:08.0625 3764  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] C:\WINDOWS\system32\drivers\usbscan.sys
23:30:08.0625 3764  C:\WINDOWS\system32\drivers\usbscan.sys - ok
23:30:08.0640 3764  [ BD7FB0957C716F1A60333AEE04DE2178 ] C:\WINDOWS\system32\smss.exe
23:30:08.0640 3764  C:\WINDOWS\system32\smss.exe - ok
23:30:08.0640 3764  [ C06986B55981B355090DD34DE809E4BB ] C:\WINDOWS\system32\ntdll.dll
23:30:08.0640 3764  C:\WINDOWS\system32\ntdll.dll - ok
23:30:08.0656 3764  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] C:\WINDOWS\system32\drivers\usbprint.sys
23:30:08.0656 3764  C:\WINDOWS\system32\drivers\usbprint.sys - ok
23:30:08.0671 3764  [ B3415B9D6026F65E43089ABED096C38C ] C:\WINDOWS\system32\autochk.exe
23:30:08.0671 3764  C:\WINDOWS\system32\autochk.exe - ok
23:30:08.0687 3764  [ 3117F595E9615E04F05A54FC15A03B20 ] C:\WINDOWS\system32\drivers\fastfat.sys
23:30:08.0687 3764  C:\WINDOWS\system32\drivers\fastfat.sys - ok
23:30:08.0703 3764  [ 378055AB8DDA86228683C697C4E11685 ] C:\WINDOWS\system32\drivers\hidclass.sys
23:30:08.0703 3764  C:\WINDOWS\system32\drivers\hidclass.sys - ok
23:30:08.0718 3764  [ 5FFF41CD5108E9051D255C37825AF697 ] C:\WINDOWS\system32\drivers\hidparse.sys
23:30:08.0718 3764  C:\WINDOWS\system32\drivers\hidparse.sys - ok
23:30:08.0734 3764  [ 1DE6783B918F540149AA69943BDFEBA8 ] C:\WINDOWS\system32\drivers\hidusb.sys
23:30:08.0734 3764  C:\WINDOWS\system32\drivers\hidusb.sys - ok
23:30:08.0750 3764  [ 0CE990D668D9A78AEB80800C44535842 ] C:\WINDOWS\system32\SsiEfr.exe
23:30:08.0750 3764  C:\WINDOWS\system32\SsiEfr.exe - ok
23:30:08.0765 3764  [ 30A609E00BD1D4FFC49D6B5A432BE7F2 ] C:\WINDOWS\system32\sfcfiles.dll
23:30:08.0765 3764  C:\WINDOWS\system32\sfcfiles.dll - ok
23:30:08.0781 3764  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] C:\WINDOWS\system32\drivers\USBSTOR.SYS
23:30:08.0781 3764  C:\WINDOWS\system32\drivers\USBSTOR.SYS - ok
23:30:08.0796 3764  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
23:30:08.0796 3764  C:\WINDOWS\system32\drivers\mouhid.sys - ok
23:30:08.0812 3764  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] C:\WINDOWS\system32\drivers\atapi.sys
23:30:08.0812 3764  C:\WINDOWS\system32\drivers\atapi.sys - ok
23:30:08.0828 3764  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
23:30:08.0828 3764  C:\WINDOWS\system32\drivers\wmilib.sys - ok
23:30:08.0843 3764  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
23:30:08.0843 3764  C:\WINDOWS\system32\drivers\dxapi.sys - ok
23:30:08.0843 3764  [ C9BF2F12C4E6C12F8A85FBA4B6BC6208 ] C:\WINDOWS\system32\watchdog.sys
23:30:08.0843 3764  C:\WINDOWS\system32\watchdog.sys - ok
23:30:08.0859 3764  [ 7190A8EBD16D56C78864E49C9BB5FE7D ] C:\WINDOWS\system32\win32k.sys
23:30:08.0859 3764  C:\WINDOWS\system32\win32k.sys - ok
23:30:08.0875 3764  [ F12B178B1678D778CFD3FF1FC38C71FB ] C:\WINDOWS\system32\csrss.exe
23:30:08.0875 3764  C:\WINDOWS\system32\csrss.exe - ok
23:30:08.0890 3764  [ EFD2862F003538B9A5B4C015F8FDB1B3 ] C:\WINDOWS\system32\csrsrv.dll
23:30:08.0890 3764  C:\WINDOWS\system32\csrsrv.dll - ok
23:30:08.0906 3764  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
23:30:08.0906 3764  C:\WINDOWS\system32\basesrv.dll - ok
23:30:08.0921 3764  [ 0C07B16769E579F78C541773D0A2E7E0 ] C:\WINDOWS\system32\gdi32.dll
23:30:08.0921 3764  C:\WINDOWS\system32\gdi32.dll - ok
23:30:08.0937 3764  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
23:30:08.0937 3764  C:\WINDOWS\system32\winsrv.dll - ok
23:30:08.0937 3764  [ B6ACAED7588295129791E0E6A2B0FADE ] C:\WINDOWS\system32\kernel32.dll
23:30:08.0953 3764  C:\WINDOWS\system32\kernel32.dll - ok
23:30:08.0953 3764  [ B409909F6E2E8A7067076ED748ABF1E7 ] C:\WINDOWS\system32\user32.dll
23:30:08.0953 3764  C:\WINDOWS\system32\user32.dll - ok
23:30:08.0968 3764  [ D3DAC8432110AAD0B02A58B4459AB835 ] C:\WINDOWS\system32\drivers\dxg.sys
23:30:08.0968 3764  C:\WINDOWS\system32\drivers\dxg.sys - ok
23:30:08.0984 3764  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
23:30:08.0984 3764  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
23:30:09.0000 3764  [ EC083A969D28F0E6F721E4E9072880DC ] C:\WINDOWS\system32\vtdisp.dll
23:30:09.0000 3764  C:\WINDOWS\system32\vtdisp.dll - ok
23:30:09.0015 3764  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
23:30:09.0015 3764  C:\WINDOWS\system32\vga.dll - ok
23:30:09.0031 3764  [ 01C3346C241652F43AED8E2149881BFE ] C:\WINDOWS\system32\winlogon.exe
23:30:09.0031 3764  C:\WINDOWS\system32\winlogon.exe - ok
23:30:09.0046 3764  [ 1081C185AED0660B2B5F173C3E023B23 ] C:\WINDOWS\system32\advapi32.dll
23:30:09.0046 3764  C:\WINDOWS\system32\advapi32.dll - ok
23:30:09.0062 3764  [ 461B6E2F04112E659280314B7A414F30 ] C:\WINDOWS\system32\rpcrt4.dll
23:30:09.0062 3764  C:\WINDOWS\system32\rpcrt4.dll - ok
23:30:09.0078 3764  [ 174F3D2CA3C9E53643772A67C36BE5AF ] C:\WINDOWS\system32\secur32.dll
23:30:09.0078 3764  C:\WINDOWS\system32\secur32.dll - ok
23:30:09.0093 3764  [ 5C3DF25926729EBEEF5CC7FF1933B360 ] C:\WINDOWS\system32\authz.dll
23:30:09.0093 3764  C:\WINDOWS\system32\authz.dll - ok
23:30:09.0109 3764  [ B0FEFA816D61EC66AA765DDF534EAB5E ] C:\WINDOWS\system32\msvcrt.dll
23:30:09.0109 3764  C:\WINDOWS\system32\msvcrt.dll - ok
23:30:09.0125 3764  [ EFC958396A7A7EF7E6D4A52B97512E18 ] C:\WINDOWS\system32\crypt32.dll
23:30:09.0125 3764  C:\WINDOWS\system32\crypt32.dll - ok
23:30:09.0125 3764  [ DDE959EFC7CD79D1AC4BDA320A959DC0 ] C:\WINDOWS\system32\msasn1.dll
23:30:09.0125 3764  C:\WINDOWS\system32\msasn1.dll - ok
23:30:09.0140 3764  [ 458AB591E8CF240CC105A23671F2C3D6 ] C:\WINDOWS\system32\nddeapi.dll
23:30:09.0140 3764  C:\WINDOWS\system32\nddeapi.dll - ok
23:30:09.0156 3764  [ FE4F71711CF5C17ADE5E506348132D24 ] C:\WINDOWS\system32\profmap.dll
23:30:09.0156 3764  C:\WINDOWS\system32\profmap.dll - ok
23:30:09.0171 3764  [ 0A457307006530FD03A797F572A067FA ] C:\WINDOWS\system32\netapi32.dll
23:30:09.0171 3764  C:\WINDOWS\system32\netapi32.dll - ok
23:30:09.0187 3764  [ 2B9B56A89A8A42E917511972A6DB36E3 ] C:\WINDOWS\system32\userenv.dll
23:30:09.0187 3764  C:\WINDOWS\system32\userenv.dll - ok
23:30:09.0203 3764  [ 96E48C7EB9089D1DBF6F85CA11B264DF ] C:\WINDOWS\system32\psapi.dll
23:30:09.0203 3764  C:\WINDOWS\system32\psapi.dll - ok
23:30:09.0218 3764  [ 899ED710FDC37EB7D0115C2932C2B1EB ] C:\WINDOWS\system32\regapi.dll
23:30:09.0218 3764  C:\WINDOWS\system32\regapi.dll - ok
23:30:09.0234 3764  [ 7808313CBC634EE08346D5DDFEF1CC5F ] C:\WINDOWS\system32\setupapi.dll
23:30:09.0234 3764  C:\WINDOWS\system32\setupapi.dll - ok
23:30:09.0250 3764  [ D38408967BE738D0C1B47005BCE8CEEB ] C:\WINDOWS\system32\version.dll
23:30:09.0250 3764  C:\WINDOWS\system32\version.dll - ok
23:30:09.0265 3764  [ 7BC4BA4C33ADF3EF5CD370D99BC60B04 ] C:\WINDOWS\system32\winsta.dll
23:30:09.0265 3764  C:\WINDOWS\system32\winsta.dll - ok
23:30:09.0281 3764  [ 5AFCE94E8286B2F57A04DA37F01BF21A ] C:\WINDOWS\system32\imagehlp.dll
23:30:09.0281 3764  C:\WINDOWS\system32\imagehlp.dll - ok
23:30:09.0296 3764  [ 1955BD9737BE6F4B72AD7A4859B4E300 ] C:\WINDOWS\system32\wintrust.dll
23:30:09.0296 3764  C:\WINDOWS\system32\wintrust.dll - ok
23:30:09.0312 3764  [ 2ED0B7F12A60F90092081C50FA0EC2B2 ] C:\WINDOWS\system32\ws2_32.dll
23:30:09.0312 3764  C:\WINDOWS\system32\ws2_32.dll - ok
23:30:09.0328 3764  [ 9BEACB911CA61E5881102188AB7FB431 ] C:\WINDOWS\system32\ws2help.dll
23:30:09.0328 3764  C:\WINDOWS\system32\ws2help.dll - ok
23:30:09.0328 3764  [ 87CA7CE6469577F059297B9D6556D66D ] C:\WINDOWS\system32\imm32.dll
23:30:09.0328 3764  C:\WINDOWS\system32\imm32.dll - ok
23:30:09.0343 3764  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
23:30:09.0343 3764  C:\WINDOWS\system32\kbdus.dll - ok
23:30:09.0359 3764  [ A29AF639AA180CC68C59242A10E1D3B1 ] C:\WINDOWS\system32\msgina.dll
23:30:09.0359 3764  C:\WINDOWS\system32\msgina.dll - ok
23:30:09.0375 3764  [ 56B6333DDA2576803F99F0EA373D0A7B ] C:\WINDOWS\system32\shell32.dll
23:30:09.0375 3764  C:\WINDOWS\system32\shell32.dll - ok
23:30:09.0390 3764  [ F5CF0B604FA3BC90118432FD1064F692 ] C:\WINDOWS\system32\shlwapi.dll
23:30:09.0390 3764  C:\WINDOWS\system32\shlwapi.dll - ok
23:30:09.0406 3764  [ B0124CB21D28B1C9F678B566B6B57D92 ] C:\WINDOWS\system32\comctl32.dll
23:30:09.0406 3764  C:\WINDOWS\system32\comctl32.dll - ok
23:30:09.0421 3764  [ F79D7D98CD764499ECCBAAF3F800D349 ] C:\WINDOWS\system32\odbc32.dll
23:30:09.0421 3764  C:\WINDOWS\system32\odbc32.dll - ok
23:30:09.0421 3764  [ 1EDB1BB89D021955E6F7265911175B8D ] C:\WINDOWS\system32\comdlg32.dll
23:30:09.0421 3764  C:\WINDOWS\system32\comdlg32.dll - ok
23:30:09.0437 3764  [ 0FF9FA27706FBE9048990C108C0D62F0 ] C:\WINDOWS\system32\sxs.dll
23:30:09.0437 3764  C:\WINDOWS\system32\sxs.dll - ok
23:30:09.0453 3764  [ C4E80875C1CF1222FC5EFD0314AE5C01 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
23:30:09.0453 3764  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll - ok
23:30:09.0468 3764  [ C237FB08F52F27823C4E4E6705ECD196 ] C:\WINDOWS\system32\odbcint.dll
23:30:09.0468 3764  C:\WINDOWS\system32\odbcint.dll - ok
23:30:09.0484 3764  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] C:\WINDOWS\system32\shsvcs.dll
23:30:09.0484 3764  C:\WINDOWS\system32\shsvcs.dll - ok
23:30:09.0500 3764  [ E8A12A12EA9088B4327D49EDCA3ADD3E ] C:\WINDOWS\system32\sfc.dll
23:30:09.0500 3764  C:\WINDOWS\system32\sfc.dll - ok
23:30:09.0515 3764  [ 9858CC4D73A4CCF2F852FAE07C11A0B5 ] C:\WINDOWS\system32\sfc_os.dll
23:30:09.0515 3764  C:\WINDOWS\system32\sfc_os.dll - ok
23:30:09.0531 3764  [ AB8231D13692AC5088EB9C226B0C0576 ] C:\WINDOWS\system32\ole32.dll
23:30:09.0531 3764  C:\WINDOWS\system32\ole32.dll - ok
23:30:09.0546 3764  [ ECA24AB73FCFFA754D4070CDB03529E3 ] C:\WINDOWS\system32\apphelp.dll
23:30:09.0546 3764  C:\WINDOWS\system32\apphelp.dll - ok
23:30:09.0562 3764  [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
23:30:09.0562 3764  C:\WINDOWS\system32\services.exe - ok
23:30:09.0578 3764  [ 84885F9B82F4D55C6146EBF6065D75D2 ] C:\WINDOWS\system32\lsass.exe
23:30:09.0578 3764  C:\WINDOWS\system32\lsass.exe - ok
23:30:09.0593 3764  [ 39F3B6CC2932E103D72C4564F8A680AC ] C:\WINDOWS\system32\lsasrv.dll
23:30:09.0593 3764  C:\WINDOWS\system32\lsasrv.dll - ok
23:30:09.0609 3764  [ DA201A0A309B96381FD674D0FAB5DA86 ] C:\WINDOWS\system32\ncobjapi.dll
23:30:09.0609 3764  C:\WINDOWS\system32\ncobjapi.dll - ok
23:30:09.0625 3764  [ 1F57EB5B92B2AC7F9D71A77D184D8C13 ] C:\WINDOWS\system32\msvcp60.dll
23:30:09.0625 3764  C:\WINDOWS\system32\msvcp60.dll - ok
23:30:09.0625 3764  [ 2CFE80AA3428C09E6DE67FAC50DA65CF ] C:\WINDOWS\system32\mpr.dll
23:30:09.0625 3764  C:\WINDOWS\system32\mpr.dll - ok
23:30:09.0640 3764  [ 9A42C1F3154545A4D32E5043038B01FA ] C:\WINDOWS\system32\scesrv.dll
23:30:09.0640 3764  C:\WINDOWS\system32\scesrv.dll - ok
23:30:09.0656 3764  [ 6201BACF384292A5FE94CE73364AE53A ] C:\WINDOWS\system32\ntdsapi.dll
23:30:09.0656 3764  C:\WINDOWS\system32\ntdsapi.dll - ok
23:30:09.0671 3764  [ 586211F4FF4BC49CC215C956919CD33B ] C:\WINDOWS\system32\umpnpmgr.dll
23:30:09.0671 3764  C:\WINDOWS\system32\umpnpmgr.dll - ok
23:30:09.0687 3764  [ 176497D0E7AE618860552A4B5635B206 ] C:\WINDOWS\system32\dnsapi.dll
23:30:09.0687 3764  C:\WINDOWS\system32\dnsapi.dll - ok
23:30:09.0703 3764  [ 10F36FA092D7A309A0647FCDC764AE6C ] C:\WINDOWS\system32\wldap32.dll
23:30:09.0703 3764  C:\WINDOWS\system32\wldap32.dll - ok
23:30:09.0718 3764  [ 43DA983415EA533F9E667FDB415F4655 ] C:\WINDOWS\system32\shimeng.dll
23:30:09.0718 3764  C:\WINDOWS\system32\shimeng.dll - ok
23:30:09.0734 3764  [ EBE12F403FDE45E7312E7BF764BFB6C6 ] C:\WINDOWS\system32\samlib.dll
23:30:09.0734 3764  C:\WINDOWS\system32\samlib.dll - ok
23:30:09.0750 3764  [ E15154E7FDA8A580A8F74C7CC16B1FFE ] C:\WINDOWS\system32\samsrv.dll
23:30:09.0750 3764  C:\WINDOWS\system32\samsrv.dll - ok
23:30:09.0765 3764  [ EF5B64A9CD71ED27E837165C08DA4CC1 ] C:\WINDOWS\system32\cryptdll.dll
23:30:09.0765 3764  C:\WINDOWS\system32\cryptdll.dll - ok
23:30:09.0765 3764  [ FB537F29A827D78F756154CF397A113F ] C:\WINDOWS\AppPatch\AcGenral.dll
23:30:09.0765 3764  C:\WINDOWS\AppPatch\AcGenral.dll - ok
23:30:09.0781 3764  [ 90FDAA22F38D9E911F91FA3B8A1F7E5D ] C:\WINDOWS\system32\winmm.dll
23:30:09.0781 3764  C:\WINDOWS\system32\winmm.dll - ok
23:30:09.0796 3764  [ 0144ABC4C4A624B583D432EE478A711C ] C:\WINDOWS\system32\oleaut32.dll
23:30:09.0796 3764  C:\WINDOWS\system32\oleaut32.dll - ok
23:30:09.0812 3764  [ 975D12353B1D525C0F3444C447FB3B9A ] C:\WINDOWS\system32\msacm32.dll
23:30:09.0812 3764  C:\WINDOWS\system32\msacm32.dll - ok
23:30:09.0828 3764  [ 2CDE496666A975A2CE8F969F3042C8DB ] C:\WINDOWS\system32\uxtheme.dll
23:30:09.0828 3764  C:\WINDOWS\system32\uxtheme.dll - ok
23:30:09.0843 3764  [ E73F18195CCF4AAAA87B2D22E83F791C ] C:\WINDOWS\system32\serwvdrv.dll
23:30:09.0843 3764  C:\WINDOWS\system32\serwvdrv.dll - ok
23:30:09.0859 3764  [ EC2AD9AC452E0A8D976FB1B1718517CE ] C:\WINDOWS\system32\umdmxfrm.dll
23:30:09.0859 3764  C:\WINDOWS\system32\umdmxfrm.dll - ok
23:30:09.0875 3764  [ E484F006380A89A52CCC7828ECE5DCA0 ] C:\WINDOWS\system32\msapsspc.dll
23:30:09.0875 3764  C:\WINDOWS\system32\msapsspc.dll - ok
23:30:09.0875 3764  [ 146D198E3AD9D4B69C9EB0AEA6EF333B ] C:\WINDOWS\system32\msvcrt40.dll
23:30:09.0875 3764  C:\WINDOWS\system32\msvcrt40.dll - ok
23:30:09.0890 3764  [ 7B47C36B4F0170B8EF4F3B4EFD371F67 ] C:\WINDOWS\system32\schannel.dll
23:30:09.0890 3764  C:\WINDOWS\system32\schannel.dll - ok
23:30:09.0906 3764  [ 7F2310210256C0AC04A82285DEBC0F51 ] C:\WINDOWS\system32\digest.dll
23:30:09.0906 3764  C:\WINDOWS\system32\digest.dll - ok
23:30:09.0921 3764  [ BB1367FECA810F06B1AEA06D610B1E4F ] C:\WINDOWS\system32\msnsspc.dll
23:30:09.0921 3764  C:\WINDOWS\system32\msnsspc.dll - ok
23:30:09.0937 3764  [ D87041EAA67ECA4394F6D5D09C0C2885 ] C:\WINDOWS\system32\MSCTFIME.IME
23:30:09.0937 3764  C:\WINDOWS\system32\MSCTFIME.IME - ok
23:30:09.0953 3764  [ 6BEC17053284E847CF1FBB8C9A181E1E ] C:\WINDOWS\system32\msprivs.dll
23:30:09.0953 3764  C:\WINDOWS\system32\msprivs.dll - ok
23:30:09.0968 3764  [ C0FE34F85B6D29368133587B1D6FA039 ] C:\WINDOWS\system32\kerberos.dll
23:30:09.0968 3764  C:\WINDOWS\system32\kerberos.dll - ok
23:30:09.0984 3764  [ 4E49D244C178505FEB090E37989D4045 ] C:\WINDOWS\system32\msv1_0.dll
23:30:09.0984 3764  C:\WINDOWS\system32\msv1_0.dll - ok
23:30:10.0000 3764  [ 011EACF9153EF90E6CBCE2987ACAE411 ] C:\WINDOWS\system32\iphlpapi.dll
23:30:10.0000 3764  C:\WINDOWS\system32\iphlpapi.dll - ok
23:30:10.0015 3764  [ 96353FCECBA774BB8DA74A1C6507015A ] C:\WINDOWS\system32\netlogon.dll
23:30:10.0015 3764  C:\WINDOWS\system32\netlogon.dll - ok
23:30:10.0031 3764  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] C:\WINDOWS\system32\w32time.dll
23:30:10.0031 3764  C:\WINDOWS\system32\w32time.dll - ok
23:30:10.0046 3764  [ DBB2E47723A164B178836668A6CA4C1B ] C:\WINDOWS\system32\wdigest.dll
23:30:10.0046 3764  C:\WINDOWS\system32\wdigest.dll - ok
23:30:10.0062 3764  [ 26ACBD865F8CFF730F1791C4D0854352 ] C:\WINDOWS\system32\rsaenh.dll
23:30:10.0062 3764  C:\WINDOWS\system32\rsaenh.dll - ok
23:30:10.0062 3764  [ FE1F6432B5B64500FB2927098219EA8D ] C:\WINDOWS\system32\atmfd.dll
23:30:10.0062 3764  C:\WINDOWS\system32\atmfd.dll - ok
23:30:10.0078 3764  [ 7BCB23FA39CE266AF4347A6BEAB60F8C ] C:\WINDOWS\system32\winscard.dll
23:30:10.0078 3764  C:\WINDOWS\system32\winscard.dll - ok
23:30:10.0093 3764  [ 67F2D109AB373FECEB819F420DB11F03 ] C:\WINDOWS\system32\wtsapi32.dll
23:30:10.0093 3764  C:\WINDOWS\system32\wtsapi32.dll - ok
23:30:10.0109 3764  [ 0F78E27F563F2AAF74B91A49E2ABF19A ] C:\WINDOWS\system32\scecli.dll
23:30:10.0109 3764  C:\WINDOWS\system32\scecli.dll - ok
23:30:10.0125 3764  [ 8F078AE4ED187AAABC0A305146DE6716 ] C:\WINDOWS\system32\svchost.exe
23:30:10.0125 3764  C:\WINDOWS\system32\svchost.exe - ok
23:30:10.0140 3764  [ DAA91B358E685FC6CCA9ACA72BE6FE85 ] C:\WINDOWS\system32\ntmarta.dll
23:30:10.0140 3764  C:\WINDOWS\system32\ntmarta.dll - ok
23:30:10.0156 3764  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] C:\WINDOWS\system32\rpcss.dll
23:30:10.0156 3764  C:\WINDOWS\system32\rpcss.dll - ok
23:30:10.0171 3764  [ 1320AEA7057A26A671D9548CC7BEBDA5 ] C:\WINDOWS\system32\xpsp2res.dll
23:30:10.0171 3764  C:\WINDOWS\system32\xpsp2res.dll - ok
23:30:10.0187 3764  [ 82B24CB70E5944E6E34662205A2A5B78 ] C:\WINDOWS\system32\eventlog.dll
23:30:10.0187 3764  C:\WINDOWS\system32\eventlog.dll - ok
23:30:10.0187 3764  [ 7DB59FFF2AF32C27EB2276424FA5EDDB ] C:\WINDOWS\system32\logonui.exe
23:30:10.0187 3764  C:\WINDOWS\system32\logonui.exe - ok
23:30:10.0203 3764  [ ED7E847905DD2797565B4B695E92F42B ] C:\WINDOWS\system32\duser.dll
23:30:10.0203 3764  C:\WINDOWS\system32\duser.dll - ok
23:30:10.0218 3764  [ B5331F2B6F37C66C29C847F3B94FF900 ] C:\WINDOWS\system32\msimg32.dll
23:30:10.0218 3764  C:\WINDOWS\system32\msimg32.dll - ok
23:30:10.0234 3764  [ 097722F235A1FB698BF9234E01B52637 ] C:\WINDOWS\system32\mswsock.dll
23:30:10.0234 3764  C:\WINDOWS\system32\mswsock.dll - ok
23:30:10.0250 3764  [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
23:30:10.0250 3764  C:\WINDOWS\system32\oleacc.dll - ok
23:30:10.0265 3764  [ 765B30C776A1780B46B479FE614F707C ] C:\WINDOWS\system32\hnetcfg.dll
23:30:10.0265 3764  C:\WINDOWS\system32\hnetcfg.dll - ok
23:30:10.0281 3764  [ A7F95A53EE055115DF03588997A47D4D ] C:\WINDOWS\system32\wshtcpip.dll
23:30:10.0281 3764  C:\WINDOWS\system32\wshtcpip.dll - ok
23:30:10.0296 3764  [ 2C8FDB176F22629EA5342DB474FAC391 ] C:\WINDOWS\system32\winrnr.dll
23:30:10.0296 3764  C:\WINDOWS\system32\winrnr.dll - ok
23:30:10.0312 3764  [ EC8A848FC4F17F3B3D9DA4A0C43FB930 ] C:\WINDOWS\system32\clbcatq.dll
23:30:10.0312 3764  C:\WINDOWS\system32\clbcatq.dll - ok
23:30:10.0328 3764  [ 5F098BD2AE6B03044B085DECFFDF91EC ] C:\WINDOWS\system32\rasadhlp.dll
23:30:10.0328 3764  C:\WINDOWS\system32\rasadhlp.dll - ok
23:30:10.0343 3764  [ 6728270CB7DBB776ED086F5AC4C82310 ] C:\WINDOWS\system32\comres.dll
23:30:10.0343 3764  C:\WINDOWS\system32\comres.dll - ok
23:30:10.0359 3764  [ 34D6CD56409DA9A7ED573E1C90A308BF ] C:\WINDOWS\system32\drivers\ndisuio.sys
23:30:10.0359 3764  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
23:30:10.0375 3764  [ 482E8F6FD557D5A0DF7363F72DF145FE ] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
23:30:10.0375 3764  C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - ok
23:30:10.0375 3764  [ EF545E1A4B043DA4C84E230DD471C55F ] C:\WINDOWS\system32\dhcpcsvc.dll
23:30:10.0375 3764  C:\WINDOWS\system32\dhcpcsvc.dll - ok
23:30:10.0390 3764  [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] C:\WINDOWS\system32\dnsrslvr.dll
23:30:10.0390 3764  C:\WINDOWS\system32\dnsrslvr.dll - ok
23:30:10.0406 3764  [ 2D9C7B010409372C34F725DA5CCED083 ] C:\WINDOWS\system32\wininet.dll
23:30:10.0406 3764  C:\WINDOWS\system32\wininet.dll - ok
23:30:10.0421 3764  [ 1D3A8A40F8045100A3E35C5F9BC6C5DE ] C:\WINDOWS\system32\shgina.dll
23:30:10.0421 3764  C:\WINDOWS\system32\shgina.dll - ok
23:30:10.0437 3764  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
23:30:10.0437 3764  C:\WINDOWS\system32\normaliz.dll - ok
23:30:10.0453 3764  [ E3AB3442249C4861C9D591F95330731F ] C:\WINDOWS\system32\urlmon.dll
23:30:10.0453 3764  C:\WINDOWS\system32\urlmon.dll - ok
23:30:10.0468 3764  [ 7FBE659ECDC2E61BDA3AA930C1532516 ] C:\WINDOWS\system32\iertutil.dll
23:30:10.0468 3764  C:\WINDOWS\system32\iertutil.dll - ok
23:30:10.0484 3764  [ 587729679B4FE04CE06A5C61D6C56DCD ] C:\WINDOWS\system32\cscdll.dll
23:30:10.0484 3764  C:\WINDOWS\system32\cscdll.dll - ok
23:30:10.0500 3764  [ A599E5E366C1408E48AA5D37882D4E3E ] C:\WINDOWS\system32\wlnotify.dll
23:30:10.0500 3764  C:\WINDOWS\system32\wlnotify.dll - ok
23:30:10.0515 3764  [ 777EB29D0135D81AD9828A2B05443496 ] C:\WINDOWS\system32\winspool.drv
23:30:10.0515 3764  C:\WINDOWS\system32\winspool.drv - ok
23:30:10.0531 3764  [ 5A91E6FEAB9F901302FA7FF768C0120F ] C:\WINDOWS\system32\wzcsvc.dll
23:30:10.0531 3764  C:\WINDOWS\system32\wzcsvc.dll - ok
23:30:10.0546 3764  [ B3EFF6D938C572E90A07B3D87A3C7657 ] C:\WINDOWS\system32\lmhsvc.dll
23:30:10.0546 3764  C:\WINDOWS\system32\lmhsvc.dll - ok
23:30:10.0562 3764  [ 2030FA027E7C3E0A145649C03171457B ] C:\WINDOWS\system32\rtutils.dll
23:30:10.0562 3764  C:\WINDOWS\system32\rtutils.dll - ok
23:30:10.0562 3764  [ E682696D7F982494A8CFC80C5B59D422 ] C:\WINDOWS\system32\wmi.dll
23:30:10.0562 3764  C:\WINDOWS\system32\wmi.dll - ok
23:30:10.0578 3764  [ 50DE118DA580208B914B40DD47C90D52 ] C:\WINDOWS\system32\esent.dll
23:30:10.0578 3764  C:\WINDOWS\system32\esent.dll - ok
23:30:10.0593 3764  [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll
23:30:10.0593 3764  C:\WINDOWS\system32\atl.dll - ok
23:30:10.0609 3764  [ 51230212AE7F8159A90F06A7EA30DD8A ] C:\WINDOWS\system32\cscui.dll
23:30:10.0609 3764  C:\WINDOWS\system32\cscui.dll - ok
23:30:10.0625 3764  [ 1B5F6923ABB450692E9FE0672C897AED ] C:\WINDOWS\system32\powrprof.dll
23:30:10.0625 3764  C:\WINDOWS\system32\powrprof.dll - ok
23:30:10.0640 3764  [ 5414CCF382E4FCC6819ABA84F5BFEFD4 ] C:\WINDOWS\system32\rastls.dll
23:30:10.0640 3764  C:\WINDOWS\system32\rastls.dll - ok
23:30:10.0656 3764  [ 4AC302BF714DC163E685D0A187A36D0F ] C:\WINDOWS\system32\cryptui.dll
23:30:10.0656 3764  C:\WINDOWS\system32\cryptui.dll - ok
23:30:10.0671 3764  [ 2D7ADA0265BECAB304C1DB95248E8610 ] C:\WINDOWS\system32\dpcdll.dll
23:30:10.0671 3764  C:\WINDOWS\system32\dpcdll.dll - ok
23:30:10.0687 3764  [ 39B1FFB03C2296323832ACBAE50D2AFF ] C:\WINDOWS\system32\userinit.exe
23:30:10.0687 3764  C:\WINDOWS\system32\userinit.exe - ok
23:30:10.0687 3764  [ 9F78F329B1858E845087B923B4DBA0F3 ] C:\WINDOWS\system32\mprapi.dll
23:30:10.0687 3764  C:\WINDOWS\system32\mprapi.dll - ok
23:30:10.0703 3764  [ 875D770F477E0AE0088BE1810D537B23 ] C:\WINDOWS\system32\activeds.dll
23:30:10.0703 3764  C:\WINDOWS\system32\activeds.dll - ok
23:30:10.0718 3764  [ 97BD6515465659FF8F3B7BE375B2EA87 ] C:\WINDOWS\explorer.exe
23:30:10.0718 3764  C:\WINDOWS\explorer.exe - ok
23:30:10.0734 3764  [ 12A581CA44E53B09D24C5B94F252C78D ] C:\WINDOWS\system32\adsldpc.dll
23:30:10.0734 3764  C:\WINDOWS\system32\adsldpc.dll - ok
23:30:10.0750 3764  [ CD1F7ED9842138BEADF9ECBF37818BEF ] C:\WINDOWS\system32\rasapi32.dll
23:30:10.0750 3764  C:\WINDOWS\system32\rasapi32.dll - ok
23:30:10.0765 3764  [ 9C00DF78E3F5C7A7311EF495DA9AC041 ] C:\WINDOWS\system32\browseui.dll
23:30:10.0765 3764  C:\WINDOWS\system32\browseui.dll - ok
23:30:10.0781 3764  [ 30E244A707E6CE0A4B099CD6384EC6CA ] C:\WINDOWS\system32\rasman.dll
23:30:10.0781 3764  C:\WINDOWS\system32\rasman.dll - ok
23:30:10.0796 3764  [ 6307A1B82F6CA87D7E0CDF49E6E7BC00 ] C:\WINDOWS\system32\tapi32.dll
23:30:10.0796 3764  C:\WINDOWS\system32\tapi32.dll - ok
23:30:10.0812 3764  [ 81D094D3CC389254FFD915EE43EE4D17 ] C:\WINDOWS\system32\shdocvw.dll
23:30:10.0812 3764  C:\WINDOWS\system32\shdocvw.dll - ok
23:30:10.0828 3764  [ B78F5E78D50216A1302F50C12ABEE801 ] C:\WINDOWS\system32\riched20.dll
23:30:10.0828 3764  C:\WINDOWS\system32\riched20.dll - ok
23:30:10.0843 3764  [ 92360854316611F6CC471612213C3D92 ] C:\WINDOWS\system32\schedsvc.dll
23:30:10.0843 3764  C:\WINDOWS\system32\schedsvc.dll - ok
23:30:10.0859 3764  [ 0B8EB60C983666C3F09AB770EDFD2F96 ] C:\WINDOWS\system32\raschap.dll
23:30:10.0859 3764  C:\WINDOWS\system32\raschap.dll - ok
23:30:10.0875 3764  [ 36739B39267914BA69AD0610A0299732 ] C:\WINDOWS\system32\netman.dll
23:30:10.0875 3764  C:\WINDOWS\system32\netman.dll - ok
23:30:10.0875 3764  [ BF52A4D4EB4CFB3109667E429B93E21A ] C:\WINDOWS\system32\netshell.dll
23:30:10.0875 3764  C:\WINDOWS\system32\netshell.dll - ok
23:30:10.0890 3764  [ 1ECB753D7CEEC8F5A94C9781CA64EC44 ] C:\WINDOWS\system32\credui.dll
23:30:10.0890 3764  C:\WINDOWS\system32\credui.dll - ok
23:30:10.0906 3764  [ 9A9BBC71D0EBCD400A33ABCD5F0AB39C ] C:\WINDOWS\system32\wzcsapi.dll
23:30:10.0906 3764  C:\WINDOWS\system32\wzcsapi.dll - ok
23:30:10.0921 3764  [ E931B4DD87DFACE46468FD506FDCD262 ] C:\WINDOWS\system32\desk.cpl
23:30:10.0921 3764  C:\WINDOWS\system32\desk.cpl - ok
23:30:10.0937 3764  [ E6796D51CED309E46D29C0B787735615 ] C:\WINDOWS\system32\themeui.dll
23:30:10.0937 3764  C:\WINDOWS\system32\themeui.dll - ok
23:30:10.0953 3764  [ 249817F51C84D283E96E6B2580D21FFD ] C:\WINDOWS\system32\msidle.dll
23:30:10.0953 3764  C:\WINDOWS\system32\msidle.dll - ok
23:30:10.0968 3764  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] C:\WINDOWS\system32\spoolsv.exe
23:30:10.0968 3764  C:\WINDOWS\system32\spoolsv.exe - ok
23:30:10.0984 3764  [ DB66DB626E4882EBEF55F136F12C1829 ] C:\WINDOWS\system32\audiosrv.dll
23:30:10.0984 3764  C:\WINDOWS\system32\audiosrv.dll - ok
23:30:11.0000 3764  [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] C:\WINDOWS\system32\wkssvc.dll
23:30:11.0000 3764  C:\WINDOWS\system32\wkssvc.dll - ok
23:30:11.0000 3764  [ 13510490BEA0997DB625DAA0178CBFCA ] C:\WINDOWS\system32\actxprxy.dll
23:30:11.0000 3764  C:\WINDOWS\system32\actxprxy.dll - ok
23:30:11.0015 3764  [ ECD5517A6633826057D4F050927DDF56 ] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
23:30:11.0015 3764  C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok
23:30:11.0031 3764  [ EEB024F2C81F0D55936FB825D21A91D6 ] C:\WINDOWS\system32\cmd.exe
23:30:11.0031 3764  C:\WINDOWS\system32\cmd.exe - ok
23:30:11.0046 3764  [ D6A8DC8C374EEA24744F2D4E87CA0E7E ] C:\WINDOWS\system32\wdmaud.drv
23:30:11.0046 3764  C:\WINDOWS\system32\wdmaud.drv - ok
23:30:11.0062 3764  [ EFD235CA22B57C81118C1AEB4798F1C1 ] C:\WINDOWS\system32\drivers\wdmaud.sys
23:30:11.0062 3764  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
23:30:11.0078 3764  [ 650AD082D46BAC0E64C9C0E0928492FD ] C:\WINDOWS\system32\drivers\sysaudio.sys
23:30:11.0078 3764  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
23:30:11.0093 3764  [ 4939E99C1B61017E37A006EEC2E7632D ] C:\WINDOWS\system32\ieframe.dll
23:30:11.0093 3764  C:\WINDOWS\system32\ieframe.dll - ok
23:30:11.0109 3764  [ 0CE218578FFF5F4F7E4201539C45C78F ] C:\WINDOWS\system32\drivers\splitter.sys
23:30:11.0109 3764  C:\WINDOWS\system32\drivers\splitter.sys - ok
23:30:11.0125 3764  [ 1EE7B434BA961EF845DE136224C30FEC ] C:\WINDOWS\system32\drivers\aec.sys
23:30:11.0125 3764  C:\WINDOWS\system32\drivers\aec.sys - ok
23:30:11.0125 3764  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] C:\WINDOWS\system32\drivers\swmidi.sys
23:30:11.0125 3764  C:\WINDOWS\system32\drivers\swmidi.sys - ok
23:30:11.0140 3764  [ A6F881284AC1150E37D9AE47FF601267 ] C:\WINDOWS\system32\drivers\DMusic.sys
23:30:11.0140 3764  C:\WINDOWS\system32\drivers\DMusic.sys - ok
23:30:11.0156 3764  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] C:\WINDOWS\system32\drivers\kmixer.sys
23:30:11.0156 3764  C:\WINDOWS\system32\drivers\kmixer.sys - ok
23:30:11.0171 3764  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] C:\WINDOWS\system32\drivers\drmkaud.sys
23:30:11.0171 3764  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
23:30:11.0187 3764  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
23:30:11.0187 3764  C:\WINDOWS\system32\msacm32.drv - ok
23:30:11.0203 3764  [ 3B4702155BB2AE9DC00C06A68834BDFA ] C:\WINDOWS\system32\midimap.dll
23:30:11.0203 3764  C:\WINDOWS\system32\midimap.dll - ok
23:30:11.0218 3764  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\COMPAQ~1\LOCALS~1\temp\6D8FFF62-BEBE-47DD-AA2A-225CDDF0D7D7.exe
23:30:11.0218 3764  C:\DOCUME~1\COMPAQ~1\LOCALS~1\temp\6D8FFF62-BEBE-47DD-AA2A-225CDDF0D7D7.exe - ok
23:30:11.0234 3764  [ DAD24D2B77AB846BAEC45F2EC49D4229 ] C:\Program Files\iTunes\iTunesMiniPlayer.dll
23:30:11.0234 3764  C:\Program Files\iTunes\iTunesMiniPlayer.dll - ok
23:30:11.0250 3764  [ FF29F650F6CDD21791CEC1F94C9C9DBD ] C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
23:30:11.0250 3764  C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll - ok
23:30:11.0265 3764  [ 5373D59D19CD81B56B853766B35FB5CC ] C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
23:30:11.0265 3764  C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll - ok
23:30:11.0281 3764  [ DCE3C277C4C9ADBC11850DBC4AD131B3 ] C:\WINDOWS\system32\winhttp.dll
23:30:11.0281 3764  C:\WINDOWS\system32\winhttp.dll - ok
23:30:11.0296 3764  [ 29414447EB5BDE2F8397DC965DBB3156 ] C:\WINDOWS\system32\drivers\mrxdav.sys
23:30:11.0296 3764  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
23:30:11.0312 3764  [ 265F534EF76832435AFBF771EC97176D ] C:\WINDOWS\system32\webclnt.dll
23:30:11.0312 3764  C:\WINDOWS\system32\webclnt.dll - ok
23:30:11.0312 3764  [ A1A688EE56CF3BBD24EDEB815D48E9BA ] C:\WINDOWS\system32\linkinfo.dll
23:30:11.0312 3764  C:\WINDOWS\system32\linkinfo.dll - ok
23:30:11.0328 3764  [ 385E9AEC6E100DBEBEE5BD1F27A55E1D ] C:\WINDOWS\system32\ntshrui.dll
23:30:11.0328 3764  C:\WINDOWS\system32\ntshrui.dll - ok
23:30:11.0343 3764  [ 3014CA345E8AD68587BABFB162DDDEC5 ] C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
23:30:11.0343 3764  C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe - ok
23:30:11.0359 3764  [ 60D1A6342238378BFB7545C81EE3606C ] C:\WINDOWS\system32\es.dll
23:30:11.0359 3764  C:\WINDOWS\system32\es.dll - ok
23:30:11.0375 3764  [ 87B85BC1E1F6E0228876204A20A9C24C ] C:\WINDOWS\system32\spoolss.dll
23:30:11.0375 3764  C:\WINDOWS\system32\spoolss.dll - ok
23:30:11.0390 3764  [ 3E9A33113D663D8BD5ED38858E669652 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
23:30:11.0390 3764  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll - ok
23:30:11.0406 3764  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\25742595.sys
23:30:11.0406 3764  C:\WINDOWS\system32\drivers\25742595.sys - ok
23:30:11.0421 3764  [ 8C53CCD787C381CD535D8DCCA12584D8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
23:30:11.0421 3764  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll - ok
23:30:11.0437 3764  [ 2E632F071817AD3758C386571CBD9858 ] C:\WINDOWS\system32\localspl.dll
23:30:11.0437 3764  C:\WINDOWS\system32\localspl.dll - ok
23:30:11.0453 3764  [ 1169436EE42F860C7DB37A4692B38F0E ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
23:30:11.0453 3764  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll - ok
23:30:11.0468 3764  [ 7105749E78925FDFFD078DD54A8C2B70 ] C:\WINDOWS\system32\cnbjmon.dll
23:30:11.0468 3764  C:\WINDOWS\system32\cnbjmon.dll - ok
23:30:11.0468 3764  [ 43BAE2A78DE14F25979D09647F4B681D ] C:\WINDOWS\system32\CNMLM83.DLL
23:30:11.0468 3764  C:\WINDOWS\system32\CNMLM83.DLL - ok
23:30:11.0484 3764  [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\system32\msi.dll
23:30:11.0484 3764  C:\WINDOWS\system32\msi.dll - ok
23:30:11.0500 3764  [ 04ED6818993ACA2EF887E2246B21CB66 ] C:\WINDOWS\system32\CNMLM95.DLL
23:30:11.0500 3764  C:\WINDOWS\system32\CNMLM95.DLL - ok
23:30:11.0515 3764  [ 10654F9DDCEA9C46CFB77554231BE73B ] C:\WINDOWS\system32\cryptsvc.dll
23:30:11.0515 3764  C:\WINDOWS\system32\cryptsvc.dll - ok
23:30:11.0531 3764  [ AD44C5BC21213F394F6AFCB55CC39293 ] C:\WINDOWS\system32\certcli.dll
23:30:11.0531 3764  C:\WINDOWS\system32\certcli.dll - ok
23:30:11.0546 3764  [ 4BAB0D62FABAEE4ED54E921442D61DE0 ] C:\WINDOWS\system32\CNCF2Le.DLL
23:30:11.0546 3764  C:\WINDOWS\system32\CNCF2Le.DLL - ok
23:30:11.0562 3764  [ 6CD4A623E07139CCB76D32A828733496 ] C:\WINDOWS\system32\devenum.dll
23:30:11.0562 3764  C:\WINDOWS\system32\devenum.dll - ok
23:30:11.0578 3764  [ CCFA6A6925E4544A8167B753C7DDE345 ] C:\Program Files\Hotspot Shield\bin\openvpnas.exe
23:30:11.0578 3764  C:\Program Files\Hotspot Shield\bin\openvpnas.exe - ok
23:30:11.0593 3764  [ E8F155CCCA86AC2604A222EAFF5ED7F9 ] C:\WINDOWS\system32\msdmo.dll
23:30:11.0593 3764  C:\WINDOWS\system32\msdmo.dll - ok
23:30:11.0609 3764  [ 8827911A8C37E40C027CBFC88E69D967 ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
23:30:11.0609 3764  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
23:30:11.0625 3764  [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\WINDOWS\system32\mdimon.dll
23:30:11.0625 3764  C:\WINDOWS\system32\mdimon.dll - ok
23:30:11.0625 3764  [ F757E8B9A38A44223318F2C68479B26E ] C:\Program Files\Hotspot Shield\bin\af_proxy.dll
23:30:11.0625 3764  C:\Program Files\Hotspot Shield\bin\af_proxy.dll - ok
23:30:11.0640 3764  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] C:\WINDOWS\system32\ersvc.dll
23:30:11.0640 3764  C:\WINDOWS\system32\ersvc.dll - ok
23:30:11.0656 3764  [ C5245F09C55FE9D49DB96CEF768DD360 ] C:\WINDOWS\system32\ksproxy.ax
23:30:11.0656 3764  C:\WINDOWS\system32\ksproxy.ax - ok
23:30:11.0671 3764  [ C7D4D685A0AF2A09CBC21CB474358595 ] C:\Program Files\Hotspot Shield\bin\zlib1.dll
23:30:11.0671 3764  C:\Program Files\Hotspot Shield\bin\zlib1.dll - ok
23:30:11.0687 3764  [ CBCD254547689BFF80C9F547B20911E9 ] C:\WINDOWS\system32\ksuser.dll
23:30:11.0687 3764  C:\WINDOWS\system32\ksuser.dll - ok
23:30:11.0703 3764  [ F517BD3B95FB375B42AEDBB386615392 ] C:\WINDOWS\system32\fxsmon.dll
23:30:11.0703 3764  C:\WINDOWS\system32\fxsmon.dll - ok
23:30:11.0718 3764  [ B69D6FC0706CEEC7FD26075B79A8A017 ] C:\WINDOWS\sm56hlpr.exe
23:30:11.0718 3764  C:\WINDOWS\sm56hlpr.exe - ok
23:30:11.0734 3764  [ 9CC834BDDFFD69FFBF3C58408C4E47B3 ] C:\WINDOWS\system32\fxsevent.dll
23:30:11.0734 3764  C:\WINDOWS\system32\fxsevent.dll - ok
23:30:11.0750 3764  [ C44BC10BA73575C91FF50CDAF4D8E370 ] C:\WINDOWS\system32\pjlmon.dll
23:30:11.0750 3764  C:\WINDOWS\system32\pjlmon.dll - ok
23:30:11.0765 3764  [ 9819C4F68686E9FE1D62DD0D4767DDD5 ] C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
23:30:11.0765 3764  C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe - ok
23:30:11.0781 3764  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
23:30:11.0781 3764  C:\WINDOWS\system32\webcheck.dll - ok
23:30:11.0796 3764  [ A37D7208C3D5DBA0A603953A5B232AF7 ] C:\WINDOWS\system32\oledlg.dll
23:30:11.0796 3764  C:\WINDOWS\system32\oledlg.dll - ok
23:30:11.0812 3764  [ 0346DA24DE3C85909717D5997510A31F ] C:\WINDOWS\system32\mlang.dll
23:30:11.0812 3764  C:\WINDOWS\system32\mlang.dll - ok
23:30:11.0828 3764  [ A3F853629F7F2537157EA6EA9857EA56 ] C:\WINDOWS\system32\tcpmon.dll
23:30:11.0828 3764  C:\WINDOWS\system32\tcpmon.dll - ok
23:30:11.0843 3764  [ 297101A925ECFFDCDF7F6341FFBB6C1A ] C:\WINDOWS\system32\stobject.dll
23:30:11.0843 3764  C:\WINDOWS\system32\stobject.dll - ok
23:30:11.0843 3764  [ 755D08E9E2AE904F75CB97A53C2BA785 ] C:\WINDOWS\system32\qcap.dll
23:30:11.0843 3764  C:\WINDOWS\system32\qcap.dll - ok
23:30:11.0859 3764  [ 4E6EEEA8EB9302D604603D4758C05E75 ] C:\WINDOWS\system32\batmeter.dll
23:30:11.0859 3764  C:\WINDOWS\system32\batmeter.dll - ok
23:30:11.0875 3764  [ B48D3193DD1474DCBCC32BF4779AC698 ] C:\WINDOWS\system32\olepro32.dll
23:30:11.0875 3764  C:\WINDOWS\system32\olepro32.dll - ok
23:30:11.0890 3764  [ 242D07D7FC72AD897944BFF932D57C3C ] C:\WINDOWS\system32\usbmon.dll
23:30:11.0890 3764  C:\WINDOWS\system32\usbmon.dll - ok
23:30:11.0906 3764  [ 9CAB732C554BC1191E68D1EFB102DA45 ] C:\WINDOWS\system32\msvfw32.dll
23:30:11.0906 3764  C:\WINDOWS\system32\msvfw32.dll - ok
23:30:11.0921 3764  [ 7321BCA90DD53CC46EFDF1D4D44964E1 ] C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
23:30:11.0921 3764  C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe - ok
23:30:11.0937 3764  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
23:30:11.0937 3764  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
23:30:11.0937 3764  [ 53AF9F2B2CE4B6EFF41C70417359D010 ] C:\WINDOWS\system32\wsock32.dll
23:30:11.0953 3764  C:\WINDOWS\system32\wsock32.dll - ok
23:30:11.0953 3764  [ BB64225C22CD870B16D4238E2C957C7E ] C:\WINDOWS\system32\qdvd.dll
23:30:11.0953 3764  C:\WINDOWS\system32\qdvd.dll - ok
23:30:11.0968 3764  [ 6E205319848B8AF2A0DA52B8D63DB91E ] C:\WINDOWS\system32\sensapi.dll
23:30:11.0968 3764  C:\WINDOWS\system32\sensapi.dll - ok
23:30:11.0984 3764  [ 30A086BA3520555B718E77763B1C52C0 ] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
23:30:11.0984 3764  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe - ok
23:30:12.0000 3764  [ DD6D5ABAD9B8C13CEDA4752370BA982C ] C:\WINDOWS\system32\mydocs.dll
23:30:12.0000 3764  C:\WINDOWS\system32\mydocs.dll - ok
23:30:12.0015 3764  [ B24B35ADF491D64F786ACABE9EC20A22 ] C:\WINDOWS\sm56eng.dll
23:30:12.0015 3764  C:\WINDOWS\sm56eng.dll - ok
23:30:12.0031 3764  [ B24B35ADF491D64F786ACABE9EC20A22 ] C:\WINDOWS\sm56fra.dll
23:30:12.0031 3764  C:\WINDOWS\sm56fra.dll - ok
23:30:12.0046 3764  [ 76A3A30B58405C2C6D833895253A51A9 ] C:\Program Files\QuickTime\qttask.exe
23:30:12.0046 3764  C:\Program Files\QuickTime\qttask.exe - ok
23:30:12.0062 3764  [ B24B35ADF491D64F786ACABE9EC20A22 ] C:\WINDOWS\sm56brz.dll
23:30:12.0062 3764  C:\WINDOWS\sm56brz.dll - ok
23:30:12.0078 3764  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
23:30:12.0078 3764  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
23:30:12.0093 3764  [ FEC3ACE4D5E9B8B13C401941EE50F476 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
23:30:12.0093 3764  C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL - ok
23:30:12.0109 3764  [ F56313B0B69600118AE0C780EEA3CF1E ] C:\WINDOWS\sm56chs.dll
23:30:12.0109 3764  C:\WINDOWS\sm56chs.dll - ok
23:30:12.0125 3764  [ AC8288CCE00E7C89B4C5559277382B52 ] C:\Program Files\Common Files\LightScribe\LSCAPI.dll
23:30:12.0125 3764  C:\Program Files\Common Files\LightScribe\LSCAPI.dll - ok
23:30:12.0125 3764  [ 4DC682A545244397E3A29D48CEADDAB1 ] C:\WINDOWS\system32\quartz.dll
23:30:12.0125 3764  C:\WINDOWS\system32\quartz.dll - ok
23:30:12.0140 3764  [ 2E1DF960A48BDE321881823ABBB2E1C7 ] C:\Program Files\Hotspot Shield\bin\hsswd.exe
23:30:12.0140 3764  C:\Program Files\Hotspot Shield\bin\hsswd.exe - ok
23:30:12.0156 3764  [ CD40F39D4DD739FC26E64F8D387CAD23 ] C:\WINDOWS\sm56cht.dll
23:30:12.0156 3764  C:\WINDOWS\sm56cht.dll - ok
23:30:12.0171 3764  [ 428AC07A4F033D592C754CD6C2F6AB86 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD95.DLL
23:30:12.0171 3764  C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD95.DLL - ok
23:30:12.0187 3764  [ C1A3AF85DBFC67988FB71CE5E8F3B570 ] C:\Program Files\Common Files\LightScribe\LSLog.dll
23:30:12.0187 3764  C:\Program Files\Common Files\LightScribe\LSLog.dll - ok
23:30:12.0203 3764  [ B24B35ADF491D64F786ACABE9EC20A22 ] C:\WINDOWS\sm56ger.dll
23:30:12.0203 3764  C:\WINDOWS\sm56ger.dll - ok
23:30:12.0218 3764  [ EA8647A21BCB56C5F15712D4B7407501 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
23:30:12.0218 3764  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
23:30:12.0234 3764  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
23:30:12.0234 3764  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
23:30:12.0250 3764  [ B24B35ADF491D64F786ACABE9EC20A22 ] C:\WINDOWS\sm56itl.dll
23:30:12.0250 3764  C:\WINDOWS\sm56itl.dll - ok
23:30:12.0265 3764  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
23:30:12.0265 3764  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
23:30:12.0265 3764  [ 88A9436B438C0D4A5F3E477A76FB85F2 ] C:\WINDOWS\sm56jpn.dll
23:30:12.0265 3764  C:\WINDOWS\sm56jpn.dll - ok
23:30:12.0281 3764  [ B24B35ADF491D64F786ACABE9EC20A22 ] C:\WINDOWS\sm56spn.dll
23:30:12.0281 3764  C:\WINDOWS\sm56spn.dll - ok
23:30:12.0296 3764  [ 8142FB22F7424CC9ACCDF00A2483816B ] C:\Program Files\Common Files\LightScribe\LSPrtEn.dll
23:30:12.0296 3764  C:\Program Files\Common Files\LightScribe\LSPrtEn.dll - ok
23:30:12.0312 3764  [ A1C10F87248529173F39F4B4734DF14B ] C:\WINDOWS\system32\win32spl.dll
23:30:12.0312 3764  C:\WINDOWS\system32\win32spl.dll - ok
23:30:12.0328 3764  [ 51582C0822B2BB776FBF63B8A2CBD2B0 ] C:\Program Files\Common Files\LightScribe\LSDrComm.dll
23:30:12.0328 3764  C:\Program Files\Common Files\LightScribe\LSDrComm.dll - ok
23:30:12.0343 3764  [ 5739F2821D49975CEDE6BF0153D0CF01 ] C:\Program Files\Java\jre7\bin\jqs.exe
23:30:12.0343 3764  C:\Program Files\Java\jre7\bin\jqs.exe - ok
23:30:12.0359 3764  [ 45F2C61BD30137F7BD7F5339A34DF601 ] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
23:30:12.0359 3764  C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe - ok
23:30:12.0375 3764  [ 84A5644AE4731202A4A02E6342D29BA6 ] C:\WINDOWS\system32\netrap.dll
23:30:12.0375 3764  C:\WINDOWS\system32\netrap.dll - ok
23:30:12.0375 3764  [ F3918787F9D5F5FF2DA57CDEFB858EC5 ] C:\Program Files\Common Files\LightScribe\LSSProxy.dll
23:30:12.0375 3764  C:\Program Files\Common Files\LightScribe\LSSProxy.dll - ok
23:30:12.0390 3764  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
23:30:12.0390 3764  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
23:30:12.0406 3764  [ F14A6BD840E4D7CD4C0535CB3CEF2887 ] C:\WINDOWS\system32\inetpp.dll
23:30:12.0406 3764  C:\WINDOWS\system32\inetpp.dll - ok
23:30:12.0421 3764  [ 7B9BDC7849C94AE302B29688FE14D90F ] C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll
23:30:12.0421 3764  C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll - ok
23:30:12.0437 3764  [ 20CCEEBF91E78F6B77646FC9F1C2CF6C ] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
23:30:12.0437 3764  C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe - ok
23:30:12.0453 3764  [ A8D49C8B593789B6AAC5F98A45DF4566 ] C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
23:30:12.0453 3764  C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe - ok
23:30:12.0468 3764  [ 2A1E22D33F9FDA250853B9CA7EE01B8E ] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
23:30:12.0468 3764  C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe - ok
23:30:12.0484 3764  [ F8B91C91225E5CAA2B2F0370201021C0 ] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
23:30:12.0484 3764  C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe - ok
23:30:12.0500 3764  [ 6CF7D6119FC02FCC558866D1D5CCC182 ] C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\xmllite.dll
23:30:12.0500 3764  C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\xmllite.dll - ok
23:30:12.0515 3764  [ C99248B969A799B771F484CD68BCB96E ] C:\WINDOWS\system32\mscoree.dll
23:30:12.0515 3764  C:\WINDOWS\system32\mscoree.dll - ok
23:30:12.0531 3764  [ 7B8875A5B04932AC73AFD8079864DB68 ] C:\WINDOWS\ALCXMNTR.EXE
23:30:12.0531 3764  C:\WINDOWS\ALCXMNTR.EXE - ok
23:30:12.0546 3764  [ 55E148C01296696588EAFA425782C3E8 ] C:\WINDOWS\system32\dsound.dll
23:30:12.0546 3764  C:\WINDOWS\system32\dsound.dll - ok
23:30:12.0562 3764  [ 686B224B4987C22B153FBB545FEE9657 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
23:30:12.0562 3764  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll - ok
23:30:12.0578 3764  [ E66532FD491AD5604C36916715FBA092 ] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
23:30:12.0578 3764  C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
23:30:12.0593 3764  [ DB963459BEA73867E50BC92D3A3F61BC ] C:\WINDOWS\system32\pdh.dll
23:30:12.0593 3764  C:\WINDOWS\system32\pdh.dll - ok
23:30:12.0609 3764  [ 2E61C409474416CC78D66300F1BCB722 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
23:30:12.0609 3764  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll - ok
23:30:12.0625 3764  [ CCAAE1AB648E239E57B9FA13FDBD3218 ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\slcore.dll
23:30:12.0625 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\slcore.dll - ok
23:30:12.0625 3764  [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:30:12.0625 3764  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
23:30:12.0640 3764  [ 7AA15CCBE1DD20339200659AF99D588F ] C:\WINDOWS\system32\odbcbcp.dll
23:30:12.0640 3764  C:\WINDOWS\system32\odbcbcp.dll - ok
23:30:12.0656 3764  [ F1430F5D20F4BB71A003209C3DB3ADDF ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
23:30:12.0656 3764  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll - ok
23:30:12.0671 3764  [ 516C67F32A77F3ED296FE7F9AAD2ADAA ] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\BCGCBPRO100u80.dll
23:30:12.0671 3764  C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\BCGCBPRO100u80.dll - ok
23:30:12.0687 3764  [ D63797E8E7781EE1500A810CB6194FA6 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
23:30:12.0687 3764  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
23:30:12.0703 3764  [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] C:\WINDOWS\system32\srvsvc.dll
23:30:12.0703 3764  C:\WINDOWS\system32\srvsvc.dll - ok
23:30:12.0718 3764  [ 9BF581F8A628935F265EB83979EFE897 ] C:\PROGRA~1\COMMON~1\System\MSMAPI\1033\MSMAPI32.DLL
23:30:12.0718 3764  C:\PROGRA~1\COMMON~1\System\MSMAPI\1033\MSMAPI32.DLL - ok
23:30:12.0734 3764  [ 6E5DAC168D1FF9843E84A59D51D31107 ] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:30:12.0734 3764  C:\Program Files\Common Files\LightScribe\LSSrvc.exe - ok
23:30:12.0750 3764  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
23:30:12.0750 3764  C:\WINDOWS\system32\netmsg.dll - ok
23:30:12.0765 3764  [ 11F714F85530A2BD134074DC30E99FCA ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:30:12.0765 3764  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - ok
23:30:12.0781 3764  [ A42A6A4D646E1E7F3A48BA2620E53AF5 ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\slctrl.dll
23:30:12.0781 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\slctrl.dll - ok
23:30:12.0796 3764  [ FC77C63C47AE2D0D8B05DA6EC1785C0F ] C:\WINDOWS\system32\perfos.dll
23:30:12.0796 3764  C:\WINDOWS\system32\perfos.dll - ok
23:30:12.0812 3764  [ BA868A32EB6EB8EBD2FF0D8679801DEF ] C:\WINDOWS\system32\perfdisk.dll
23:30:12.0812 3764  C:\WINDOWS\system32\perfdisk.dll - ok
23:30:12.0812 3764  [ 7A4F147CC6B133F905F6E65E2F8669FB ] C:\WINDOWS\system32\drivers\srv.sys
23:30:12.0828 3764  C:\WINDOWS\system32\drivers\srv.sys - ok
23:30:12.0828 3764  [ 4721AB485E0C29CD1617A5F296B9CC47 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
23:30:12.0828 3764  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll - ok
23:30:12.0843 3764  [ B90E093E7A7250906F1054418B5339C0 ] C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
23:30:12.0843 3764  C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - ok
23:30:12.0859 3764  [ ABF8270CDFD1525759A7D5C16A16643C ] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
23:30:12.0859 3764  C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL - ok
23:30:12.0875 3764  [ 6479A184873F7CA797FF0375D711E9A6 ] C:\WINDOWS\system32\dbghelp.dll
23:30:12.0875 3764  C:\WINDOWS\system32\dbghelp.dll - ok
23:30:12.0890 3764  [ D167CA427516B8C416B746117F69B870 ] C:\Program Files\Common Files\Nero\Nero BackItUp 4\NB.dll
23:30:12.0890 3764  C:\Program Files\Common Files\Nero\Nero BackItUp 4\NB.dll - ok
23:30:12.0906 3764  [ F0AF09B4781F4935FDB49AFA87C90FA9 ] C:\WINDOWS\system32\faultrep.dll
23:30:12.0906 3764  C:\WINDOWS\system32\faultrep.dll - ok
23:30:12.0921 3764  [ D8584C7FB9A1BA8480F9000C1CA1B415 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
23:30:12.0921 3764  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll - ok
23:30:12.0921 3764  [ B4459D13473D07FCB43365C02732DE16 ] C:\WINDOWS\system32\pschdprf.dll
23:30:12.0937 3764  C:\WINDOWS\system32\pschdprf.dll - ok
23:30:12.0937 3764  [ 1F3A82333046F4B97B2BB148ABF38D54 ] C:\WINDOWS\system32\traffic.dll
23:30:12.0937 3764  C:\WINDOWS\system32\traffic.dll - ok
23:30:12.0953 3764  [ F9DD799E07ED5028DB2F1FFEA72C9357 ] C:\WINDOWS\system32\rsvpperf.dll
23:30:12.0953 3764  C:\WINDOWS\system32\rsvpperf.dll - ok
23:30:12.0968 3764  [ 6951B89B4F591AA694048A6CD0E5224A ] C:\WINDOWS\system32\tapiperf.dll
23:30:12.0968 3764  C:\WINDOWS\system32\tapiperf.dll - ok
23:30:12.0984 3764  [ 5F5360825D2B829121E78E84D4CB8785 ] C:\Program Files\Common Files\Nero\Nero BackItUp 4\LBFC.dll
23:30:12.0984 3764  C:\Program Files\Common Files\Nero\Nero BackItUp 4\LBFC.dll - ok
23:30:13.0000 3764  [ C39CD25443CCCDD121BF1F807564DCFA ] C:\WINDOWS\system32\drprov.dll
23:30:13.0000 3764  C:\WINDOWS\system32\drprov.dll - ok
23:30:13.0015 3764  [ 6539CED6E5AB5684AA09E6B0ABBF4124 ] C:\WINDOWS\system32\ntlanman.dll
23:30:13.0015 3764  C:\WINDOWS\system32\ntlanman.dll - ok
23:30:13.0031 3764  [ 01520B46830C8178E1B2C05A4F3F6C16 ] C:\WINDOWS\system32\netui0.dll
23:30:13.0031 3764  C:\WINDOWS\system32\netui0.dll - ok
23:30:13.0046 3764  [ 88B918E7FB3B09595DD8A0FD09A35B8F ] C:\WINDOWS\system32\netui1.dll
23:30:13.0046 3764  C:\WINDOWS\system32\netui1.dll - ok
23:30:13.0062 3764  [ DAD1CEF1B77539B4EF734A1041CF95ED ] C:\WINDOWS\system32\mstask.dll
23:30:13.0062 3764  C:\WINDOWS\system32\mstask.dll - ok
23:30:13.0078 3764  [ E406A33046228BD89F0C2DB5C172F19C ] C:\WINDOWS\system32\IoctlSvc.exe
23:30:13.0078 3764  C:\WINDOWS\system32\IoctlSvc.exe - ok
23:30:13.0093 3764  [ D1E299962B5956005113EC4AB1E0D9B7 ] C:\WINDOWS\system32\ipsecsvc.dll
23:30:13.0093 3764  C:\WINDOWS\system32\ipsecsvc.dll - ok
23:30:13.0109 3764  [ 716A078B2FC6CC0BB3030B2559EC143F ] C:\WINDOWS\system32\davclnt.dll
23:30:13.0109 3764  C:\WINDOWS\system32\davclnt.dll - ok
23:30:13.0125 3764  [ CA7E42E0B8D117165ED553A7D681352A ] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:30:13.0125 3764  C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - ok
23:30:13.0125 3764  [ 81DA72712DF46480E6248AEB35E15FCC ] C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBBurn.dll
23:30:13.0125 3764  C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBBurn.dll - ok
23:30:13.0140 3764  [ E7E39B9152E6C27E5F608574EA6C5A52 ] C:\WINDOWS\system32\oakley.dll
23:30:13.0140 3764  C:\WINDOWS\system32\oakley.dll - ok
23:30:13.0156 3764  [ 165AE7A443F2139DD2C078AD87699F91 ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
23:30:13.0156 3764  C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok
23:30:13.0171 3764  [ 8E2D68A36FCB58A8DA57DE3E064F39CC ] C:\Program Files\Common Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll
23:30:13.0171 3764  C:\Program Files\Common Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll - ok
23:30:13.0187 3764  [ 2B2F31E3F2CE3723C1B0F3700C8BE28B ] C:\WINDOWS\system32\winipsec.dll
23:30:13.0187 3764  C:\WINDOWS\system32\winipsec.dll - ok
23:30:13.0203 3764  [ 524F073B1241F5D37CD70FF389B3B7FD ] C:\WINDOWS\system32\msxml3.dll
23:30:13.0203 3764  C:\WINDOWS\system32\msxml3.dll - ok
23:30:13.0218 3764  [ 306B30A036DB25FCB76B507FEDE07D58 ] C:\WINDOWS\system32\pstorsvc.dll
23:30:13.0218 3764  C:\WINDOWS\system32\pstorsvc.dll - ok
23:30:13.0234 3764  [ 4D3CCDF22D2B4BAE229BA73B81D13E26 ] C:\WINDOWS\system32\psbase.dll
23:30:13.0234 3764  C:\WINDOWS\system32\psbase.dll - ok
23:30:13.0250 3764  [ CACD2C63A79268D131EA37E85524CC44 ] C:\WINDOWS\system32\dssenh.dll
23:30:13.0250 3764  C:\WINDOWS\system32\dssenh.dll - ok
23:30:13.0250 3764  [ B1E0CE09895376871746F36DC5773B4F ] C:\WINDOWS\system32\seclogon.dll
23:30:13.0250 3764  C:\WINDOWS\system32\seclogon.dll - ok
23:30:13.0265 3764  [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] C:\WINDOWS\system32\wiaservc.dll
23:30:13.0265 3764  C:\WINDOWS\system32\wiaservc.dll - ok
23:30:13.0281 3764  [ 5144AE67D60EC653F97DDF3FEED29E77 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:30:13.0281 3764  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
23:30:13.0296 3764  [ DFD9870CF39C791D86C4C209DA9FA919 ] C:\WINDOWS\system32\sens.dll
23:30:13.0296 3764  C:\WINDOWS\system32\sens.dll - ok
23:30:13.0312 3764  [ F399242A80C4066FD155EFA4CF96658E ] C:\WINDOWS\system32\wbem\wmisvc.dll
23:30:13.0312 3764  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
23:30:13.0328 3764  [ 0FCB11B39AF688035E1CDE754684EE5C ] C:\WINDOWS\system32\cfgmgr32.dll
23:30:13.0328 3764  C:\WINDOWS\system32\cfgmgr32.dll - ok
23:30:13.0343 3764  [ 79DABB124D00ADF19852AE879C201890 ] C:\WINDOWS\system32\vssapi.dll
23:30:13.0343 3764  C:\WINDOWS\system32\vssapi.dll - ok
23:30:13.0359 3764  [ 4ED87C9C1F9EA9FC68C2E22C3A2DB286 ] C:\WINDOWS\system32\mscms.dll
23:30:13.0359 3764  C:\WINDOWS\system32\mscms.dll - ok
23:30:13.0375 3764  [ 5EB87BA0B93CA7E894FC8002E3CE4C2A ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
23:30:13.0375 3764  C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
23:30:13.0375 3764  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] C:\WINDOWS\system32\trkwks.dll
23:30:13.0375 3764  C:\WINDOWS\system32\trkwks.dll - ok
23:30:13.0390 3764  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] C:\WINDOWS\system32\srsvc.dll
23:30:13.0390 3764  C:\WINDOWS\system32\srsvc.dll - ok
23:30:13.0406 3764  [ 07F0460CE9A571D1DB6AEBE83DF6AA9E ] C:\WINDOWS\system32\CNCC160.DLL
23:30:13.0406 3764  C:\WINDOWS\system32\CNCC160.DLL - ok
23:30:13.0421 3764  [ 36CC8C01B5E50163037BEF56CB96DEFF ] C:\WINDOWS\system32\ipnathlp.dll
23:30:13.0421 3764  C:\WINDOWS\system32\ipnathlp.dll - ok
23:30:13.0437 3764  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] C:\WINDOWS\system32\browser.dll
23:30:13.0437 3764  C:\WINDOWS\system32\browser.dll - ok
23:30:13.0453 3764  [ 13D72740963CBA12D9FF76A7F218BCD8 ] C:\WINDOWS\system32\wuauserv.dll
23:30:13.0453 3764  C:\WINDOWS\system32\wuauserv.dll - ok
23:30:13.0468 3764  [ DF588E45CC12913B3C63B7B03A971B81 ] C:\WINDOWS\system32\CNCL160.DLL
23:30:13.0468 3764  C:\WINDOWS\system32\CNCL160.DLL - ok
23:30:13.0484 3764  [ 75DEB92422D955373825A11F9F74EC6A ] C:\WINDOWS\system32\comsvcs.dll
23:30:13.0484 3764  C:\WINDOWS\system32\comsvcs.dll - ok
23:30:13.0500 3764  [ 3E17F6D7B9A074E6D28F68F2F86F365C ] C:\WINDOWS\twain_32\MP160\USDRESUS.DLL
23:30:13.0500 3764  C:\WINDOWS\twain_32\MP160\USDRESUS.DLL - ok
23:30:13.0515 3764  [ 01A04FB59E76697C9171B6327274D371 ] C:\WINDOWS\system32\colbact.dll
23:30:13.0515 3764  C:\WINDOWS\system32\colbact.dll - ok
23:30:13.0531 3764  [ 99F43B9B76C88ACEAD42FE84744F8C87 ] C:\WINDOWS\system32\mtxclu.dll
23:30:13.0531 3764  C:\WINDOWS\system32\mtxclu.dll - ok
23:30:13.0546 3764  [ 98C1FF6676E02D43DA208802286A6EE7 ] C:\WINDOWS\system32\clusapi.dll
23:30:13.0546 3764  C:\WINDOWS\system32\clusapi.dll - ok
23:30:13.0562 3764  [ 2738C8A33FF07DD3C99C7C8F0A85DA72 ] C:\WINDOWS\system32\resutils.dll
23:30:13.0562 3764  C:\WINDOWS\system32\resutils.dll - ok
23:30:13.0578 3764  [ 4D59DAA66C60858CDF4F67A900F42D4A ] C:\WINDOWS\system32\wscsvc.dll
23:30:13.0578 3764  C:\WINDOWS\system32\wscsvc.dll - ok
23:30:13.0578 3764  [ 6298277B73C77FA99106B271A7525163 ] C:\WINDOWS\system32\wuaueng.dll
23:30:13.0578 3764  C:\WINDOWS\system32\wuaueng.dll - ok
23:30:13.0593 3764  [ 08F0190AE201EC331B4CA3B0FA2D2CCE ] C:\WINDOWS\system32\cabinet.dll
23:30:13.0593 3764  C:\WINDOWS\system32\cabinet.dll - ok
23:30:13.0609 3764  [ 633C197292B4051D986903827DE561A3 ] C:\WINDOWS\system32\mspatcha.dll
23:30:13.0609 3764  C:\WINDOWS\system32\mspatcha.dll - ok
23:30:13.0625 3764  [ 851547797C2A7F8A04841644C471A567 ] C:\WINDOWS\system32\wbem\wbemprox.dll
23:30:13.0625 3764  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
23:30:13.0640 3764  [ 4E39C36213E95FB971A61A247BDE2F61 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
23:30:13.0640 3764  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
23:30:13.0656 3764  [ E91B5FA739CCF7F0CE3282B0FCFA5108 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
23:30:13.0656 3764  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
23:30:13.0671 3764  [ 36360B625D7290BBA2CD03AD4975E1BC ] C:\WINDOWS\system32\wbem\wbemcore.dll
23:30:13.0671 3764  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
23:30:13.0687 3764  [ DE578E4E6844954823FC7688625F00C8 ] C:\WINDOWS\system32\wbem\esscli.dll
23:30:13.0687 3764  C:\WINDOWS\system32\wbem\esscli.dll - ok
23:30:13.0703 3764  [ 950DF6295D3C6B5F2D508DCB1B275B87 ] C:\WINDOWS\system32\wbem\fastprox.dll
23:30:13.0703 3764  C:\WINDOWS\system32\wbem\fastprox.dll - ok
23:30:13.0718 3764  [ 7D676AC8CC19341117C77C261647BA07 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
23:30:13.0718 3764  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
23:30:13.0734 3764  [ 1D326842006C4BE77ECD848CF89F01AB ] C:\WINDOWS\system32\wups.dll
23:30:13.0734 3764  C:\WINDOWS\system32\wups.dll - ok
23:30:13.0750 3764  [ 0A1161DB4FCCF7821736C70D70A0F5A3 ] C:\WINDOWS\system32\wbem\wmiutils.dll
23:30:13.0750 3764  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
23:30:13.0765 3764  [ 5BD1234E11B39C63BBA87022AF6D43C2 ] C:\WINDOWS\system32\wups2.dll
23:30:13.0765 3764  C:\WINDOWS\system32\wups2.dll - ok
23:30:13.0781 3764  [ 9A66728EFE501D855D0FFE3DE023CE32 ] C:\WINDOWS\system32\wbem\repdrvfs.dll
23:30:13.0781 3764  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
23:30:13.0796 3764  [ 80B1AA84CD23724C284AD5988F208EB3 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
23:30:13.0796 3764  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
23:30:13.0812 3764  [ 62BB79160F86CD962F312C68C6239BFD ] C:\WINDOWS\system32\wuauclt.exe
23:30:13.0812 3764  C:\WINDOWS\system32\wuauclt.exe - ok
23:30:13.0812 3764  [ 6708E1DDF12CAB2D5B5A2B66B76E0038 ] C:\WINDOWS\system32\wbem\wbemess.dll
23:30:13.0812 3764  C:\WINDOWS\system32\wbem\wbemess.dll - ok
23:30:13.0828 3764  [ 009758CC06B7F55B4A4D16A66E243C24 ] C:\WINDOWS\system32\wuapi.dll
23:30:13.0828 3764  C:\WINDOWS\system32\wuapi.dll - ok
23:30:13.0843 3764  [ CAD4AA32E7ECA00C23CC39C0EB833F9D ] C:\WINDOWS\system32\cryptnet.dll
23:30:13.0843 3764  C:\WINDOWS\system32\cryptnet.dll - ok
23:30:13.0859 3764  [ 6AE613FFF9F9DFEE552652662BFABE41 ] C:\WINDOWS\system32\wbem\ncprov.dll
23:30:13.0859 3764  C:\WINDOWS\system32\wbem\ncprov.dll - ok
23:30:13.0875 3764  [ B60C877D16D9C880B952FDA04ADF16E6 ] C:\WINDOWS\system32\termsrv.dll
23:30:13.0875 3764  C:\WINDOWS\system32\termsrv.dll - ok
23:30:13.0890 3764  [ D18D28CEF9FEA09359C7DE7BE3669F66 ] C:\WINDOWS\system32\wbem\wbemcons.dll
23:30:13.0890 3764  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
23:30:13.0906 3764  [ 37E7DB460A5315E4609B212C6C014527 ] C:\WINDOWS\system32\icaapi.dll
23:30:13.0906 3764  C:\WINDOWS\system32\icaapi.dll - ok
23:30:13.0906 3764  [ F5EE7CACD1784241F138A5E55B715897 ] C:\WINDOWS\system32\mstlsapi.dll
23:30:13.0906 3764  C:\WINDOWS\system32\mstlsapi.dll - ok
23:30:13.0921 3764  [ FB78839B36025AA286A51289ED28B73E ] C:\WINDOWS\system32\tapisrv.dll
23:30:13.0921 3764  C:\WINDOWS\system32\tapisrv.dll - ok
23:30:13.0937 3764  [ 49B5EED5FB89D39456A2F616CCD8BA5D ] C:\WINDOWS\system32\rasmans.dll
23:30:13.0937 3764  C:\WINDOWS\system32\rasmans.dll - ok
23:30:13.0953 3764  [ 622334A74CD916988E9C959A11DDFF86 ] C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Toolbar\Applications\appmgr.dll
23:30:13.0953 3764  C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Toolbar\Applications\appmgr.dll - ok
23:30:13.0968 3764  [ E3AE8DC04643850D2DFD431443558B28 ] C:\WINDOWS\system32\netcfgx.dll
23:30:13.0968 3764  C:\WINDOWS\system32\netcfgx.dll - ok
23:30:13.0984 3764  [ 339089D6C3FC3BC5CED8D9049C4D2101 ] C:\WINDOWS\system32\upnp.dll
23:30:13.0984 3764  C:\WINDOWS\system32\upnp.dll - ok
23:30:14.0000 3764  [ 5B8DFA748FA4845BC04445A30126F2E9 ] C:\WINDOWS\system32\ssdpapi.dll
23:30:14.0000 3764  C:\WINDOWS\system32\ssdpapi.dll - ok
23:30:14.0015 3764  [ 1D536BEBC30DD8D0D3B6FF3B0CD2D32B ] C:\WINDOWS\system32\rastapi.dll
23:30:14.0015 3764  C:\WINDOWS\system32\rastapi.dll - ok
23:30:14.0031 3764  [ 9F8B0F4276F618964FD118BE4289B7CD ] C:\WINDOWS\system32\drivers\http.sys
23:30:14.0031 3764  C:\WINDOWS\system32\drivers\http.sys - ok
23:30:14.0046 3764  [ 4B8D61792F7175BED48859CC18CE4E38 ] C:\WINDOWS\system32\ssdpsrv.dll
23:30:14.0046 3764  C:\WINDOWS\system32\ssdpsrv.dll - ok
23:30:14.0062 3764  [ 1DFD6E8DA0FE2D14A5FA12CFCFB162C1 ] C:\WINDOWS\system32\unimdm.tsp
23:30:14.0062 3764  C:\WINDOWS\system32\unimdm.tsp - ok
23:30:14.0078 3764  [ 3AB4213BF48F9062E087B909832AA8E6 ] C:\WINDOWS\system32\uniplat.dll
23:30:14.0078 3764  C:\WINDOWS\system32\uniplat.dll - ok
23:30:14.0093 3764  [ F1958FBF86D5C004CF19A5951A9514B7 ] C:\WINDOWS\system32\alg.exe
23:30:14.0093 3764  C:\WINDOWS\system32\alg.exe - ok
23:30:14.0109 3764  [ 2DBFBD419C332E4361E35528E611B0A0 ] C:\WINDOWS\system32\unimdmat.dll
23:30:14.0109 3764  C:\WINDOWS\system32\unimdmat.dll - ok
23:30:14.0109 3764  [ 5EB4B3A7F2F736DF61206982A8A1F694 ] C:\WINDOWS\system32\modemui.dll
23:30:14.0109 3764  C:\WINDOWS\system32\modemui.dll - ok
23:30:14.0125 3764  [ 97309A92694663288B2343558F087124 ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\coreclr.dll
23:30:14.0125 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\coreclr.dll - ok
23:30:14.0140 3764  [ 7735385C0FA821961F9A1EBA94F2AC98 ] C:\WINDOWS\system32\kmddsp.tsp
23:30:14.0140 3764  C:\WINDOWS\system32\kmddsp.tsp - ok
23:30:14.0156 3764  [ 37D7005A87F6405DEA87F50098CE03F7 ] C:\WINDOWS\system32\ndptsp.tsp
23:30:14.0156 3764  C:\WINDOWS\system32\ndptsp.tsp - ok
23:30:14.0171 3764  [ A4C40AF21BF9F90E08A3C1DD0DC79E0B ] C:\WINDOWS\system32\ipconf.tsp
23:30:14.0171 3764  C:\WINDOWS\system32\ipconf.tsp - ok
23:30:14.0187 3764  [ 49361F295DF887AC32CD660CA94ACAA5 ] C:\WINDOWS\system32\h323.tsp
23:30:14.0187 3764  C:\WINDOWS\system32\h323.tsp - ok
23:30:14.0203 3764  [ 83168270F2E73A20E981B0F38A34958F ] C:\WINDOWS\system32\hidphone.tsp
23:30:14.0203 3764  C:\WINDOWS\system32\hidphone.tsp - ok
23:30:14.0218 3764  [ 18AFEE0EDE045B6255408D634372DC29 ] C:\WINDOWS\system32\hid.dll
23:30:14.0218 3764  C:\WINDOWS\system32\hid.dll - ok
23:30:14.0218 3764  [ 04ECEC0447F79419AD25227205B8277D ] C:\WINDOWS\system32\rasppp.dll
23:30:14.0218 3764  C:\WINDOWS\system32\rasppp.dll - ok
23:30:14.0234 3764  [ C5EF2A4F6CB968B3119B43F43C64A1A6 ] C:\WINDOWS\system32\ntlsapi.dll
23:30:14.0234 3764  C:\WINDOWS\system32\ntlsapi.dll - ok
23:30:14.0250 3764  [ 685CDCA7EBD91DD716305B4940893679 ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\mscorlib.dll
23:30:14.0250 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\mscorlib.dll - ok
23:30:14.0265 3764  [ BA5D5FD3CCA6F64A429E2E0E1A1A0917 ] C:\WINDOWS\system32\rasdlg.dll
23:30:14.0265 3764  C:\WINDOWS\system32\rasdlg.dll - ok
23:30:14.0281 3764  [ 634BD178592169D7890B5AC105A8F208 ] C:\WINDOWS\system32\fxsst.dll
23:30:14.0281 3764  C:\WINDOWS\system32\fxsst.dll - ok
23:30:14.0296 3764  [ D4DB912260F0CE3D10B20F3A24BAA14F ] C:\WINDOWS\system32\fxsapi.dll
23:30:14.0296 3764  C:\WINDOWS\system32\fxsapi.dll - ok
23:30:14.0312 3764  [ 79E9DF432E1D22ED535B9F6EA02D0353 ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Windows.Browser.dll
23:30:14.0312 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Windows.Browser.dll - ok
23:30:14.0328 3764  [ 35CC3DC7044FCF1D25B0DC3999CD35DE ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\system.dll
23:30:14.0328 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\system.dll - ok
23:30:14.0343 3764  [ B56BE25E88C4A172B30CDA3A7220EEF4 ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Windows.dll
23:30:14.0343 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Windows.dll - ok
23:30:14.0359 3764  [ 9618CF03143EE5685E95F366B81893DE ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.ServiceModel.Web.dll
23:30:14.0359 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.ServiceModel.Web.dll - ok
23:30:14.0375 3764  [ D716177D615ECB5314C210F96F0FA9D4 ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Net.dll
23:30:14.0375 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Net.dll - ok
23:30:14.0375 3764  [ EFE1C0AFC6959366FAB4658D9A895DE4 ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Core.dll
23:30:14.0375 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Core.dll - ok
23:30:14.0390 3764  [ 778F869E5B9ABC21C1A77EABCA08A4C4 ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Runtime.Serialization.dll
23:30:14.0390 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Runtime.Serialization.dll - ok
23:30:14.0406 3764  [ 5215B6112E0E936475E2157AC7A41530 ] C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Xml.dll
23:30:14.0406 3764  C:\Program Files\MSN Toolbar\UIEngine\4.0.0318.1\System.Xml.dll - ok
23:30:14.0421 3764  [ B334423DEDA9A810D1779AE2AC5FA3C3 ] C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Toolbar\Applications\WLExtension.dll
23:30:14.0421 3764  C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Toolbar\Applications\WLExtension.dll - ok
23:30:14.0437 3764  [ 96F3C16777E395CF5C0E633792EA5597 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
23:30:14.0437 3764  C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll - ok
23:30:14.0453 3764  [ FEDC4FC3E5694BBD4FAAAFF9C4D49429 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
23:30:14.0453 3764  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL - ok
23:30:14.0468 3764  [ D1E73B6F78DF0AA59B9F160F7B84377F ] C:\Program Files\Java\jre7\bin\awt.dll
23:30:14.0468 3764  C:\Program Files\Java\jre7\bin\awt.dll - ok
23:30:14.0484 3764  [ 36E652727134278104147DB2014BF878 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
23:30:14.0484 3764  C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
23:30:14.0500 3764  [ 6969F61969CBEE95A22AF2242003564D ] C:\Program Files\Java\jre7\bin\dcpr.dll
23:30:14.0500 3764  C:\Program Files\Java\jre7\bin\dcpr.dll - ok
23:30:14.0515 3764  [ D34F8AA27DAB10341BC325D13C25676E ] C:\Program Files\Java\jre7\bin\deploy.dll
23:30:14.0515 3764  C:\Program Files\Java\jre7\bin\deploy.dll - ok
23:30:14.0531 3764  [ E9E9143730A7627CEFCCBCF563BC92F5 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
23:30:14.0531 3764  C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
23:30:14.0546 3764  [ 2A4318112B14E4D015C0B6975153859B ] C:\Program Files\Java\jre7\bin\java.dll
23:30:14.0546 3764  C:\Program Files\Java\jre7\bin\java.dll - ok
23:30:14.0546 3764  [ AE5F5021FC66A380FD46B17A3E30E8E8 ] C:\Program Files\Java\jre7\bin\javaw.exe
23:30:14.0546 3764  C:\Program Files\Java\jre7\bin\javaw.exe - ok
23:30:14.0562 3764  [ DF1F6DD4158FE3A2B1F4A232DC9E2079 ] C:\Program Files\Java\jre7\bin\jp2native.dll
23:30:14.0562 3764  C:\Program Files\Java\jre7\bin\jp2native.dll - ok
23:30:14.0578 3764  [ E76A2F1EB29CFF5E7C0D705A1674A0F7 ] C:\Program Files\Java\jre7\bin\jpeg.dll
23:30:14.0578 3764  C:\Program Files\Java\jre7\bin\jpeg.dll - ok
23:30:14.0593 3764  [ 98FDE200AA094D5AEC67B02B550CEEEF ] C:\Program Files\Java\jre7\bin\net.dll
23:30:14.0593 3764  C:\Program Files\Java\jre7\bin\net.dll - ok
23:30:14.0609 3764  [ A817834EA027BDFEE103B2AE70250699 ] C:\Program Files\Java\jre7\bin\nio.dll
23:30:14.0609 3764  C:\Program Files\Java\jre7\bin\nio.dll - ok
23:30:14.0625 3764  [ 60A52B2FA76513F590C52DFA59E16C84 ] C:\Program Files\Java\jre7\bin\verify.dll
23:30:14.0625 3764  C:\Program Files\Java\jre7\bin\verify.dll - ok
23:30:14.0640 3764  [ C6F079BFD89C22903B22D94D93D45061 ] C:\Program Files\Java\jre7\bin\zip.dll
23:30:14.0640 3764  C:\Program Files\Java\jre7\bin\zip.dll - ok
23:30:14.0656 3764  [ B8EE32CB45E26534A8CD7DCA7C4BAB23 ] C:\WINDOWS\system32\VTTimer.exe
23:30:14.0656 3764  C:\WINDOWS\system32\VTTimer.exe - ok
23:30:14.0671 3764  [ 31FA172657E941E7CB15C5CCFE36A03E ] C:\WINDOWS\system32\wbem\wmiprvse.exe
23:30:14.0671 3764  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
23:30:14.0687 3764  [ B83DAB6BA597E8079854632909A96DC2 ] C:\WINDOWS\system32\wbem\cimwin32.dll
23:30:14.0687 3764  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
23:30:14.0687 3764  [ 05CB782F2C7024AA92B1722A926BBD3A ] C:\WINDOWS\system32\wbem\framedyn.dll
23:30:14.0703 3764  C:\WINDOWS\system32\wbem\framedyn.dll - ok
23:30:14.0703 3764  [ A624930228B698CF5B89F91CAF23A908 ] C:\WINDOWS\system32\security.dll
23:30:14.0703 3764  C:\WINDOWS\system32\security.dll - ok
23:30:14.0718 3764  [ F7832740E40E29E32ECB4D410EB34C91 ] C:\WINDOWS\system32\wbem\wmipcima.dll
23:30:14.0718 3764  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
23:30:14.0734 3764  [ 8FED1E0A491D4990853D23F21C59C730 ] C:\WINDOWS\system32\advpack.dll
23:30:14.0734 3764  C:\WINDOWS\system32\advpack.dll - ok
23:30:14.0750 3764  [ 39AA47A1ACBB6A92BF875B535EEAF911 ] C:\WINDOWS\system32\wucltui.dll
23:30:14.0750 3764  C:\WINDOWS\system32\wucltui.dll - ok
23:30:14.0765 3764  [ 06A1ECB63DF139EC639E084D4AB3C9D7 ] C:\WINDOWS\system\hpsysdrv.exe
23:30:14.0765 3764  C:\WINDOWS\system\hpsysdrv.exe - ok
23:30:14.0781 3764  [ B385EAA6CC24BF7CB8FA7FC031D79B7A ] C:\WINDOWS\CREATOR\Remind_XP.exe
23:30:14.0781 3764  C:\WINDOWS\CREATOR\Remind_XP.exe - ok
23:30:14.0796 3764  [ E748D0B8F4060F4F7A7ABB705E289890 ] C:\WINDOWS\system32\mfc42u.dll
23:30:14.0796 3764  C:\WINDOWS\system32\mfc42u.dll - ok
23:30:14.0812 3764  [ 7ED86EBB55AC28C1C637597F4AF5E902 ] C:\WINDOWS\CREATOR\Remind_Xp.dll
23:30:14.0812 3764  C:\WINDOWS\CREATOR\Remind_Xp.dll - ok
23:30:14.0828 3764  [ FFC7A8AA516B0D2A27DADF146EB538CC ] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
23:30:14.0828 3764  C:\Program Files\Java\jre1.5.0\bin\jusched.exe - ok
23:30:14.0843 3764  ============================================================
23:30:14.0843 3764  Scan finished
23:30:14.0843 3764  ============================================================
23:30:14.0968 3756  Detected object count: 4
23:30:14.0968 3756  Actual detected object count: 4
23:31:13.0171 3756  Capture Device Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:13.0171 3756  Capture Device Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:13.0171 3756  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:13.0171 3756  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:13.0171 3756  iPodService ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:13.0171 3756  iPodService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:13.0187 3756  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:13.0187 3756  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:33:00.0109 0800  Deinitialize success
 

here is malware anti roots

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.999000 GHz
Memory total: 737656832, free: 430346240

------------ Kernel report ------------
     04/27/2013 23:33:30
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
96890317.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
sshrmd.sys
ssfs0bbc.sys
ssidrv.sys
\WINDOWS\system32\DRIVERS\NDIS.SYS
\WINDOWS\system32\DRIVERS\TDI.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
fasttx2k.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
uagp35.sys
Mup.sys
\SystemRoot\system32\DRIVERS\amdk7.sys
\SystemRoot\system32\DRIVERS\vtmini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\smserial.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\fetnd5bv.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(2).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(3).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(4).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(5).sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\HssDrv.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\taphss.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\vtdisp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR6
Upper Device Object: 0xffffffff820f9ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff82113a98
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff82105ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8211f030
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff82109ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xffffffff820e8948
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff820f55e8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xffffffff820e7c90
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82b47ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-12\
Lower Device Object: 0xffffffff82b48d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.04.27.04
Downloaded database version: v2013.04.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82b47ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82b0b900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82b47ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82b939e8, DeviceName: \Device\0000006a\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff82b48d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-12\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe137f360, 0xffffffff82b47ab8, 0xffffffff81efb040
Lower DeviceData: 0xffffffffe1475220, 0xffffffff82b48d98, 0xffffffff8204ef18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

    Partition 0 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 55  Numsec = 0

    Partition 1 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 12579777

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 12579840  Numsec = 143715600
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-54-156281488-156301488)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff820f55e8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff820e83c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff820f55e8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff820e7c90, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff82109ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82109890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82109ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff820e8948, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff82105ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82105890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82105ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8211f030, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff820f9ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82105678, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff820f9ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82113a98, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

I still have two iexpore.exe with one at 200,000 k and slowing things up. I am really sorry for all this trouble. I was hoping this would be a quick fix.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 PM

Posted 28 April 2013 - 12:42 AM


Hello david93b

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following
  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 david93b

david93b
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 28 April 2013 - 09:49 AM

Step completed.

 

iexplore.exe is still using about 200,000k in mem usage and growing.

 

Thanks for sticking with me.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 PM

Posted 28 April 2013 - 02:45 PM


Hello david93b

two IExplore.exe running when IE is open is normal


I would like you to go to this page - Troubleshooting and Internet Explorer’s (No Add-ons) Mode



Step 1 is going to show you how to run IE without any add/ons, If by running IE this way the problem goes away Then we can go to step 2


Step 2 will show you how to find the add/on that is causing the problem and then how to remove it




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 david93b

david93b
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 28 April 2013 - 04:13 PM

If I turn off all the ad ons in step 1 the mem usage drops to around 50,000K - 100,000K

 

In step 2 the only add ons to disable and manage are:

 

Microsoft corp

 xml dom document

 windows media player

 xml dom doc 4.0

 

Oralce America

 java plug in 10.21.2

 java plug in  1.5.0

 

Adobe systems incorporated

 Shockwave flash object

 

When I turn them off the and go to a multi media site with graphics, iexplore.exe mem usage is between 100,00k-200,000k

 

I think this was a really good idea. My cpu is functional and tolerable. What do you think? Are these normal ranges or do you suspect that something is wrong?

 

I am open to any more ideas and suggestions that you would have. Thank you so much for your expertise.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 PM

Posted 28 April 2013 - 08:25 PM

Hello

I DO not know what is supposed to be normal for your computer but I would go ahead and remove those and reinstall them as needed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 david93b

david93b
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 28 April 2013 - 08:36 PM

Now that my CPU was running for a few hours it's back up to 100% cpu usage w/ iexplore.exe using 600,000k mem usage.

 

Did your expert eye seeing anything in the logs? Or do you think it's more of an add on problem then malware/virus problem?

 

Please let me know, Thank you.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:19 PM

Posted 28 April 2013 - 08:58 PM



Hello david93b

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 david93b

david93b
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 29 April 2013 - 10:47 AM

Here is the jrt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.2 (04.29.2013:1)
OS: Microsoft Windows XP x86
Ran by Compaq_Owner on Mon 04/29/2013 at  9:42:02.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

 

~~~ Files

 

~~~ Folders

 

~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/29/2013 at  9:44:48.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

here is the aswmbr

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-29 10:19:57
-----------------------------
10:19:57.781    OS Version: Windows 5.1.2600 Service Pack 2
10:19:57.781    Number of processors: 1 586 0xA00
10:19:57.781    ComputerName: COMPAQ-PC  UserName:
10:19:58.671    Initialize success
10:22:03.328    AVAST engine defs: 13042900
10:22:24.484    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
10:22:24.484    Disk 0 Vendor: HDS728080PLAT20 PF2OA28A Size: 76319MB BusType: 3
10:22:24.843    Disk 0 MBR read successfully
10:22:24.843    Disk 0 MBR scan
10:22:24.937    Disk 0 unknown MBR code
10:22:24.937    Disk 0 Partition 1 00     0C    FAT32 LBA RECOVERY     6142 MB offset 63
10:22:24.953    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        70173 MB offset 12579840
10:22:24.968    Disk 0 scanning sectors +156295440
10:22:25.281    Disk 0 scanning C:\WINDOWS\system32\drivers
10:22:36.437    Service scanning
10:23:29.953    Modules scanning
10:24:04.437    Disk 0 trace - called modules:
10:24:04.453    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
10:24:04.953    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b4eab8]
10:24:04.953    3 CLASSPNP.SYS[f7ef005b] -> nt!IofCallDriver -> \Device\0000006a[0x82b509e8]
10:24:04.953    5 ACPI.sys[f7e26620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x82b4fd98]
10:24:05.906    AVAST engine scan C:\WINDOWS
10:24:13.015    AVAST engine scan C:\WINDOWS\system32
10:27:46.109    AVAST engine scan C:\WINDOWS\system32\drivers
10:28:05.578    AVAST engine scan C:\Documents and Settings\Compaq_Owner
10:33:30.859    AVAST engine scan C:\Documents and Settings\All Users
10:34:08.640    Scan finished successfully
10:41:30.734    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
10:41:30.734    The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"

 

Thank you






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users