Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.gen!c


  • This topic is locked This topic is locked
20 replies to this topic

#1 Girdoo

Girdoo

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 27 April 2013 - 11:37 PM

Just installed Chrome and I got this message:

 

The certificate received has been flagged as erroneous. Please see http://support.google.com/chrome/?p=e_malware_Sirefef&hl=en-US for more details.

 

The certificate received indicates that this computer is infected with Sirefef.gen!C.

Sirefef.gen!C is a computer virus that intercepts secure web connections and can steal passwords and other sensitive data.

Chrome recognises this virus, but it affects all software on the computer. Other browsers and software may continue to work but they are also affected and rendered insecure.

Microsoft Security Essentials can reportedly remove this virus. When the virus is removed, the warnings in Chrome will stop.

Microsoft Security Essentials is freely available from Microsoft at http://windows.microsoft.com/en-US/windows/security-essentials-download

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 28 April 2013 - 12:39 AM


Hello Girdoo

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-
  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
information and logs
  • In your next post I need the following
    • both reports from DDS
    • report from security check
    • let me know of any problems you may have had
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Girdoo

Girdoo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 28 April 2013 - 11:06 AM

Gringo; thank you for reply. my laptop seems infected very seriuosly. even getting to your site is very difficult as it frezzes and make me start explorer again.

When I ran Security check I got this Msg:

"The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll"


Here is Checkup.txt report:

Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SparkTrust PC Cleaner Plus
Java™ 6 Update 20
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.1.102.64 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (3.5.1) Firefox out of Date!
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Network Associates VirusScan Mcshield.exe
Network Associates VirusScan VsTskMgr.exe
Network Associates VirusScan SHSTAT.EXE
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Vosso100 at 8:45:19 on 2013-04-28
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1171 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Vosso100\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uWindow Title = Windows Internet Explorer provided by MSN & Bing
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.chapman.edu/
uProxyServer = :0
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AutorunsDisabled - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: ShoppingReport2: {258C9770-1713-4021-8D7E-1F184A2BD754} - c:\program files\shoppingreport2\bin\2.7.21\ShoppingReport.dll
BHO: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\companion\modules\messmod4\v6\yhexbmes.dll
EB: ShopperReports: {BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} - c:\program files\shoppingreport2\bin\2.7.21\ShoppingReport.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\vosso100\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [BSDAppUpdater] c:\program files\common files\bsd\appupdater\BSDChecker.exe
mRun: [OCDLMgr] <no file>
StartupFolder: c:\docume~1\vosso100\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\vosso100\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\vosso100\startm~1\programs\startup\speedp~1.lnk - c:\program files\speedplexer\SpeedPlexer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\athome~1.lnk - c:\program files\athomeconnect\AtHomeConnect.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\companion\modules\messmod4\v6\yhexbmes.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {722FE9B2-6895-42D9-9984-F4CB26616023} - {722FE9B2-6895-42D9-9984-F4CB26616023} - c:\program files\data becker\pdf professional 2\pdfshell.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - {3E2DFD6A-4E20-4d4c-AA8B-E1F9DBEF3C80} - c:\program files\shoppingreport2\bin\2.7.21\ShoppingReport.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EB620C54-E229-4942-87CE-E717109FC8C6} - {714E0876-FCEE-49ce-A429-B9AD8AEFCB56} - c:\program files\shoppingreport2\bin\2.7.21\ShoppingReport.dll
LSP: mswsock.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153235119832
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232515972375
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP4-14953/webex/ieatgpc.cab
TCP: NameServer = 66.60.130.158 192.168.1.1 66.60.130.158
TCP: Interfaces\{A5F6ADA1-6C3D-4BD1-9312-E431A8C8ABBD} : DHCPNameServer = 66.60.130.158 192.168.1.1 66.60.130.158
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vosso100\application data\mozilla\firefox\profiles\dm6bbrh1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\vosso100\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\vosso100\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\vosso100\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\vosso100\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\vosso100\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\clickpotatolite\bin\10.0.636.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\vosso100\application data\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-7-18 58016]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-7-18 102463]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-8-18 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-8-18 28672]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-7-18 108256]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [2007-1-1 31744]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-1-1 39048]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPEServ;WPEServ;c:\program files\common files\wpe\wpeserv.exe [2007-10-17 323584]
.
=============== Created Last 30 ================
.
2013-04-28 01:37:59 -------- d-----w- c:\documents and settings\vosso100\application data\DriverCure
2013-04-28 01:37:58 -------- d-----w- c:\documents and settings\vosso100\application data\SparkTrust
2013-04-28 01:37:42 -------- d-----w- c:\program files\common files\SparkTrust
2013-04-28 01:37:39 -------- d-----w- c:\program files\SparkTrust
2013-04-28 01:37:39 -------- d-----w- c:\documents and settings\all users\application data\SparkTrust
.
==================== Find3M ====================
.
.
============= FINISH: 8:46:59.00 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/25/2006 6:56:57 PM
System Uptime: 4/28/2013 8:21:04 AM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Genuine Intel® CPU T2500 @ 2.00GHz | Microprocessor | 1995/166mhz
Processor: Genuine Intel® CPU T2500 @ 2.00GHz | Microprocessor | 1994/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 12.754 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 4/14/2013 10:54:33 AM - System Checkpoint
RP2: 4/27/2013 7:14:03 PM - System Checkpoint
.
==== Installed Programs ======================
.
3D Groove Playback Engine
5600
5600_Help
5600Trb
Actiontec Gateway
Add-ons
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
Adobe Shockwave Player
AiO_Scan
AiOSoftware
AnyTime Organizer 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AtHomeConnect version 1.0.1.0
AutoUpdate
Block Diagrams
Block Diagrams Help
Bonjour
Borders and Backgrounds
Borders and Backgrounds Help
Broadcom Gigabit Integrated Controller
BufferChm
C-Dilla Licence Management System
CAD Drawing Display
Callouts and Connectors
Callouts and Connectors Help
Cisco WebEx Meetings
Clip Art and Symbols
Clip Art and Symbols Help
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Content Transfer
Coupon Printer for Windows
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Custom Properties Editor
Database Wizard
Dell ResourceCD
Dell Wireless WLAN Card
Destinations
Developing Visio Solutions Help
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
Dropbox
eSupportQFolder
Fax
Flowcharts
Flowcharts Help
Forms and Charts
Forms and Charts Help
FranklinCovey PlanPlus for Windows
Google Chrome
Google Earth
Google Earth Plug-in
Google Earth Pro
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Graphics Filters
H&R Block California 2010
H&R Block California 2011
H&R Block California 2012
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Deluxe + Efile + State 2012
Help for Visio 2000 (HTML Help)
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Image Data Converter SR
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 20
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
Linksys Wireless-G PCI Adapter
Logitech QuickCam
Logitech QuickCam Driver Package
Magellan POI File Editor
Maps
Maps Help
McAfee VirusScan Enterprise
MediaWidget 6.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project 2007 Step by Step
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio 2000
Microsoft Visual Studio Service Pack 3
Microsoft Web Publishing Wizard 1.52
MIT MathML Fonts 1.0
Move Media Player
Mozilla Firefox (3.5.1)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Network Diagrams
Network Diagrams Help
NewCopy
Octoshape add-in for Adobe Flash Player
Office Layout
Office Layout Help
OGA Notifier 2.0.0048.0
Organization Charts
Organization Charts Help
OZ776 SCR CardBus Windows Driver
Page Layout Wizard
PDF Professional 2
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Photo Explosion Deluxe 3.0
PowerDVD 5.1
ProductContext
Program Files
Program Files Help
Project Schedules
Project Schedules Help
Property Reporting Wizard
QuestBrowse 1.0 build 187 powered by FIRST SEARCHBAR
QuickTime
Readme
RealPlayer
RegCure 1.5.2.7
Release Notes
Save as HTML
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Shape Explorer Help
ShopperReports
SigmaTel Audio
Skype web features
Skype™ 4.1
Smilebox
SolutionCenter
Solutions
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Sony Digital Voice Editor 2
Sony Picture Utility
Sony USB Driver
SparkTrust PC Cleaner Plus
Status
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
VBA
Visio
Visio Core Files
WebFldrs XP
WebReg
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Xvid 1.2.1 final uninstall
Yahoo! BrowserPlus 2.9.8
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/27/2013 8:22:52 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
4/27/2013 8:22:09 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
4/27/2013 6:29:34 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/27/2013 6:28:24 PM, error: Service Control Manager [7034] - The C-DillaSrv service terminated unexpectedly. It has done this 1 time(s).
4/27/2013 6:28:18 PM, error: Service Control Manager [7034] - The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).
4/27/2013 6:28:14 PM, error: Service Control Manager [7034] - The LVCOMSer service terminated unexpectedly. It has done this 1 time(s).
4/27/2013 6:28:10 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
4/27/2013 5:48:51 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 28 April 2013 - 02:51 PM


Hello Girdoo


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Girdoo

Girdoo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 28 April 2013 - 04:18 PM

Hello Gringo; Thank you for reply.
When I ran rogueKiller 32, it made to restart the computeer and placed the txt reports on the desk type. I imagine that is ok. here are the reports:

AdwCleaner:
# AdwCleaner v2.300 - Logfile created 04/28/2013 at 13:49:07
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Vosso100 - DBJR4MB1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Vosso100\Desktop\Sirefef gen!C\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\QuestBrwSearch
Folder Deleted : C:\Documents and Settings\Vosso100\Application Data\ShoppingReport2
Folder Deleted : C:\Documents and Settings\Vosso100\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Vosso100\ShoppingReport2
Folder Deleted : C:\Program Files\QuestBrwSearch
Folder Deleted : C:\Program Files\ShoppingReport2

***** [Registry] *****

Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\ShoppingReport2
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.HbAx
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.HbAx.1
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand.1
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButton
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButton.1
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButtonA
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButtonA.1
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA}
Key Deleted : HKLM\Software\ClickPotatoLite
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2
Key Deleted : HKLM\Software\QuestBrowse
Key Deleted : HKLM\Software\ShoppingReport2
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{DB38E21A-0133-419d-92AD-ECDFD5244D6D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{EB620C54-E229-4942-87CE-E717109FC8C6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.5.1 (en-US)

File : C:\Documents and Settings\Vosso100\Application Data\Mozilla\Firefox\Profiles\47sv720a.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Vosso100\Application Data\Mozilla\Firefox\Profiles\dm6bbrh1.default\prefs.js

C:\Documents and Settings\Vosso100\Application Data\Mozilla\Firefox\Profiles\dm6bbrh1.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Vosso100\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7138 octets] - [28/04/2013 13:49:07]

########## EOF - C:\AdwCleaner[S1].txt - [7198 octets] ##########


**RK Report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Vosso100 [Admin rights]
Mode : Scan -- Date : 04/28/2013 14:04:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-21-2191562864-3939956836-335694714-1008\$d78b08e8ae75119675522793d2f08dfa\n) [-] -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-18\$d78b08e8ae75119675522793d2f08dfa\n) [-] -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-18\$d78b08e8ae75119675522793d2f08dfa\n) [-] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\RECYCLER\S-1-5-18\$d78b08e8ae75119675522793d2f08dfa\n [-] --> FOUND
[ZeroAccess][FILE] n : C:\RECYCLER\S-1-5-21-2191562864-3939956836-335694714-1008\$d78b08e8ae75119675522793d2f08dfa\n [-] --> FOUND
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$d78b08e8ae75119675522793d2f08dfa\@ [-] --> FOUND
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-2191562864-3939956836-335694714-1008\$d78b08e8ae75119675522793d2f08dfa\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$d78b08e8ae75119675522793d2f08dfa\U --> FOUND
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-2191562864-3939956836-335694714-1008\$d78b08e8ae75119675522793d2f08dfa\U --> FOUND
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-18\$d78b08e8ae75119675522793d2f08dfa\L --> FOUND
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-2191562864-3939956836-335694714-1008\$d78b08e8ae75119675522793d2f08dfa\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\WINDOWS\Assembly\GAC\Desktop.ini [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[53] : NtCreateThread @ 0x805CF8CC -> HOOKED (Unknown @ 0x89CE8109)
_INLINE_ : NtCreateThread -> HOOKED (\??\C:\WINDOWS\system32\drivers\EntDrv51.sys @ 0xA7E01C3E)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541080G9SA00 +++++
--- User ---
[MBR] c424cb29543ded1c83e77a6fea4938b0
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04282013_02d1404.txt >>
RKreport[1]_S_04282013_02d1404.txt

Thank you

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 28 April 2013 - 08:26 PM


Hello Girdoo

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Girdoo

Girdoo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 28 April 2013 - 11:45 PM

Hello again and thank you for your help.

 

It seems the computer is working ok. I don't the certificate error when I run Chrome and connecting to websites are much faster.

 

here is the ComboFix Report

 

 

ComboFix 13-04-28.01 - Vosso100 04/28/2013  20:21:10.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2038.1352 [GMT -7:00]
Running from: c:\documents and settings\Vosso100\Desktop\Sirefef  gen!C\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\8297835.exe
c:\documents and settings\NetworkService\1517091.exe
c:\documents and settings\Student\WINDOWS
c:\documents and settings\Vosso100\WINDOWS
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\logishrd\LVPrcInj02.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-28 to 2013-04-29  )))))))))))))))))))))))))))))))
.
.
2013-04-28 20:59 . 2013-04-28 21:03 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-04-28 01:37 . 2013-04-28 01:37 -------- d-----w- c:\documents and settings\Vosso100\Application Data\DriverCure
2013-04-28 01:37 . 2013-04-28 01:37 -------- d-----w- c:\documents and settings\Vosso100\Application Data\SparkTrust
2013-04-28 01:37 . 2013-04-28 01:37 -------- d-----w- c:\program files\Common Files\SparkTrust
2013-04-28 01:37 . 2013-04-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SparkTrust
2013-04-28 01:37 . 2013-04-28 01:37 -------- d-----w- c:\program files\SparkTrust
2013-03-31 20:40 . 2013-03-31 20:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-15 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"BSDAppUpdater"="c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe" [2012-01-15 1660232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\documents and settings\Vosso100\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Vosso100\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
SpeedPlexer.lnk - c:\program files\SpeedPlexer\SpeedPlexer.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AtHomeConnect.lnk - c:\program files\AtHomeConnect\AtHomeConnect.exe [2012-12-29 9939936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [7/18/2006 4:07 PM 58016]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [1/1/2007 12:20 AM 31744]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/1/2007 12:19 AM 39048]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [10/9/2009 10:23 PM 33792]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
S3 WPEServ;WPEServ;c:\program files\Common Files\WPE\wpeserv.exe [10/17/2007 12:07 PM 323584]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ENTDRV51
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-28 00:48 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 03:52]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 03:52]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191562864-3939956836-335694714-1008Core.job
- c:\documents and settings\Vosso100\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 16:02]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191562864-3939956836-335694714-1008UA.job
- c:\documents and settings\Vosso100\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 16:02]
.
2009-07-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
2009-07-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
2013-04-28 c:\windows\Tasks\SparkTrust PC Cleaner Plus.job
- c:\program files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2013-04-18 21:02]
.
2013-04-29 c:\windows\Tasks\SparkTrust Registration3.job
- c:\program files\Common Files\SparkTrust\UUS3\UUS3.dll [2013-04-18 21:03]
.
2013-04-29 c:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
- c:\program files\Common Files\SparkTrust\UUS3\Update3.exe [2013-04-18 21:03]
.
2013-04-28 c:\windows\Tasks\SparkTrust Update Version3.job
- c:\program files\Common Files\SparkTrust\UUS3\Update3.exe [2013-04-18 21:03]
.
2013-04-29 c:\windows\Tasks\User_Feed_Synchronization-{E47B98CF-4804-4ED9-8965-98FFEAD7ACDF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.chapman.edu/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: plaxo.com\www
TCP: DhcpNameServer = 66.60.130.158 192.168.1.1 66.60.130.158
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Vosso100\Application Data\Mozilla\Firefox\Profiles\dm6bbrh1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Vosso100\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-OCDLMgr - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-28 20:31
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\documents and settings\Vosso100\Application Data\Dropbox\shellext\l\517deb06 124 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(9140)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\EntApi.dll
c:\documents and settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-04-28  21:10:24 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-29 04:09
ComboFix2.txt  2009-07-20 22:44
.
Pre-Run: 15,089,311,744 bytes free
Post-Run: 18,970,841,088 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A29F6B01608F4366886B3ED28BAE9AFF


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 29 April 2013 - 12:22 AM


Hello Girdoo

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\documents and settings\Vosso100\Application Data\DriverCure
c:\documents and settings\Vosso100\Application Data\SparkTrust
c:\program files\Common Files\SparkTrust
c:\documents and settings\All Users\Application Data\SparkTrust
c:\program files\SparkTrust

File::
c:\windows\Tasks\SparkTrust PC Cleaner Plus.job
c:\windows\Tasks\SparkTrust Registration3.job
c:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
c:\windows\Tasks\SparkTrust Update Version3.job
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Girdoo

Girdoo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 29 April 2013 - 05:24 PM

the system is slowed down. My internet connection is at 48mbps and I should get to websites faster than what I get now. It is also slow when I lunch explore. on Task manager I noticed there are seveal .EXE program that I am not familiar with. they are BCMWLTRY.EXE, WLTRYSVC.EXE, LVCOMSER.EXE. there was one that starts with LVPrc and was taking 70% of CPU usage and I ended its process. Are any of these viruses or are they needed to run the system?



ComboFix 13-04-28.01 - Vosso100 04/29/2013 14:39:43.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1305 [GMT -7:00]
Running from: c:\documents and settings\Vosso100\Desktop\Sirefef gen!C\ComboFix.exe
Command switches used :: c:\documents and settings\Vosso100\Desktop\Sirefef gen!C\CFScript.txt
.
FILE ::
"c:\windows\Tasks\SparkTrust PC Cleaner Plus.job"
"c:\windows\Tasks\SparkTrust Registration3.job"
"c:\windows\Tasks\SparkTrust Update Version3 Startup Task.job"
"c:\windows\Tasks\SparkTrust Update Version3.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\SparkTrust PC Cleaner Plus.job
c:\windows\Tasks\SparkTrust Registration3.job
c:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
c:\windows\Tasks\SparkTrust Update Version3.job
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-29 )))))))))))))))))))))))))))))))
.
.
2013-04-28 20:59 . 2013-04-28 21:03 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-04-28 01:37 . 2013-04-28 01:37 -------- d-----w- c:\documents and settings\Vosso100\Application Data\DriverCure
2013-04-28 01:37 . 2013-04-28 01:37 -------- d-----w- c:\documents and settings\Vosso100\Application Data\SparkTrust
2013-04-28 01:37 . 2013-04-28 01:37 -------- d-----w- c:\program files\Common Files\SparkTrust
2013-04-28 01:37 . 2013-04-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SparkTrust
2013-04-28 01:37 . 2013-04-28 01:37 -------- d-----w- c:\program files\SparkTrust
2013-03-31 20:40 . 2013-03-31 20:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-15 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"BSDAppUpdater"="c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe" [2012-01-15 1660232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\documents and settings\Vosso100\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Vosso100\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
SpeedPlexer.lnk - c:\program files\SpeedPlexer\SpeedPlexer.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AtHomeConnect.lnk - c:\program files\AtHomeConnect\AtHomeConnect.exe [2012-12-29 9939936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Vosso100\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [7/18/2006 4:07 PM 58016]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [1/1/2007 12:20 AM 31744]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/1/2007 12:19 AM 39048]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [10/9/2009 10:23 PM 33792]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
S3 WPEServ;WPEServ;c:\program files\Common Files\WPE\wpeserv.exe [10/17/2007 12:07 PM 323584]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ENTDRV51
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-28 00:48 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 03:52]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 03:52]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191562864-3939956836-335694714-1008Core.job
- c:\documents and settings\Vosso100\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 16:02]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191562864-3939956836-335694714-1008UA.job
- c:\documents and settings\Vosso100\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 16:02]
.
2009-07-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
2009-07-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
2013-04-29 c:\windows\Tasks\User_Feed_Synchronization-{E47B98CF-4804-4ED9-8965-98FFEAD7ACDF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.chapman.edu/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: plaxo.com\www
TCP: DhcpNameServer = 66.60.130.158 192.168.1.1 66.60.130.158
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Vosso100\Application Data\Mozilla\Firefox\Profiles\dm6bbrh1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Vosso100\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-29 14:58
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(9196)
c:\windows\system32\WININET.dll
c:\windows\system32\EntApi.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-04-29 15:03:39 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-29 22:03
ComboFix2.txt 2013-04-29 04:10
ComboFix3.txt 2009-07-20 22:44
.
Pre-Run: 18,967,179,264 bytes free
Post-Run: 18,963,742,720 bytes free
.
- - End Of File - - A79338F3E4247210A7D5C84AC58BFFA9

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 29 April 2013 - 09:39 PM



Hello Girdoo


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Girdoo

Girdoo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 29 April 2013 - 11:07 PM

I ran TDSSKILLER and Malwarebytes (twice). here are the reports.

Internet access are slower than before running these programs. otherwise it appears it is functioning normal Do I have to worry about the three .EXE that I mentioned in previuos post?


19:54:09.0000 3000 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:54:11.0125 3000 ============================================================
19:54:11.0125 3000 Current date / time: 2013/04/29 19:54:11.0125
19:54:11.0125 3000 SystemInfo:
19:54:11.0125 3000
19:54:11.0125 3000 OS Version: 5.1.2600 ServicePack: 2.0
19:54:11.0125 3000 Product type: Workstation
19:54:11.0125 3000 ComputerName: DBJR4MB1
19:54:11.0125 3000 UserName: Vosso100
19:54:11.0125 3000 Windows directory: C:\WINDOWS
19:54:11.0125 3000 System windows directory: C:\WINDOWS
19:54:11.0125 3000 Processor architecture: Intel x86
19:54:11.0125 3000 Number of processors: 2
19:54:11.0125 3000 Page size: 0x1000
19:54:11.0125 3000 Boot type: Normal boot
19:54:11.0125 3000 ============================================================
19:54:14.0781 3000 BG loaded
19:54:15.0828 3000 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:54:15.0828 3000 ============================================================
19:54:15.0828 3000 \Device\Harddisk0\DR0:
19:54:15.0828 3000 MBR partitions:
19:54:15.0828 3000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
19:54:15.0828 3000 ============================================================
19:54:16.0093 3000 C: <-> \Device\Harddisk0\DR0\Partition1
19:54:16.0187 3000 ============================================================
19:54:16.0187 3000 Initialize success
19:54:16.0187 3000 ============================================================
19:54:56.0671 3608 ============================================================
19:54:56.0671 3608 Scan started
19:54:56.0671 3608 Mode: Manual; SigCheck; TDLFS;
19:54:56.0671 3608 ============================================================
19:55:06.0375 3608 ================ Scan system memory ========================
19:55:06.0375 3608 System memory - ok
19:55:06.0375 3608 ================ Scan services =============================
19:55:07.0171 3608 Abiosdsk - ok
19:55:07.0187 3608 abp480n5 - ok
19:55:07.0265 3608 [ 0A1E97197609F92D2425B67DA0BB0A7F ] ACEDRV05 C:\WINDOWS\system32\drivers\ACEDRV05.sys
19:55:10.0687 3608 ACEDRV05 ( UnsignedFile.Multi.Generic ) - warning
19:55:10.0687 3608 ACEDRV05 - detected UnsignedFile.Multi.Generic (1)
19:55:10.0781 3608 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:55:20.0781 3608 ACPI - ok
19:55:20.0875 3608 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:55:21.0218 3608 ACPIEC - ok
19:55:21.0234 3608 adpu160m - ok
19:55:21.0343 3608 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
19:55:22.0140 3608 aec - ok
19:55:22.0234 3608 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:55:22.0328 3608 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:55:22.0328 3608 AegisP - detected UnsignedFile.Multi.Generic (1)
19:55:22.0406 3608 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:55:22.0515 3608 AFD - ok
19:55:22.0531 3608 Aha154x - ok
19:55:22.0531 3608 aic78u2 - ok
19:55:22.0546 3608 aic78xx - ok
19:55:22.0593 3608 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:55:22.0734 3608 Alerter - ok
19:55:22.0765 3608 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
19:55:22.0906 3608 ALG - ok
19:55:22.0906 3608 AliIde - ok
19:55:22.0921 3608 amsint - ok
19:55:23.0296 3608 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:55:23.0312 3608 Apple Mobile Device - ok
19:55:23.0468 3608 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:55:23.0593 3608 AppMgmt - ok
19:55:23.0593 3608 asc - ok
19:55:23.0593 3608 asc3350p - ok
19:55:23.0609 3608 asc3550 - ok
19:55:23.0953 3608 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:55:24.0046 3608 aspnet_state - ok
19:55:24.0125 3608 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:55:24.0328 3608 AsyncMac - ok
19:55:24.0375 3608 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:55:24.0515 3608 atapi - ok
19:55:24.0531 3608 Atdisk - ok
19:55:24.0562 3608 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:55:24.0765 3608 Atmarpc - ok
19:55:24.0812 3608 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:55:24.0953 3608 AudioSrv - ok
19:55:25.0093 3608 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:55:25.0234 3608 audstub - ok
19:55:25.0312 3608 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:55:25.0375 3608 b57w2k - ok
19:55:25.0609 3608 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:55:25.0812 3608 BCM43XX - ok
19:55:25.0890 3608 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:55:26.0093 3608 Beep - ok
19:55:26.0265 3608 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
19:55:26.0734 3608 BITS - ok
19:55:26.0843 3608 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:55:26.0875 3608 Bonjour Service - ok
19:55:27.0015 3608 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
19:55:27.0156 3608 Browser - ok
19:55:27.0312 3608 [ 2423D6259DD63A6F1FFD3D3684B941E5 ] C-Dilla C:\WINDOWS\system32\drivers\CDANT.SYS
19:55:27.0437 3608 C-Dilla ( UnsignedFile.Multi.Generic ) - warning
19:55:27.0437 3608 C-Dilla - detected UnsignedFile.Multi.Generic (1)
19:55:27.0546 3608 [ 0D532571E7B3E34F862DAD759C02EF9E ] C-DillaSrv C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
19:55:27.0578 3608 C-DillaSrv ( UnsignedFile.Multi.Generic ) - warning
19:55:27.0578 3608 C-DillaSrv - detected UnsignedFile.Multi.Generic (1)
19:55:27.0781 3608 catchme - ok
19:55:27.0828 3608 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:55:28.0000 3608 cbidf2k - ok
19:55:28.0046 3608 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:55:28.0203 3608 CCDECODE - ok
19:55:28.0218 3608 cd20xrnt - ok
19:55:28.0265 3608 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:55:28.0390 3608 Cdaudio - ok
19:55:29.0765 3608 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:55:29.0968 3608 Cdfs - ok
19:55:30.0171 3608 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:55:30.0328 3608 Cdrom - ok
19:55:30.0328 3608 Changer - ok
19:55:30.0390 3608 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:55:30.0546 3608 CiSvc - ok
19:55:30.0593 3608 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:55:30.0765 3608 ClipSrv - ok
19:55:30.0828 3608 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:31.0187 3608 clr_optimization_v2.0.50727_32 - ok
19:55:31.0234 3608 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:55:31.0406 3608 CmBatt - ok
19:55:31.0406 3608 CmdIde - ok
19:55:31.0484 3608 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:55:31.0890 3608 Compbatt - ok
19:55:31.0890 3608 COMSysApp - ok
19:55:31.0906 3608 Cpqarray - ok
19:55:32.0000 3608 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:55:32.0156 3608 CryptSvc - ok
19:55:32.0156 3608 dac2w2k - ok
19:55:32.0171 3608 dac960nt - ok
19:55:32.0343 3608 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:55:32.0734 3608 DcomLaunch - ok
19:55:32.0765 3608 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:55:33.0187 3608 Dhcp - ok
19:55:33.0375 3608 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:55:33.0531 3608 Disk - ok
19:55:33.0546 3608 dmadmin - ok
19:55:33.0765 3608 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:55:34.0390 3608 dmboot - ok
19:55:34.0500 3608 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:55:34.0656 3608 dmio - ok
19:55:34.0703 3608 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:55:34.0843 3608 dmload - ok
19:55:34.0875 3608 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
19:55:35.0031 3608 dmserver - ok
19:55:35.0156 3608 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:55:35.0281 3608 DMusic - ok
19:55:35.0359 3608 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:55:35.0750 3608 Dnscache - ok
19:55:35.0765 3608 dpti2o - ok
19:55:35.0828 3608 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:55:35.0984 3608 drmkaud - ok
19:55:36.0046 3608 [ B15F9E526BA511A48B1B1B8537815740 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
19:55:36.0078 3608 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
19:55:36.0078 3608 drvmcdb - detected UnsignedFile.Multi.Generic (1)
19:55:36.0109 3608 [ FA4670CAE95AE2BB857C68E535661145 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
19:55:36.0140 3608 drvnddm ( UnsignedFile.Multi.Generic ) - warning
19:55:36.0140 3608 drvnddm - detected UnsignedFile.Multi.Generic (1)
19:55:36.0203 3608 [ F45717D58B785B18C60C97AA1E9DBAFA ] EntDrv51 C:\WINDOWS\system32\drivers\EntDrv51.sys
19:55:36.0234 3608 EntDrv51 ( UnsignedFile.Multi.Generic ) - warning
19:55:36.0234 3608 EntDrv51 - detected UnsignedFile.Multi.Generic (1)
19:55:36.0312 3608 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:55:36.0468 3608 ERSvc - ok
19:55:36.0546 3608 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe
19:55:36.0734 3608 Eventlog - ok
19:55:36.0875 3608 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll
19:55:37.0140 3608 EventSystem - ok
19:55:37.0250 3608 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:55:37.0562 3608 Fastfat - ok
19:55:37.0718 3608 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:55:38.0281 3608 FastUserSwitchingCompatibility - ok
19:55:38.0328 3608 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:55:38.0484 3608 Fdc - ok
19:55:38.0531 3608 [ 50104C5F1EE1E295781CAF9521CA2E56 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
19:55:38.0562 3608 FilterService - ok
19:55:38.0609 3608 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:55:38.0750 3608 Fips - ok
19:55:38.0765 3608 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:55:38.0890 3608 Flpydisk - ok
19:55:38.0953 3608 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:55:39.0359 3608 FltMgr - ok
19:55:39.0546 3608 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:55:39.0562 3608 FontCache3.0.0.0 - ok
19:55:39.0578 3608 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:55:39.0703 3608 Fs_Rec - ok
19:55:39.0734 3608 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:55:39.0875 3608 Ftdisk - ok
19:55:39.0937 3608 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:55:39.0937 3608 GEARAspiWDM - ok
19:55:39.0968 3608 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:55:40.0109 3608 Gpc - ok
19:55:40.0250 3608 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:55:40.0265 3608 gupdate - ok
19:55:40.0265 3608 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:55:40.0281 3608 gupdatem - ok
19:55:40.0484 3608 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:55:40.0515 3608 gusvc - ok
19:55:40.0609 3608 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:55:40.0703 3608 HDAudBus - ok
19:55:40.0828 3608 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:55:40.0968 3608 helpsvc - ok
19:55:41.0015 3608 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:55:41.0156 3608 HidServ - ok
19:55:41.0171 3608 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:55:41.0328 3608 hidusb - ok
19:55:41.0328 3608 hpn - ok
19:55:41.0390 3608 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:55:41.0609 3608 HPZid412 - ok
19:55:41.0671 3608 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:55:41.0750 3608 HPZipr12 - ok
19:55:41.0781 3608 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:55:42.0000 3608 HPZius12 - ok
19:55:42.0171 3608 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
19:55:42.0437 3608 HSF_DPV - ok
19:55:42.0500 3608 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
19:55:42.0531 3608 HSXHWAZL - ok
19:55:42.0609 3608 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:55:42.0687 3608 HTTP - ok
19:55:42.0750 3608 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:55:42.0906 3608 HTTPFilter - ok
19:55:42.0921 3608 i2omgmt - ok
19:55:42.0921 3608 i2omp - ok
19:55:42.0984 3608 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:55:43.0140 3608 i8042prt - ok
19:55:43.0625 3608 [ CC449157474D5E43DAEA7E20F52C635A ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:55:43.0875 3608 ialm - ok
19:55:43.0937 3608 [ 05C0A75BA2F910F69A643EE4F9767ACF ] ICDSPTSV C:\WINDOWS\system32\IcdSptSv.exe
19:55:43.0984 3608 ICDSPTSV ( UnsignedFile.Multi.Generic ) - warning
19:55:43.0984 3608 ICDSPTSV - detected UnsignedFile.Multi.Generic (1)
19:55:44.0062 3608 [ 9404719C43986EF811E69520DB411516 ] ICDSX C:\WINDOWS\system32\Drivers\ICDSX.sys
19:55:44.0203 3608 ICDSX - ok
19:55:44.0265 3608 [ 60B044A221CF76CC6077B0C3E9136CFF ] ICDUSB2 C:\WINDOWS\system32\Drivers\ICDUSB2.sys
19:55:44.0375 3608 ICDUSB2 - ok
19:55:44.0531 3608 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:55:44.0625 3608 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:55:44.0625 3608 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:55:45.0031 3608 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:55:45.0312 3608 idsvc - ok
19:55:45.0390 3608 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:55:45.0531 3608 Imapi - ok
19:55:45.0609 3608 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:55:45.0765 3608 ImapiService - ok
19:55:45.0765 3608 ini910u - ok
19:55:45.0781 3608 IntelIde - ok
19:55:45.0843 3608 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:55:45.0984 3608 intelppm - ok
19:55:46.0015 3608 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:55:46.0171 3608 Ip6Fw - ok
19:55:46.0234 3608 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:55:46.0390 3608 IpFilterDriver - ok
19:55:46.0484 3608 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:55:46.0656 3608 IpInIp - ok
19:55:46.0750 3608 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:55:47.0156 3608 IpNat - ok
19:55:47.0312 3608 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:55:47.0484 3608 iPod Service - ok
19:55:47.0609 3608 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:55:47.0750 3608 IPSec - ok
19:55:47.0828 3608 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:55:47.0937 3608 IRENUM - ok
19:55:48.0000 3608 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:55:48.0156 3608 isapnp - ok
19:55:48.0437 3608 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:55:48.0625 3608 JavaQuickStarterService - ok
19:55:48.0734 3608 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:55:48.0890 3608 Kbdclass - ok
19:55:48.0968 3608 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:55:49.0109 3608 kbdhid - ok
19:55:49.0187 3608 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:55:49.0625 3608 kmixer - ok
19:55:49.0703 3608 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:55:49.0890 3608 KSecDD - ok
19:55:49.0968 3608 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:55:50.0421 3608 lanmanserver - ok
19:55:50.0546 3608 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:55:50.0640 3608 lanmanworkstation - ok
19:55:50.0640 3608 lbrtfdc - ok
19:55:51.0671 3608 [ 24A7D535BD9E58E5BC1AC52EF7E2EC8E ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
19:55:53.0703 3608 LeapFrog Connect Device Service - ok
19:55:53.0796 3608 [ 5CFFDA921FE0C9E9EBDE3150D3C81594 ] LeapFrog-USBLAN C:\WINDOWS\system32\DRIVERS\btblan.sys
19:55:54.0062 3608 LeapFrog-USBLAN - ok
19:55:54.0062 3608 LHidUsbK - ok
19:55:54.0171 3608 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:55:54.0312 3608 LmHosts - ok
19:55:54.0312 3608 LMouKE - ok
19:55:54.0468 3608 [ 38440FE1A65B1FE3D246C5C4CAD22F53 ] LVCOMSer C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
19:55:54.0484 3608 LVCOMSer - ok
19:55:54.0531 3608 [ A6919138F29AE45E90E99FA94737E04C ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
19:55:54.0531 3608 LVPr2Mon - ok
19:55:54.0656 3608 [ 28BD0E4B6C050B591B8CB35B9AD284E6 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:55:54.0656 3608 LVPrcSrv - ok
19:55:54.0828 3608 [ B895839B8743E400D7C7DAE156F74E7E ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
19:55:55.0171 3608 LVRS - ok
19:55:55.0265 3608 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
19:55:55.0265 3608 LVUSBSta - ok
19:55:57.0156 3608 [ 8BC0D5F6E3898F465A94C6D03AFB5A20 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
19:56:01.0250 3608 LVUVC - ok
19:56:01.0359 3608 McAfeeFramework - ok
19:56:01.0468 3608 [ FE7985DAE11FA70829762C5AF39DBB27 ] McShield C:\Program Files\Network Associates\VirusScan\Mcshield.exe
19:56:01.0500 3608 McShield ( UnsignedFile.Multi.Generic ) - warning
19:56:01.0500 3608 McShield - detected UnsignedFile.Multi.Generic (1)
19:56:01.0546 3608 [ DAE0D925FA8D4AEC46E924A136B93A32 ] McTaskManager C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
19:56:01.0656 3608 McTaskManager ( UnsignedFile.Multi.Generic ) - warning
19:56:01.0656 3608 McTaskManager - detected UnsignedFile.Multi.Generic (1)
19:56:01.0968 3608 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:56:01.0984 3608 MDM - ok
19:56:02.0015 3608 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:56:02.0093 3608 mdmxsdk - ok
19:56:02.0140 3608 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:56:02.0328 3608 Messenger - ok
19:56:02.0453 3608 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:56:02.0609 3608 mnmdd - ok
19:56:02.0640 3608 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:56:02.0843 3608 mnmsrvc - ok
19:56:02.0875 3608 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:56:03.0031 3608 Modem - ok
19:56:03.0093 3608 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:56:03.0265 3608 Mouclass - ok
19:56:03.0296 3608 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:56:03.0453 3608 mouhid - ok
19:56:03.0515 3608 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:56:03.0656 3608 MountMgr - ok
19:56:03.0671 3608 mraid35x - ok
19:56:03.0750 3608 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:56:04.0203 3608 MRxDAV - ok
19:56:04.0312 3608 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:56:04.0562 3608 MRxSmb - ok
19:56:04.0640 3608 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:56:04.0828 3608 MSDTC - ok
19:56:04.0953 3608 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:56:05.0109 3608 Msfs - ok
19:56:05.0109 3608 MSIServer - ok
19:56:05.0140 3608 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:56:05.0296 3608 MSKSSRV - ok
19:56:05.0359 3608 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:56:05.0515 3608 MSPCLOCK - ok
19:56:05.0546 3608 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:56:05.0687 3608 MSPQM - ok
19:56:05.0750 3608 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:56:05.0906 3608 mssmbios - ok
19:56:05.0953 3608 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:56:06.0125 3608 MSTEE - ok
19:56:06.0156 3608 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:56:06.0328 3608 Mup - ok
19:56:06.0359 3608 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:56:06.0515 3608 NABTSFEC - ok
19:56:06.0562 3608 [ B7334EEE4AD6D63DAEA7CE109A0DC7AE ] NaiAvFilter1 C:\WINDOWS\system32\drivers\naiavf5x.sys
19:56:06.0593 3608 NaiAvFilter1 ( UnsignedFile.Multi.Generic ) - warning
19:56:06.0593 3608 NaiAvFilter1 - detected UnsignedFile.Multi.Generic (1)
19:56:06.0640 3608 [ 8AE511AB181F63B72273BA41CB37F818 ] NaiAvTdi1 C:\WINDOWS\system32\drivers\mvstdi5x.sys
19:56:06.0718 3608 NaiAvTdi1 ( UnsignedFile.Multi.Generic ) - warning
19:56:06.0718 3608 NaiAvTdi1 - detected UnsignedFile.Multi.Generic (1)
19:56:06.0812 3608 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:56:06.0984 3608 NDIS - ok
19:56:07.0078 3608 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:56:07.0250 3608 NdisIP - ok
19:56:07.0343 3608 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:56:07.0484 3608 NdisTapi - ok
19:56:07.0578 3608 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:56:07.0734 3608 Ndisuio - ok
19:56:07.0843 3608 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:56:07.0984 3608 NdisWan - ok
19:56:08.0062 3608 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:56:08.0203 3608 NDProxy - ok
19:56:08.0234 3608 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:56:08.0375 3608 NetBIOS - ok
19:56:08.0468 3608 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:56:08.0593 3608 NetBT - ok
19:56:08.0671 3608 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:56:08.0843 3608 NetDDE - ok
19:56:08.0843 3608 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:56:08.0968 3608 NetDDEdsdm - ok
19:56:09.0062 3608 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:56:09.0203 3608 Netlogon - ok
19:56:09.0375 3608 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
19:56:09.0796 3608 Netman - ok
19:56:10.0015 3608 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:56:10.0062 3608 NetTcpPortSharing - ok
19:56:10.0125 3608 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
19:56:10.0187 3608 Nla - ok
19:56:10.0265 3608 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:56:10.0546 3608 Npfs - ok
19:56:10.0812 3608 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:56:11.0453 3608 Ntfs - ok
19:56:11.0515 3608 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:56:11.0625 3608 NtLmSsp - ok
19:56:11.0750 3608 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:56:12.0046 3608 NtmsSvc - ok
19:56:12.0078 3608 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:56:12.0187 3608 Null - ok
19:56:12.0296 3608 [ 039E60681BB68FD38D18684FD6B9DB84 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
19:56:12.0390 3608 NWADI - ok
19:56:12.0546 3608 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:56:12.0843 3608 NwlnkFlt - ok
19:56:12.0890 3608 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:56:13.0062 3608 NwlnkFwd - ok
19:56:13.0125 3608 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
19:56:13.0171 3608 OMCI ( UnsignedFile.Multi.Generic ) - warning
19:56:13.0171 3608 OMCI - detected UnsignedFile.Multi.Generic (1)
19:56:13.0265 3608 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:56:13.0312 3608 ose - ok
19:56:13.0359 3608 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:56:13.0515 3608 Parport - ok
19:56:13.0546 3608 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:56:13.0703 3608 PartMgr - ok
19:56:13.0781 3608 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:56:13.0953 3608 ParVdm - ok
19:56:14.0125 3608 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:56:14.0312 3608 PCI - ok
19:56:14.0328 3608 PCIDump - ok
19:56:14.0343 3608 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:56:14.0468 3608 PCIIde - ok
19:56:14.0562 3608 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:56:14.0734 3608 Pcmcia - ok
19:56:14.0734 3608 PDCOMP - ok
19:56:14.0734 3608 PDFRAME - ok
19:56:14.0750 3608 PDRELI - ok
19:56:14.0750 3608 PDRFRAME - ok
19:56:14.0765 3608 perc2 - ok
19:56:14.0765 3608 perc2hib - ok
19:56:14.0843 3608 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
19:56:14.0875 3608 pfc ( UnsignedFile.Multi.Generic ) - warning
19:56:14.0875 3608 pfc - detected UnsignedFile.Multi.Generic (1)
19:56:14.0921 3608 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe
19:56:15.0015 3608 PlugPlay - ok
19:56:15.0078 3608 [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
19:56:15.0109 3608 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:56:15.0109 3608 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:56:15.0140 3608 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:56:15.0265 3608 PolicyAgent - ok
19:56:15.0281 3608 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:56:15.0421 3608 PptpMiniport - ok
19:56:15.0500 3608 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:56:15.0609 3608 ProtectedStorage - ok
19:56:15.0640 3608 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:56:15.0781 3608 PSched - ok
19:56:15.0812 3608 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:56:15.0953 3608 Ptilink - ok
19:56:16.0031 3608 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:56:16.0046 3608 PxHelp20 - ok
19:56:16.0062 3608 ql1080 - ok
19:56:16.0062 3608 Ql10wnt - ok
19:56:16.0062 3608 ql12160 - ok
19:56:16.0078 3608 ql1240 - ok
19:56:16.0078 3608 ql1280 - ok
19:56:16.0109 3608 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:56:16.0250 3608 RasAcd - ok
19:56:16.0328 3608 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:56:16.0484 3608 RasAuto - ok
19:56:16.0515 3608 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:56:16.0656 3608 Rasl2tp - ok
19:56:16.0765 3608 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan C:\WINDOWS\System32\rasmans.dll
19:56:17.0390 3608 RasMan - ok
19:56:17.0421 3608 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:56:17.0578 3608 RasPppoe - ok
19:56:17.0609 3608 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:56:17.0750 3608 Raspti - ok
19:56:17.0812 3608 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:56:18.0265 3608 Rdbss - ok
19:56:18.0296 3608 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:56:18.0468 3608 RDPCDD - ok
19:56:18.0609 3608 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:56:18.0765 3608 rdpdr - ok
19:56:18.0859 3608 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:56:19.0281 3608 RDPWD - ok
19:56:19.0328 3608 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:56:19.0468 3608 RDSessMgr - ok
19:56:19.0546 3608 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:56:19.0687 3608 redbook - ok
19:56:19.0718 3608 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:56:19.0828 3608 RemoteAccess - ok
19:56:19.0890 3608 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:56:20.0015 3608 RemoteRegistry - ok
19:56:20.0046 3608 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
19:56:20.0078 3608 RimUsb - ok
19:56:20.0125 3608 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
19:56:20.0265 3608 RpcLocator - ok
19:56:20.0312 3608 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:56:20.0406 3608 RpcSs - ok
19:56:20.0468 3608 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:56:20.0640 3608 RSVP - ok
19:56:20.0671 3608 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
19:56:20.0781 3608 SamSs - ok
19:56:20.0828 3608 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:56:20.0968 3608 SCardSvr - ok
19:56:21.0031 3608 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:56:21.0140 3608 Schedule - ok
19:56:21.0187 3608 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:56:21.0593 3608 Secdrv - ok
19:56:21.0625 3608 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
19:56:21.0750 3608 seclogon - ok
19:56:21.0781 3608 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
19:56:21.0890 3608 SENS - ok
19:56:21.0906 3608 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:56:22.0046 3608 serenum - ok
19:56:22.0062 3608 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:56:22.0203 3608 Serial - ok
19:56:22.0250 3608 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:56:22.0390 3608 Sfloppy - ok
19:56:22.0421 3608 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:56:22.0546 3608 SharedAccess - ok
19:56:22.0562 3608 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:56:22.0968 3608 ShellHWDetection - ok
19:56:22.0968 3608 Simbad - ok
19:56:23.0015 3608 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:56:23.0156 3608 SLIP - ok
19:56:23.0203 3608 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:56:23.0343 3608 SONYPVU1 - ok
19:56:23.0343 3608 Sparrow - ok
19:56:23.0375 3608 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:56:23.0796 3608 splitter - ok
19:56:23.0843 3608 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:56:24.0421 3608 Spooler - ok
19:56:24.0468 3608 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:56:24.0578 3608 sr - ok
19:56:24.0609 3608 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
19:56:24.0687 3608 srservice - ok
19:56:24.0750 3608 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:56:24.0828 3608 Srv - ok
19:56:24.0843 3608 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:56:24.0875 3608 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
19:56:24.0875 3608 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
19:56:24.0921 3608 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:56:25.0015 3608 SSDPSRV - ok
19:56:25.0015 3608 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
19:56:25.0031 3608 ssrtln ( UnsignedFile.Multi.Generic ) - warning
19:56:25.0046 3608 ssrtln - detected UnsignedFile.Multi.Generic (1)
19:56:25.0109 3608 [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
19:56:25.0265 3608 STHDA - ok
19:56:25.0328 3608 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:56:25.0750 3608 stisvc - ok
19:56:25.0796 3608 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:56:25.0921 3608 streamip - ok
19:56:25.0937 3608 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:56:26.0078 3608 swenum - ok
19:56:26.0093 3608 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:56:26.0234 3608 swmidi - ok
19:56:26.0234 3608 SwPrv - ok
19:56:26.0250 3608 symc810 - ok
19:56:26.0250 3608 symc8xx - ok
19:56:26.0250 3608 sym_hi - ok
19:56:26.0265 3608 sym_u3 - ok
19:56:26.0328 3608 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:56:26.0437 3608 sysaudio - ok
19:56:26.0515 3608 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:56:26.0671 3608 SysmonLog - ok
19:56:26.0718 3608 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:56:27.0171 3608 TapiSrv - ok
19:56:27.0250 3608 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:56:27.0296 3608 Tcpip - ok
19:56:27.0328 3608 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:56:27.0437 3608 TDPIPE - ok
19:56:27.0453 3608 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:56:27.0593 3608 TDTCP - ok
19:56:27.0625 3608 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:56:27.0734 3608 TermDD - ok
19:56:27.0796 3608 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
19:56:27.0984 3608 TermService - ok
19:56:28.0031 3608 [ 1D265CD2FB1673A0873BF8CEC19DDC7F ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
19:56:28.0062 3608 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
19:56:28.0062 3608 tfsnboio - detected UnsignedFile.Multi.Generic (1)
19:56:28.0093 3608 [ 62E4901295E0467CAC78E5B4B131AE5C ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
19:56:28.0109 3608 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
19:56:28.0109 3608 tfsncofs - detected UnsignedFile.Multi.Generic (1)
19:56:28.0125 3608 [ A2F380F9252AB3464C859ADF91EEAD9C ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
19:56:28.0125 3608 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
19:56:28.0125 3608 tfsndrct - detected UnsignedFile.Multi.Generic (1)
19:56:28.0140 3608 [ EEE79BBEFE9C6A2A3CE6C8753CFEA950 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
19:56:28.0156 3608 tfsndres ( UnsignedFile.Multi.Generic ) - warning
19:56:28.0156 3608 tfsndres - detected UnsignedFile.Multi.Generic (1)
19:56:28.0187 3608 [ 9D644EB11FEC9487450C4CFCD63A5DF4 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
19:56:28.0218 3608 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
19:56:28.0218 3608 tfsnifs - detected UnsignedFile.Multi.Generic (1)
19:56:28.0250 3608 [ E656AF05C67EDB7C0E9230A5DF71ED1B ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
19:56:28.0250 3608 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
19:56:28.0250 3608 tfsnopio - detected UnsignedFile.Multi.Generic (1)
19:56:28.0250 3608 [ 64FCCB9CCE703CA507DFFC3CEBF6B2CB ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
19:56:28.0265 3608 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
19:56:28.0265 3608 tfsnpool - detected UnsignedFile.Multi.Generic (1)
19:56:28.0312 3608 [ 48BC9D8AB4E4B9BFF70FB18E55CEC3D6 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
19:56:28.0312 3608 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
19:56:28.0312 3608 tfsnudf - detected UnsignedFile.Multi.Generic (1)
19:56:28.0328 3608 [ 79F60822224256B49BFC855DA8D651D5 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
19:56:28.0359 3608 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
19:56:28.0359 3608 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
19:56:28.0390 3608 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:56:28.0781 3608 Themes - ok
19:56:28.0828 3608 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:56:28.0921 3608 TlntSvr - ok
19:56:28.0921 3608 TosIde - ok
19:56:28.0968 3608 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:56:29.0109 3608 TrkWks - ok
19:56:29.0171 3608 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
19:56:29.0203 3608 TrueSight ( UnsignedFile.Multi.Generic ) - warning
19:56:29.0203 3608 TrueSight - detected UnsignedFile.Multi.Generic (1)
19:56:29.0218 3608 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:56:29.0343 3608 Udfs - ok
19:56:29.0343 3608 UIUSys - ok
19:56:29.0359 3608 ultra - ok
19:56:29.0421 3608 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:56:29.0890 3608 Update - ok
19:56:29.0953 3608 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:56:30.0375 3608 upnphost - ok
19:56:30.0421 3608 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
19:56:30.0531 3608 UPS - ok
19:56:30.0578 3608 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
19:56:30.0593 3608 USBAAPL - ok
19:56:30.0625 3608 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:56:30.0765 3608 usbaudio - ok
19:56:30.0812 3608 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:56:30.0921 3608 usbccgp - ok
19:56:30.0968 3608 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID C:\WINDOWS\system32\DRIVERS\usbccid.sys
19:56:31.0015 3608 USBCCID - ok
19:56:31.0031 3608 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:56:31.0156 3608 usbehci - ok
19:56:31.0187 3608 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:56:31.0328 3608 usbhub - ok
19:56:31.0359 3608 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:56:31.0468 3608 usbprint - ok
19:56:31.0515 3608 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:56:31.0656 3608 usbscan - ok
19:56:31.0703 3608 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:56:31.0828 3608 USBSTOR - ok
19:56:31.0875 3608 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:56:32.0000 3608 usbuhci - ok
19:56:32.0031 3608 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:56:32.0140 3608 VgaSave - ok
19:56:32.0140 3608 ViaIde - ok
19:56:32.0156 3608 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:56:32.0281 3608 VolSnap - ok
19:56:32.0343 3608 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
19:56:32.0437 3608 VSS - ok
19:56:32.0531 3608 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
19:56:32.0656 3608 W32Time - ok
19:56:32.0671 3608 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:56:32.0781 3608 Wanarp - ok
19:56:32.0828 3608 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
19:56:32.0843 3608 WDC_SAM - ok
19:56:32.0859 3608 WDICA - ok
19:56:32.0890 3608 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:56:33.0343 3608 wdmaud - ok
19:56:33.0406 3608 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
19:56:33.0875 3608 WebClient - ok
19:56:33.0921 3608 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
19:56:33.0953 3608 winachsf - ok
19:56:34.0062 3608 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:56:34.0203 3608 winmgmt - ok
19:56:34.0203 3608 wltrysvc - ok
19:56:34.0234 3608 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:56:34.0296 3608 WmdmPmSN - ok
19:56:34.0359 3608 [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:56:34.0500 3608 Wmi - ok
19:56:34.0531 3608 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:56:34.0671 3608 WmiAcpi - ok
19:56:34.0718 3608 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:56:34.0859 3608 WmiApSrv - ok
19:56:34.0937 3608 [ ADCF0CC6F3A6B2D0116E315ED4169D01 ] WPEServ C:\Program Files\Common Files\WPE\wpeserv.exe
19:56:34.0968 3608 WPEServ ( UnsignedFile.Multi.Generic ) - warning
19:56:34.0968 3608 WPEServ - detected UnsignedFile.Multi.Generic (1)
19:56:35.0015 3608 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:56:35.0140 3608 WS2IFSL - ok
19:56:35.0203 3608 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:56:35.0312 3608 wscsvc - ok
19:56:35.0343 3608 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:56:35.0484 3608 WSTCODEC - ok
19:56:35.0515 3608 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:56:35.0640 3608 wuauserv - ok
19:56:35.0687 3608 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:56:35.0750 3608 WudfPf - ok
19:56:35.0765 3608 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:56:35.0781 3608 WudfRd - ok
19:56:35.0812 3608 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:56:35.0828 3608 WudfSvc - ok
19:56:35.0859 3608 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:56:36.0015 3608 WZCSVC - ok
19:56:36.0046 3608 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:56:36.0171 3608 xmlprov - ok
19:56:36.0265 3608 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:56:36.0281 3608 YahooAUService - ok
19:56:36.0296 3608 ================ Scan global ===============================
19:56:36.0375 3608 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
19:56:36.0421 3608 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
19:56:36.0437 3608 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
19:56:36.0453 3608 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
19:56:36.0453 3608 [Global] - ok
19:56:36.0453 3608 ================ Scan MBR ==================================
19:56:36.0484 3608 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:56:36.0796 3608 \Device\Harddisk0\DR0 - ok
19:56:36.0796 3608 ================ Scan VBR ==================================
19:56:36.0812 3608 [ A07E1602B54440CE73D7BD27C7066CD0 ] \Device\Harddisk0\DR0\Partition1
19:56:36.0812 3608 \Device\Harddisk0\DR0\Partition1 - ok
19:56:36.0812 3608 ================ Scan active images ========================
19:56:36.0812 3608 [ 279FB78702454DFF2BB445F238C048D2 ] C:\WINDOWS\system32\drivers\intelppm.sys
19:56:36.0812 3608 C:\WINDOWS\system32\drivers\intelppm.sys - ok
19:56:36.0812 3608 [ AE2C8544E747C20062DB27456EA2D67A ] C:\WINDOWS\system32\drivers\wmiacpi.sys
19:56:36.0812 3608 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
19:56:36.0828 3608 [ 4266BE808F85826AEDF3C64C1E240203 ] C:\WINDOWS\system32\drivers\CmBatt.sys
19:56:36.0828 3608 C:\WINDOWS\system32\drivers\CmBatt.sys - ok
19:56:36.0828 3608 [ D5A9D123F5ED7C9965A481BD20CF66D8 ] C:\WINDOWS\system32\drivers\videoprt.sys
19:56:36.0828 3608 C:\WINDOWS\system32\drivers\videoprt.sys - ok
19:56:36.0828 3608 [ CC449157474D5E43DAEA7E20F52C635A ] C:\WINDOWS\system32\drivers\ialmnt5.sys
19:56:36.0828 3608 C:\WINDOWS\system32\drivers\ialmnt5.sys - ok
19:56:36.0843 3608 [ B89BCF0A25AEB3B47030AC83287F894A ] C:\WINDOWS\system32\drivers\BCMWL5.SYS
19:56:36.0843 3608 C:\WINDOWS\system32\drivers\BCMWL5.SYS - ok
19:56:36.0843 3608 [ E31363D186B3E1D7C4E9117884A6AEE5 ] C:\WINDOWS\system32\drivers\Hdaudbus.sys
19:56:36.0843 3608 C:\WINDOWS\system32\drivers\Hdaudbus.sys - ok
19:56:36.0859 3608 [ C0ACD392ECE55784884CC208AAFA06CE ] C:\WINDOWS\system32\drivers\b57xp32.sys
19:56:36.0859 3608 C:\WINDOWS\system32\drivers\b57xp32.sys - ok
19:56:36.0859 3608 [ 2034CA78F9C6E787B4B76D81AC888351 ] C:\WINDOWS\system32\drivers\usbport.sys
19:56:36.0859 3608 C:\WINDOWS\system32\drivers\usbport.sys - ok
19:56:36.0859 3608 [ F8FD1400092E23C8F2F31406EF06167B ] C:\WINDOWS\system32\drivers\usbuhci.sys
19:56:36.0859 3608 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
19:56:36.0875 3608 [ 15E993BA2F6946B2BFBBFCD30398621E ] C:\WINDOWS\system32\drivers\usbehci.sys
19:56:36.0875 3608 C:\WINDOWS\system32\drivers\usbehci.sys - ok
19:56:36.0875 3608 [ 5502B58EEF7486EE6F93F3F164DCB808 ] C:\WINDOWS\system32\drivers\i8042prt.sys
19:56:36.0875 3608 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
19:56:36.0875 3608 [ 34E1F0031153E491910E12551400192C ] C:\WINDOWS\system32\drivers\mouclass.sys
19:56:36.0875 3608 C:\WINDOWS\system32\drivers\mouclass.sys - ok
19:56:36.0890 3608 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] C:\WINDOWS\system32\drivers\kbdclass.sys
19:56:36.0890 3608 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
19:56:36.0890 3608 [ A2D868AEEFF612E70E213C451A70CAFB ] C:\WINDOWS\system32\drivers\serenum.sys
19:56:36.0890 3608 C:\WINDOWS\system32\drivers\serenum.sys - ok
19:56:36.0890 3608 [ CD9404D115A00D249F70A371B46D5A26 ] C:\WINDOWS\system32\drivers\serial.sys
19:56:36.0890 3608 C:\WINDOWS\system32\drivers\serial.sys - ok
19:56:36.0906 3608 [ AF9C19B3100FE010496B1A27181FBF72 ] C:\WINDOWS\system32\drivers\cdrom.sys
19:56:36.0906 3608 C:\WINDOWS\system32\drivers\cdrom.sys - ok
19:56:36.0906 3608 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] C:\WINDOWS\system32\drivers\imapi.sys
19:56:36.0906 3608 C:\WINDOWS\system32\drivers\imapi.sys - ok
19:56:36.0921 3608 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] C:\WINDOWS\system32\drivers\pfc.sys
19:56:36.0921 3608 C:\WINDOWS\system32\drivers\pfc.sys - ok
19:56:36.0921 3608 [ D7968049BE0ADBB6A57CEE3960320911 ] C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:56:36.0921 3608 C:\WINDOWS\system32\drivers\sscdbhk5.sys - ok
19:56:36.0921 3608 [ B9540E258F952650DE8DEC68719A5C97 ] C:\WINDOWS\system32\drivers\ks.sys
19:56:36.0921 3608 C:\WINDOWS\system32\drivers\ks.sys - ok
19:56:36.0937 3608 [ 185ADA973B5020655CEE342059A86CBB ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
19:56:36.0937 3608 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
19:56:36.0937 3608 [ B31B4588E4086D8D84ADBF9845C2402B ] C:\WINDOWS\system32\drivers\redbook.sys
19:56:36.0937 3608 C:\WINDOWS\system32\drivers\redbook.sys - ok
19:56:36.0937 3608 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
19:56:36.0937 3608 C:\WINDOWS\system32\drivers\usbd.sys - ok
19:56:36.0953 3608 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
19:56:36.0953 3608 C:\WINDOWS\system32\drivers\audstub.sys - ok
19:56:36.0953 3608 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] C:\WINDOWS\system32\drivers\LVUSBSta.sys
19:56:36.0953 3608 C:\WINDOWS\system32\drivers\LVUSBSta.sys - ok
19:56:36.0953 3608 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] C:\WINDOWS\system32\drivers\ndistapi.sys
19:56:36.0953 3608 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
19:56:36.0968 3608 [ 0B90E255A9490166AB368CD55A529893 ] C:\WINDOWS\system32\drivers\ndiswan.sys
19:56:36.0968 3608 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
19:56:36.0968 3608 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] C:\WINDOWS\system32\drivers\rasl2tp.sys
19:56:36.0968 3608 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
19:56:36.0984 3608 [ 7306EEED8895454CBED4669BE9F79FAA ] C:\WINDOWS\system32\drivers\raspppoe.sys
19:56:36.0984 3608 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
19:56:36.0984 3608 [ 6891B74AB9A016064E82A419388D0601 ] C:\WINDOWS\system32\drivers\tdi.sys
19:56:36.0984 3608 C:\WINDOWS\system32\drivers\tdi.sys - ok
19:56:36.0984 3608 [ 48671F327553DCF1D27F6197F622A668 ] C:\WINDOWS\system32\drivers\psched.sys
19:56:36.0984 3608 C:\WINDOWS\system32\drivers\psched.sys - ok
19:56:37.0000 3608 [ 1C5CC65AAC0783C344F16353E60B72AC ] C:\WINDOWS\system32\drivers\raspptp.sys
19:56:37.0000 3608 C:\WINDOWS\system32\drivers\raspptp.sys - ok
19:56:37.0000 3608 [ C0F1D4A21DE5A415DF8170616703DEBF ] C:\WINDOWS\system32\drivers\msgpc.sys
19:56:37.0000 3608 C:\WINDOWS\system32\drivers\msgpc.sys - ok
19:56:37.0000 3608 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
19:56:37.0000 3608 C:\WINDOWS\system32\drivers\ptilink.sys - ok
19:56:37.0015 3608 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
19:56:37.0015 3608 C:\WINDOWS\system32\drivers\raspti.sys - ok
19:56:37.0015 3608 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] C:\WINDOWS\system32\drivers\rdpdr.sys
19:56:37.0015 3608 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
19:56:37.0015 3608 [ 03C1BAE4766E2450219D20B993D6E046 ] C:\WINDOWS\system32\drivers\swenum.sys
19:56:37.0015 3608 C:\WINDOWS\system32\drivers\swenum.sys - ok
19:56:37.0031 3608 [ A540A99C281D933F3D69D55E48727F47 ] C:\WINDOWS\system32\drivers\termdd.sys
19:56:37.0031 3608 C:\WINDOWS\system32\drivers\termdd.sys - ok
19:56:37.0031 3608 [ CED744117E91BDC0BEB810F7D8608183 ] C:\WINDOWS\system32\drivers\update.sys
19:56:37.0031 3608 C:\WINDOWS\system32\drivers\update.sys - ok
19:56:37.0031 3608 [ 469541F8BFD2B32659D5D463A6714BCE ] C:\WINDOWS\system32\drivers\mssmbios.sys
19:56:37.0031 3608 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
19:56:37.0046 3608 [ 59FC3FB44D2669BC144FD87826BB571F ] C:\WINDOWS\system32\drivers\ndproxy.sys
19:56:37.0046 3608 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
19:56:37.0046 3608 [ FF86422268DE771D571E123EB7092C6A ] C:\WINDOWS\system32\drivers\drmk.sys
19:56:37.0046 3608 C:\WINDOWS\system32\drivers\drmk.sys - ok
19:56:37.0062 3608 [ BC6B2BC69C1E009443E8B1FE2DB96101 ] C:\WINDOWS\system32\drivers\portcls.sys
19:56:37.0062 3608 C:\WINDOWS\system32\drivers\portcls.sys - ok
19:56:37.0062 3608 [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] C:\WINDOWS\system32\drivers\sthda.sys
19:56:37.0062 3608 C:\WINDOWS\system32\drivers\sthda.sys - ok
19:56:37.0062 3608 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] C:\WINDOWS\system32\drivers\HSXHWAZL.sys
19:56:37.0062 3608 C:\WINDOWS\system32\drivers\HSXHWAZL.sys - ok
19:56:37.0078 3608 [ E8EC1767EA315A39A0DD8989952CA0E9 ] C:\WINDOWS\system32\drivers\HSX_DPV.sys
19:56:37.0078 3608 C:\WINDOWS\system32\drivers\HSX_DPV.sys - ok
19:56:37.0078 3608 [ BA6B6FB242A6BA4068C8B763063BEB63 ] C:\WINDOWS\system32\drivers\HSX_CNXT.sys
19:56:37.0078 3608 C:\WINDOWS\system32\drivers\HSX_CNXT.sys - ok
19:56:37.0078 3608 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] C:\WINDOWS\system32\drivers\modem.sys
19:56:37.0078 3608 C:\WINDOWS\system32\drivers\modem.sys - ok
19:56:37.0093 3608 [ C72F40947F92CEA56A8FB532EDF025F1 ] C:\WINDOWS\system32\drivers\usbhub.sys
19:56:37.0093 3608 C:\WINDOWS\system32\drivers\usbhub.sys - ok
19:56:37.0093 3608 [ CED2E8396A8838E59D8FD529C680E02C ] C:\WINDOWS\system32\drivers\fdc.sys
19:56:37.0093 3608 C:\WINDOWS\system32\drivers\fdc.sys - ok
19:56:37.0093 3608 [ 0DD1DE43115B93F4D85E889D7A86F548 ] C:\WINDOWS\system32\drivers\flpydisk.sys
19:56:37.0093 3608 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
19:56:37.0109 3608 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
19:56:37.0109 3608 C:\WINDOWS\system32\drivers\beep.sys - ok
19:56:37.0109 3608 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
19:56:37.0109 3608 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
19:56:37.0125 3608 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
19:56:37.0125 3608 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
19:56:37.0125 3608 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
19:56:37.0125 3608 C:\WINDOWS\system32\drivers\null.sys - ok
19:56:37.0125 3608 [ C3FFD65ABFB6441E7606CF74F1155273 ] C:\WINDOWS\system32\drivers\ssrtln.sys
19:56:37.0125 3608 C:\WINDOWS\system32\drivers\ssrtln.sys - ok
19:56:37.0140 3608 [ 5FFF41CD5108E9051D255C37825AF697 ] C:\WINDOWS\system32\drivers\hidparse.sys
19:56:37.0140 3608 C:\WINDOWS\system32\drivers\hidparse.sys - ok
19:56:37.0140 3608 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] C:\WINDOWS\system32\drivers\kbdhid.sys
19:56:37.0140 3608 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
19:56:37.0140 3608 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] C:\WINDOWS\system32\drivers\vga.sys
19:56:37.0140 3608 C:\WINDOWS\system32\drivers\vga.sys - ok
19:56:37.0156 3608 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
19:56:37.0156 3608 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
19:56:37.0156 3608 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
19:56:37.0156 3608 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
19:56:37.0156 3608 [ 561B3A4333CA2DBDBA28B5B956822519 ] C:\WINDOWS\system32\drivers\msfs.sys
19:56:37.0156 3608 C:\WINDOWS\system32\drivers\msfs.sys - ok
19:56:37.0171 3608 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] C:\WINDOWS\system32\drivers\npfs.sys
19:56:37.0171 3608 C:\WINDOWS\system32\drivers\npfs.sys - ok
19:56:37.0171 3608 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
19:56:37.0171 3608 C:\WINDOWS\system32\drivers\rasacd.sys - ok
19:56:37.0187 3608 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] C:\WINDOWS\system32\drivers\ipsec.sys
19:56:37.0187 3608 C:\WINDOWS\system32\drivers\ipsec.sys - ok
19:56:37.0187 3608 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] C:\WINDOWS\system32\drivers\tcpip.sys
19:56:37.0187 3608 C:\WINDOWS\system32\drivers\tcpip.sys - ok
19:56:37.0187 3608 [ 8AE511AB181F63B72273BA41CB37F818 ] C:\WINDOWS\system32\drivers\mvstdi5x.sys
19:56:37.0187 3608 C:\WINDOWS\system32\drivers\mvstdi5x.sys - ok
19:56:37.0203 3608 [ E2168CBC7098FFE963C6F23F472A3593 ] C:\WINDOWS\system32\drivers\ipnat.sys
19:56:37.0203 3608 C:\WINDOWS\system32\drivers\ipnat.sys - ok
19:56:37.0203 3608 [ 0C80E410CD2F47134407EE7DD19CC86B ] C:\WINDOWS\system32\drivers\netbt.sys
19:56:37.0203 3608 C:\WINDOWS\system32\drivers\netbt.sys - ok
19:56:37.0203 3608 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
19:56:37.0203 3608 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
19:56:37.0218 3608 [ 55E6E1C51B6D30E54335750955453702 ] C:\WINDOWS\system32\drivers\afd.sys
19:56:37.0218 3608 C:\WINDOWS\system32\drivers\afd.sys - ok
19:56:37.0218 3608 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] C:\WINDOWS\system32\drivers\netbios.sys
19:56:37.0218 3608 C:\WINDOWS\system32\drivers\netbios.sys - ok
19:56:37.0218 3608 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] C:\WINDOWS\system32\drivers\rdbss.sys
19:56:37.0234 3608 C:\WINDOWS\system32\drivers\rdbss.sys - ok
19:56:37.0234 3608 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] C:\WINDOWS\system32\drivers\omci.sys
19:56:37.0234 3608 C:\WINDOWS\system32\drivers\omci.sys - ok
19:56:37.0234 3608 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
19:56:37.0234 3608 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
19:56:37.0250 3608 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] C:\WINDOWS\system32\drivers\fips.sys
19:56:37.0250 3608 C:\WINDOWS\system32\drivers\fips.sys - ok
19:56:37.0250 3608 [ C06986B55981B355090DD34DE809E4BB ] C:\WINDOWS\system32\ntdll.dll
19:56:37.0250 3608 C:\WINDOWS\system32\ntdll.dll - ok
19:56:37.0250 3608 [ BD7FB0957C716F1A60333AEE04DE2178 ] C:\WINDOWS\system32\smss.exe
19:56:37.0250 3608 C:\WINDOWS\system32\smss.exe - ok
19:56:37.0265 3608 [ B3415B9D6026F65E43089ABED096C38C ] C:\WINDOWS\system32\autochk.exe
19:56:37.0265 3608 C:\WINDOWS\system32\autochk.exe - ok
19:56:37.0265 3608 [ 30A609E00BD1D4FFC49D6B5A432BE7F2 ] C:\WINDOWS\system32\sfcfiles.dll
19:56:37.0265 3608 C:\WINDOWS\system32\sfcfiles.dll - ok
19:56:37.0265 3608 [ CD7D5152DF32B47F4E36F710B35AAE02 ] C:\WINDOWS\system32\drivers\cdfs.sys
19:56:37.0265 3608 C:\WINDOWS\system32\drivers\cdfs.sys - ok
19:56:37.0281 3608 [ 017DAECF0ED3AA731313433601EC40FA ] C:\WINDOWS\system32\drivers\smclib.sys
19:56:37.0281 3608 C:\WINDOWS\system32\drivers\smclib.sys - ok
19:56:37.0281 3608 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] C:\WINDOWS\system32\drivers\usbccid.sys
19:56:37.0281 3608 C:\WINDOWS\system32\drivers\usbccid.sys - ok
19:56:37.0281 3608 [ 984EF0B9788ABF89974CFED4BFBAACBC ] C:\WINDOWS\system32\drivers\wanarp.sys
19:56:37.0281 3608 C:\WINDOWS\system32\drivers\wanarp.sys - ok
19:56:37.0296 3608 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] C:\WINDOWS\system32\drivers\usbccgp.sys
19:56:37.0296 3608 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
19:56:37.0296 3608 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] C:\WINDOWS\system32\drivers\usbscan.sys
19:56:37.0296 3608 C:\WINDOWS\system32\drivers\usbscan.sys - ok
19:56:37.0296 3608 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] C:\WINDOWS\system32\drivers\usbprint.sys
19:56:37.0296 3608 C:\WINDOWS\system32\drivers\usbprint.sys - ok
19:56:37.0312 3608 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] C:\WINDOWS\system32\drivers\HPZius12.sys
19:56:37.0312 3608 C:\WINDOWS\system32\drivers\HPZius12.sys - ok
19:56:37.0312 3608 [ 378055AB8DDA86228683C697C4E11685 ] C:\WINDOWS\system32\drivers\hidclass.sys
19:56:37.0312 3608 C:\WINDOWS\system32\drivers\hidclass.sys - ok
19:56:37.0312 3608 [ 1DE6783B918F540149AA69943BDFEBA8 ] C:\WINDOWS\system32\drivers\hidusb.sys
19:56:37.0312 3608 C:\WINDOWS\system32\drivers\hidusb.sys - ok
19:56:37.0328 3608 [ 9F1D80908658EB7F1BF70809E0B51470 ] C:\WINDOWS\system32\drivers\HPZid412.sys
19:56:37.0328 3608 C:\WINDOWS\system32\drivers\HPZid412.sys - ok
19:56:37.0328 3608 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
19:56:37.0328 3608 C:\WINDOWS\system32\drivers\mouhid.sys - ok
19:56:37.0343 3608 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] C:\WINDOWS\system32\drivers\HPZipr12.sys
19:56:37.0343 3608 C:\WINDOWS\system32\drivers\HPZipr12.sys - ok
19:56:37.0343 3608 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] C:\WINDOWS\system32\drivers\atapi.sys
19:56:37.0343 3608 C:\WINDOWS\system32\drivers\atapi.sys - ok
19:56:37.0343 3608 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
19:56:37.0343 3608 C:\WINDOWS\system32\drivers\wmilib.sys - ok
19:56:37.0359 3608 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
19:56:37.0359 3608 C:\WINDOWS\system32\drivers\dxapi.sys - ok
19:56:37.0359 3608 [ C9BF2F12C4E6C12F8A85FBA4B6BC6208 ] C:\WINDOWS\system32\watchdog.sys
19:56:37.0359 3608 C:\WINDOWS\system32\watchdog.sys - ok
19:56:37.0359 3608 [ EFD2862F003538B9A5B4C015F8FDB1B3 ] C:\WINDOWS\system32\csrsrv.dll
19:56:37.0359 3608 C:\WINDOWS\system32\csrsrv.dll - ok
19:56:37.0375 3608 [ F12B178B1678D778CFD3FF1FC38C71FB ] C:\WINDOWS\system32\csrss.exe
19:56:37.0375 3608 C:\WINDOWS\system32\csrss.exe - ok
19:56:37.0375 3608 [ 7190A8EBD16D56C78864E49C9BB5FE7D ] C:\WINDOWS\system32\win32k.sys
19:56:37.0375 3608 C:\WINDOWS\system32\win32k.sys - ok
19:56:37.0375 3608 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
19:56:37.0375 3608 C:\WINDOWS\system32\basesrv.dll - ok
19:56:37.0390 3608 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
19:56:37.0390 3608 C:\WINDOWS\system32\winsrv.dll - ok
19:56:37.0390 3608 [ 0C07B16769E579F78C541773D0A2E7E0 ] C:\WINDOWS\system32\gdi32.dll
19:56:37.0390 3608 C:\WINDOWS\system32\gdi32.dll - ok
19:56:37.0390 3608 [ B6ACAED7588295129791E0E6A2B0FADE ] C:\WINDOWS\system32\kernel32.dll
19:56:37.0390 3608 C:\WINDOWS\system32\kernel32.dll - ok
19:56:37.0406 3608 [ B409909F6E2E8A7067076ED748ABF1E7 ] C:\WINDOWS\system32\user32.dll
19:56:37.0406 3608 C:\WINDOWS\system32\user32.dll - ok
19:56:37.0406 3608 [ 74D66B3DE265E8789153414E75175F26 ] C:\WINDOWS\system32\lpk.dll
19:56:37.0406 3608 C:\WINDOWS\system32\lpk.dll - ok
19:56:37.0406 3608 [ 2EB58F9DCD6AB320B46744A4EA48B2D2 ] C:\WINDOWS\system32\usp10.dll
19:56:37.0406 3608 C:\WINDOWS\system32\usp10.dll - ok
19:56:37.0421 3608 [ B0FEFA816D61EC66AA765DDF534EAB5E ] C:\WINDOWS\system32\msvcrt.dll
19:56:37.0421 3608 C:\WINDOWS\system32\msvcrt.dll - ok
19:56:37.0421 3608 [ 1081C185AED0660B2B5F173C3E023B23 ] C:\WINDOWS\system32\advapi32.dll
19:56:37.0421 3608 C:\WINDOWS\system32\advapi32.dll - ok
19:56:37.0437 3608 [ 461B6E2F04112E659280314B7A414F30 ] C:\WINDOWS\system32\rpcrt4.dll
19:56:37.0437 3608 C:\WINDOWS\system32\rpcrt4.dll - ok
19:56:37.0437 3608 [ 174F3D2CA3C9E53643772A67C36BE5AF ] C:\WINDOWS\system32\secur32.dll
19:56:37.0437 3608 C:\WINDOWS\system32\secur32.dll - ok
19:56:37.0437 3608 [ D3DAC8432110AAD0B02A58B4459AB835 ] C:\WINDOWS\system32\drivers\dxg.sys
19:56:37.0437 3608 C:\WINDOWS\system32\drivers\dxg.sys - ok
19:56:37.0453 3608 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
19:56:37.0453 3608 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
19:56:37.0453 3608 [ FE6119094F9E690A32B4A7873C223653 ] C:\WINDOWS\system32\ialmdnt5.dll
19:56:37.0453 3608 C:\WINDOWS\system32\ialmdnt5.dll - ok
19:56:37.0468 3608 [ E9A7C2CA8650E4B741F4C0F649077AD9 ] C:\WINDOWS\system32\ialmrnt5.dll
19:56:37.0468 3608 C:\WINDOWS\system32\ialmrnt5.dll - ok
19:56:37.0468 3608 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
19:56:37.0468 3608 C:\WINDOWS\system32\vga.dll - ok
19:56:37.0484 3608 [ EC8DEC2C1FC37F10184CB7129A55601A ] C:\WINDOWS\system32\ialmdev5.dll
19:56:37.0484 3608 C:\WINDOWS\system32\ialmdev5.dll - ok
19:56:37.0484 3608 [ CB89A887E42D947C801AE2B8EF6AA6D7 ] C:\WINDOWS\system32\ialmdd5.dll
19:56:37.0484 3608 C:\WINDOWS\system32\ialmdd5.dll - ok
19:56:37.0484 3608 [ 5C3DF25926729EBEEF5CC7FF1933B360 ] C:\WINDOWS\system32\authz.dll
19:56:37.0484 3608 C:\WINDOWS\system32\authz.dll - ok
19:56:37.0500 3608 [ 01C3346C241652F43AED8E2149881BFE ] C:\WINDOWS\system32\winlogon.exe
19:56:37.0500 3608 C:\WINDOWS\system32\winlogon.exe - ok
19:56:37.0500 3608 [ EFC958396A7A7EF7E6D4A52B97512E18 ] C:\WINDOWS\system32\crypt32.dll
19:56:37.0500 3608 C:\WINDOWS\system32\crypt32.dll - ok
19:56:37.0500 3608 [ DDE959EFC7CD79D1AC4BDA320A959DC0 ] C:\WINDOWS\system32\msasn1.dll
19:56:37.0500 3608 C:\WINDOWS\system32\msasn1.dll - ok
19:56:37.0515 3608 [ 458AB591E8CF240CC105A23671F2C3D6 ] C:\WINDOWS\system32\nddeapi.dll
19:56:37.0515 3608 C:\WINDOWS\system32\nddeapi.dll - ok
19:56:37.0515 3608 [ 0A457307006530FD03A797F572A067FA ] C:\WINDOWS\system32\netapi32.dll
19:56:37.0515 3608 C:\WINDOWS\system32\netapi32.dll - ok
19:56:37.0515 3608 [ FE4F71711CF5C17ADE5E506348132D24 ] C:\WINDOWS\system32\profmap.dll
19:56:37.0515 3608 C:\WINDOWS\system32\profmap.dll - ok
19:56:37.0531 3608 [ 2B9B56A89A8A42E917511972A6DB36E3 ] C:\WINDOWS\system32\userenv.dll
19:56:37.0531 3608 C:\WINDOWS\system32\userenv.dll - ok
19:56:37.0531 3608 [ 96E48C7EB9089D1DBF6F85CA11B264DF ] C:\WINDOWS\system32\psapi.dll
19:56:37.0531 3608 C:\WINDOWS\system32\psapi.dll - ok
19:56:37.0531 3608 [ 899ED710FDC37EB7D0115C2932C2B1EB ] C:\WINDOWS\system32\regapi.dll
19:56:37.0531 3608 C:\WINDOWS\system32\regapi.dll - ok
19:56:37.0546 3608 [ 7808313CBC634EE08346D5DDFEF1CC5F ] C:\WINDOWS\system32\setupapi.dll
19:56:37.0546 3608 C:\WINDOWS\system32\setupapi.dll - ok
19:56:37.0546 3608 [ D38408967BE738D0C1B47005BCE8CEEB ] C:\WINDOWS\system32\version.dll
19:56:37.0546 3608 C:\WINDOWS\system32\version.dll - ok
19:56:37.0546 3608 [ 7BC4BA4C33ADF3EF5CD370D99BC60B04 ] C:\WINDOWS\system32\winsta.dll
19:56:37.0546 3608 C:\WINDOWS\system32\winsta.dll - ok
19:56:37.0562 3608 [ 1955BD9737BE6F4B72AD7A4859B4E300 ] C:\WINDOWS\system32\wintrust.dll
19:56:37.0562 3608 C:\WINDOWS\system32\wintrust.dll - ok
19:56:37.0562 3608 [ 5AFCE94E8286B2F57A04DA37F01BF21A ] C:\WINDOWS\system32\imagehlp.dll
19:56:37.0562 3608 C:\WINDOWS\system32\imagehlp.dll - ok
19:56:37.0562 3608 [ 2ED0B7F12A60F90092081C50FA0EC2B2 ] C:\WINDOWS\system32\ws2_32.dll
19:56:37.0562 3608 C:\WINDOWS\system32\ws2_32.dll - ok
19:56:37.0578 3608 [ 87CA7CE6469577F059297B9D6556D66D ] C:\WINDOWS\system32\imm32.dll
19:56:37.0578 3608 C:\WINDOWS\system32\imm32.dll - ok
19:56:37.0578 3608 [ 9BEACB911CA61E5881102188AB7FB431 ] C:\WINDOWS\system32\ws2help.dll
19:56:37.0578 3608 C:\WINDOWS\system32\ws2help.dll - ok
19:56:37.0578 3608 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
19:56:37.0578 3608 C:\WINDOWS\system32\kbdus.dll - ok
19:56:37.0609 3608 [ A29AF639AA180CC68C59242A10E1D3B1 ] C:\WINDOWS\system32\msgina.dll
19:56:37.0609 3608 C:\WINDOWS\system32\msgina.dll - ok
19:56:37.0609 3608 [ 06DA8C5383AAF17127FC4B1658BA3F4F ] C:\WINDOWS\system32\shell32.dll
19:56:37.0609 3608 C:\WINDOWS\system32\shell32.dll - ok
19:56:37.0609 3608 [ 7C972C7F0E3CE48503E1E9FBE9890009 ] C:\WINDOWS\system32\shlwapi.dll
19:56:37.0609 3608 C:\WINDOWS\system32\shlwapi.dll - ok
19:56:37.0625 3608 [ B0124CB21D28B1C9F678B566B6B57D92 ] C:\WINDOWS\system32\comctl32.dll
19:56:37.0625 3608 C:\WINDOWS\system32\comctl32.dll - ok
19:56:37.0625 3608 [ F79D7D98CD764499ECCBAAF3F800D349 ] C:\WINDOWS\system32\odbc32.dll
19:56:37.0625 3608 C:\WINDOWS\system32\odbc32.dll - ok
19:56:37.0640 3608 [ 1EDB1BB89D021955E6F7265911175B8D ] C:\WINDOWS\system32\comdlg32.dll
19:56:37.0640 3608 C:\WINDOWS\system32\comdlg32.dll - ok
19:56:37.0640 3608 [ 0FF9FA27706FBE9048990C108C0D62F0 ] C:\WINDOWS\system32\sxs.dll
19:56:37.0640 3608 C:\WINDOWS\system32\sxs.dll - ok
19:56:37.0640 3608 [ C237FB08F52F27823C4E4E6705ECD196 ] C:\WINDOWS\system32\odbcint.dll
19:56:37.0640 3608 C:\WINDOWS\system32\odbcint.dll - ok
19:56:37.0656 3608 [ C4E80875C1CF1222FC5EFD0314AE5C01 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
19:56:37.0656 3608 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll - ok
19:56:37.0656 3608 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] C:\WINDOWS\system32\shsvcs.dll
19:56:37.0656 3608 C:\WINDOWS\system32\shsvcs.dll - ok
19:56:37.0656 3608 [ E8A12A12EA9088B4327D49EDCA3ADD3E ] C:\WINDOWS\system32\sfc.dll
19:56:37.0656 3608 C:\WINDOWS\system32\sfc.dll - ok
19:56:37.0671 3608 [ 9858CC4D73A4CCF2F852FAE07C11A0B5 ] C:\WINDOWS\system32\sfc_os.dll
19:56:37.0671 3608 C:\WINDOWS\system32\sfc_os.dll - ok
19:56:37.0671 3608 [ AB8231D13692AC5088EB9C226B0C0576 ] C:\WINDOWS\system32\ole32.dll
19:56:37.0671 3608 C:\WINDOWS\system32\ole32.dll - ok
19:56:37.0671 3608 [ ECA24AB73FCFFA754D4070CDB03529E3 ] C:\WINDOWS\system32\apphelp.dll
19:56:37.0671 3608 C:\WINDOWS\system32\apphelp.dll - ok
19:56:37.0687 3608 [ 39F3B6CC2932E103D72C4564F8A680AC ] C:\WINDOWS\system32\lsasrv.dll
19:56:37.0687 3608 C:\WINDOWS\system32\lsasrv.dll - ok
19:56:37.0687 3608 [ 84885F9B82F4D55C6146EBF6065D75D2 ] C:\WINDOWS\system32\lsass.exe
19:56:37.0687 3608 C:\WINDOWS\system32\lsass.exe - ok
19:56:37.0703 3608 [ DA201A0A309B96381FD674D0FAB5DA86 ] C:\WINDOWS\system32\ncobjapi.dll
19:56:37.0703 3608 C:\WINDOWS\system32\ncobjapi.dll - ok
19:56:37.0703 3608 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
19:56:37.0703 3608 C:\WINDOWS\system32\services.exe - ok
19:56:37.0703 3608 [ 1F57EB5B92B2AC7F9D71A77D184D8C13 ] C:\WINDOWS\system32\msvcp60.dll
19:56:37.0703 3608 C:\WINDOWS\system32\msvcp60.dll - ok
19:56:37.0718 3608 [ 9A42C1F3154545A4D32E5043038B01FA ] C:\WINDOWS\system32\scesrv.dll
19:56:37.0718 3608 C:\WINDOWS\system32\scesrv.dll - ok
19:56:37.0718 3608 [ 2CFE80AA3428C09E6DE67FAC50DA65CF ] C:\WINDOWS\system32\mpr.dll
19:56:37.0718 3608 C:\WINDOWS\system32\mpr.dll - ok
19:56:37.0718 3608 [ 6201BACF384292A5FE94CE73364AE53A ] C:\WINDOWS\system32\ntdsapi.dll
19:56:37.0718 3608 C:\WINDOWS\system32\ntdsapi.dll - ok
19:56:37.0734 3608 [ 586211F4FF4BC49CC215C956919CD33B ] C:\WINDOWS\system32\umpnpmgr.dll
19:56:37.0734 3608 C:\WINDOWS\system32\umpnpmgr.dll - ok
19:56:37.0734 3608 [ 176497D0E7AE618860552A4B5635B206 ] C:\WINDOWS\system32\dnsapi.dll
19:56:37.0734 3608 C:\WINDOWS\system32\dnsapi.dll - ok
19:56:37.0734 3608 [ 43DA983415EA533F9E667FDB415F4655 ] C:\WINDOWS\system32\shimeng.dll
19:56:37.0734 3608 C:\WINDOWS\system32\shimeng.dll - ok
19:56:37.0750 3608 [ FB537F29A827D78F756154CF397A113F ] C:\WINDOWS\AppPatch\AcGenral.dll
19:56:37.0750 3608 C:\WINDOWS\AppPatch\AcGenral.dll - ok
19:56:37.0750 3608 [ 10F36FA092D7A309A0647FCDC764AE6C ] C:\WINDOWS\system32\wldap32.dll
19:56:37.0750 3608 C:\WINDOWS\system32\wldap32.dll - ok
19:56:37.0750 3608 [ EBE12F403FDE45E7312E7BF764BFB6C6 ] C:\WINDOWS\system32\samlib.dll
19:56:37.0750 3608 C:\WINDOWS\system32\samlib.dll - ok
19:56:37.0765 3608 [ E15154E7FDA8A580A8F74C7CC16B1FFE ] C:\WINDOWS\system32\samsrv.dll
19:56:37.0765 3608 C:\WINDOWS\system32\samsrv.dll - ok
19:56:37.0765 3608 [ EF5B64A9CD71ED27E837165C08DA4CC1 ] C:\WINDOWS\system32\cryptdll.dll
19:56:37.0765 3608 C:\WINDOWS\system32\cryptdll.dll - ok
19:56:37.0765 3608 [ 90FDAA22F38D9E911F91FA3B8A1F7E5D ] C:\WINDOWS\system32\winmm.dll
19:56:37.0765 3608 C:\WINDOWS\system32\winmm.dll - ok
19:56:37.0781 3608 [ 0144ABC4C4A624B583D432EE478A711C ] C:\WINDOWS\system32\oleaut32.dll
19:56:37.0781 3608 C:\WINDOWS\system32\oleaut32.dll - ok
19:56:37.0781 3608 [ 975D12353B1D525C0F3444C447FB3B9A ] C:\WINDOWS\system32\msacm32.dll
19:56:37.0781 3608 C:\WINDOWS\system32\msacm32.dll - ok
19:56:37.0781 3608 [ 2CDE496666A975A2CE8F969F3042C8DB ] C:\WINDOWS\system32\uxtheme.dll
19:56:37.0781 3608 C:\WINDOWS\system32\uxtheme.dll - ok
19:56:37.0796 3608 [ E484F006380A89A52CCC7828ECE5DCA0 ] C:\WINDOWS\system32\msapsspc.dll
19:56:37.0796 3608 C:\WINDOWS\system32\msapsspc.dll - ok
19:56:37.0796 3608 [ 146D198E3AD9D4B69C9EB0AEA6EF333B ] C:\WINDOWS\system32\msvcrt40.dll
19:56:37.0796 3608 C:\WINDOWS\system32\msvcrt40.dll - ok
19:56:37.0796 3608 [ 7B47C36B4F0170B8EF4F3B4EFD371F67 ] C:\WINDOWS\system32\schannel.dll
19:56:37.0796 3608 C:\WINDOWS\system32\schannel.dll - ok
19:56:37.0812 3608 [ 7F2310210256C0AC04A82285DEBC0F51 ] C:\WINDOWS\system32\digest.dll
19:56:37.0812 3608 C:\WINDOWS\system32\digest.dll - ok
19:56:37.0812 3608 [ BB1367FECA810F06B1AEA06D610B1E4F ] C:\WINDOWS\system32\msnsspc.dll
19:56:37.0812 3608 C:\WINDOWS\system32\msnsspc.dll - ok
19:56:37.0812 3608 [ D87041EAA67ECA4394F6D5D09C0C2885 ] C:\WINDOWS\system32\MSCTFIME.IME
19:56:37.0812 3608 C:\WINDOWS\system32\MSCTFIME.IME - ok
19:56:37.0828 3608 [ 6BEC17053284E847CF1FBB8C9A181E1E ] C:\WINDOWS\system32\msprivs.dll
19:56:37.0828 3608 C:\WINDOWS\system32\msprivs.dll - ok
19:56:37.0828 3608 [ C0FE34F85B6D29368133587B1D6FA039 ] C:\WINDOWS\system32\kerberos.dll
19:56:37.0828 3608 C:\WINDOWS\system32\kerberos.dll - ok
19:56:37.0843 3608 [ 4E49D244C178505FEB090E37989D4045 ] C:\WINDOWS\system32\msv1_0.dll
19:56:37.0843 3608 C:\WINDOWS\system32\msv1_0.dll - ok
19:56:37.0843 3608 [ 011EACF9153EF90E6CBCE2987ACAE411 ] C:\WINDOWS\system32\iphlpapi.dll
19:56:37.0843 3608 C:\WINDOWS\system32\iphlpapi.dll - ok
19:56:37.0843 3608 [ 96353FCECBA774BB8DA74A1C6507015A ] C:\WINDOWS\system32\netlogon.dll
19:56:37.0843 3608 C:\WINDOWS\system32\netlogon.dll - ok
19:56:37.0859 3608 [ FE1F6432B5B64500FB2927098219EA8D ] C:\WINDOWS\system32\atmfd.dll
19:56:37.0859 3608 C:\WINDOWS\system32\atmfd.dll - ok
19:56:37.0859 3608 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] C:\WINDOWS\system32\w32time.dll
19:56:37.0859 3608 C:\WINDOWS\system32\w32time.dll - ok
19:56:37.0859 3608 [ DBB2E47723A164B178836668A6CA4C1B ] C:\WINDOWS\system32\wdigest.dll
19:56:37.0859 3608 C:\WINDOWS\system32\wdigest.dll - ok
19:56:37.0875 3608 [ 26ACBD865F8CFF730F1791C4D0854352 ] C:\WINDOWS\system32\rsaenh.dll
19:56:37.0875 3608 C:\WINDOWS\system32\rsaenh.dll - ok
19:56:37.0875 3608 [ 7BCB23FA39CE266AF4347A6BEAB60F8C ] C:\WINDOWS\system32\winscard.dll
19:56:37.0875 3608 C:\WINDOWS\system32\winscard.dll - ok
19:56:37.0875 3608 [ 67F2D109AB373FECEB819F420DB11F03 ] C:\WINDOWS\system32\wtsapi32.dll
19:56:37.0875 3608 C:\WINDOWS\system32\wtsapi32.dll - ok
19:56:37.0890 3608 [ 0F78E27F563F2AAF74B91A49E2ABF19A ] C:\WINDOWS\system32\scecli.dll
19:56:37.0890 3608 C:\WINDOWS\system32\scecli.dll - ok
19:56:37.0890 3608 [ 0A1E97197609F92D2425B67DA0BB0A7F ] C:\WINDOWS\system32\drivers\ACEDRV05.sys
19:56:37.0890 3608 C:\WINDOWS\system32\drivers\ACEDRV05.sys - ok
19:56:37.0890 3608 [ FA4670CAE95AE2BB857C68E535661145 ] C:\WINDOWS\system32\drivers\drvnddm.sys
19:56:37.0890 3608 C:\WINDOWS\system32\drivers\drvnddm.sys - ok
19:56:37.0906 3608 [ EEE79BBEFE9C6A2A3CE6C8753CFEA950 ] C:\WINDOWS\system32\dla\tfsndres.sys
19:56:37.0906 3608 C:\WINDOWS\system32\dla\tfsndres.sys - ok
19:56:37.0906 3608 [ 9D644EB11FEC9487450C4CFCD63A5DF4 ] C:\WINDOWS\system32\dla\tfsnifs.sys
19:56:37.0906 3608 C:\WINDOWS\system32\dla\tfsnifs.sys - ok
19:56:37.0921 3608 [ E656AF05C67EDB7C0E9230A5DF71ED1B ] C:\WINDOWS\system32\dla\tfsnopio.sys
19:56:37.0921 3608 C:\WINDOWS\system32\dla\tfsnopio.sys - ok
19:56:37.0921 3608 [ 1D265CD2FB1673A0873BF8CEC19DDC7F ] C:\WINDOWS\system32\dla\tfsnboio.sys
19:56:37.0921 3608 C:\WINDOWS\system32\dla\tfsnboio.sys - ok
19:56:37.0921 3608 [ 64FCCB9CCE703CA507DFFC3CEBF6B2CB ] C:\WINDOWS\system32\dla\tfsnpool.sys
19:56:37.0921 3608 C:\WINDOWS\system32\dla\tfsnpool.sys - ok
19:56:37.0937 3608 [ 62E4901295E0467CAC78E5B4B131AE5C ] C:\WINDOWS\system32\dla\tfsncofs.sys
19:56:37.0937 3608 C:\WINDOWS\system32\dla\tfsncofs.sys - ok
19:56:37.0937 3608 [ A2F380F9252AB3464C859ADF91EEAD9C ] C:\WINDOWS\system32\dla\tfsndrct.sys
19:56:37.0937 3608 C:\WINDOWS\system32\dla\tfsndrct.sys - ok
19:56:37.0937 3608 [ 48BC9D8AB4E4B9BFF70FB18E55CEC3D6 ] C:\WINDOWS\system32\dla\tfsnudf.sys
19:56:37.0937 3608 C:\WINDOWS\system32\dla\tfsnudf.sys - ok
19:56:37.0953 3608 [ 79F60822224256B49BFC855DA8D651D5 ] C:\WINDOWS\system32\dla\tfsnudfa.sys
19:56:37.0953 3608 C:\WINDOWS\system32\dla\tfsnudfa.sys - ok
19:56:37.0953 3608 [ 8F078AE4ED187AAABC0A305146DE6716 ] C:\WINDOWS\system32\svchost.exe
19:56:37.0953 3608 C:\WINDOWS\system32\svchost.exe - ok
19:56:37.0953 3608 [ DAA91B358E685FC6CCA9ACA72BE6FE85 ] C:\WINDOWS\system32\ntmarta.dll
19:56:37.0953 3608 C:\WINDOWS\system32\ntmarta.dll - ok
19:56:37.0968 3608 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] C:\WINDOWS\system32\rpcss.dll
19:56:37.0968 3608 C:\WINDOWS\system32\rpcss.dll - ok
19:56:37.0968 3608 [ 1320AEA7057A26A671D9548CC7BEBDA5 ] C:\WINDOWS\system32\xpsp2res.dll
19:56:37.0968 3608 C:\WINDOWS\system32\xpsp2res.dll - ok
19:56:37.0968 3608 [ 82B24CB70E5944E6E34662205A2A5B78 ] C:\WINDOWS\system32\eventlog.dll
19:56:37.0968 3608 C:\WINDOWS\system32\eventlog.dll - ok
19:56:37.0984 3608 [ 097722F235A1FB698BF9234E01B52637 ] C:\WINDOWS\system32\mswsock.dll
19:56:37.0984 3608 C:\WINDOWS\system32\mswsock.dll - ok
19:56:37.0984 3608 [ 765B30C776A1780B46B479FE614F707C ] C:\WINDOWS\system32\hnetcfg.dll
19:56:37.0984 3608 C:\WINDOWS\system32\hnetcfg.dll - ok
19:56:38.0000 3608 [ A7F95A53EE055115DF03588997A47D4D ] C:\WINDOWS\system32\wshtcpip.dll
19:56:38.0000 3608 C:\WINDOWS\system32\wshtcpip.dll - ok
19:56:38.0000 3608 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
19:56:38.0000 3608 C:\Program Files\Bonjour\mdnsNSP.dll - ok
19:56:38.0000 3608 [ 2C8FDB176F22629EA5342DB474FAC391 ] C:\WINDOWS\system32\winrnr.dll
19:56:38.0000 3608 C:\WINDOWS\system32\winrnr.dll - ok
19:56:38.0015 3608 [ 5F098BD2AE6B03044B085DECFFDF91EC ] C:\WINDOWS\system32\rasadhlp.dll
19:56:38.0015 3608 C:\WINDOWS\system32\rasadhlp.dll - ok
19:56:38.0015 3608 [ EF545E1A4B043DA4C84E230DD471C55F ] C:\WINDOWS\system32\dhcpcsvc.dll
19:56:38.0015 3608 C:\WINDOWS\system32\dhcpcsvc.dll - ok
19:56:38.0015 3608 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] C:\WINDOWS\system32\drivers\AegisP.sys
19:56:38.0015 3608 C:\WINDOWS\system32\drivers\AegisP.sys - ok
19:56:38.0031 3608 [ 34D6CD56409DA9A7ED573E1C90A308BF ] C:\WINDOWS\system32\drivers\ndisuio.sys
19:56:38.0031 3608 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
19:56:38.0031 3608 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] C:\WINDOWS\system32\dnsrslvr.dll
19:56:38.0031 3608 C:\WINDOWS\system32\dnsrslvr.dll - ok
19:56:38.0031 3608 [ B3EFF6D938C572E90A07B3D87A3C7657 ] C:\WINDOWS\system32\lmhsvc.dll
19:56:38.0031 3608 C:\WINDOWS\system32\lmhsvc.dll - ok
19:56:38.0046 3608 [ 5A91E6FEAB9F901302FA7FF768C0120F ] C:\WINDOWS\system32\wzcsvc.dll
19:56:38.0046 3608 C:\WINDOWS\system32\wzcsvc.dll - ok
19:56:38.0046 3608 [ 2030FA027E7C3E0A145649C03171457B ] C:\WINDOWS\system32\rtutils.dll
19:56:38.0046 3608 C:\WINDOWS\system32\rtutils.dll - ok
19:56:38.0046 3608 [ 50DE118DA580208B914B40DD47C90D52 ] C:\WINDOWS\system32\esent.dll
19:56:38.0046 3608 C:\WINDOWS\system32\esent.dll - ok
19:56:38.0062 3608 [ E682696D7F982494A8CFC80C5B59D422 ] C:\WINDOWS\system32\wmi.dll
19:56:38.0062 3608 C:\WINDOWS\system32\wmi.dll - ok
19:56:38.0062 3608 [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll
19:56:38.0062 3608 C:\WINDOWS\system32\atl.dll - ok
19:56:38.0062 3608 [ 5414CCF382E4FCC6819ABA84F5BFEFD4 ] C:\WINDOWS\system32\rastls.dll
19:56:38.0062 3608 C:\WINDOWS\system32\rastls.dll - ok
19:56:38.0078 3608 [ 4AC302BF714DC163E685D0A187A36D0F ] C:\WINDOWS\system32\cryptui.dll
19:56:38.0078 3608 C:\WINDOWS\system32\cryptui.dll - ok
19:56:38.0078 3608 [ 2D9C7B010409372C34F725DA5CCED083 ] C:\WINDOWS\system32\wininet.dll
19:56:38.0078 3608 C:\WINDOWS\system32\wininet.dll - ok
19:56:38.0078 3608 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
19:56:38.0078 3608 C:\WINDOWS\system32\normaliz.dll - ok
19:56:38.0093 3608 [ E3AB3442249C4861C9D591F95330731F ] C:\WINDOWS\system32\urlmon.dll
19:56:38.0093 3608 C:\WINDOWS\system32\urlmon.dll - ok
19:56:38.0093 3608 [ 7FBE659ECDC2E61BDA3AA930C1532516 ] C:\WINDOWS\system32\iertutil.dll
19:56:38.0093 3608 C:\WINDOWS\system32\iertutil.dll - ok
19:56:38.0093 3608 [ 9F78F329B1858E845087B923B4DBA0F3 ] C:\WINDOWS\system32\mprapi.dll
19:56:38.0093 3608 C:\WINDOWS\system32\mprapi.dll - ok
19:56:38.0109 3608 [ 875D770F477E0AE0088BE1810D537B23 ] C:\WINDOWS\system32\activeds.dll
19:56:38.0109 3608 C:\WINDOWS\system32\activeds.dll - ok
19:56:38.0109 3608 [ 12A581CA44E53B09D24C5B94F252C78D ] C:\WINDOWS\system32\adsldpc.dll
19:56:38.0109 3608 C:\WINDOWS\system32\adsldpc.dll - ok
19:56:38.0109 3608 [ CD1F7ED9842138BEADF9ECBF37818BEF ] C:\WINDOWS\system32\rasapi32.dll
19:56:38.0109 3608 C:\WINDOWS\system32\rasapi32.dll - ok
19:56:38.0125 3608 [ 30E244A707E6CE0A4B099CD6384EC6CA ] C:\WINDOWS\system32\rasman.dll
19:56:38.0125 3608 C:\WINDOWS\system32\rasman.dll - ok
19:56:38.0125 3608 [ 6307A1B82F6CA87D7E0CDF49E6E7BC00 ] C:\WINDOWS\system32\tapi32.dll
19:56:38.0125 3608 C:\WINDOWS\system32\tapi32.dll - ok
19:56:38.0140 3608 [ B78F5E78D50216A1302F50C12ABEE801 ] C:\WINDOWS\system32\riched20.dll
19:56:38.0140 3608 C:\WINDOWS\system32\riched20.dll - ok
19:56:38.0140 3608 [ 0B8EB60C983666C3F09AB770EDFD2F96 ] C:\WINDOWS\system32\raschap.dll
19:56:38.0140 3608 C:\WINDOWS\system32\raschap.dll - ok
19:56:38.0140 3608 [ 587729679B4FE04CE06A5C61D6C56DCD ] C:\WINDOWS\system32\cscdll.dll
19:56:38.0140 3608 C:\WINDOWS\system32\cscdll.dll - ok
19:56:38.0156 3608 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\MSVCR71.DLL
19:56:38.0156 3608 C:\WINDOWS\system32\MSVCR71.DLL - ok
19:56:38.0156 3608 [ 60714B1C15F815F55798C0B3D4819BEB ] C:\WINDOWS\system32\WLTRYSVC.EXE
19:56:38.0156 3608 C:\WINDOWS\system32\WLTRYSVC.EXE - ok
19:56:38.0156 3608 [ A599E5E366C1408E48AA5D37882D4E3E ] C:\WINDOWS\system32\wlnotify.dll
19:56:38.0156 3608 C:\WINDOWS\system32\wlnotify.dll - ok
19:56:38.0171 3608 [ 777EB29D0135D81AD9828A2B05443496 ] C:\WINDOWS\system32\winspool.drv
19:56:38.0171 3608 C:\WINDOWS\system32\winspool.drv - ok
19:56:38.0171 3608 [ 8E7DDDCC5A262480E7A8342956732BD9 ] C:\WINDOWS\system32\WgaLogon.dll
19:56:38.0171 3608 C:\WINDOWS\system32\WgaLogon.dll - ok
19:56:38.0171 3608 [ 618CCA5FD62EAD83C56D52824691C2FC ] C:\WINDOWS\system32\BCMWLTRY.EXE
19:56:38.0171 3608 C:\WINDOWS\system32\BCMWLTRY.EXE - ok
19:56:38.0187 3608 [ 0FCB11B39AF688035E1CDE754684EE5C ] C:\WINDOWS\system32\cfgmgr32.dll
19:56:38.0187 3608 C:\WINDOWS\system32\cfgmgr32.dll - ok
19:56:38.0187 3608 [ EC8A848FC4F17F3B3D9DA4A0C43FB930 ] C:\WINDOWS\system32\clbcatq.dll
19:56:38.0187 3608 C:\WINDOWS\system32\clbcatq.dll - ok
19:56:38.0187 3608 [ 4E8964A5564D27BE3F336AAD47D5D6E8 ] C:\WINDOWS\system32\bcm1xsup.dll
19:56:38.0187 3608 C:\WINDOWS\system32\bcm1xsup.dll - ok
19:56:38.0203 3608 [ 1B5F6923ABB450692E9FE0672C897AED ] C:\WINDOWS\system32\powrprof.dll
19:56:38.0203 3608 C:\WINDOWS\system32\powrprof.dll - ok
19:56:38.0203 3608 [ 6728270CB7DBB776ED086F5AC4C82310 ] C:\WINDOWS\system32\comres.dll
19:56:38.0203 3608 C:\WINDOWS\system32\comres.dll - ok
19:56:38.0203 3608 [ 4DF537A09034434EA9481B88AB1D3C25 ] C:\WINDOWS\system32\bcmwlpkt.dll
19:56:38.0203 3608 C:\WINDOWS\system32\bcmwlpkt.dll - ok
19:56:38.0218 3608 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\WINDOWS\system32\MFC71.DLL
19:56:38.0218 3608 C:\WINDOWS\system32\MFC71.DLL - ok
19:56:38.0218 3608 [ 524F073B1241F5D37CD70FF389B3B7FD ] C:\WINDOWS\system32\msxml3.dll
19:56:38.0218 3608 C:\WINDOWS\system32\msxml3.dll - ok
19:56:38.0218 3608 [ 92360854316611F6CC471612213C3D92 ] C:\WINDOWS\system32\schedsvc.dll
19:56:38.0218 3608 C:\WINDOWS\system32\schedsvc.dll - ok
19:56:38.0234 3608 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\WINDOWS\system32\MSVCP71.DLL
19:56:38.0234 3608 C:\WINDOWS\system32\MSVCP71.DLL - ok
19:56:38.0234 3608 [ 249817F51C84D283E96E6B2580D21FFD ] C:\WINDOWS\system32\msidle.dll
19:56:38.0234 3608 C:\WINDOWS\system32\msidle.dll - ok
19:56:38.0250 3608 [ 53AF9F2B2CE4B6EFF41C70417359D010 ] C:\WINDOWS\system32\wsock32.dll
19:56:38.0250 3608 C:\WINDOWS\system32\wsock32.dll - ok
19:56:38.0250 3608 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] C:\WINDOWS\system32\spoolsv.exe
19:56:38.0250 3608 C:\WINDOWS\system32\spoolsv.exe - ok
19:56:38.0250 3608 [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\WINDOWS\system32\MFC71ENU.DLL
19:56:38.0250 3608 C:\WINDOWS\system32\MFC71ENU.DLL - ok
19:56:38.0265 3608 [ DB66DB626E4882EBEF55F136F12C1829 ] C:\WINDOWS\system32\audiosrv.dll
19:56:38.0265 3608 C:\WINDOWS\system32\audiosrv.dll - ok
19:56:38.0265 3608 [ 8F2097E8B174F38178570C611464935F ] C:\WINDOWS\system32\ATL71.DLL
19:56:38.0265 3608 C:\WINDOWS\system32\ATL71.DLL - ok
19:56:38.0265 3608 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] C:\WINDOWS\system32\scardsvr.exe
19:56:38.0265 3608 C:\WINDOWS\system32\scardsvr.exe - ok
19:56:38.0281 3608 [ 5F755A48D09444CEE0A1A7E74AC54D85 ] C:\WINDOWS\system32\wltrynt.dll
19:56:38.0281 3608 C:\WINDOWS\system32\wltrynt.dll - ok
19:56:38.0281 3608 [ 60D1A6342238378BFB7545C81EE3606C ] C:\WINDOWS\system32\es.dll
19:56:38.0281 3608 C:\WINDOWS\system32\es.dll - ok
19:56:38.0281 3608 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] C:\WINDOWS\system32\wkssvc.dll
19:56:38.0281 3608 C:\WINDOWS\system32\wkssvc.dll - ok
19:56:38.0296 3608 [ 29414447EB5BDE2F8397DC965DBB3156 ] C:\WINDOWS\system32\drivers\mrxdav.sys
19:56:38.0296 3608 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
19:56:38.0296 3608 [ 265F534EF76832435AFBF771EC97176D ] C:\WINDOWS\system32\webclnt.dll
19:56:38.0296 3608 C:\WINDOWS\system32\webclnt.dll - ok
19:56:38.0296 3608 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] C:\WINDOWS\system32\alrsvc.dll
19:56:38.0296 3608 C:\WINDOWS\system32\alrsvc.dll - ok
19:56:38.0312 3608 [ 4FE5C6D40664AE07BE5105874357D2ED ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:56:38.0312 3608 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
19:56:38.0312 3608 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
19:56:38.0312 3608 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
19:56:38.0328 3608 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
19:56:38.0328 3608 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
19:56:38.0328 3608 [ 8C22C6088057A00EAE7D963600F26EEB ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
19:56:38.0328 3608 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
19:56:38.0328 3608 [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
19:56:38.0328 3608 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
19:56:38.0343 3608 [ 64894527838C86454E2F378FF39FA336 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
19:56:38.0343 3608 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
19:56:38.0343 3608 [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
19:56:38.0343 3608 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
19:56:38.0359 3608 [ 9ABB7CDAC0914579C86990048771B1B4 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
19:56:38.0359 3608 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
19:56:38.0359 3608 [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
19:56:38.0359 3608 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
19:56:38.0359 3608 [ 0D75A1CFD1215875C8DD0BB9AFF4695C ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
19:56:38.0359 3608 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
19:56:38.0375 3608 [ D47913F993A0E3A0C9F1E88FD02E98C6 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
19:56:38.0375 3608 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
19:56:38.0375 3608 [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
19:56:38.0375 3608 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
19:56:38.0390 3608 [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
19:56:38.0390 3608 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
19:56:38.0390 3608 [ 4327CF9A9D0864CA0FFC97FCDA97315A ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
19:56:38.0390 3608 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
19:56:38.0390 3608 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\WINDOWS\system32\dnssd.dll
19:56:38.0390 3608 C:\WINDOWS\system32\dnssd.dll - ok
19:56:38.0406 3608 [ 24665B221424FFD7B71F0D2C398F2F4F ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
19:56:38.0406 3608 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
19:56:38.0406 3608 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
19:56:38.0406 3608 C:\Program Files\Bonjour\mDNSResponder.exe - ok
19:56:38.0406 3608 [ 0D532571E7B3E34F862DAD759C02EF9E ] C:\WINDOWS\system32\drivers\CDANTSRV.EXE
19:56:38.0406 3608 C:\WINDOWS\system32\drivers\CDANTSRV.EXE - ok
19:56:38.0421 3608 [ 58B61578D5704E9FC8B8A9861A85069D ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
19:56:38.0421 3608 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
19:56:38.0421 3608 [ 10654F9DDCEA9C46CFB77554231BE73B ] C:\WINDOWS\system32\cryptsvc.dll
19:56:38.0421 3608 C:\WINDOWS\system32\cryptsvc.dll - ok
19:56:38.0437 3608 [ AD44C5BC21213F394F6AFCB55CC39293 ] C:\WINDOWS\system32\certcli.dll
19:56:38.0437 3608 C:\WINDOWS\system32\certcli.dll - ok
19:56:38.0437 3608 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
19:56:38.0437 3608 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
19:56:38.0437 3608 [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
19:56:38.0437 3608 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
19:56:38.0453 3608 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] C:\WINDOWS\system32\ersvc.dll
19:56:38.0453 3608 C:\WINDOWS\system32\ersvc.dll - ok
19:56:38.0453 3608 [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
19:56:38.0453 3608 C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
19:56:38.0468 3608 [ 0346DA24DE3C85909717D5997510A31F ] C:\WINDOWS\system32\mlang.dll
19:56:38.0468 3608 C:\WINDOWS\system32\mlang.dll - ok
19:56:38.0468 3608 [ 8A1CBAE63FC06EDAEDCCE1B23E9C9267 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
19:56:38.0468 3608 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
19:56:38.0484 3608 [ C3C8D359D1FCB72941F75F8A302BFBDE ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
19:56:38.0484 3608 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
19:56:38.0484 3608 [ 892F4BC54D486FEB4DF03E4E2ECB14E0 ] C:\WINDOWS\system32\msi.dll
19:56:38.0484 3608 C:\WINDOWS\system32\msi.dll - ok
19:56:38.0484 3608 [ 59E9857ABC6C62AF55EB29FA68354805 ] C:\WINDOWS\system32\xmlprovi.dll
19:56:38.0484 3608 C:\WINDOWS\system32\xmlprovi.dll - ok
19:56:38.0500 3608 [ 9A9BBC71D0EBCD400A33ABCD5F0AB39C ] C:\WINDOWS\system32\wzcsapi.dll
19:56:38.0500 3608 C:\WINDOWS\system32\wzcsapi.dll - ok
19:56:38.0500 3608 [ 6479A184873F7CA797FF0375D711E9A6 ] C:\WINDOWS\system32\dbghelp.dll
19:56:38.0500 3608 C:\WINDOWS\system32\dbghelp.dll - ok
19:56:38.0500 3608 [ 8827911A8C37E40C027CBFC88E69D967 ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
19:56:38.0500 3608 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
19:56:38.0515 3608 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] C:\Program Files\Java\jre6\bin\jqs.exe
19:56:38.0515 3608 C:\Program Files\Java\jre6\bin\jqs.exe - ok
19:56:38.0515 3608 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
19:56:38.0515 3608 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
19:56:38.0515 3608 [ 9376E6893E52B368ABC6255BF54F0B28 ] C:\WINDOWS\system32\hidserv.dll
19:56:38.0515 3608 C:\WINDOWS\system32\hidserv.dll - ok
19:56:38.0531 3608 [ DB963459BEA73867E50BC92D3A3F61BC ] C:\WINDOWS\system32\pdh.dll
19:56:38.0531 3608 C:\WINDOWS\system32\pdh.dll - ok
19:56:38.0531 3608 [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
19:56:38.0531 3608 C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
19:56:38.0531 3608 [ 18AFEE0EDE045B6255408D634372DC29 ] C:\WINDOWS\system32\hid.dll
19:56:38.0531 3608 C:\WINDOWS\system32\hid.dll - ok
19:56:38.0546 3608 [ DAD1CEF1B77539B4EF734A1041CF95ED ] C:\WINDOWS\system32\mstask.dll
19:56:38.0546 3608 C:\WINDOWS\system32\mstask.dll - ok
19:56:38.0546 3608 [ 7AA15CCBE1DD20339200659AF99D588F ] C:\WINDOWS\system32\odbcbcp.dll
19:56:38.0546 3608 C:\WINDOWS\system32\odbcbcp.dll - ok
19:56:38.0562 3608 [ 24A7D535BD9E58E5BC1AC52EF7E2EC8E ] C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
19:56:38.0562 3608 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe - ok
19:56:38.0562 3608 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] C:\WINDOWS\system32\srvsvc.dll
19:56:38.0562 3608 C:\WINDOWS\system32\srvsvc.dll - ok
19:56:38.0562 3608 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
19:56:38.0562 3608 C:\WINDOWS\system32\netmsg.dll - ok
19:56:38.0578 3608 [ 7A4F147CC6B133F905F6E65E2F8669FB ] C:\WINDOWS\system32\drivers\srv.sys
19:56:38.0578 3608 C:\WINDOWS\system32\drivers\srv.sys - ok
19:56:38.0578 3608 [ FC77C63C47AE2D0D8B05DA6EC1785C0F ] C:\WINDOWS\system32\perfos.dll
19:56:38.0578 3608 C:\WINDOWS\system32\perfos.dll - ok
19:56:38.0578 3608 [ BA868A32EB6EB8EBD2FF0D8679801DEF ] C:\WINDOWS\system32\perfdisk.dll
19:56:38.0578 3608 C:\WINDOWS\system32\perfdisk.dll - ok
19:56:38.0593 3608 [ 87B85BC1E1F6E0228876204A20A9C24C ] C:\WINDOWS\system32\spoolss.dll
19:56:38.0593 3608 C:\WINDOWS\system32\spoolss.dll - ok
19:56:38.0593 3608 [ 2E632F071817AD3758C386571CBD9858 ] C:\WINDOWS\system32\localspl.dll
19:56:38.0593 3608 C:\WINDOWS\system32\localspl.dll - ok
19:56:38.0593 3608 [ 7105749E78925FDFFD078DD54A8C2B70 ] C:\WINDOWS\system32\cnbjmon.dll
19:56:38.0593 3608 C:\WINDOWS\system32\cnbjmon.dll - ok
19:56:38.0625 3608 [ A246F118B3247C456DC68C5B7D929E75 ] C:\WINDOWS\system32\HPBMMON.DLL
19:56:38.0625 3608 C:\WINDOWS\system32\HPBMMON.DLL - ok
19:56:38.0640 3608 [ AAE2820726FF1346B501610CC56A9D9C ] C:\WINDOWS\system32\HPDOMON.DLL
19:56:38.0640 3608 C:\WINDOWS\system32\HPDOMON.DLL - ok
19:56:38.0640 3608 [ C44BC10BA73575C91FF50CDAF4D8E370 ] C:\WINDOWS\system32\pjlmon.dll
19:56:38.0640 3608 C:\WINDOWS\system32\pjlmon.dll - ok
19:56:38.0656 3608 [ 242D07D7FC72AD897944BFF932D57C3C ] C:\WINDOWS\system32\usbmon.dll
19:56:38.0656 3608 C:\WINDOWS\system32\usbmon.dll - ok
19:56:38.0656 3608 [ C51A3D62B0F81897EB0CEF4E47392CB8 ] C:\WINDOWS\system32\HPBHEALR.DLL
19:56:38.0656 3608 C:\WINDOWS\system32\HPBHEALR.DLL - ok
19:56:38.0656 3608 [ E0B83ADFB16D794A0D207FE119D03182 ] C:\WINDOWS\system32\HPTcpMon.dll
19:56:38.0656 3608 C:\WINDOWS\system32\HPTcpMon.dll - ok
19:56:38.0671 3608 [ B85EC14C7A5F7B2C8D70D4443486DD77 ] C:\WINDOWS\system32\hpzjrd01.dll
19:56:38.0671 3608 C:\WINDOWS\system32\hpzjrd01.dll - ok
19:56:38.0687 3608 [ 98C1FF6676E02D43DA208802286A6EE7 ] C:\WINDOWS\system32\clusapi.dll
19:56:38.0687 3608 C:\WINDOWS\system32\clusapi.dll - ok
19:56:38.0687 3608 [ 5CC3838902A9257B79BD43F56D8B7275 ] C:\WINDOWS\system32\HPTcpMUI.dll
19:56:38.0687 3608 C:\WINDOWS\system32\HPTcpMUI.dll - ok
19:56:38.0687 3608 [ 36247C6D5E1FE03A56EE81BB99D7E68C ] C:\WINDOWS\system32\HPTcpMib.dll
19:56:38.0687 3608 C:\WINDOWS\system32\HPTcpMib.dll - ok
19:56:38.0703 3608 [ DD7A348FBB1491208D908A36A2900371 ] C:\WINDOWS\system32\mgmtapi.dll
19:56:38.0703 3608 C:\WINDOWS\system32\mgmtapi.dll - ok
19:56:38.0703 3608 [ 0484C838ADFC880B74B0E9D2D97738E2 ] C:\WINDOWS\system32\snmpapi.dll
19:56:38.0703 3608 C:\WINDOWS\system32\snmpapi.dll - ok
19:56:38.0703 3608 [ 310B84ED9452D97B408589ED28860902 ] C:\WINDOWS\system32\wsnmp32.dll
19:56:38.0703 3608 C:\WINDOWS\system32\wsnmp32.dll - ok
19:56:38.0718 3608 [ A2973A14FD05F6A5BD61F3528DFAE922 ] C:\WINDOWS\system32\hpzsnt12.dll
19:56:38.0718 3608 C:\WINDOWS\system32\hpzsnt12.dll - ok
19:56:38.0718 3608 [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\WINDOWS\system32\mdimon.dll
19:56:38.0718 3608 C:\WINDOWS\system32\mdimon.dll - ok
19:56:38.0734 3608 [ AF238673651EFC0226EA74239B502A6F ] C:\WINDOWS\system32\pdf995mon.dll
19:56:38.0734 3608 C:\WINDOWS\system32\pdf995mon.dll - ok
19:56:38.0734 3608 [ A3F853629F7F2537157EA6EA9857EA56 ] C:\WINDOWS\system32\tcpmon.dll
19:56:38.0734 3608 C:\WINDOWS\system32\tcpmon.dll - ok
19:56:38.0734 3608 [ 38440FE1A65B1FE3D246C5C4CAD22F53 ] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
19:56:38.0734 3608 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - ok
19:56:38.0750 3608 [ 28BD0E4B6C050B591B8CB35B9AD284E6 ] C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:56:38.0750 3608 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe - ok
19:56:38.0750 3608 [ 16909457828F6EEB01CD46F206EBFA0B ] C:\WINDOWS\system32\tcpmib.dll
19:56:38.0750 3608 C:\WINDOWS\system32\tcpmib.dll - ok
19:56:38.0750 3608 [ 52D7FAED86DF2E2CFA53A84DB09C29E3 ] C:\Program Files\Network Associates\Common Framework\applib.dll
19:56:38.0750 3608 C:\Program Files\Network Associates\Common Framework\applib.dll - ok
19:56:38.0765 3608 [ A80F0E7DC789150C3AE4F504E3B96B06 ] C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
19:56:38.0765 3608 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe - ok
19:56:38.0765 3608 [ 3EAA08B3AA2D1F4FA4C2153B994220AC ] C:\Program Files\Network Associates\Common Framework\naCmnLib.dll
19:56:38.0765 3608 C:\Program Files\Network Associates\Common Framework\naCmnLib.dll - ok
19:56:38.0781 3608 [ 317BE5B6E5AC46668C6ADCFFE46D5D55 ] C:\Program Files\Network Associates\Common Framework\nailog.dll
19:56:38.0781 3608 C:\Program Files\Network Associates\Common Framework\nailog.dll - ok
19:56:38.0781 3608 [ EBE10D661DF075BAD51B8A704C45E48C ] C:\Program Files\Network Associates\Common Framework\naXML.dll
19:56:38.0781 3608 C:\Program Files\Network Associates\Common Framework\naXML.dll - ok
19:56:38.0781 3608 [ 5F16FE680A9D447D84F34CF9C6634455 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\AgilPrt.DLL
19:56:38.0781 3608 C:\WINDOWS\system32\spool\prtprocs\w32x86\AgilPrt.DLL - ok
19:56:38.0796 3608 [ 654D466216DDF41DFC336EA9F5A1C318 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP041.DLL
19:56:38.0796 3608 C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP041.DLL - ok
19:56:38.0796 3608 [ EA8647A21BCB56C5F15712D4B7407501 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
19:56:38.0796 3608 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
19:56:38.0796 3608 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
19:56:38.0796 3608 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
19:56:38.0812 3608 [ C8BEEBD0C2F316C07CEC2286959A952E ] C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll
19:56:38.0812 3608 C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll - ok
19:56:38.0812 3608 [ 34A9E8A134C55F1032C0D96E73DFA4AC ] C:\WINDOWS\system32\spool\prtprocs\w32x86\wpeproc.dll
19:56:38.0812 3608 C:\WINDOWS\system32\spool\prtprocs\w32x86\wpeproc.dll - ok
19:56:38.0828 3608 [ 3D908B0ACE675E8DD64C7C72C64E3CA3 ] C:\Program Files\Network Associates\Common Framework\Logging.dll
19:56:38.0828 3608 C:\Program Files\Network Associates\Common Framework\Logging.dll - ok
19:56:38.0828 3608 [ FE7985DAE11FA70829762C5AF39DBB27 ] C:\Program Files\Network Associates\VirusScan\Mcshield.exe
19:56:38.0828 3608 C:\Program Files\Network Associates\VirusScan\Mcshield.exe - ok
19:56:38.0828 3608 [ A07004E43C252D3CFB0759D620AEC69E ] C:\Program Files\Network Associates\Common Framework\InternetManager.dll
19:56:38.0828 3608 C:\Program Files\Network Associates\Common Framework\InternetManager.dll - ok
19:56:38.0843 3608 [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
19:56:38.0843 3608 C:\WINDOWS\system32\lz32.dll - ok
19:56:38.0843 3608 [ 59A18E24D987B8D859B0A39FAEBF5B6C ] C:\Program Files\Network Associates\VirusScan\ftl.dll
19:56:38.0843 3608 C:\Program Files\Network Associates\VirusScan\ftl.dll - ok
19:56:38.0843 3608 [ F12ADD16830D9FC8952670C1C87427C0 ] C:\Program Files\Network Associates\VirusScan\Res09\McShield.DLL
19:56:38.0843 3608 C:\Program Files\Network Associates\VirusScan\Res09\McShield.DLL - ok
19:56:38.0859 3608 [ 44DB0383BA983EEED9167709E27016EA ] C:\Program Files\Network Associates\VirusScan\naiann.dll
19:56:38.0859 3608 C:\Program Files\Network Associates\VirusScan\naiann.dll - ok
19:56:38.0859 3608 [ 524EDF546197038A752D39E89F428E37 ] C:\Program Files\Network Associates\VirusScan\naicondl.dll
19:56:38.0859 3608 C:\Program Files\Network Associates\VirusScan\naicondl.dll - ok
19:56:38.0859 3608 [ A6D84BE6B57D94036DD2E0F1D7651D44 ] C:\Program Files\Network Associates\VirusScan\naiwmain.dll
19:56:38.0875 3608 C:\Program Files\Network Associates\VirusScan\naiwmain.dll - ok
19:56:38.0875 3608 [ E894400561F248970D906F4C4A757146 ] C:\Program Files\Network Associates\VirusScan\shutil.dll
19:56:38.0875 3608 C:\Program Files\Network Associates\VirusScan\shutil.dll - ok
19:56:38.0875 3608 [ DAE0D925FA8D4AEC46E924A136B93A32 ] C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
19:56:38.0875 3608 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe - ok
19:56:38.0890 3608 [ A1C10F87248529173F39F4B4734DF14B ] C:\WINDOWS\system32\win32spl.dll
19:56:38.0890 3608 C:\WINDOWS\system32\win32spl.dll - ok
19:56:38.0890 3608 [ DAAD2174FDB5E9B4CE734E338C7A8134 ] C:\Program Files\Network Associates\Common Framework\naInet.dll
19:56:38.0890 3608 C:\Program Files\Network Associates\Common Framework\naInet.dll - ok
19:56:38.0890 3608 [ 1AB3218E6C25A93167244FD0297CCF66 ] C:\Program Files\Network Associates\VirusScan\mytilus.dll
19:56:38.0890 3608 C:\Program Files\Network Associates\VirusScan\mytilus.dll - ok
19:56:38.0906 3608 [ 11F714F85530A2BD134074DC30E99FCA ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:56:38.0906 3608 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - ok
19:56:38.0906 3608 [ 4BF76ABDDB35F65AF7B1186136975411 ] C:\Program Files\Network Associates\VirusScan\Res09\VsTskMgr.DLL
19:56:38.0906 3608 C:\Program Files\Network Associates\VirusScan\Res09\VsTskMgr.DLL - ok
19:56:38.0906 3608 [ 84A5644AE4731202A4A02E6342D29BA6 ] C:\WINDOWS\system32\netrap.dll
19:56:38.0906 3608 C:\WINDOWS\system32\netrap.dll - ok
19:56:38.0921 3608 [ E246A32C445056996074A397DA56E815 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
19:56:38.0921 3608 C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
19:56:38.0921 3608 [ D96BAE2966DD404EC6947CACCFA33B68 ] C:\Program Files\Network Associates\Common Framework\Management.dll
19:56:38.0921 3608 C:\Program Files\Network Associates\Common Framework\Management.dll - ok
19:56:38.0937 3608 [ 77F670BDE28573C56991376F0FEA21CE ] C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll
19:56:38.0937 3608 C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll - ok
19:56:38.0937 3608 [ C8C5EFC0500BE8268ED3F2A04C28A56F ] C:\Program Files\Network Associates\Common Framework\UserSpace.dll
19:56:38.0937 3608 C:\Program Files\Network Associates\Common Framework\UserSpace.dll - ok
19:56:38.0937 3608 [ 9D84376931440F3679BEEF2A414FA493 ] C:\WINDOWS\system32\HPZipm12.exe
19:56:38.0937 3608 C:\WINDOWS\system32\HPZipm12.exe - ok
19:56:38.0953 3608 [ F14A6BD840E4D7CD4C0535CB3CEF2887 ] C:\WINDOWS\system32\inetpp.dll
19:56:38.0953 3608 C:\WINDOWS\system32\inetpp.dll - ok
19:56:38.0953 3608 [ D1E299962B5956005113EC4AB1E0D9B7 ] C:\WINDOWS\system32\ipsecsvc.dll
19:56:38.0953 3608 C:\WINDOWS\system32\ipsecsvc.dll - ok
19:56:38.0953 3608 [ 7655BC44149CC7E2C2D7C12443E8BFE0 ] C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll
19:56:38.0953 3608 C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll - ok
19:56:38.0968 3608 [ 3B2B513A3E40BCC5733EB4229C82AAF1 ] C:\Program Files\Network Associates\Common Framework\cmalib.dll
19:56:38.0968 3608 C:\Program Files\Network Associates\Common Framework\cmalib.dll - ok
19:56:38.0968 3608 [ D91A0AD2E60B7C689953E655A5D36659 ] C:\Program Files\Network Associates\VirusScan\NaEventU.Dll
19:56:38.0968 3608 C:\Program Files\Network Associates\VirusScan\NaEventU.Dll - ok
19:56:38.0968 3608 [ E7E39B9152E6C27E5F608574EA6C5A52 ] C:\WINDOWS\system32\oakley.dll
19:56:38.0968 3608 C:\WINDOWS\system32\oakley.dll - ok
19:56:38.0984 3608 [ 3151427DB7D87107D1C5BE58FAC53960 ] C:\WINDOWS\system32\regsvc.dll
19:56:38.0984 3608 C:\WINDOWS\system32\regsvc.dll - ok
19:56:38.0984 3608 [ B1E0CE09895376871746F36DC5773B4F ] C:\WINDOWS\system32\seclogon.dll
19:56:38.0984 3608 C:\WINDOWS\system32\seclogon.dll - ok
19:56:38.0984 3608 [ 43D6B69FBDFA22E36C17D4D68D70078B ] C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll
19:56:38.0984 3608 C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll - ok
19:56:39.0000 3608 [ DFD9870CF39C791D86C4C209DA9FA919 ] C:\WINDOWS\system32\sens.dll
19:56:39.0000 3608 C:\WINDOWS\system32\sens.dll - ok
19:56:39.0000 3608 [ 36CC8C01B5E50163037BEF56CB96DEFF ] C:\WINDOWS\system32\ipnathlp.dll
19:56:39.0000 3608 C:\WINDOWS\system32\ipnathlp.dll - ok
19:56:39.0015 3608 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] C:\WINDOWS\system32\wiaservc.dll
19:56:39.0015 3608 C:\WINDOWS\system32\wiaservc.dll - ok
19:56:39.0015 3608 [ B3D22A483875A61CB2060C7D518EFFC2 ] C:\Program Files\Network Associates\Common Framework\PSAPI.dll
19:56:39.0015 3608 C:\Program Files\Network Associates\Common Framework\PSAPI.dll - ok
19:56:39.0015 3608 [ E3D7FE2155B0A67A0550F7944178F4DC ] C:\Program Files\Network Associates\VirusScan\Res09\NaEvtRes.Dll
19:56:39.0015 3608 C:\Program Files\Network Associates\VirusScan\Res09\NaEvtRes.Dll - ok
19:56:39.0031 3608 [ 331B69D20D0983B93BAF2F7E6DAEBB80 ] C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
19:56:39.0031 3608 C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe - ok
19:56:39.0031 3608 [ 2B2F31E3F2CE3723C1B0F3700C8BE28B ] C:\WINDOWS\system32\winipsec.dll
19:56:39.0031 3608 C:\WINDOWS\system32\winipsec.dll - ok
19:56:39.0031 3608 [ 6654BCA6BE7DCA91723BE57A5F1E25ED ] C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll
19:56:39.0031 3608 C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll - ok
19:56:39.0046 3608 [ 306B30A036DB25FCB76B507FEDE07D58 ] C:\WINDOWS\system32\pstorsvc.dll
19:56:39.0046 3608 C:\WINDOWS\system32\pstorsvc.dll - ok
19:56:39.0046 3608 [ 4D3CCDF22D2B4BAE229BA73B81D13E26 ] C:\WINDOWS\system32\psbase.dll
19:56:39.0046 3608 C:\WINDOWS\system32\psbase.dll - ok
19:56:39.0046 3608 [ 24FF5DA209F3EB28D780922DB1849450 ] C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll
19:56:39.0046 3608 C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll - ok
19:56:39.0062 3608 [ CACD2C63A79268D131EA37E85524CC44 ] C:\WINDOWS\system32\dssenh.dll
19:56:39.0062 3608 C:\WINDOWS\system32\dssenh.dll - ok
19:56:39.0062 3608 [ C821005B332D1BEC2C875095F9F7E327 ] C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll
19:56:39.0062 3608 C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll - ok
19:56:39.0062 3608 [ BF52A4D4EB4CFB3109667E429B93E21A ] C:\WINDOWS\system32\netshell.dll
19:56:39.0062 3608 C:\WINDOWS\system32\netshell.dll - ok
19:56:39.0078 3608 [ 4ED87C9C1F9EA9FC68C2E22C3A2DB286 ] C:\WINDOWS\system32\mscms.dll
19:56:39.0078 3608 C:\WINDOWS\system32\mscms.dll - ok
19:56:39.0078 3608 [ 7D2DB489F984628A63AA4D3703B079B4 ] C:\Program Files\Common Files\Network Associates\Engine\McScan32.dll
19:56:39.0078 3608 C:\Program Files\Common Files\Network Associates\Engine\McScan32.dll - ok
19:56:39.0078 3608 [ E3E54839572A89099B2F9F39403F3D12 ] C:\Program Files\Network Associates\Common Framework\Scheduler.dll
19:56:39.0093 3608 C:\Program Files\Network Associates\Common Framework\Scheduler.dll - ok
19:56:39.0093 3608 [ 187B944F719C5915BF5C615F56C0395A ] C:\WINDOWS\system32\hpgwiamd.dll
19:56:39.0093 3608 C:\WINDOWS\system32\hpgwiamd.dll - ok
19:56:39.0093 3608 [ 90BDB3E8AE72E65F1FFF7408D4A7D020 ] C:\Program Files\Network Associates\VirusScan\VSPlugin.dll
19:56:39.0093 3608 C:\Program Files\Network Associates\VirusScan\VSPlugin.dll - ok
19:56:39.0109 3608 [ CD89D4BFF57A5C6459F4166C3B96A40C ] C:\Program Files\Network Associates\Common Framework\TCSubSys.dll
19:56:39.0109 3608 C:\Program Files\Network Associates\Common Framework\TCSubSys.dll - ok
19:56:39.0109 3608 [ 1ECB753D7CEEC8F5A94C9781CA64EC44 ] C:\WINDOWS\system32\credui.dll
19:56:39.0109 3608 C:\WINDOWS\system32\credui.dll - ok
19:56:39.0109 3608 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:56:39.0109 3608 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe - ok
19:56:39.0125 3608 [ 13510490BEA0997DB625DAA0178CBFCA ] C:\WINDOWS\system32\actxprxy.dll
19:56:39.0125 3608 C:\WINDOWS\system32\actxprxy.dll - ok
19:56:39.0125 3608 [ DCE3C277C4C9ADBC11850DBC4AD131B3 ] C:\WINDOWS\system32\winhttp.dll
19:56:39.0125 3608 C:\WINDOWS\system32\winhttp.dll - ok
19:56:39.0125 3608 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] C:\WINDOWS\system32\srsvc.dll
19:56:39.0125 3608 C:\WINDOWS\system32\srsvc.dll - ok
19:56:39.0140 3608 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] C:\WINDOWS\system32\trkwks.dll
19:56:39.0140 3608 C:\WINDOWS\system32\trkwks.dll - ok
19:56:39.0140 3608 [ 6298277B73C77FA99106B271A7525163 ] C:\WINDOWS\system32\wuaueng.dll
19:56:39.0140 3608 C:\WINDOWS\system32\wuaueng.dll - ok
19:56:39.0156 3608 [ 13D72740963CBA12D9FF76A7F218BCD8 ] C:\WINDOWS\system32\wuauserv.dll
19:56:39.0156 3608 C:\WINDOWS\system32\wuauserv.dll - ok
19:56:39.0156 3608 [ 08F0190AE201EC331B4CA3B0FA2D2CCE ] C:\WINDOWS\system32\cabinet.dll
19:56:39.0156 3608 C:\WINDOWS\system32\cabinet.dll - ok
19:56:39.0156 3608 [ 633C197292B4051D986903827DE561A3 ] C:\WINDOWS\system32\mspatcha.dll
19:56:39.0156 3608 C:\WINDOWS\system32\mspatcha.dll - ok
19:56:39.0171 3608 [ F399242A80C4066FD155EFA4CF96658E ] C:\WINDOWS\system32\wbem\wmisvc.dll
19:56:39.0171 3608 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
19:56:39.0171 3608 [ 79DABB124D00ADF19852AE879C201890 ] C:\WINDOWS\system32\vssapi.dll
19:56:39.0171 3608 C:\WINDOWS\system32\vssapi.dll - ok
19:56:39.0171 3608 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] C:\WINDOWS\system32\browser.dll
19:56:39.0171 3608 C:\WINDOWS\system32\browser.dll - ok
19:56:39.0187 3608 [ 4D59DAA66C60858CDF4F67A900F42D4A ] C:\WINDOWS\system32\wscsvc.dll
19:56:39.0187 3608 C:\WINDOWS\system32\wscsvc.dll - ok
19:56:39.0187 3608 [ 851547797C2A7F8A04841644C471A567 ] C:\WINDOWS\system32\wbem\wbemprox.dll
19:56:39.0187 3608 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
19:56:39.0187 3608 [ 4E39C36213E95FB971A61A247BDE2F61 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
19:56:39.0187 3608 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
19:56:39.0203 3608 [ 1D326842006C4BE77ECD848CF89F01AB ] C:\WINDOWS\system32\wups.dll
19:56:39.0203 3608 C:\WINDOWS\system32\wups.dll - ok
19:56:39.0203 3608 [ 5BD1234E11B39C63BBA87022AF6D43C2 ] C:\WINDOWS\system32\wups2.dll
19:56:39.0203 3608 C:\WINDOWS\system32\wups2.dll - ok
19:56:39.0203 3608 [ 36360B625D7290BBA2CD03AD4975E1BC ] C:\WINDOWS\system32\wbem\wbemcore.dll
19:56:39.0203 3608 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
19:56:39.0218 3608 [ DE578E4E6844954823FC7688625F00C8 ] C:\WINDOWS\system32\wbem\esscli.dll
19:56:39.0218 3608 C:\WINDOWS\system32\wbem\esscli.dll - ok
19:56:39.0218 3608 [ 950DF6295D3C6B5F2D508DCB1B275B87 ] C:\WINDOWS\system32\wbem\fastprox.dll
19:56:39.0218 3608 C:\WINDOWS\system32\wbem\fastprox.dll - ok
19:56:39.0218 3608 [ 7D676AC8CC19341117C77C261647BA07 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
19:56:39.0218 3608 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
19:56:39.0234 3608 [ 0A1161DB4FCCF7821736C70D70A0F5A3 ] C:\WINDOWS\system32\wbem\wmiutils.dll
19:56:39.0234 3608 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
19:56:39.0234 3608 [ 75DEB92422D955373825A11F9F74EC6A ] C:\WINDOWS\system32\comsvcs.dll
19:56:39.0234 3608 C:\WINDOWS\system32\comsvcs.dll - ok
19:56:39.0250 3608 [ 01A04FB59E76697C9171B6327274D371 ] C:\WINDOWS\system32\colbact.dll
19:56:39.0250 3608 C:\WINDOWS\system32\colbact.dll - ok
19:56:39.0250 3608 [ 99F43B9B76C88ACEAD42FE84744F8C87 ] C:\WINDOWS\system32\mtxclu.dll
19:56:39.0250 3608 C:\WINDOWS\system32\mtxclu.dll - ok
19:56:39.0250 3608 [ 2738C8A33FF07DD3C99C7C8F0A85DA72 ] C:\WINDOWS\system32\resutils.dll
19:56:39.0250 3608 C:\WINDOWS\system32\resutils.dll - ok
19:56:39.0265 3608 [ 9A66728EFE501D855D0FFE3DE023CE32 ] C:\WINDOWS\system32\wbem\repdrvfs.dll
19:56:39.0265 3608 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
19:56:39.0265 3608 [ 80B1AA84CD23724C284AD5988F208EB3 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
19:56:39.0265 3608 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
19:56:39.0265 3608 [ 62BB79160F86CD962F312C68C6239BFD ] C:\WINDOWS\system32\wuauclt.exe
19:56:39.0265 3608 C:\WINDOWS\system32\wuauclt.exe - ok
19:56:39.0281 3608 [ 6708E1DDF12CAB2D5B5A2B66B76E0038 ] C:\WINDOWS\system32\wbem\wbemess.dll
19:56:39.0281 3608 C:\WINDOWS\system32\wbem\wbemess.dll - ok
19:56:39.0281 3608 [ 009758CC06B7F55B4A4D16A66E243C24 ] C:\WINDOWS\system32\wuapi.dll
19:56:39.0281 3608 C:\WINDOWS\system32\wuapi.dll - ok
19:56:39.0281 3608 [ 6AE613FFF9F9DFEE552652662BFABE41 ] C:\WINDOWS\system32\wbem\ncprov.dll
19:56:39.0281 3608 C:\WINDOWS\system32\wbem\ncprov.dll - ok
19:56:39.0296 3608 [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
19:56:39.0296 3608 C:\WINDOWS\system32\mpnotify.exe - ok
19:56:39.0296 3608 [ F49DABE4B824B9BF35E5F541A6CAAF26 ] C:\WINDOWS\system32\BCMLogon.dll
19:56:39.0296 3608 C:\WINDOWS\system32\BCMLogon.dll - ok
19:56:39.0296 3608 [ 51230212AE7F8159A90F06A7EA30DD8A ] C:\WINDOWS\system32\cscui.dll
19:56:39.0296 3608 C:\WINDOWS\system32\cscui.dll - ok
19:56:39.0312 3608 [ F7FC12EDD4F0C19490D37AF9570C50F8 ] C:\WINDOWS\system32\dpcdll.dll
19:56:39.0312 3608 C:\WINDOWS\system32\dpcdll.dll - ok
19:56:39.0312 3608 [ 39B1FFB03C2296323832ACBAE50D2AFF ] C:\WINDOWS\system32\userinit.exe
19:56:39.0312 3608 C:\WINDOWS\system32\userinit.exe - ok
19:56:39.0312 3608 [ D6A8DC8C374EEA24744F2D4E87CA0E7E ] C:\WINDOWS\system32\wdmaud.drv
19:56:39.0312 3608 C:\WINDOWS\system32\wdmaud.drv - ok
19:56:39.0328 3608 [ 6A8E1ED7790C55106B6C2BD6DB0E0F1D ] C:\WINDOWS\system32\WgaTray.exe
19:56:39.0328 3608 C:\WINDOWS\system32\WgaTray.exe - ok
19:56:39.0328 3608 [ EFD235CA22B57C81118C1AEB4798F1C1 ] C:\WINDOWS\system32\drivers\wdmaud.sys
19:56:39.0328 3608 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
19:56:39.0328 3608 [ 650AD082D46BAC0E64C9C0E0928492FD ] C:\WINDOWS\system32\drivers\sysaudio.sys
19:56:39.0328 3608 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
19:56:39.0343 3608 [ 0CE218578FFF5F4F7E4201539C45C78F ] C:\WINDOWS\system32\drivers\splitter.sys
19:56:39.0343 3608 C:\WINDOWS\system32\drivers\splitter.sys - ok
19:56:39.0343 3608 [ 1EE7B434BA961EF845DE136224C30FEC ] C:\WINDOWS\system32\drivers\aec.sys
19:56:39.0343 3608 C:\WINDOWS\system32\drivers\aec.sys - ok
19:56:39.0343 3608 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] C:\WINDOWS\system32\drivers\swmidi.sys
19:56:39.0343 3608 C:\WINDOWS\system32\drivers\swmidi.sys - ok
19:56:39.0359 3608 [ A6F881284AC1150E37D9AE47FF601267 ] C:\WINDOWS\system32\drivers\DMusic.sys
19:56:39.0359 3608 C:\WINDOWS\system32\drivers\DMusic.sys - ok
19:56:39.0359 3608 [ 97BD6515465659FF8F3B7BE375B2EA87 ] C:\WINDOWS\explorer.exe
19:56:39.0359 3608 C:\WINDOWS\explorer.exe - ok
19:56:39.0359 3608 [ 6B3B441AB63A8BE27C7B1E7067A49304 ] C:\WINDOWS\system32\browseui.dll
19:56:39.0359 3608 C:\WINDOWS\system32\browseui.dll - ok
19:56:39.0375 3608 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] C:\WINDOWS\system32\drivers\kmixer.sys
19:56:39.0375 3608 C:\WINDOWS\system32\drivers\kmixer.sys - ok
19:56:39.0375 3608 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] C:\WINDOWS\system32\drivers\drmkaud.sys
19:56:39.0375 3608 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
19:56:39.0390 3608 [ 0B9F9E682042204B4DCB4250915DB798 ] C:\WINDOWS\system32\shdocvw.dll
19:56:39.0390 3608 C:\WINDOWS\system32\shdocvw.dll - ok
19:56:39.0390 3608 [ 3B4702155BB2AE9DC00C06A68834BDFA ] C:\WINDOWS\system32\midimap.dll
19:56:39.0390 3608 C:\WINDOWS\system32\midimap.dll - ok
19:56:39.0390 3608 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
19:56:39.0390 3608 C:\WINDOWS\system32\msacm32.drv - ok
19:56:39.0406 3608 [ CAD4AA32E7ECA00C23CC39C0EB833F9D ] C:\WINDOWS\system32\cryptnet.dll
19:56:39.0406 3608 C:\WINDOWS\system32\cryptnet.dll - ok
19:56:39.0406 3608 [ 6E205319848B8AF2A0DA52B8D63DB91E ] C:\WINDOWS\system32\sensapi.dll
19:56:39.0406 3608 C:\WINDOWS\system32\sensapi.dll - ok
19:56:39.0406 3608 [ D0E44C9C8BD85350828458EAD715BD30 ] C:\WINDOWS\system32\LegitCheckControl.dll
19:56:39.0406 3608 C:\WINDOWS\system32\LegitCheckControl.dll - ok
19:56:39.0421 3608 [ 31FA172657E941E7CB15C5CCFE36A03E ] C:\WINDOWS\system32\wbem\wmiprvse.exe
19:56:39.0421 3608 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
19:56:39.0421 3608 [ 16DFA0AB483CBC1F382C90ABFCADA947 ] C:\WINDOWS\system32\licwmi.dll
19:56:39.0421 3608 C:\WINDOWS\system32\licwmi.dll - ok
19:56:39.0421 3608 [ 05CB782F2C7024AA92B1722A926BBD3A ] C:\WINDOWS\system32\wbem\framedyn.dll
19:56:39.0421 3608 C:\WINDOWS\system32\wbem\framedyn.dll - ok
19:56:39.0437 3608 [ 148834E4A69A92A85EB56428862B90D3 ] C:\WINDOWS\system32\licdll.dll
19:56:39.0437 3608 C:\WINDOWS\system32\licdll.dll - ok
19:56:39.0437 3608 [ D1F4EF194A129726FBF30E2F514824AA ] C:\Documents and Settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll
19:56:39.0437 3608 C:\Documents and Settings\Vosso100\Application Data\Dropbox\bin\DropboxExt.17.dll - ok
19:56:39.0453 3608 [ 871F979D70414C900B35E56222932DAF ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
19:56:39.0453 3608 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll - ok
19:56:39.0453 3608 [ 06B81D98A16A3B5DC776AE31148CC556 ] C:\WINDOWS\system32\msxml6.dll
19:56:39.0453 3608 C:\WINDOWS\system32\msxml6.dll - ok
19:56:39.0468 3608 [ 4D03CA609E68F4C90CF66515218017F8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
19:56:39.0468 3608 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll - ok
19:56:39.0468 3608 [ E931B4DD87DFACE46468FD506FDCD262 ] C:\WINDOWS\system32\desk.cpl
19:56:39.0468 3608 C:\WINDOWS\system32\desk.cpl - ok
19:56:39.0484 3608 [ E6796D51CED309E46D29C0B787735615 ] C:\WINDOWS\system32\themeui.dll
19:56:39.0484 3608 C:\WINDOWS\system32\themeui.dll - ok
19:56:39.0484 3608 [ B5331F2B6F37C66C29C847F3B94FF900 ] C:\WINDOWS\system32\msimg32.dll
19:56:39.0484 3608 C:\WINDOWS\system32\msimg32.dll - ok
19:56:39.0484 3608 [ B83DAB6BA597E8079854632909A96DC2 ] C:\WINDOWS\system32\wbem\cimwin32.dll
19:56:39.0484 3608 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
19:56:39.0500 3608 [ EEB024F2C81F0D55936FB825D21A91D6 ] C:\WINDOWS\system32\cmd.exe
19:56:39.0500 3608 C:\WINDOWS\system32\cmd.exe - ok
19:56:39.0500 3608 [ 4939E99C1B61017E37A006EEC2E7632D ] C:\WINDOWS\system32\ieframe.dll
19:56:39.0500 3608 C:\WINDOWS\system32\ieframe.dll - ok
19:56:39.0515 3608 [ 465BB1099FCA051298316FC1F054B1B8 ] C:\Program Files\Network Associates\VirusScan\midutil.dll
19:56:39.0515 3608 C:\Program Files\Network Associates\VirusScan\midutil.dll - ok
19:56:39.0515 3608 [ 69D2430A4536149B57094F2AE2008F79 ] C:\Program Files\Network Associates\VirusScan\nailite.dll
19:56:39.0515 3608 C:\Program Files\Network Associates\VirusScan\nailite.dll - ok
19:56:39.0515 3608 [ 872DAC7B473373508B133EF4543291C4 ] C:\Program Files\Network Associates\VirusScan\AdsLokUU.Dll
19:56:39.0515 3608 C:\Program Files\Network Associates\VirusScan\AdsLokUU.Dll - ok
19:56:39.0531 3608 [ 1C4F086DC41818D79D16413EA1DB5705 ] C:\WINDOWS\system32\adsldp.dll
19:56:39.0531 3608 C:\WINDOWS\system32\adsldp.dll - ok
19:56:39.0531 3608 [ 2E34C293F1481F6C0962D7AEB0EECB3D ] C:\Program Files\Network Associates\VirusScan\EntSrv.dll
19:56:39.0531 3608 C:\Program Files\Network Associates\VirusScan\EntSrv.dll - ok
19:56:39.0531 3608 [ A6919138F29AE45E90E99FA94737E04C ] C:\WINDOWS\system32\drivers\LVPr2Mon.sys
19:56:39.0531 3608 C:\WINDOWS\system32\drivers\LVPr2Mon.sys - ok
19:56:39.0546 3608 [ B7334EEE4AD6D63DAEA7CE109A0DC7AE ] C:\WINDOWS\system32\drivers\naiavf5x.sys
19:56:39.0546 3608 C:\WINDOWS\system32\drivers\naiavf5x.sys - ok
19:56:39.0546 3608 [ B60C877D16D9C880B952FDA04ADF16E6 ] C:\WINDOWS\system32\termsrv.dll
19:56:39.0546 3608 C:\WINDOWS\system32\termsrv.dll - ok
19:56:39.0546 3608 [ 783AFC80383C176B22DBF8333343992D ] C:\WINDOWS\regedit.exe
19:56:39.0546 3608 C:\WINDOWS\regedit.exe - ok
19:56:39.0562 3608 [ 012466C12C92A2C63C0D998ABD6E94E9 ] C:\WINDOWS\system32\aclui.dll
19:56:39.0562 3608 C:\WINDOWS\system32\aclui.dll - ok
19:56:39.0562 3608 [ 37E7DB460A5315E4609B212C6C014527 ] C:\WINDOWS\system32\icaapi.dll
19:56:39.0562 3608 C:\WINDOWS\system32\icaapi.dll - ok
19:56:39.0562 3608 [ D18D28CEF9FEA09359C7DE7BE3669F66 ] C:\WINDOWS\system32\wbem\wbemcons.dll
19:56:39.0562 3608 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
19:56:39.0578 3608 [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\WINDOWS\system32\msxml4.dll
19:56:39.0578 3608 C:\WINDOWS\system32\msxml4.dll - ok
19:56:39.0578 3608 [ F5EE7CACD1784241F138A5E55B715897 ] C:\WINDOWS\system32\mstlsapi.dll
19:56:39.0578 3608 C:\WINDOWS\system32\mstlsapi.dll - ok
19:56:39.0578 3608 [ 36739B39267914BA69AD0610A0299732 ] C:\WINDOWS\system32\netman.dll
19:56:39.0578 3608 C:\WINDOWS\system32\netman.dll - ok
19:56:39.0593 3608 [ 1A30A21872CA5BDD17158E6E2D9EB385 ] C:\WINDOWS\system32\ulib.dll
19:56:39.0593 3608 C:\WINDOWS\system32\ulib.dll - ok
19:56:39.0593 3608 [ 37461F2C3F212CF508A20FDC729ABDE5 ] C:\WINDOWS\system32\clb.dll
19:56:39.0593 3608 C:\WINDOWS\system32\clb.dll - ok
19:56:39.0593 3608 [ F1958FBF86D5C004CF19A5951A9514B7 ] C:\WINDOWS\system32\alg.exe
19:56:39.0593 3608 C:\WINDOWS\system32\alg.exe - ok
19:56:39.0609 3608 [ B894BEF436CD7B7CF89BC0A53D4AE624 ] C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
19:56:39.0609 3608 C:\WINDOWS\temp\logishrd\LVPrcInj01.dll - ok
19:56:39.0609 3608 [ F45717D58B785B18C60C97AA1E9DBAFA ] C:\WINDOWS\system32\drivers\EntDrv51.sys
19:56:39.0609 3608 C:\WINDOWS\system32\drivers\EntDrv51.sys - ok
19:56:39.0609 3608 [ D363EA3ABABDA5748FDEEEA09FC40E4B ] C:\WINDOWS\system32\EntAPI.dll
19:56:39.0609 3608 C:\WINDOWS\system32\EntAPI.dll - ok
19:56:39.0625 3608 [ E3AE8DC04643850D2DFD431443558B28 ] C:\WINDOWS\system32\netcfgx.dll
19:56:39.0625 3608 C:\WINDOWS\system32\netcfgx.dll - ok
19:56:39.0625 3608 [ 5D0521C0C8DD070CD087BC57F586A238 ] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSCli.dll
19:56:39.0625 3608 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSCli.dll - ok
19:56:39.0640 3608 [ 6528B014E5B10ADEB72F9EE691ECC5CA ] C:\WINDOWS\system32\tscfgwmi.dll
19:56:39.0640 3608 C:\WINDOWS\system32\tscfgwmi.dll - ok
19:56:39.0640 3608 [ 527920C6AFBDF448824474871FD772FA ] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
19:56:39.0640 3608 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll - ok
19:56:39.0640 3608 [ 0FDDA4763C75E78F25E415440EA789AA ] C:\Program Files\Java\jre6\bin\awt.dll
19:56:39.0640 3608 C:\Program Files\Java\jre6\bin\awt.dll - ok
19:56:39.0671 3608 [ A1AC92C4EB1A4AE2906709A5FB94D822 ] C:\Program Files\Java\jre6\bin\client\jvm.dll
19:56:39.0671 3608 C:\Program Files\Java\jre6\bin\client\jvm.dll - ok
19:56:39.0671 3608 [ 131B4A15D0A41C8346B837C8BE017566 ] C:\Program Files\Java\jre6\bin\dcpr.dll
19:56:39.0671 3608 C:\Program Files\Java\jre6\bin\dcpr.dll - ok
19:56:39.0671 3608 [ D30B03EDB557026F6F06602A9D04D61B ] C:\Program Files\Java\jre6\bin\deploy.dll
19:56:39.0671 3608 C:\Program Files\Java\jre6\bin\deploy.dll - ok
19:56:39.0687 3608 [ 788E5827A2887A87AEDBCB59CA9EA9EF ] C:\Program Files\Java\jre6\bin\fontmanager.dll
19:56:39.0687 3608 C:\Program Files\Java\jre6\bin\fontmanager.dll - ok
19:56:39.0687 3608 [ 1D748A18416CE95461B79E5CCBEFFAA8 ] C:\Program Files\Java\jre6\bin\hpi.dll
19:56:39.0687 3608 C:\Program Files\Java\jre6\bin\hpi.dll - ok
19:56:39.0703 3608 [ BFAEFEDD5C54A40EA42EA5BCBE3215A6 ] C:\Program Files\Java\jre6\bin\java.dll
19:56:39.0703 3608 C:\Program Files\Java\jre6\bin\java.dll - ok
19:56:39.0703 3608 [ 4E8CC8BDEBED5AD93539612D4D316FDF ] C:\Program Files\Java\jre6\bin\javaw.exe
19:56:39.0703 3608 C:\Program Files\Java\jre6\bin\javaw.exe - ok
19:56:39.0703 3608 [ 24DCEAEE37E3F66F92DAA52EDF69C9E9 ] C:\Program Files\Java\jre6\bin\jp2native.dll
19:56:39.0703 3608 C:\Program Files\Java\jre6\bin\jp2native.dll - ok
19:56:39.0718 3608 [ EBCBB75442C4A8016D1693B6A1ABD092 ] C:\Program Files\Java\jre6\bin\jpeg.dll
19:56:39.0718 3608 C:\Program Files\Java\jre6\bin\jpeg.dll - ok
19:56:39.0718 3608 [ 524574BA6609F10FE6C0B5BF11AE29E1 ] C:\Program Files\Java\jre6\bin\net.dll
19:56:39.0718 3608 C:\Program Files\Java\jre6\bin\net.dll - ok
19:56:39.0718 3608 [ 54B787CAE56A6E0102C0DD77A21FD677 ] C:\Program Files\Java\jre6\bin\nio.dll
19:56:39.0718 3608 C:\Program Files\Java\jre6\bin\nio.dll - ok
19:56:39.0734 3608 [ 82CD9719A11D9FEF7CA751DA31651158 ] C:\Program Files\Java\jre6\bin\regutils.dll
19:56:39.0734 3608 C:\Program Files\Java\jre6\bin\regutils.dll - ok
19:56:39.0734 3608 [ BCE9B4544F0A88B0D9F77CCDABD1D63E ] C:\Program Files\Java\jre6\bin\verify.dll
19:56:39.0734 3608 C:\Program Files\Java\jre6\bin\verify.dll - ok
19:56:39.0750 3608 [ FB4FF002962F6B06BE36F4DF11D2A0B9 ] C:\Program Files\Java\jre6\bin\zip.dll
19:56:39.0750 3608 C:\Program Files\Java\jre6\bin\zip.dll - ok
19:56:39.0750 3608 [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\7F53DFA2-CB70-4CDD-946C-B4076FCFB2D7.exe
19:56:39.0750 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\7F53DFA2-CB70-4CDD-946C-B4076FCFB2D7.exe - ok
19:56:39.0750 3608 [ A1A688EE56CF3BBD24EDEB815D48E9BA ] C:\WINDOWS\system32\linkinfo.dll
19:56:39.0750 3608 C:\WINDOWS\system32\linkinfo.dll - ok
19:56:39.0765 3608 [ 385E9AEC6E100DBEBEE5BD1F27A55E1D ] C:\WINDOWS\system32\ntshrui.dll
19:56:39.0765 3608 C:\WINDOWS\system32\ntshrui.dll - ok
19:56:39.0765 3608 [ 32A71F37940DE5997FBB8F7BF76BD246 ] C:\WINDOWS\system32\verclsid.exe
19:56:39.0765 3608 C:\WINDOWS\system32\verclsid.exe - ok
19:56:39.0765 3608 [ 45985C1B266666CB7BBAC01428AC2FAD ] C:\WINDOWS\system32\igfxtray.exe
19:56:39.0765 3608 C:\WINDOWS\system32\igfxtray.exe - ok
19:56:39.0781 3608 [ 339089D6C3FC3BC5CED8D9049C4D2101 ] C:\WINDOWS\system32\upnp.dll
19:56:39.0781 3608 C:\WINDOWS\system32\upnp.dll - ok
19:56:39.0781 3608 [ 91C797FDDAEEAAEBE705B5283B6E50A4 ] C:\WINDOWS\system32\hccutils.dll
19:56:39.0781 3608 C:\WINDOWS\system32\hccutils.dll - ok
19:56:39.0796 3608 [ 5B8DFA748FA4845BC04445A30126F2E9 ] C:\WINDOWS\system32\ssdpapi.dll
19:56:39.0796 3608 C:\WINDOWS\system32\ssdpapi.dll - ok
19:56:39.0796 3608 [ 19D63CF10330B51FD42ABB1D4D39D0C4 ] C:\WINDOWS\system32\hkcmd.exe
19:56:39.0796 3608 C:\WINDOWS\system32\hkcmd.exe - ok
19:56:39.0796 3608 [ 9F8B0F4276F618964FD118BE4289B7CD ] C:\WINDOWS\system32\drivers\http.sys
19:56:39.0796 3608 C:\WINDOWS\system32\drivers\http.sys - ok
19:56:39.0796 3608 [ 697963452107C59BE69A67BEE54E3EAC ] C:\WINDOWS\system32\igfxpers.exe
19:56:39.0796 3608 C:\WINDOWS\system32\igfxpers.exe - ok
19:56:39.0812 3608 [ 93084839F7517112829F2A26F486E8CF ] C:\WINDOWS\system32\igfxsrvc.exe
19:56:39.0812 3608 C:\WINDOWS\system32\igfxsrvc.exe - ok
19:56:39.0812 3608 [ AD2506958DE1937C16C553C0A1BE0572 ] C:\WINDOWS\stsystra.exe
19:56:39.0812 3608 C:\WINDOWS\stsystra.exe - ok
19:56:39.0812 3608 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] C:\WINDOWS\system32\rasmans.dll
19:56:39.0812 3608 C:\WINDOWS\system32\rasmans.dll - ok
19:56:39.0828 3608 [ 7BBE4CF421AECC7F0226EDD75F12079F ] C:\WINDOWS\ime\imjp8_1\imjpmig.exe
19:56:39.0828 3608 C:\WINDOWS\ime\imjp8_1\imjpmig.exe - ok
19:56:39.0828 3608 [ E748D0B8F4060F4F7A7ABB705E289890 ] C:\WINDOWS\system32\mfc42u.dll
19:56:39.0828 3608 C:\WINDOWS\system32\mfc42u.dll - ok
19:56:39.0843 3608 [ 381E144D2111593F87FBAF85347FCF28 ] C:\WINDOWS\system32\stlang.dll
19:56:39.0843 3608 C:\WINDOWS\system32\stlang.dll - ok
19:56:39.0843 3608 [ 7FDD96F93ADBE7E986AABAE0CA446011 ] C:\Program Files\Network Associates\VirusScan\shstat.exe
19:56:39.0843 3608 C:\Program Files\Network Associates\VirusScan\shstat.exe - ok
19:56:39.0843 3608 [ EE0569C10C75BA45AABFA3CDEF7CB18C ] C:\Program Files\Network Associates\VirusScan\graphics.dll
19:56:39.0843 3608 C:\Program Files\Network Associates\VirusScan\graphics.dll - ok
19:56:39.0859 3608 [ 7D00B23B645A1751D400A3D13A6AE73D ] C:\Program Files\Network Associates\VirusScan\Res09\Product.DLL
19:56:39.0859 3608 C:\Program Files\Network Associates\VirusScan\Res09\Product.DLL - ok
19:56:39.0859 3608 [ 6BEACCED7B7F601FBB031EEC3AF78312 ] C:\Program Files\Network Associates\VirusScan\Res09\ShStat.DLL
19:56:39.0859 3608 C:\Program Files\Network Associates\VirusScan\Res09\ShStat.DLL - ok
19:56:39.0859 3608 [ 5752D086A2020084A6CEF2015D04B17D ] C:\Program Files\Network Associates\VirusScan\Res09\ShUtilRc.DLL
19:56:39.0859 3608 C:\Program Files\Network Associates\VirusScan\Res09\ShUtilRc.DLL - ok
19:56:39.0875 3608 [ EFC3639AE8A452DC8DDDF7D526092D3E ] C:\WINDOWS\system32\igfxdev.dll
19:56:39.0875 3608 C:\WINDOWS\system32\igfxdev.dll - ok
19:56:39.0875 3608 [ 11E2B4DED4A051DC9067461996F5E02A ] C:\WINDOWS\system32\igfxsrvc.dll
19:56:39.0875 3608 C:\WINDOWS\system32\igfxsrvc.dll - ok
19:56:39.0890 3608 [ 78915C3AD0024BACD46F41BF02EE4415 ] C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
19:56:39.0890 3608 C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe - ok
19:56:39.0890 3608 [ E4A7B1AA1E40676153A824AC00EC3450 ] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
19:56:39.0890 3608 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe - ok
19:56:39.0890 3608 [ B52AE3CFA8EB665004500484B3A9FC62 ] C:\WINDOWS\system32\igfxres.dll
19:56:39.0890 3608 C:\WINDOWS\system32\igfxres.dll - ok
19:56:39.0906 3608 [ 4B8D61792F7175BED48859CC18CE4E38 ] C:\WINDOWS\system32\ssdpsrv.dll
19:56:39.0906 3608 C:\WINDOWS\system32\ssdpsrv.dll - ok
19:56:39.0906 3608 [ FB78839B36025AA286A51289ED28B73E ] C:\WINDOWS\system32\tapisrv.dll
19:56:39.0906 3608 C:\WINDOWS\system32\tapisrv.dll - ok
19:56:39.0906 3608 [ C681F347514CC8671977FCBD2B7D001A ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
19:56:39.0906 3608 C:\Program Files\Common Files\Real\Update_OB\realsched.exe - ok
19:56:39.0921 3608 [ 52DB6CDAC5BC7A1FC884E97C41C91213 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
19:56:39.0921 3608 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
19:56:39.0921 3608 [ 180F5D67388D8FF52D61A8A1B6325DD5 ] C:\Program Files\Network Associates\Common Framework\0409\UpdRes.dll
19:56:39.0921 3608 C:\Program Files\Network Associates\Common Framework\0409\UpdRes.dll - ok
19:56:39.0921 3608 [ 08D306CBEEACA7D5DA43481FEADD16F4 ] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
19:56:39.0921 3608 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe - ok
19:56:39.0937 3608 [ 696BF318435610C3E32313CA3867185C ] C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
19:56:39.0937 3608 C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll - ok
19:56:39.0937 3608 [ E9C91E24407EDDC21F55016061FFC7CC ] C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
19:56:39.0937 3608 C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll - ok
19:56:39.0953 3608 [ 1D536BEBC30DD8D0D3B6FF3B0CD2D32B ] C:\WINDOWS\system32\rastapi.dll
19:56:39.0953 3608 C:\WINDOWS\system32\rastapi.dll - ok
19:56:39.0953 3608 [ 5CCB1946A1BC258261D04A5147CCA541 ] C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe
19:56:39.0953 3608 C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe - ok
19:56:39.0953 3608 [ 1DFD6E8DA0FE2D14A5FA12CFCFB162C1 ] C:\WINDOWS\system32\unimdm.tsp
19:56:39.0953 3608 C:\WINDOWS\system32\unimdm.tsp - ok
19:56:39.0968 3608 [ 3AB4213BF48F9062E087B909832AA8E6 ] C:\WINDOWS\system32\uniplat.dll
19:56:39.0968 3608 C:\WINDOWS\system32\uniplat.dll - ok
19:56:39.0968 3608 [ B48D3193DD1474DCBCC32BF4779AC698 ] C:\WINDOWS\system32\olepro32.dll
19:56:39.0968 3608 C:\WINDOWS\system32\olepro32.dll - ok
19:56:39.0968 3608 [ 46DA8E7484AC7A52CE1D6E428398724B ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:56:39.0968 3608 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
19:56:39.0984 3608 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
19:56:39.0984 3608 C:\WINDOWS\system32\webcheck.dll - ok
19:56:39.0984 3608 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\27236274.sys
19:56:39.0984 3608 C:\WINDOWS\system32\drivers\27236274.sys - ok
19:56:39.0984 3608 [ F802B6381408D3BED6EE1DF87BFE1EB8 ] C:\WINDOWS\system32\stacapi.dll
19:56:39.0984 3608 C:\WINDOWS\system32\stacapi.dll - ok
19:56:40.0000 3608 [ 297101A925ECFFDCDF7F6341FFBB6C1A ] C:\WINDOWS\system32\stobject.dll
19:56:40.0000 3608 C:\WINDOWS\system32\stobject.dll - ok
19:56:40.0000 3608 [ 4E6EEEA8EB9302D604603D4758C05E75 ] C:\WINDOWS\system32\batmeter.dll
19:56:40.0000 3608 C:\WINDOWS\system32\batmeter.dll - ok
19:56:40.0015 3608 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
19:56:40.0015 3608 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
19:56:40.0015 3608 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] C:\WINDOWS\system32\imapi.exe
19:56:40.0015 3608 C:\WINDOWS\system32\imapi.exe - ok
19:56:40.0015 3608 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:56:40.0015 3608 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
19:56:40.0031 3608 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
19:56:40.0031 3608 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
19:56:40.0031 3608 [ 2DBFBD419C332E4361E35528E611B0A0 ] C:\WINDOWS\system32\unimdmat.dll
19:56:40.0031 3608 C:\WINDOWS\system32\unimdmat.dll - ok
19:56:40.0031 3608 [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files\QuickTime\QTTask.exe
19:56:40.0031 3608 C:\Program Files\QuickTime\QTTask.exe - ok
19:56:40.0046 3608 [ 3F533D75631178A880AEFFDF117213BE ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
19:56:40.0046 3608 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
19:56:40.0046 3608 [ 5EB4B3A7F2F736DF61206982A8A1F694 ] C:\WINDOWS\system32\modemui.dll
19:56:40.0046 3608 C:\WINDOWS\system32\modemui.dll - ok
19:56:40.0046 3608 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
19:56:40.0046 3608 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
19:56:40.0062 3608 [ 7735385C0FA821961F9A1EBA94F2AC98 ] C:\WINDOWS\system32\kmddsp.tsp
19:56:40.0062 3608 C:\WINDOWS\system32\kmddsp.tsp - ok
19:56:40.0062 3608 [ 37D7005A87F6405DEA87F50098CE03F7 ] C:\WINDOWS\system32\ndptsp.tsp
19:56:40.0062 3608 C:\WINDOWS\system32\ndptsp.tsp - ok
19:56:40.0062 3608 [ A4C40AF21BF9F90E08A3C1DD0DC79E0B ] C:\WINDOWS\system32\ipconf.tsp
19:56:40.0062 3608 C:\WINDOWS\system32\ipconf.tsp - ok
19:56:40.0078 3608 [ 8E2A7F1F62467A7DCB8AB2C0642F47CA ] C:\Program Files\iTunes\iTunesHelper.exe
19:56:40.0078 3608 C:\Program Files\iTunes\iTunesHelper.exe - ok
19:56:40.0078 3608 [ 49361F295DF887AC32CD660CA94ACAA5 ] C:\WINDOWS\system32\h323.tsp
19:56:40.0078 3608 C:\WINDOWS\system32\h323.tsp - ok
19:56:40.0078 3608 [ 83168270F2E73A20E981B0F38A34958F ] C:\WINDOWS\system32\hidphone.tsp
19:56:40.0078 3608 C:\WINDOWS\system32\hidphone.tsp - ok
19:56:40.0093 3608 [ 24232996A38C0B0CF151C2140AE29FC8 ] C:\WINDOWS\system32\ctfmon.exe
19:56:40.0093 3608 C:\WINDOWS\system32\ctfmon.exe - ok
19:56:40.0093 3608 [ A9753F3343EB7A8BC3B498841C8BE6FD ] C:\WINDOWS\system32\msctf.dll
19:56:40.0093 3608 C:\WINDOWS\system32\msctf.dll - ok
19:56:40.0093 3608 [ 9EEA0CA999A33C9D2EABE82E4C624CC3 ] C:\WINDOWS\system32\msutb.dll
19:56:40.0093 3608 C:\WINDOWS\system32\msutb.dll - ok
19:56:40.0109 3608 [ 04ECEC0447F79419AD25227205B8277D ] C:\WINDOWS\system32\rasppp.dll
19:56:40.0109 3608 C:\WINDOWS\system32\rasppp.dll - ok
19:56:40.0109 3608 [ 828587B8661B03B1D45C4EE4B2211419 ] C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeapsterExplorerDeviceHook.dll
19:56:40.0109 3608 C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeapsterExplorerDeviceHook.dll - ok
19:56:40.0109 3608 [ C5EF2A4F6CB968B3119B43F43C64A1A6 ] C:\WINDOWS\system32\ntlsapi.dll
19:56:40.0109 3608 C:\WINDOWS\system32\ntlsapi.dll - ok
19:56:40.0125 3608 [ 5082BC510FAD849630D09DA626BB7CDA ] C:\Program Files\iTunes\iTunesHelper.dll
19:56:40.0125 3608 C:\Program Files\iTunes\iTunesHelper.dll - ok
19:56:40.0125 3608 [ DA23A12845607133ACF1DB3502D4E575 ] C:\WINDOWS\system32\msisip.dll
19:56:40.0125 3608 C:\WINDOWS\system32\msisip.dll - ok
19:56:40.0140 3608 [ BE643CD44DD06DA283634A3E51DC22BC ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
19:56:40.0140 3608 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
19:56:40.0140 3608 [ A42C79BF8C1921CE37DAF0C2AD708CCD ] C:\WINDOWS\system32\wshext.dll
19:56:40.0140 3608 C:\WINDOWS\system32\wshext.dll - ok
19:56:40.0140 3608 [ AFEEAFD7CF8ED6958A81ACC304C17B7D ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
19:56:40.0140 3608 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
19:56:40.0156 3608 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
19:56:40.0156 3608 C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
19:56:40.0156 3608 [ 4602907535FD682195DFFF9117365826 ] C:\WINDOWS\system32\mfc42.dll
19:56:40.0156 3608 C:\WINDOWS\system32\mfc42.dll - ok
19:56:40.0156 3608 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
19:56:40.0156 3608 C:\WINDOWS\system32\msvcp100.dll - ok
19:56:40.0171 3608 [ 4038EE8AC13C15A067536D292A93D697 ] C:\WINDOWS\ime\SPTIP.dll
19:56:40.0171 3608 C:\WINDOWS\ime\SPTIP.dll - ok
19:56:40.0171 3608 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
19:56:40.0171 3608 C:\WINDOWS\system32\msvcr100.dll - ok
19:56:40.0171 3608 [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
19:56:40.0171 3608 C:\WINDOWS\system32\oleacc.dll - ok
19:56:40.0187 3608 [ AA6741C359E11F101056A609D022E92A ] C:\WINDOWS\system32\mslbui.dll
19:56:40.0187 3608 C:\WINDOWS\system32\mslbui.dll - ok
19:56:40.0187 3608 [ 40FA2F035ED88108850757CA51DAD942 ] C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
19:56:40.0187 3608 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL - ok
19:56:40.0187 3608 [ 9F26F4580FF5CDBEF3A7D86D2353AB06 ] C:\Program Files\AtHomeConnect\AtHomeConnect.exe
19:56:40.0187 3608 C:\Program Files\AtHomeConnect\AtHomeConnect.exe - ok
19:56:40.0203 3608 [ BA5D5FD3CCA6F64A429E2E0E1A1A0917 ] C:\WINDOWS\system32\rasdlg.dll
19:56:40.0203 3608 C:\WINDOWS\system32\rasdlg.dll - ok
19:56:40.0203 3608 [ 5E118E606E2AF56419A699210DFCF450 ] C:\Documents and Settings\Vosso100\Application Data\Dropbox\bin\Dropbox.exe
19:56:40.0203 3608 C:\Documents and Settings\Vosso100\Application Data\Dropbox\bin\Dropbox.exe - ok
19:56:40.0218 3608 [ 37CF3324F46CEB3A4F2686C617CBB35C ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
19:56:40.0218 3608 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
19:56:40.0218 3608 [ 7ED462F353B3D915A418A689FA881F96 ] C:\WINDOWS\system32\ddraw.dll
19:56:40.0218 3608 C:\WINDOWS\system32\ddraw.dll - ok
19:56:40.0218 3608 [ A624930228B698CF5B89F91CAF23A908 ] C:\WINDOWS\system32\security.dll
19:56:40.0218 3608 C:\WINDOWS\system32\security.dll - ok
19:56:40.0234 3608 [ F7832740E40E29E32ECB4D410EB34C91 ] C:\WINDOWS\system32\wbem\wmipcima.dll
19:56:40.0234 3608 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
19:56:40.0234 3608 [ D0933C7B9763098B16E6BB0B823AE844 ] C:\WINDOWS\system32\dciman32.dll
19:56:40.0234 3608 C:\WINDOWS\system32\dciman32.dll - ok
19:56:40.0234 3608 [ 6098230B8F20CA97FC4F964872F1BF07 ] C:\WINDOWS\system32\mmcshext.dll
19:56:40.0234 3608 C:\WINDOWS\system32\mmcshext.dll - ok
19:56:40.0250 3608 [ BC3263FF4220487436101C6B83694783 ] C:\WINDOWS\system32\hhsetup.dll
19:56:40.0250 3608 C:\WINDOWS\system32\hhsetup.dll - ok
19:56:40.0250 3608 [ E46B17060D3962A384AE484094614788 ] C:\Program Files\iPod\bin\iPodService.exe
19:56:40.0250 3608 C:\Program Files\iPod\bin\iPodService.exe - ok
19:56:40.0250 3608 [ 691BAF41144EBDE972A66C5EB5210FC8 ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
19:56:40.0250 3608 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
19:56:40.0265 3608 [ 665FBA44C65BAC9EE8AF9A5E37036640 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
19:56:40.0265 3608 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
19:56:40.0265 3608 [ 165AE7A443F2139DD2C078AD87699F91 ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
19:56:40.0265 3608 C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok
19:56:40.0281 3608 [ 39AA47A1ACBB6A92BF875B535EEAF911 ] C:\WINDOWS\system32\wucltui.dll
19:56:40.0281 3608 C:\WINDOWS\system32\wucltui.dll - ok
19:56:40.0281 3608 [ 4721AB485E0C29CD1617A5F296B9CC47 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
19:56:40.0281 3608 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll - ok
19:56:40.0281 3608 [ 37BF196917FA0C591BAFCD7949524FF3 ] C:\WINDOWS\system32\wuaucpl.cpl
19:56:40.0281 3608 C:\WINDOWS\system32\wuaucpl.cpl - ok
19:56:40.0296 3608 [ 5E6339CE905AB989795E8005D447A59F ] C:\WINDOWS\system32\mucltui.dll
19:56:40.0296 3608 C:\WINDOWS\system32\mucltui.dll - ok
19:56:40.0296 3608 [ 55E148C01296696588EAFA425782C3E8 ] C:\WINDOWS\system32\dsound.dll
19:56:40.0296 3608 C:\WINDOWS\system32\dsound.dll - ok
19:56:40.0296 3608 [ 3D2DDB1B2EE26479599B97C1581036B6 ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\0.mdd
19:56:40.0296 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\0.mdd - ok
19:56:40.0312 3608 [ 242FDD667F1C99CC1A3F43FD3023135C ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\1.mdd
19:56:40.0312 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\1.mdd - ok
19:56:40.0312 3608 [ 450892DA628005B216755A36A13BF69B ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\10.mdd
19:56:40.0312 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\10.mdd - ok
19:56:40.0328 3608 [ 356C25EE98FAA7B51E498EF2D3C7AFEE ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\2.mdd
19:56:40.0328 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\2.mdd - ok
19:56:40.0328 3608 [ 8CB5063D0BF5DDA104A719C8B6919895 ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\3.mdd
19:56:40.0328 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\3.mdd - ok
19:56:40.0343 3608 [ 1DC2E3BE73D1389D9A4BB635D8E1FDCB ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\4.mdd
19:56:40.0343 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\4.mdd - ok
19:56:40.0343 3608 [ 3A13F9D462B7D7E22E066AEFF29891E3 ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\5.mdd
19:56:40.0343 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\5.mdd - ok
19:56:40.0359 3608 [ C1D0CE429E70353788F988519C64976C ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\6.mdd
19:56:40.0359 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\6.mdd - ok
19:56:40.0359 3608 [ 8AF19686EFD48A5E10598DA769A75337 ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\7.mdd
19:56:40.0359 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\7.mdd - ok
19:56:40.0359 3608 [ 38394BEBAE6EC7C02401947177763FC1 ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\8.mdd
19:56:40.0359 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\8.mdd - ok
19:56:40.0375 3608 [ 2ECC454F0B34F8C003130F521BBC4725 ] C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\9.mdd
19:56:40.0375 3608 C:\DOCUME~1\Vosso100\LOCALS~1\temp\wrd1001c.~lk\9.mdd - ok
19:56:40.0375 3608 [ 260CABACD753EE70051A5EA2BE6237DD ] C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll
19:56:40.0375 3608 C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll - ok
19:56:40.0390 3608 [ 7C8F371C924DAA376217E553378275BA ] C:\WINDOWS\system32\shfolder.dll
19:56:40.0390 3608 C:\WINDOWS\system32\shfolder.dll - ok
19:56:40.0390 3608 [ ADC90EBBE2823C23A0406ACD3D6E9312 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
19:56:40.0390 3608 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL - ok
19:56:40.0390 3608 ============================================================
19:56:40.0390 3608 Scan finished
19:56:40.0390 3608 ============================================================
19:56:40.0500 3204 Detected object count: 29
19:56:40.0500 3204 Actual detected object count: 29
19:58:03.0968 3204 ACEDRV05 ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0968 3204 ACEDRV05 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0968 3204 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0968 3204 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0968 3204 C-Dilla ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0968 3204 C-Dilla ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0968 3204 C-DillaSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0968 3204 C-DillaSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0968 3204 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0968 3204 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0968 3204 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0968 3204 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0968 3204 EntDrv51 ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0968 3204 EntDrv51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0984 3204 ICDSPTSV ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0984 3204 ICDSPTSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0984 3204 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0984 3204 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0984 3204 McShield ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0984 3204 McShield ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0984 3204 McTaskManager ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0984 3204 McTaskManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0984 3204 NaiAvFilter1 ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0984 3204 NaiAvFilter1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0984 3204 NaiAvTdi1 ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0984 3204 NaiAvTdi1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0984 3204 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0984 3204 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0984 3204 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0984 3204 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:03.0984 3204 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:03.0984 3204 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0000 3204 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0000 3204 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0000 3204 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0000 3204 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0000 3204 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0000 3204 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0000 3204 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0000 3204 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0000 3204 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0000 3204 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0000 3204 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0000 3204 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0000 3204 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0000 3204 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0000 3204 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0000 3204 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0000 3204 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0000 3204 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0015 3204 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0015 3204 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0015 3204 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0015 3204 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0015 3204 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0015 3204 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:58:04.0015 3204 WPEServ ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:04.0015 3204 WPEServ ( UnsignedFile.Multi.Generic ) - User select action: Skip


Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Vosso100 :: DBJR4MB1 [administrator]

4/29/2013 8:49:56 PM
mbar-log-2013-04-29 (20-49-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27819
Time elapsed: 14 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 29 April 2013 - 11:19 PM


Hello

Those files are fine :)

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Coupon Printer for Windows
      Java™ 6 Update 20
      ShopperReports




Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 03 May 2013 - 05:26 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Girdoo

Girdoo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 03 May 2013 - 12:38 PM

Hello Gringo

 

Sorry for delay in responses. My work has been pulling me away from cleaning up this computer. I am done with half of the instructions you gave on the last post. I'll complete the rest and post the report shortly. Thank you for all your help.



#15 Girdoo

Girdoo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 03 May 2013 - 12:51 PM

Gringo;

I removed Coupan Printer and Java 6 but could not find Shopper Reports.

Downloaded Revo and clean out Temp files.

 

Here are reports for MBAM and Hijakthis:

 

Thank you

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.30.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Vosso100 :: DBJR4MB1 [administrator]

Protection: Disabled

4/30/2013 9:10:34 PM
mbam-log-2013-04-30 (21-10-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258477
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

__________________________________

HijackThis Report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:37 AM, on 5/3/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Vosso100\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vosso100\Desktop\Sirefef  gen!C\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chapman.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Vosso100\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: SpeedPlexer.lnk = C:\Program Files\SpeedPlexer\SpeedPlexer.exe
O4 - Global Startup: AtHomeConnect.lnk = C:\Program Files\AtHomeConnect\AtHomeConnect.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Open with PDF Professional 2 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Professional 2\pdfshell.dll
O9 - Extra 'Tools' menuitem: Open with PDF Professional 2 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Professional 2\pdfshell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153235119832
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232515972375
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/WBXclient-T28L10NSP4-14953/webex/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WPEServ - MAUS Software - C:\Program Files\Common Files\WPE\wpeserv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11739 bytes

 

 

Thank you

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users