Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wave volume keeps muting itself and invisible sound ads


  • This topic is locked This topic is locked
18 replies to this topic

#1 Jonotron

Jonotron

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 02 May 2013 - 08:23 PM

Every minute or so, the volume will shut off, and when I check the Master Volume, Wave is always muted. I can bring it back up, but after random intervals (ranging from 2 seconds to 5 minutes), the wave will be muted again. Also,invisible sound adds randomly appear and the only way to shut them off is to end svchost.exe in the Processes bar of Task Manager. iexplorer.exe is also using CPU in the Processes as well.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 03 May 2013 - 05:57 AM


Hello Jonotron

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jonotron

Jonotron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 03 May 2013 - 06:28 PM

Results of screen317's Security Check version 0.99.63  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Please wait while WMIC compiles updated MOF files. 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java™ 6 Update 17  
 Java™ 7 Update 5  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 10.3.183.5 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 19.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 9% 
````````````````````End of Log`````````````````````` 
 

 

 

 

 

# AdwCleaner v2.300 - Logfile created 05/03/2013 at 18:15:57
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jonathan - P5QPL-AM
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jonathan\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\anj1ajs7.default\searchplugins\funmoods.xml
File Deleted : C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\anj1ajs7.default\searchplugins\WebSearch.xml
File Deleted : C:\Documents and Settings\Jonathan\Desktop\Uninstall.exe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SaveAs
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\SaveAs
Folder Deleted : C:\Documents and Settings\Jonathan\Application Data\Funmoods
Folder Deleted : C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\anj1ajs7.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\anj1ajs7.default\jetpack
Folder Deleted : C:\Documents and Settings\Jonathan\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Jonathan\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\MocaFlix
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP

 

 

I ran RogueKiller 3 times. I deleted the files it found. Wave Volume still mutes itself after a few seconds.

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jonathan [Admin rights]
Mode : Scan -- Date : 05/03/2013 18:21:35
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 5 ¤¤¤
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [x] -> KILLED [TermProc]
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\WinRAR\oqtuxkkw.dll [x] -> UNLOADED
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll [x] -> UNLOADED
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\WinRAR\oqtuxkkw.dll [x] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : WinRAR (rundll32.exe "C:\Documents and Settings\Jonathan\Local Settings\Application Data\WinRAR\oqtuxkkw.dll",lvqwommskevxpbenm) [x] -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1214440339-1060284298-682003330-1009[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1214440339-1060284298-682003330-1009[...]\Run : WinRAR (rundll32.exe "C:\Documents and Settings\Jonathan\Local Settings\Application Data\WinRAR\oqtuxkkw.dll",lvqwommskevxpbenm) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> FOUND
[TASK][BLPATH] OptimizerProUpdaterTask{3C3E24D3-D1B1-476E-BB14-EFDF01FF8C97}.job : C:\Documents and Settings\All Users\Application Data\Premium\OptimizerPro\OptimizerPro.exe /schedule /profilepath "C:\Documents and Settings\All Users\Application Data\Premium\OptimizerPro\profile.ini" [x] -> FOUND
[TASK][SUSP PATH] At1.job : C:\DOCUME~1\Jonathan\APPLIC~1\Funmoods\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$34fe2cf158dfa8927cda5e67c18a8e70\@ [-] --> FOUND
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-1214440339-1060284298-682003330-1009\$34fe2cf158dfa8927cda5e67c18a8e70\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$34fe2cf158dfa8927cda5e67c18a8e70\U --> FOUND
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-1214440339-1060284298-682003330-1009\$34fe2cf158dfa8927cda5e67c18a8e70\U --> FOUND
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-18\$34fe2cf158dfa8927cda5e67c18a8e70\L --> FOUND
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-1214440339-1060284298-682003330-1009\$34fe2cf158dfa8927cda5e67c18a8e70\L --> FOUND
 
¤¤¤ Driver : [LOADED] ¤¤¤
IRP[DriverStartIo] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8ACCC2E2)
 
¤¤¤ Infection : ZeroAccess|Rogue.ProgFiles ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] f9be1b1412d1323ef96bcb7a901302de
[BSP] fe2856890934e8aed0adb6a170ae339e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] b1178cbfaac6dd46ea078a514853f692
[BSP] fe2856890934e8aed0adb6a170ae339e : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
 
Finished : << RKreport[1]_S_05032013_02d1821.txt >>
RKreport[1]_S_05032013_02d1821.txt

 

 

 

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jonathan [Admin rights]
Mode : Remove -- Date : 05/03/2013 18:22:38
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 5 ¤¤¤
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [x] -> KILLED [TermProc]
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\WinRAR\oqtuxkkw.dll [x] -> UNLOADED
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll [x] -> UNLOADED
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\WinRAR\oqtuxkkw.dll [x] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : WinRAR (rundll32.exe "C:\Documents and Settings\Jonathan\Local Settings\Application Data\WinRAR\oqtuxkkw.dll",lvqwommskevxpbenm) [x] -> DELETED
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : CRE (rundll32 "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll",NVDisplayCoInstallW) [-] -> DELETED
[TASK][BLPATH] OptimizerProUpdaterTask{3C3E24D3-D1B1-476E-BB14-EFDF01FF8C97}.job : C:\Documents and Settings\All Users\Application Data\Premium\OptimizerPro\OptimizerPro.exe /schedule /profilepath "C:\Documents and Settings\All Users\Application Data\Premium\OptimizerPro\profile.ini" [x] -> DELETED
[TASK][SUSP PATH] At1.job : C:\DOCUME~1\Jonathan\APPLIC~1\Funmoods\UPDATE~1\UPDATE~1.EXE /Check [x] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$34fe2cf158dfa8927cda5e67c18a8e70\@ [-] --> REMOVED
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-1214440339-1060284298-682003330-1009\$34fe2cf158dfa8927cda5e67c18a8e70\@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$34fe2cf158dfa8927cda5e67c18a8e70\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-1214440339-1060284298-682003330-1009\$34fe2cf158dfa8927cda5e67c18a8e70\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\RECYCLER\S-1-5-18\$34fe2cf158dfa8927cda5e67c18a8e70\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\RECYCLER\S-1-5-18\$34fe2cf158dfa8927cda5e67c18a8e70\L\201d3dde [-] --> REMOVED
[Del.Parent][FILE] 76603ac3 : C:\RECYCLER\S-1-5-18\$34fe2cf158dfa8927cda5e67c18a8e70\L\76603ac3 [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$34fe2cf158dfa8927cda5e67c18a8e70\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-1214440339-1060284298-682003330-1009\$34fe2cf158dfa8927cda5e67c18a8e70\L --> REMOVED
 
¤¤¤ Driver : [LOADED] ¤¤¤
IRP[DriverStartIo] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8ACCC2E2)
 
¤¤¤ Infection : ZeroAccess|Rogue.ProgFiles ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] f9be1b1412d1323ef96bcb7a901302de
[BSP] fe2856890934e8aed0adb6a170ae339e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] b1178cbfaac6dd46ea078a514853f692
[BSP] fe2856890934e8aed0adb6a170ae339e : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
 
Finished : << RKreport[2]_D_05032013_02d1822.txt >>
RKreport[1]_S_05032013_02d1821.txt ; RKreport[2]_D_05032013_02d1822.txt
 
 
 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jonathan [Admin rights]
Mode : Scan -- Date : 05/03/2013 18:23:13
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 5 ¤¤¤
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [x] -> KILLED [TermProc]
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\WinRAR\oqtuxkkw.dll [x] -> UNLOADED
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll [x] -> UNLOADED
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\Apple Computer\CRE\bqlgtxzd.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Jonathan\Local Settings\Application Data\WinRAR\oqtuxkkw.dll [x] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
IRP[DriverStartIo] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8ACCC2E2)
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤

I'll update my Java and Adobe.



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 03 May 2013 - 08:16 PM


Hello Jonotron

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jonotron

Jonotron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 04 May 2013 - 10:47 AM

ComboFix 13-05-04.01 - Jonathan 05/04/2013  10:16:42.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3583.2247 [GMT -5:00]
Running from: c:\documents and settings\Jonathan\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jonathan\Local Settings\Application Data\Skype\Phone\Skype.exe
c:\documents and settings\Jonathan\My Documents\~WRL2534.tmp
c:\documents and settings\Jonathan\Start Menu\Programs\System Tool
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.netbt
-------\Service_.serial
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-04 to 2013-05-04  )))))))))))))))))))))))))))))))
.
.
2013-05-04 15:29 . 2013-05-04 15:29 -------- d-----w- c:\windows\system32\xircom
2013-05-04 15:29 . 2013-05-04 15:29 -------- d-----w- c:\windows\system32\wbem\snmp
2013-05-03 23:42 . 2013-05-03 23:42 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\APN
2013-05-03 23:42 . 2013-05-03 23:42 -------- d-----w- c:\program files\Ask.com
2013-05-03 23:42 . 2013-05-03 23:42 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\AskToolbar
2013-05-03 23:34 . 2013-05-03 23:34 -------- d-----w- c:\program files\Common Files\Java
2013-05-03 23:34 . 2013-05-03 23:33 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-03 23:32 . 2013-05-03 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2013-05-01 03:46 . 2013-05-01 03:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2013-04-25 01:14 . 2013-04-25 01:14 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Unity
2013-04-25 01:07 . 2013-04-29 21:45 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\Unity
2013-04-07 20:08 . 2013-04-28 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-07 20:08 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-03 23:33 . 2012-08-12 04:51 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-03 23:33 . 2012-08-12 04:51 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-03 23:33 . 2009-11-24 20:17 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-24 21:56 . 2013-03-24 21:56 98304 ----a-r- c:\documents and settings\Jonathan\Application Data\Microsoft\Installer\{526B1417-92C1-3737-8247-4ABC49CCC8E4}\python_icon.exe
2013-05-01 20:42 . 2013-05-01 20:42 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
c:\windows\System32\spoolsv.exe ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-03-31 1646216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\Julia\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\documents and settings\Jonathan\My Documents\FrostWire\FrostWire.exe [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ   msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Jonathan\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-28 00:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-28 00:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-05-21 06:01 17881600 -c--a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-24 20:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/24/2009 3:45 AM 1684736]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 03:38]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 03:38]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-682003330-1009Core.job
- c:\documents and settings\Jonathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-15 05:49]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-682003330-1009UA.job
- c:\documents and settings\Jonathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-15 05:49]
.
2013-05-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2013-03-31 19:57]
.
2013-05-04 c:\windows\Tasks\User_Feed_Synchronization-{F41092EA-8AE2-4562-86E6-BDF75C362FC7}.job
- c:\windows\system32\msfeedssync.exe [2009-01-08 10:31]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:YRMarketing@us.penguingroup.com?subject=VLAD%20IN%20THE%20WILD
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BE8A3C73-A815-49E3-A251-B3DA1541AC74}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\anj1ajs7.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - ExtSQL: !HIDDEN! 2009-11-24 14:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
MSConfigStartUp-Skype - c:\documents and settings\Jonathan\Local Settings\Application Data\Skype\\Phone\Skype.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-04 10:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDP725050GLA360 rev.GM4OA5CA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 
.
device: opened successfully
user: MBR read successfully
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5BB2E2
user & kernel MBR OK 
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\locator.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-05-04  10:37:49 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-04 15:37
.
Pre-Run: 433,299,202,048 bytes free
Post-Run: 435,000,913,920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6581EE89C44DC6C9A0EA2CFBF8B6ABBF
 

 

 

 

 

No problems with the ComboFix.

Other problems were fixed, such as my homepage on Chrome was changed (a few months ago) somehow to websearch.com, but now it's back to usual.

 

Wave volume still mutes itself and invisible sound ads are still frequent and won't disappear until I go into Task Manager Process and end svchost.exe.



#6 Jonotron

Jonotron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 04 May 2013 - 10:49 AM

After ComboFix restarted the computer I didn't have internet access, so I restarted again, and it was fine. (aside from the volume and sound ads)

The "sound ads" resemble that of someone flipping through radio stations or watching popular YouTube videos. The randomly appear after I turn the Wave Volume up.



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 04 May 2013 - 12:31 PM



Hello Jonotron


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Jonotron

Jonotron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 04 May 2013 - 11:17 PM

ComboFix 13-05-04.01 - Jonathan 05/04/2013  10:16:42.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3583.2247 [GMT -5:00]
Running from: c:\documents and settings\Jonathan\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jonathan\Local Settings\Application Data\Skype\Phone\Skype.exe
c:\documents and settings\Jonathan\My Documents\~WRL2534.tmp
c:\documents and settings\Jonathan\Start Menu\Programs\System Tool
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.netbt
-------\Service_.serial
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-04 to 2013-05-04  )))))))))))))))))))))))))))))))
.
.
2013-05-04 15:29 . 2013-05-04 15:29 -------- d-----w- c:\windows\system32\xircom
2013-05-04 15:29 . 2013-05-04 15:29 -------- d-----w- c:\windows\system32\wbem\snmp
2013-05-03 23:42 . 2013-05-03 23:42 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\APN
2013-05-03 23:42 . 2013-05-03 23:42 -------- d-----w- c:\program files\Ask.com
2013-05-03 23:42 . 2013-05-03 23:42 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\AskToolbar
2013-05-03 23:34 . 2013-05-03 23:34 -------- d-----w- c:\program files\Common Files\Java
2013-05-03 23:34 . 2013-05-03 23:33 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-03 23:32 . 2013-05-03 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2013-05-01 03:46 . 2013-05-01 03:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2013-04-25 01:14 . 2013-04-25 01:14 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Unity
2013-04-25 01:07 . 2013-04-29 21:45 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\Unity
2013-04-07 20:08 . 2013-04-28 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-07 20:08 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-03 23:33 . 2012-08-12 04:51 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-03 23:33 . 2012-08-12 04:51 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-03 23:33 . 2009-11-24 20:17 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-24 21:56 . 2013-03-24 21:56 98304 ----a-r- c:\documents and settings\Jonathan\Application Data\Microsoft\Installer\{526B1417-92C1-3737-8247-4ABC49CCC8E4}\python_icon.exe
2013-05-01 20:42 . 2013-05-01 20:42 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
c:\windows\System32\spoolsv.exe ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-03-31 1646216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\Julia\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\documents and settings\Jonathan\My Documents\FrostWire\FrostWire.exe [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ   msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Jonathan\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-28 00:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-28 00:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-05-21 06:01 17881600 -c--a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-24 20:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/24/2009 3:45 AM 1684736]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 03:38]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 03:38]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-682003330-1009Core.job
- c:\documents and settings\Jonathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-15 05:49]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-682003330-1009UA.job
- c:\documents and settings\Jonathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-15 05:49]
.
2013-05-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2013-03-31 19:57]
.
2013-05-04 c:\windows\Tasks\User_Feed_Synchronization-{F41092EA-8AE2-4562-86E6-BDF75C362FC7}.job
- c:\windows\system32\msfeedssync.exe [2009-01-08 10:31]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:YRMarketing@us.penguingroup.com?subject=VLAD%20IN%20THE%20WILD
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BE8A3C73-A815-49E3-A251-B3DA1541AC74}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\anj1ajs7.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - ExtSQL: !HIDDEN! 2009-11-24 14:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
MSConfigStartUp-Skype - c:\documents and settings\Jonathan\Local Settings\Application Data\Skype\\Phone\Skype.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-04 10:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDP725050GLA360 rev.GM4OA5CA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 
.
device: opened successfully
user: MBR read successfully
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5BB2E2
user & kernel MBR OK 
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\locator.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-05-04  10:37:49 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-04 15:37
.
Pre-Run: 433,299,202,048 bytes free
Post-Run: 435,000,913,920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6581EE89C44DC6C9A0EA2CFBF8B6ABBF
 

I ran Malwarebytes Anti-Rootkit, but there was no malware found. There was no"fix damage" tool included with the Rootkit.

Wave volume runs fine now. I don't know about the invisible sound ads,  I have NOT gotten a sound ad since ComboFix.


Edited by Jonotron, 04 May 2013 - 11:18 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 04 May 2013 - 11:36 PM



Hello Jonotron


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Jonotron

Jonotron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 05 May 2013 - 09:50 AM

Already did that?



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 05 May 2013 - 10:05 AM

you never sent me the reports so I did not know you had seen it - can you send me the reports


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Jonotron

Jonotron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 05 May 2013 - 11:14 AM

I did, I guess the reply was too long, so I'll retry. 
 
I ran Malwarebytes Anti-Rootkit, but there was no malware found. There was no"fix damage" tool included with the Rootkit.
Wave volume runs fine now. I don't know about the invisible sound ads,  I have NOT gotten a sound ad since ComboFix.

 

 

 

ComboFix 13-05-04.01 - Jonathan 05/04/2013  10:16:42.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3583.2247 [GMT -5:00]
Running from: c:\documents and settings\Jonathan\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jonathan\Local Settings\Application Data\Skype\Phone\Skype.exe
c:\documents and settings\Jonathan\My Documents\~WRL2534.tmp
c:\documents and settings\Jonathan\Start Menu\Programs\System Tool
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.netbt
-------\Service_.serial
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-04 to 2013-05-04  )))))))))))))))))))))))))))))))
.
.
2013-05-04 15:29 . 2013-05-04 15:29 -------- d-----w- c:\windows\system32\xircom
2013-05-04 15:29 . 2013-05-04 15:29 -------- d-----w- c:\windows\system32\wbem\snmp
2013-05-03 23:42 . 2013-05-03 23:42 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\APN
2013-05-03 23:42 . 2013-05-03 23:42 -------- d-----w- c:\program files\Ask.com
2013-05-03 23:42 . 2013-05-03 23:42 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\AskToolbar
2013-05-03 23:34 . 2013-05-03 23:34 -------- d-----w- c:\program files\Common Files\Java
2013-05-03 23:34 . 2013-05-03 23:33 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-03 23:32 . 2013-05-03 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2013-05-01 03:46 . 2013-05-01 03:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2013-04-25 01:14 . 2013-04-25 01:14 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Unity
2013-04-25 01:07 . 2013-04-29 21:45 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\Unity
2013-04-07 20:08 . 2013-04-28 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-07 20:08 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-03 23:33 . 2012-08-12 04:51 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-03 23:33 . 2012-08-12 04:51 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-03 23:33 . 2009-11-24 20:17 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-24 21:56 . 2013-03-24 21:56 98304 ----a-r- c:\documents and settings\Jonathan\Application Data\Microsoft\Installer\{526B1417-92C1-3737-8247-4ABC49CCC8E4}\python_icon.exe
2013-05-01 20:42 . 2013-05-01 20:42 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
c:\windows\System32\spoolsv.exe ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-03-31 1646216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\Julia\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\documents and settings\Jonathan\My Documents\FrostWire\FrostWire.exe [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ   msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Jonathan\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-28 00:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-28 00:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-05-21 06:01 17881600 -c--a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-24 20:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/24/2009 3:45 AM 1684736]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 03:38]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 03:38]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-682003330-1009Core.job
- c:\documents and settings\Jonathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-15 05:49]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-682003330-1009UA.job
- c:\documents and settings\Jonathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-15 05:49]
.
2013-05-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2013-03-31 19:57]
.
2013-05-04 c:\windows\Tasks\User_Feed_Synchronization-{F41092EA-8AE2-4562-86E6-BDF75C362FC7}.job
- c:\windows\system32\msfeedssync.exe [2009-01-08 10:31]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:YRMarketing@us.penguingroup.com?subject=VLAD%20IN%20THE%20WILD
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BE8A3C73-A815-49E3-A251-B3DA1541AC74}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\anj1ajs7.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - ExtSQL: !HIDDEN! 2009-11-24 14:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
MSConfigStartUp-Skype - c:\documents and settings\Jonathan\Local Settings\Application Data\Skype\\Phone\Skype.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-04 10:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDP725050GLA360 rev.GM4OA5CA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 
.
device: opened successfully
user: MBR read successfully
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5BB2E2
user & kernel MBR OK 
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\locator.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-05-04  10:37:49 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-04 15:37
.
Pre-Run: 433,299,202,048 bytes free
Post-Run: 435,000,913,920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6581EE89C44DC6C9A0EA2CFBF8B6ABBF


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 05 May 2013 - 11:38 AM

that is the combofix report and that you have sent me three times - I would like to see the reports from TDSSKiller and MBAR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Jonotron

Jonotron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 05 May 2013 - 01:17 PM

13:19:55.0234 0628  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:19:55.0953 0628  ============================================================
13:19:55.0953 0628  Current date / time: 2013/05/05 13:19:55.0953
13:19:55.0953 0628  SystemInfo:
13:19:55.0953 0628  
13:19:55.0953 0628  OS Version: 5.1.2600 ServicePack: 3.0
13:19:55.0953 0628  Product type: Workstation
13:19:55.0953 0628  ComputerName: P5QPL-AM
13:19:55.0953 0628  UserName: Jonathan
13:19:55.0953 0628  Windows directory: C:\WINDOWS
13:19:55.0953 0628  System windows directory: C:\WINDOWS
13:19:55.0953 0628  Processor architecture: Intel x86
13:19:55.0953 0628  Number of processors: 2
13:19:55.0953 0628  Page size: 0x1000
13:19:55.0953 0628  Boot type: Normal boot
13:19:55.0953 0628  ============================================================
13:19:57.0500 0628  BG loaded
13:19:57.0781 0628  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:19:57.0781 0628  ============================================================
13:19:57.0781 0628  \Device\Harddisk0\DR0:
13:19:57.0781 0628  MBR partitions:
13:19:57.0781 0628  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
13:19:57.0781 0628  ============================================================
13:19:57.0843 0628  C: <-> \Device\Harddisk0\DR0\Partition1
13:19:57.0859 0628  ============================================================
13:19:57.0859 0628  Initialize success
13:19:57.0859 0628  ============================================================
13:20:03.0359 0480  ============================================================
13:20:03.0359 0480  Scan started
13:20:03.0359 0480  Mode: Manual; SigCheck; TDLFS; 
13:20:03.0359 0480  ============================================================
13:20:04.0859 0480  ================ Scan system memory ========================
13:20:04.0859 0480  System memory - ok
13:20:04.0859 0480  ================ Scan services =============================
13:20:06.0046 0480  Abiosdsk - ok
13:20:06.0046 0480  abp480n5 - ok
13:20:06.0140 0480  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:20:11.0281 0480  ACPI - ok
13:20:11.0343 0480  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
13:20:11.0437 0480  ACPIEC - ok
13:20:11.0453 0480  adpu160m - ok
13:20:11.0562 0480  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
13:20:11.0625 0480  aec - ok
13:20:11.0718 0480  [ 38D7B715504DA4741DF35E3594FE2099 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
13:20:11.0812 0480  AFD - ok
13:20:11.0812 0480  Aha154x - ok
13:20:11.0812 0480  aic78u2 - ok
13:20:11.0812 0480  aic78xx - ok
13:20:11.0890 0480  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
13:20:12.0046 0480  Alerter - ok
13:20:12.0062 0480  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
13:20:12.0125 0480  ALG - ok
13:20:12.0140 0480  AliIde - ok
13:20:12.0312 0480  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
13:20:12.0484 0480  Ambfilt - ok
13:20:12.0484 0480  amsint - ok
13:20:12.0765 0480  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:20:12.0781 0480  Apple Mobile Device - ok
13:20:12.0906 0480  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
13:20:12.0968 0480  AppMgmt - ok
13:20:12.0968 0480  asc - ok
13:20:12.0968 0480  asc3350p - ok
13:20:12.0968 0480  asc3550 - ok
13:20:13.0203 0480  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:20:13.0203 0480  aspnet_state - ok
13:20:13.0281 0480  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:20:13.0359 0480  AsyncMac - ok
13:20:13.0390 0480  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
13:20:13.0484 0480  atapi - ok
13:20:13.0484 0480  Atdisk - ok
13:20:13.0546 0480  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:20:13.0625 0480  Atmarpc - ok
13:20:13.0640 0480  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
13:20:13.0718 0480  AudioSrv - ok
13:20:13.0750 0480  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
13:20:13.0828 0480  audstub - ok
13:20:13.0859 0480  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:20:13.0937 0480  Beep - ok
13:20:14.0125 0480  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
13:20:14.0250 0480  BITS - ok
13:20:14.0375 0480  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:20:14.0390 0480  Bonjour Service - ok
13:20:14.0421 0480  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
13:20:14.0500 0480  Browser - ok
13:20:14.0609 0480  catchme - ok
13:20:14.0640 0480  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
13:20:14.0703 0480  cbidf2k - ok
13:20:14.0703 0480  cd20xrnt - ok
13:20:14.0703 0480  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
13:20:14.0781 0480  Cdaudio - ok
13:20:14.0859 0480  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
13:20:14.0937 0480  Cdfs - ok
13:20:14.0968 0480  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:20:15.0046 0480  Cdrom - ok
13:20:15.0046 0480  Changer - ok
13:20:15.0093 0480  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
13:20:15.0187 0480  CiSvc - ok
13:20:15.0203 0480  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
13:20:15.0296 0480  ClipSrv - ok
13:20:15.0515 0480  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:20:15.0656 0480  clr_optimization_v2.0.50727_32 - ok
13:20:15.0656 0480  CmdIde - ok
13:20:15.0656 0480  COMSysApp - ok
13:20:15.0656 0480  Cpqarray - ok
13:20:15.0828 0480  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
13:20:16.0125 0480  CryptSvc - ok
13:20:16.0125 0480  dac2w2k - ok
13:20:16.0140 0480  dac960nt - ok
13:20:16.0453 0480  [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:20:16.0609 0480  DcomLaunch - ok
13:20:16.0937 0480  [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
13:20:17.0125 0480  Dhcp - ok
13:20:17.0359 0480  [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
13:20:17.0500 0480  Disk - ok
13:20:17.0500 0480  dmadmin - ok
13:20:17.0984 0480  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
13:20:18.0265 0480  dmboot - ok
13:20:18.0375 0480  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
13:20:18.0578 0480  dmio - ok
13:20:19.0015 0480  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
13:20:19.0093 0480  dmload - ok
13:20:19.0218 0480  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
13:20:19.0312 0480  dmserver - ok
13:20:19.0343 0480  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
13:20:19.0468 0480  DMusic - ok
13:20:19.0500 0480  [ D977659AE4D8ECE5286D99D1ED34614D ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:20:19.0531 0480  Dnscache - ok
13:20:19.0546 0480  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:20:19.0656 0480  Dot3svc - ok
13:20:19.0656 0480  dpti2o - ok
13:20:19.0687 0480  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
13:20:19.0796 0480  drmkaud - ok
13:20:19.0828 0480  [ 7DF2E645FBDA7CDE94FCABBA7F0DE4C2 ] drvmcdb         C:\WINDOWS\system32\drivers\drvmcdb.sys
13:20:19.0875 0480  drvmcdb ( UnsignedFile.Multi.Generic ) - warning
13:20:19.0875 0480  drvmcdb - detected UnsignedFile.Multi.Generic (1)
13:20:19.0906 0480  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
13:20:20.0000 0480  EapHost - ok
13:20:20.0109 0480  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
13:20:20.0281 0480  ERSvc - ok
13:20:20.0328 0480  [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] Eventlog        C:\WINDOWS\system32\services.exe
13:20:20.0546 0480  Eventlog - ok
13:20:20.0781 0480  [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem     C:\WINDOWS\system32\es.dll
13:20:20.0875 0480  EventSystem - ok
13:20:21.0875 0480  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
13:20:22.0031 0480  Fastfat - ok
13:20:22.0156 0480  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:20:22.0265 0480  FastUserSwitchingCompatibility - ok
13:20:22.0328 0480  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
13:20:22.0406 0480  Fdc - ok
13:20:22.0562 0480  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
13:20:22.0640 0480  Fips - ok
13:20:23.0156 0480  [ 072E7FE333BB59ACE1BD7CB9C93FC5D9 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
13:20:23.0203 0480  FlipShare Service - ok
13:20:23.0281 0480  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
13:20:23.0359 0480  Flpydisk - ok
13:20:23.0421 0480  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:20:23.0500 0480  FltMgr - ok
13:20:23.0718 0480  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:20:23.0796 0480  FontCache3.0.0.0 - ok
13:20:23.0859 0480  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:20:23.0953 0480  Fs_Rec - ok
13:20:24.0015 0480  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:20:24.0109 0480  Ftdisk - ok
13:20:24.0140 0480  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:20:24.0140 0480  GEARAspiWDM - ok
13:20:24.0171 0480  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:20:24.0265 0480  Gpc - ok
13:20:24.0687 0480  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:20:24.0687 0480  gupdate - ok
13:20:24.0687 0480  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:20:24.0703 0480  gupdatem - ok
13:20:24.0812 0480  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:20:24.0906 0480  HDAudBus - ok
13:20:25.0062 0480  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:20:25.0171 0480  helpsvc - ok
13:20:25.0265 0480  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
13:20:25.0343 0480  HidServ - ok
13:20:25.0625 0480  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:20:25.0718 0480  hidusb - ok
13:20:25.0734 0480  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
13:20:25.0828 0480  hkmsvc - ok
13:20:25.0828 0480  hpn - ok
13:20:25.0875 0480  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
13:20:25.0906 0480  HTTP - ok
13:20:25.0953 0480  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
13:20:26.0015 0480  HTTPFilter - ok
13:20:26.0015 0480  i2omgmt - ok
13:20:26.0015 0480  i2omp - ok
13:20:26.0031 0480  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:20:26.0093 0480  i8042prt - ok
13:20:26.0218 0480  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:20:26.0343 0480  IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:20:26.0343 0480  IDriverT - detected UnsignedFile.Multi.Generic (1)
13:20:26.0406 0480  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:20:26.0437 0480  idsvc - ok
13:20:26.0468 0480  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
13:20:26.0531 0480  Imapi - ok
13:20:26.0593 0480  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
13:20:26.0687 0480  ImapiService - ok
13:20:26.0687 0480  ini910u - ok
13:20:26.0906 0480  [ 0CACDCBBC8E6F11E2865C47BFC509848 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:20:27.0015 0480  IntcAzAudAddService - ok
13:20:27.0109 0480  IntelIde - ok
13:20:27.0156 0480  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:20:27.0265 0480  intelppm - ok
13:20:27.0312 0480  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:20:27.0437 0480  Ip6Fw - ok
13:20:27.0546 0480  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:20:27.0640 0480  IpFilterDriver - ok
13:20:27.0859 0480  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:20:28.0000 0480  IpInIp - ok
13:20:28.0093 0480  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:20:28.0171 0480  IpNat - ok
13:20:28.0265 0480  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:20:28.0312 0480  iPod Service - ok
13:20:28.0343 0480  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:20:28.0421 0480  IPSec - ok
13:20:28.0453 0480  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
13:20:28.0484 0480  IRENUM - ok
13:20:28.0531 0480  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:20:28.0593 0480  isapnp - ok
13:20:28.0984 0480  [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:20:28.0984 0480  JavaQuickStarterService - ok
13:20:29.0015 0480  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:20:29.0093 0480  Kbdclass - ok
13:20:29.0125 0480  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:20:29.0171 0480  kbdhid - ok
13:20:29.0187 0480  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
13:20:29.0265 0480  kmixer - ok
13:20:29.0312 0480  [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
13:20:29.0375 0480  KSecDD - ok
13:20:29.0421 0480  [ 101457D884E3DD4636BAEFB9B7E7D3F3 ] L1e             C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
13:20:29.0500 0480  L1e - ok
13:20:29.0562 0480  [ 3695B8D03745B2F8022B161238347A9D ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
13:20:29.0843 0480  LanmanServer - ok
13:20:29.0890 0480  [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:20:29.0953 0480  lanmanworkstation - ok
13:20:29.0953 0480  lbrtfdc - ok
13:20:30.0296 0480  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
13:20:30.0562 0480  LmHosts - ok
13:20:30.0609 0480  [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
13:20:30.0750 0480  mbamchameleon - ok
13:20:30.0781 0480  [ AC444C4F2333B61CF9A295763A793FE0 ] mbamswissarmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
13:20:30.0781 0480  mbamswissarmy - ok
13:20:30.0796 0480  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
13:20:30.0921 0480  Messenger - ok
13:20:30.0937 0480  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
13:20:31.0031 0480  mnmdd - ok
13:20:31.0062 0480  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
13:20:31.0156 0480  mnmsrvc - ok
13:20:31.0171 0480  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
13:20:31.0281 0480  Modem - ok
13:20:31.0343 0480  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
13:20:31.0406 0480  Monfilt - ok
13:20:31.0453 0480  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:20:31.0515 0480  Mouclass - ok
13:20:31.0562 0480  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:20:31.0609 0480  mouhid - ok
13:20:31.0640 0480  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
13:20:31.0718 0480  MountMgr - ok
13:20:31.0765 0480  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:20:31.0765 0480  MozillaMaintenance - ok
13:20:31.0765 0480  mraid35x - ok
13:20:31.0828 0480  [ 0A25B866933D126D1E831FD025A278C2 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:20:31.0921 0480  MRxDAV - ok
13:20:31.0984 0480  [ FB7DFD15D760AD339837A470F0E780D3 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:20:32.0109 0480  MRxSmb - ok
13:20:32.0234 0480  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
13:20:32.0343 0480  MSDTC - ok
13:20:32.0437 0480  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:20:32.0578 0480  Msfs - ok
13:20:32.0578 0480  MSIServer - ok
13:20:32.0609 0480  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:20:32.0734 0480  MSKSSRV - ok
13:20:32.0781 0480  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:20:32.0843 0480  MSPCLOCK - ok
13:20:32.0843 0480  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
13:20:32.0921 0480  MSPQM - ok
13:20:32.0953 0480  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:20:33.0015 0480  mssmbios - ok
13:20:33.0046 0480  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
13:20:33.0109 0480  MTsensor - ok
13:20:33.0156 0480  [ 6546FE6639499FA4BEF180BDF08266A1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
13:20:33.0187 0480  Mup - ok
13:20:33.0234 0480  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
13:20:33.0328 0480  napagent - ok
13:20:33.0359 0480  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
13:20:33.0437 0480  NDIS - ok
13:20:33.0437 0480  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:20:33.0500 0480  NdisTapi - ok
13:20:33.0625 0480  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:20:33.0828 0480  Ndisuio - ok
13:20:33.0859 0480  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:20:33.0968 0480  NdisWan - ok
13:20:34.0000 0480  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
13:20:34.0062 0480  NDProxy - ok
13:20:34.0078 0480  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
13:20:34.0171 0480  NetBIOS - ok
13:20:34.0171 0480  NetBT - ok
13:20:34.0187 0480  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
13:20:34.0265 0480  NetDDE - ok
13:20:34.0265 0480  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
13:20:34.0328 0480  NetDDEdsdm - ok
13:20:34.0343 0480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
13:20:34.0437 0480  Netlogon - ok
13:20:34.0468 0480  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
13:20:34.0531 0480  Netman - ok
13:20:34.0578 0480  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:20:34.0593 0480  NetTcpPortSharing - ok
13:20:34.0625 0480  [ 290C1A30DEFC723BBE10910AC2D6F6D0 ] Nla             C:\WINDOWS\System32\mswsock.dll
13:20:34.0687 0480  Nla - ok
13:20:34.0687 0480  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
13:20:34.0750 0480  Npfs - ok
13:20:34.0796 0480  [ 4C51D5275AE8A16999EDFE7E647D00DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
13:20:34.0859 0480  Ntfs - ok
13:20:34.0859 0480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
13:20:34.0921 0480  NtLmSsp - ok
13:20:34.0953 0480  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
13:20:35.0031 0480  NtmsSvc - ok
13:20:35.0046 0480  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:20:35.0109 0480  Null - ok
13:20:35.0453 0480  [ 4C3696C1ED1A36629EBB348BF745A328 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:20:35.0671 0480  nv - ok
13:20:35.0750 0480  [ 96F1A6F0A0D4F11047DF2F5C17C87E9D ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
13:20:35.0765 0480  nvsvc ( UnsignedFile.Multi.Generic ) - warning
13:20:35.0765 0480  nvsvc - detected UnsignedFile.Multi.Generic (1)
13:20:35.0812 0480  [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation  C:\WINDOWS\System32\nwwks.dll
13:20:35.0828 0480  NWCWorkstation - ok
13:20:35.0875 0480  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:20:35.0953 0480  NwlnkFlt - ok
13:20:35.0953 0480  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:20:36.0015 0480  NwlnkFwd - ok
13:20:36.0031 0480  [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx        C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
13:20:36.0109 0480  NwlnkIpx - ok
13:20:36.0109 0480  [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb         C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
13:20:36.0171 0480  NwlnkNb - ok
13:20:36.0203 0480  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx        C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
13:20:36.0250 0480  NwlnkSpx - ok
13:20:36.0281 0480  [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR           C:\WINDOWS\system32\DRIVERS\nwrdr.sys
13:20:36.0312 0480  NWRDR - ok
13:20:36.0390 0480  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:20:36.0390 0480  odserv - ok
13:20:36.0437 0480  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:36.0437 0480  ose - ok
13:20:36.0468 0480  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
13:20:36.0531 0480  Parport - ok
13:20:36.0531 0480  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
13:20:36.0609 0480  PartMgr - ok
13:20:36.0640 0480  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
13:20:36.0687 0480  ParVdm - ok
13:20:36.0703 0480  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
13:20:36.0781 0480  PCI - ok
13:20:36.0781 0480  PCIDump - ok
13:20:36.0812 0480  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
13:20:36.0890 0480  PCIIde - ok
13:20:36.0906 0480  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
13:20:36.0953 0480  Pcmcia - ok
13:20:36.0953 0480  PDCOMP - ok
13:20:36.0953 0480  PDFRAME - ok
13:20:36.0953 0480  PDRELI - ok
13:20:36.0968 0480  PDRFRAME - ok
13:20:36.0968 0480  perc2 - ok
13:20:36.0968 0480  perc2hib - ok
13:20:36.0984 0480  [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] PlugPlay        C:\WINDOWS\system32\services.exe
13:20:37.0000 0480  PlugPlay - ok
13:20:37.0000 0480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
13:20:37.0046 0480  PolicyAgent - ok
13:20:37.0093 0480  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:20:37.0140 0480  PptpMiniport - ok
13:20:37.0140 0480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:20:37.0203 0480  ProtectedStorage - ok
13:20:37.0218 0480  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
13:20:37.0265 0480  PSched - ok
13:20:37.0281 0480  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:20:37.0328 0480  Ptilink - ok
13:20:37.0343 0480  [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:20:37.0359 0480  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
13:20:37.0359 0480  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
13:20:37.0359 0480  ql1080 - ok
13:20:37.0375 0480  Ql10wnt - ok
13:20:37.0375 0480  ql12160 - ok
13:20:37.0375 0480  ql1240 - ok
13:20:37.0375 0480  ql1280 - ok
13:20:37.0390 0480  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:20:37.0484 0480  RasAcd - ok
13:20:37.0500 0480  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
13:20:37.0562 0480  RasAuto - ok
13:20:37.0562 0480  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:20:37.0656 0480  Rasl2tp - ok
13:20:37.0671 0480  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
13:20:37.0718 0480  RasMan - ok
13:20:37.0734 0480  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:20:37.0812 0480  RasPppoe - ok
13:20:37.0812 0480  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
13:20:37.0875 0480  Raspti - ok
13:20:37.0890 0480  [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:20:37.0937 0480  Rdbss - ok
13:20:37.0937 0480  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:20:38.0000 0480  RDPCDD - ok
13:20:38.0046 0480  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:20:38.0093 0480  rdpdr - ok
13:20:38.0125 0480  [ E8E3107243B16A549B88D145EC051B06 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
13:20:38.0140 0480  RDPWD - ok
13:20:38.0156 0480  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
13:20:38.0218 0480  RDSessMgr - ok
13:20:38.0234 0480  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
13:20:38.0296 0480  redbook - ok
13:20:38.0328 0480  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:20:38.0406 0480  RemoteAccess - ok
13:20:38.0453 0480  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
13:20:38.0531 0480  RemoteRegistry - ok
13:20:38.0625 0480  [ F8076ABDA4B2A04983CBFBBC910F5477 ] RoxMediaDB      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
13:20:38.0656 0480  RoxMediaDB ( UnsignedFile.Multi.Generic ) - warning
13:20:38.0656 0480  RoxMediaDB - detected UnsignedFile.Multi.Generic (1)
13:20:38.0656 0480  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
13:20:38.0734 0480  RpcLocator - ok
13:20:38.0765 0480  [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
13:20:38.0812 0480  RpcSs - ok
13:20:38.0843 0480  [ 743D7D59767073A617B1DCC6C546F234 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
13:20:38.0890 0480  rspndr - ok
13:20:38.0953 0480  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
13:20:39.0015 0480  RSVP - ok
13:20:39.0046 0480  [ 01E9138C7FD8CA87D07465DCE38DECB5 ] RxFilter        C:\WINDOWS\system32\DRIVERS\RxFilter.sys
13:20:39.0062 0480  RxFilter ( UnsignedFile.Multi.Generic ) - warning
13:20:39.0062 0480  RxFilter - detected UnsignedFile.Multi.Generic (1)
13:20:39.0093 0480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
13:20:39.0140 0480  SamSs - ok
13:20:39.0171 0480  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
13:20:39.0234 0480  SCardSvr - ok
13:20:39.0281 0480  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
13:20:39.0375 0480  Schedule - ok
13:20:39.0390 0480  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:20:39.0406 0480  Secdrv - ok
13:20:39.0437 0480  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
13:20:39.0484 0480  seclogon - ok
13:20:39.0531 0480  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
13:20:39.0609 0480  SENS - ok
13:20:39.0609 0480  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
13:20:39.0671 0480  serenum - ok
13:20:39.0703 0480  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
13:20:39.0765 0480  Sfloppy - ok
13:20:39.0796 0480  [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
13:20:39.0828 0480  SharedAccess - ok
13:20:39.0843 0480  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:20:39.0875 0480  ShellHWDetection - ok
13:20:39.0875 0480  Simbad - ok
13:20:39.0875 0480  Sparrow - ok
13:20:39.0921 0480  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
13:20:39.0984 0480  splitter - ok
13:20:39.0984 0480  Spooler - ok
13:20:40.0015 0480  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
13:20:40.0062 0480  sr - ok
13:20:40.0093 0480  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
13:20:40.0109 0480  srservice - ok
13:20:40.0156 0480  [ 9B390283569EA58D43D2586032B892F5 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
13:20:40.0218 0480  Srv - ok
13:20:40.0250 0480  [ FFE42941E0326C322F40B0B79A46493C ] sscdbus         C:\WINDOWS\system32\DRIVERS\sscdbus.sys
13:20:40.0265 0480  sscdbus - ok
13:20:40.0312 0480  [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl        C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
13:20:40.0312 0480  sscdmdfl - ok
13:20:40.0343 0480  [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm         C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
13:20:40.0343 0480  sscdmdm - ok
13:20:40.0390 0480  [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd        C:\WINDOWS\system32\DRIVERS\sscdserd.sys
13:20:40.0390 0480  sscdserd - ok
13:20:40.0406 0480  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
13:20:40.0453 0480  SSDPSRV - ok
13:20:40.0468 0480  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
13:20:40.0562 0480  stisvc - ok
13:20:40.0593 0480  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
13:20:40.0671 0480  swenum - ok
13:20:40.0687 0480  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
13:20:40.0734 0480  swmidi - ok
13:20:40.0734 0480  SwPrv - ok
13:20:40.0734 0480  symc810 - ok
13:20:40.0734 0480  symc8xx - ok
13:20:40.0734 0480  sym_hi - ok
13:20:40.0734 0480  sym_u3 - ok
13:20:40.0734 0480  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
13:20:40.0812 0480  sysaudio - ok
13:20:40.0859 0480  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
13:20:40.0921 0480  SysmonLog - ok
13:20:40.0937 0480  [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
13:20:40.0968 0480  TapiSrv - ok
13:20:41.0000 0480  [ 5AE1C2695F6523AD98B948F2887D8C5E ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:20:41.0000 0480  Tcpip ( UnsignedFile.Multi.Generic ) - warning
13:20:41.0000 0480  Tcpip - detected UnsignedFile.Multi.Generic (1)
13:20:41.0031 0480  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
13:20:41.0109 0480  TDPIPE - ok
13:20:41.0140 0480  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
13:20:41.0203 0480  TDTCP - ok
13:20:41.0203 0480  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
13:20:41.0250 0480  TermDD - ok
13:20:41.0281 0480  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
13:20:41.0343 0480  TermService - ok
13:20:41.0359 0480  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
13:20:41.0375 0480  Themes - ok
13:20:41.0390 0480  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
13:20:41.0468 0480  TlntSvr - ok
13:20:41.0468 0480  TosIde - ok
13:20:41.0500 0480  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
13:20:41.0578 0480  TrkWks - ok
13:20:41.0609 0480  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
13:20:41.0671 0480  Udfs - ok
13:20:41.0671 0480  ultra - ok
13:20:41.0703 0480  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
13:20:41.0765 0480  Update - ok
13:20:41.0796 0480  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:20:41.0953 0480  upnphost - ok
13:20:42.0000 0480  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
13:20:42.0140 0480  UPS - ok
13:20:42.0203 0480  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
13:20:42.0343 0480  USBAAPL - ok
13:20:42.0500 0480  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
13:20:42.0562 0480  usbaudio - ok
13:20:42.0593 0480  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:20:42.0640 0480  usbccgp - ok
13:20:42.0671 0480  [ 152EE0BAA614388273A0B9AE9C9FD5A0 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:20:42.0703 0480  usbehci - ok
13:20:42.0703 0480  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:20:42.0765 0480  usbhub - ok
13:20:42.0796 0480  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:20:42.0890 0480  usbprint - ok
13:20:42.0937 0480  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:20:43.0000 0480  usbscan - ok
13:20:43.0031 0480  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:20:43.0109 0480  USBSTOR - ok
13:20:43.0125 0480  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:20:43.0171 0480  usbuhci - ok
13:20:43.0203 0480  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
13:20:43.0265 0480  VgaSave - ok
13:20:43.0265 0480  ViaIde - ok
13:20:43.0296 0480  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
13:20:43.0359 0480  VolSnap - ok
13:20:43.0375 0480  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
13:20:43.0453 0480  VSS - ok
13:20:43.0484 0480  [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time         C:\WINDOWS\system32\w32time.dll
13:20:43.0515 0480  W32Time - ok
13:20:43.0531 0480  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:20:43.0593 0480  Wanarp - ok
13:20:43.0593 0480  WDICA - ok
13:20:43.0609 0480  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
13:20:43.0656 0480  wdmaud - ok
13:20:43.0671 0480  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
13:20:43.0750 0480  WebClient - ok
13:20:43.0828 0480  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:20:43.0906 0480  winmgmt - ok
13:20:43.0921 0480  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
13:20:43.0968 0480  WmdmPmSN - ok
13:20:44.0015 0480  [ C8A6C82F90B055149925DC7526B2D78C ] Wmi             C:\WINDOWS\System32\advapi32.dll
13:20:44.0062 0480  Wmi - ok
13:20:44.0093 0480  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:20:44.0140 0480  WmiApSrv - ok
13:20:44.0203 0480  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
13:20:44.0234 0480  WMPNetworkSvc - ok
13:20:44.0250 0480  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:20:44.0312 0480  WS2IFSL - ok
13:20:44.0328 0480  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
13:20:44.0406 0480  wscsvc - ok
13:20:44.0468 0480  [ AAE1A6FFBA2B0436E91795120F48C461 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
13:20:44.0468 0480  wuauserv - ok
13:20:44.0500 0480  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:20:44.0531 0480  WudfPf - ok
13:20:44.0531 0480  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:20:44.0546 0480  WudfRd - ok
13:20:44.0546 0480  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
13:20:44.0562 0480  WudfSvc - ok
13:20:44.0593 0480  [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
13:20:44.0640 0480  WZCSVC - ok
13:20:44.0671 0480  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
13:20:44.0718 0480  xmlprov - ok
13:20:44.0734 0480  ================ Scan global ===============================
13:20:44.0750 0480  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:20:44.0796 0480  [ 6DC05976FB5B8E1358EAC8BEDFD1FA47 ] C:\WINDOWS\system32\winsrv.dll
13:20:44.0796 0480  [ 6DC05976FB5B8E1358EAC8BEDFD1FA47 ] C:\WINDOWS\system32\winsrv.dll
13:20:44.0812 0480  [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] C:\WINDOWS\system32\services.exe
13:20:44.0812 0480  [Global] - ok
13:20:44.0812 0480  ================ Scan MBR ==================================
13:20:44.0828 0480  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:20:45.0015 0480  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:20:45.0015 0480  \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:20:45.0015 0480  ================ Scan VBR ==================================
13:20:45.0015 0480  [ 7D63B7AB67D19F309A847A03F18B51BC ] \Device\Harddisk0\DR0\Partition1
13:20:45.0015 0480  \Device\Harddisk0\DR0\Partition1 - ok
13:20:45.0015 0480  ================ Scan active images ========================
13:20:45.0015 0480  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
13:20:45.0015 0480  C:\WINDOWS\system32\drivers\intelppm.sys - ok
13:20:45.0031 0480  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\videoprt.sys - ok
13:20:45.0031 0480  [ 4C3696C1ED1A36629EBB348BF745A328 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
13:20:45.0031 0480  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
13:20:45.0031 0480  [ 101457D884E3DD4636BAEFB9B7E7D3F3 ] C:\WINDOWS\system32\drivers\l1e51x86.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\l1e51x86.sys - ok
13:20:45.0031 0480  [ 810834AA294A79B3B718EF55A6A58A48 ] C:\WINDOWS\system32\drivers\usbport.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\usbport.sys - ok
13:20:45.0031 0480  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
13:20:45.0031 0480  [ 152EE0BAA614388273A0B9AE9C9FD5A0 ] C:\WINDOWS\system32\drivers\usbehci.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\usbehci.sys - ok
13:20:45.0031 0480  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\parport.sys - ok
13:20:45.0031 0480  [ D48659BB24C48345D926ECB45C1EBDF5 ] C:\WINDOWS\system32\drivers\ASACPI.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\ASACPI.sys - ok
13:20:45.0031 0480  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] C:\WINDOWS\system32\drivers\cdrom.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\cdrom.sys - ok
13:20:45.0031 0480  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\imapi.sys - ok
13:20:45.0031 0480  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\ks.sys - ok
13:20:45.0031 0480  [ 185ADA973B5020655CEE342059A86CBB ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
13:20:45.0031 0480  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\redbook.sys - ok
13:20:45.0031 0480  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\audstub.sys - ok
13:20:45.0031 0480  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
13:20:45.0031 0480  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
13:20:45.0046 0480  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] C:\WINDOWS\system32\drivers\ndistapi.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
13:20:45.0046 0480  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
13:20:45.0046 0480  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
13:20:45.0046 0480  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\msgpc.sys - ok
13:20:45.0046 0480  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\psched.sys - ok
13:20:45.0046 0480  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\raspptp.sys - ok
13:20:45.0046 0480  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\tdi.sys - ok
13:20:45.0046 0480  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\ptilink.sys - ok
13:20:45.0046 0480  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\raspti.sys - ok
13:20:45.0046 0480  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
13:20:45.0046 0480  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
13:20:45.0046 0480  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\mouclass.sys - ok
13:20:45.0046 0480  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\swenum.sys - ok
13:20:45.0046 0480  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\termdd.sys - ok
13:20:45.0046 0480  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
13:20:45.0046 0480  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\update.sys - ok
13:20:45.0046 0480  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
13:20:45.0046 0480  C:\WINDOWS\system32\drivers\usbd.sys - ok
13:20:45.0062 0480  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\usbhub.sys - ok
13:20:45.0062 0480  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
13:20:45.0062 0480  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\drmk.sys - ok
13:20:45.0062 0480  [ AEF54BF915BF5C2ED1B856EF94E89721 ] C:\WINDOWS\system32\drivers\portcls.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\portcls.sys - ok
13:20:45.0062 0480  [ 0CACDCBBC8E6F11E2865C47BFC509848 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
13:20:45.0062 0480  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\beep.sys - ok
13:20:45.0062 0480  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
13:20:45.0062 0480  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\fdc.sys - ok
13:20:45.0062 0480  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
13:20:45.0062 0480  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
13:20:45.0062 0480  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\hidparse.sys - ok
13:20:45.0062 0480  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
13:20:45.0062 0480  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
13:20:45.0062 0480  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\null.sys - ok
13:20:45.0062 0480  [ 01E9138C7FD8CA87D07465DCE38DECB5 ] C:\WINDOWS\system32\drivers\RxFilter.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\RxFilter.sys - ok
13:20:45.0062 0480  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
13:20:45.0062 0480  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
13:20:45.0062 0480  C:\WINDOWS\system32\drivers\vga.sys - ok
13:20:45.0078 0480  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
13:20:45.0078 0480  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\msfs.sys - ok
13:20:45.0078 0480  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
13:20:45.0078 0480  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\ipsec.sys - ok
13:20:45.0078 0480  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\npfs.sys - ok
13:20:45.0078 0480  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\rasacd.sys - ok
13:20:45.0078 0480  [ 5AE1C2695F6523AD98B948F2887D8C5E ] C:\WINDOWS\system32\drivers\tcpip.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\tcpip.sys - ok
13:20:45.0078 0480  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\ipnat.sys - ok
13:20:45.0078 0480  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
13:20:45.0078 0480  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\wanarp.sys - ok
13:20:45.0078 0480  [ 38D7B715504DA4741DF35E3594FE2099 ] C:\WINDOWS\system32\drivers\afd.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\afd.sys - ok
13:20:45.0078 0480  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\netbios.sys - ok
13:20:45.0078 0480  [ 77050C6615F6EB5402F832B27FD695E0 ] C:\WINDOWS\system32\drivers\rdbss.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\rdbss.sys - ok
13:20:45.0078 0480  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\fips.sys - ok
13:20:45.0078 0480  [ FB7DFD15D760AD339837A470F0E780D3 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
13:20:45.0078 0480  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
13:20:45.0093 0480  [ 15CE4DBC22FAB90B3CA5352AF1FFF81C ] C:\WINDOWS\system32\ntdll.dll
13:20:45.0093 0480  C:\WINDOWS\system32\ntdll.dll - ok
13:20:45.0093 0480  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
13:20:45.0093 0480  C:\WINDOWS\system32\smss.exe - ok
13:20:45.0093 0480  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
13:20:45.0093 0480  C:\WINDOWS\system32\autochk.exe - ok
13:20:45.0093 0480  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
13:20:45.0093 0480  C:\WINDOWS\system32\drivers\cdfs.sys - ok
13:20:45.0093 0480  [ 362BC5AF8EAF712832C58CC13AE05750 ] C:\WINDOWS\system32\sfcfiles.dll
13:20:45.0093 0480  C:\WINDOWS\system32\sfcfiles.dll - ok
13:20:45.0093 0480  [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
13:20:45.0093 0480  C:\WINDOWS\system32\drivers\usbprint.sys - ok
13:20:45.0093 0480  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
13:20:45.0093 0480  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
13:20:45.0093 0480  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
13:20:45.0093 0480  C:\WINDOWS\system32\drivers\hidclass.sys - ok
13:20:45.0093 0480  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
13:20:45.0093 0480  C:\WINDOWS\system32\drivers\hidusb.sys - ok
13:20:45.0093 0480  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
13:20:45.0093 0480  C:\WINDOWS\system32\drivers\mouhid.sys - ok
13:20:45.0093 0480  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
13:20:45.0093 0480  C:\WINDOWS\system32\drivers\dxapi.sys - ok
13:20:45.0093 0480  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:20:45.0093 0480  C:\WINDOWS\system32\basesrv.dll - ok
13:20:45.0093 0480  [ 6100D350770A5595FBF4C96F3510BADC ] C:\WINDOWS\system32\csrsrv.dll
13:20:45.0093 0480  C:\WINDOWS\system32\csrsrv.dll - ok
13:20:45.0093 0480  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
13:20:45.0093 0480  C:\WINDOWS\system32\csrss.exe - ok
13:20:45.0093 0480  [ 1C0D6C10F3E6B8EC4938ECF2ABA862ED ] C:\WINDOWS\system32\gdi32.dll
13:20:45.0093 0480  C:\WINDOWS\system32\gdi32.dll - ok
13:20:45.0093 0480  [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
13:20:45.0093 0480  C:\WINDOWS\system32\kernel32.dll - ok
13:20:45.0093 0480  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
13:20:45.0093 0480  C:\WINDOWS\system32\watchdog.sys - ok
13:20:45.0109 0480  [ D302C0D9ADC931B598405D2C953B334B ] C:\WINDOWS\system32\win32k.sys
13:20:45.0109 0480  C:\WINDOWS\system32\win32k.sys - ok
13:20:45.0109 0480  [ 6DC05976FB5B8E1358EAC8BEDFD1FA47 ] C:\WINDOWS\system32\winsrv.dll
13:20:45.0109 0480  C:\WINDOWS\system32\winsrv.dll - ok
13:20:45.0109 0480  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
13:20:45.0109 0480  C:\WINDOWS\system32\drivers\dxg.sys - ok
13:20:45.0109 0480  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
13:20:45.0109 0480  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
13:20:45.0109 0480  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
13:20:45.0109 0480  C:\WINDOWS\system32\user32.dll - ok
13:20:45.0109 0480  [ DEF230D4BBF8B440732EBB4AF9CDC7D6 ] C:\WINDOWS\system32\nv4_disp.dll
13:20:45.0109 0480  C:\WINDOWS\system32\nv4_disp.dll - ok
13:20:45.0109 0480  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
13:20:45.0109 0480  C:\WINDOWS\system32\vga.dll - ok
13:20:45.0109 0480  [ C8A6C82F90B055149925DC7526B2D78C ] C:\WINDOWS\system32\advapi32.dll
13:20:45.0109 0480  C:\WINDOWS\system32\advapi32.dll - ok
13:20:45.0109 0480  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
13:20:45.0109 0480  C:\WINDOWS\system32\authz.dll - ok
13:20:45.0109 0480  [ 0F94F3BACEA122AFD81BBE3491888371 ] C:\WINDOWS\system32\crypt32.dll
13:20:45.0109 0480  C:\WINDOWS\system32\crypt32.dll - ok
13:20:45.0109 0480  [ 06B8485FB1DA9A552B10AB978CD1AC85 ] C:\WINDOWS\system32\msvcrt.dll
13:20:45.0109 0480  C:\WINDOWS\system32\msvcrt.dll - ok
13:20:45.0109 0480  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
13:20:45.0109 0480  C:\WINDOWS\system32\rpcrt4.dll - ok
13:20:45.0109 0480  [ 0A8D7A185B60F4C38B052824B0FC51DC ] C:\WINDOWS\system32\secur32.dll
13:20:45.0109 0480  C:\WINDOWS\system32\secur32.dll - ok
13:20:45.0109 0480  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
13:20:45.0109 0480  C:\WINDOWS\system32\winlogon.exe - ok
13:20:45.0109 0480  [ CA648BD638245EB83F971FF71B031BEC ] C:\WINDOWS\system32\imagehlp.dll
13:20:45.0109 0480  C:\WINDOWS\system32\imagehlp.dll - ok
13:20:45.0109 0480  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
13:20:45.0109 0480  C:\WINDOWS\system32\imm32.dll - ok
13:20:45.0125 0480  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
13:20:45.0125 0480  C:\WINDOWS\system32\kbdus.dll - ok
13:20:45.0125 0480  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
13:20:45.0125 0480  C:\WINDOWS\system32\msasn1.dll - ok
13:20:45.0125 0480  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
13:20:45.0125 0480  C:\WINDOWS\system32\nddeapi.dll - ok
13:20:45.0125 0480  [ 958C52EC3FC517775DCD90C94882D229 ] C:\WINDOWS\system32\netapi32.dll
13:20:45.0125 0480  C:\WINDOWS\system32\netapi32.dll - ok
13:20:45.0125 0480  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
13:20:45.0125 0480  C:\WINDOWS\system32\profmap.dll - ok
13:20:45.0125 0480  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
13:20:45.0125 0480  C:\WINDOWS\system32\psapi.dll - ok
13:20:45.0125 0480  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
13:20:45.0125 0480  C:\WINDOWS\system32\regapi.dll - ok
13:20:45.0125 0480  [ ED0CE2DEEC594778004306E3FA8CAC33 ] C:\WINDOWS\system32\setupapi.dll
13:20:45.0125 0480  C:\WINDOWS\system32\setupapi.dll - ok
13:20:45.0125 0480  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
13:20:45.0125 0480  C:\WINDOWS\system32\userenv.dll - ok
13:20:45.0125 0480  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
13:20:45.0125 0480  C:\WINDOWS\system32\version.dll - ok
13:20:45.0125 0480  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
13:20:45.0125 0480  C:\WINDOWS\system32\winsta.dll - ok
13:20:45.0125 0480  [ 3DF48B4E91F361ED22ABEB3DDE366E30 ] C:\WINDOWS\system32\wintrust.dll
13:20:45.0125 0480  C:\WINDOWS\system32\wintrust.dll - ok
13:20:45.0125 0480  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
13:20:45.0125 0480  C:\WINDOWS\system32\ws2help.dll - ok
13:20:45.0125 0480  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
13:20:45.0125 0480  C:\WINDOWS\system32\ws2_32.dll - ok
13:20:45.0125 0480  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
13:20:45.0125 0480  C:\WINDOWS\system32\comctl32.dll - ok
13:20:45.0125 0480  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
13:20:45.0125 0480  C:\WINDOWS\system32\comdlg32.dll - ok
13:20:45.0125 0480  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
13:20:45.0125 0480  C:\WINDOWS\system32\msgina.dll - ok
13:20:45.0140 0480  [ 1D604A51408D039E5692160C2DC44FF7 ] C:\WINDOWS\system32\odbc32.dll
13:20:45.0140 0480  C:\WINDOWS\system32\odbc32.dll - ok
13:20:45.0140 0480  [ 1026E80450E2CF36A3D69C0EA319EB95 ] C:\WINDOWS\system32\shell32.dll
13:20:45.0140 0480  C:\WINDOWS\system32\shell32.dll - ok
13:20:45.0140 0480  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
13:20:45.0140 0480  C:\WINDOWS\system32\shlwapi.dll - ok
13:20:45.0140 0480  [ A3336EBD2527F6EB214F4593DCF67F6C ] C:\WINDOWS\system32\sxs.dll
13:20:45.0140 0480  C:\WINDOWS\system32\sxs.dll - ok
13:20:45.0140 0480  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
13:20:45.0140 0480  C:\WINDOWS\system32\odbcint.dll - ok
13:20:45.0140 0480  [ 8D51FB47062F2A1A9EFECCEF338A4C46 ] C:\WINDOWS\system32\ole32.dll
13:20:45.0140 0480  C:\WINDOWS\system32\ole32.dll - ok
13:20:45.0140 0480  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
13:20:45.0140 0480  C:\WINDOWS\system32\sfc.dll - ok
13:20:45.0140 0480  [ DD7758DB700BD511255B064C2D9106B3 ] C:\WINDOWS\system32\sfc_os.dll
13:20:45.0140 0480  C:\WINDOWS\system32\sfc_os.dll - ok
13:20:45.0140 0480  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
13:20:45.0140 0480  C:\WINDOWS\system32\shsvcs.dll - ok
13:20:45.0140 0480  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
13:20:45.0140 0480  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
13:20:45.0140 0480  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
13:20:45.0140 0480  C:\WINDOWS\system32\apphelp.dll - ok
13:20:45.0140 0480  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
13:20:45.0140 0480  C:\WINDOWS\AppPatch\AcAdProc.dll - ok
13:20:45.0140 0480  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
13:20:45.0140 0480  C:\WINDOWS\AppPatch\AcGenral.dll - ok
13:20:45.0140 0480  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
13:20:45.0140 0480  C:\WINDOWS\system32\cryptdll.dll - ok
13:20:45.0140 0480  [ 64AA11D53A4A84CDF43370D7036517C3 ] C:\WINDOWS\system32\dnsapi.dll
13:20:45.0140 0480  C:\WINDOWS\system32\dnsapi.dll - ok
13:20:45.0140 0480  [ 5C53AEAC3FD476088E7985C842B9B048 ] C:\WINDOWS\system32\lsasrv.dll
13:20:45.0140 0480  C:\WINDOWS\system32\lsasrv.dll - ok
13:20:45.0140 0480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
13:20:45.0140 0480  C:\WINDOWS\system32\lsass.exe - ok
13:20:45.0156 0480  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
13:20:45.0156 0480  C:\WINDOWS\system32\mpr.dll - ok
13:20:45.0156 0480  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
13:20:45.0156 0480  C:\WINDOWS\system32\msvcp60.dll - ok
13:20:45.0156 0480  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
13:20:45.0156 0480  C:\WINDOWS\system32\ncobjapi.dll - ok
13:20:45.0156 0480  [ 30FE5893927F94CBBC84C2BDD0765093 ] C:\WINDOWS\system32\ntdsapi.dll
13:20:45.0156 0480  C:\WINDOWS\system32\ntdsapi.dll - ok
13:20:45.0156 0480  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
13:20:45.0156 0480  C:\WINDOWS\system32\samlib.dll - ok
13:20:45.0156 0480  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
13:20:45.0156 0480  C:\WINDOWS\system32\samsrv.dll - ok
13:20:45.0156 0480  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
13:20:45.0156 0480  C:\WINDOWS\system32\scesrv.dll - ok
13:20:45.0156 0480  [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] C:\WINDOWS\system32\services.exe
13:20:45.0156 0480  C:\WINDOWS\system32\services.exe - ok
13:20:45.0156 0480  [ FE04792B53C9633AE1E6F86B2E9C1E5A ] C:\WINDOWS\system32\shimeng.dll
13:20:45.0156 0480  C:\WINDOWS\system32\shimeng.dll - ok
13:20:45.0156 0480  [ 774619D46B04F75614261F1BE274BA5D ] C:\WINDOWS\system32\umpnpmgr.dll
13:20:45.0156 0480  C:\WINDOWS\system32\umpnpmgr.dll - ok
13:20:45.0156 0480  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
13:20:45.0156 0480  C:\WINDOWS\system32\wldap32.dll - ok
13:20:45.0156 0480  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
13:20:45.0156 0480  C:\WINDOWS\system32\msacm32.dll - ok
13:20:45.0156 0480  [ 387006CF9983000BAB76DD250D424045 ] C:\WINDOWS\system32\oleaut32.dll
13:20:45.0156 0480  C:\WINDOWS\system32\oleaut32.dll - ok
13:20:45.0156 0480  [ 88F5BE9AE5B87B82E83718F3E425E82D ] C:\WINDOWS\system32\uxtheme.dll
13:20:45.0156 0480  C:\WINDOWS\system32\uxtheme.dll - ok
13:20:45.0156 0480  [ F1300D0B4C40754A01DF16F350F0EF60 ] C:\WINDOWS\system32\winmm.dll
13:20:45.0156 0480  C:\WINDOWS\system32\winmm.dll - ok
13:20:45.0156 0480  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
13:20:45.0156 0480  C:\WINDOWS\system32\digest.dll - ok
13:20:45.0156 0480  [ 4260BDCD96976DA6F44E9CA8B2E029E5 ] C:\WINDOWS\system32\kerberos.dll
13:20:45.0156 0480  C:\WINDOWS\system32\kerberos.dll - ok
13:20:45.0171 0480  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
13:20:45.0171 0480  C:\WINDOWS\system32\msapsspc.dll - ok
13:20:45.0171 0480  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\MSCTFIME.IME
13:20:45.0171 0480  C:\WINDOWS\system32\MSCTFIME.IME - ok
13:20:45.0171 0480  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
13:20:45.0171 0480  C:\WINDOWS\system32\msnsspc.dll - ok
13:20:45.0171 0480  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
13:20:45.0171 0480  C:\WINDOWS\system32\msprivs.dll - ok
13:20:45.0171 0480  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
13:20:45.0171 0480  C:\WINDOWS\system32\msvcrt40.dll - ok
13:20:45.0171 0480  [ E04B6497B6407D2F444E86B30680DC5A ] C:\WINDOWS\system32\schannel.dll
13:20:45.0171 0480  C:\WINDOWS\system32\schannel.dll - ok
13:20:45.0171 0480  [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
13:20:45.0171 0480  C:\WINDOWS\system32\atmfd.dll - ok
13:20:45.0171 0480  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
13:20:45.0171 0480  C:\WINDOWS\system32\iphlpapi.dll - ok
13:20:45.0171 0480  [ 1C59CE39DF670CA45E3962BDA56D22CD ] C:\WINDOWS\system32\msv1_0.dll
13:20:45.0171 0480  C:\WINDOWS\system32\msv1_0.dll - ok
13:20:45.0171 0480  [ 06CF9EEDB7E827205C6948C9DAF56974 ] C:\WINDOWS\system32\netlogon.dll
13:20:45.0171 0480  C:\WINDOWS\system32\netlogon.dll - ok
13:20:45.0171 0480  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
13:20:45.0171 0480  C:\WINDOWS\system32\rsaenh.dll - ok
13:20:45.0171 0480  [ 9F8A0D0CBB2FA265A754516128C00E22 ] C:\WINDOWS\system32\w32time.dll
13:20:45.0171 0480  C:\WINDOWS\system32\w32time.dll - ok
13:20:45.0171 0480  [ D9DCEC3FA1B27689FC56E34C38D3F148 ] C:\WINDOWS\system32\wdigest.dll
13:20:45.0171 0480  C:\WINDOWS\system32\wdigest.dll - ok
13:20:45.0171 0480  [ 06E587F41466569F32BEAAC7260E8AEC ] C:\WINDOWS\system32\nwprovau.dll
13:20:45.0171 0480  C:\WINDOWS\system32\nwprovau.dll - ok
13:20:45.0171 0480  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
13:20:45.0171 0480  C:\WINDOWS\system32\winscard.dll - ok
13:20:45.0171 0480  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
13:20:45.0171 0480  C:\WINDOWS\system32\wtsapi32.dll - ok
13:20:45.0187 0480  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
13:20:45.0187 0480  C:\WINDOWS\system32\scecli.dll - ok
13:20:45.0187 0480  [ 25A4CABD197A4527A0B45559C3706302 ] C:\WINDOWS\system32\nvcpl.dll
13:20:45.0187 0480  C:\WINDOWS\system32\nvcpl.dll - ok
13:20:45.0187 0480  [ 96F1A6F0A0D4F11047DF2F5C17C87E9D ] C:\WINDOWS\system32\nvsvc32.exe
13:20:45.0187 0480  C:\WINDOWS\system32\nvsvc32.exe - ok
13:20:45.0187 0480  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
13:20:45.0187 0480  C:\WINDOWS\system32\powrprof.dll - ok
13:20:45.0187 0480  [ DFC132D3EC7900BCB21E9375A10130C8 ] C:\WINDOWS\system32\oleacc.dll
13:20:45.0187 0480  C:\WINDOWS\system32\oleacc.dll - ok
13:20:45.0187 0480  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
13:20:45.0187 0480  C:\WINDOWS\system32\winspool.drv - ok
13:20:45.0187 0480  [ 4976EC15EF790B9199ACD5539A57A09F ] C:\WINDOWS\system32\nvapi.dll
13:20:45.0187 0480  C:\WINDOWS\system32\nvapi.dll - ok
13:20:45.0187 0480  [ 89DD67EAB9AABCDDDD1F774AE1D2EDAE ] C:\WINDOWS\system32\nvdisps.dll
13:20:45.0187 0480  C:\WINDOWS\system32\nvdisps.dll - ok
13:20:45.0187 0480  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
13:20:45.0187 0480  C:\WINDOWS\system32\svchost.exe - ok
13:20:45.0187 0480  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
13:20:45.0187 0480  C:\WINDOWS\system32\ntmarta.dll - ok
13:20:45.0187 0480  [ 9222562D44021B988B9F9F62207FB6F2 ] C:\WINDOWS\system32\rpcss.dll
13:20:45.0187 0480  C:\WINDOWS\system32\rpcss.dll - ok
13:20:45.0187 0480  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
13:20:45.0187 0480  C:\WINDOWS\system32\xpsp2res.dll - ok
13:20:45.0187 0480  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
13:20:45.0187 0480  C:\WINDOWS\system32\eventlog.dll - ok
13:20:45.0187 0480  [ 0A878AA66E4DD3E2608192A1ECCD9F8F ] C:\WINDOWS\system32\hnetcfg.dll
13:20:45.0187 0480  C:\WINDOWS\system32\hnetcfg.dll - ok
13:20:45.0187 0480  [ 290C1A30DEFC723BBE10910AC2D6F6D0 ] C:\WINDOWS\system32\mswsock.dll
13:20:45.0187 0480  C:\WINDOWS\system32\mswsock.dll - ok
13:20:45.0187 0480  [ 811BB60991FC03A63F2F844A3F9C6488 ] C:\WINDOWS\system32\wshisn.dll
13:20:45.0187 0480  C:\WINDOWS\system32\wshisn.dll - ok
13:20:45.0187 0480  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
13:20:45.0187 0480  C:\WINDOWS\system32\wshtcpip.dll - ok
13:20:45.0203 0480  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
13:20:45.0203 0480  C:\WINDOWS\system32\wsock32.dll - ok
13:20:45.0203 0480  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
13:20:45.0203 0480  C:\Program Files\Bonjour\mdnsNSP.dll - ok
13:20:45.0203 0480  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
13:20:45.0203 0480  C:\WINDOWS\system32\rasadhlp.dll - ok
13:20:45.0203 0480  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
13:20:45.0203 0480  C:\WINDOWS\system32\winrnr.dll - ok
13:20:45.0203 0480  [ 8B8B1BE2DBA4025DA6786C645F77F123 ] C:\WINDOWS\system32\drivers\nwlnkipx.sys
13:20:45.0203 0480  C:\WINDOWS\system32\drivers\nwlnkipx.sys - ok
13:20:45.0203 0480  [ 56D34A67C05E94E16377C60609741FF8 ] C:\WINDOWS\system32\drivers\nwlnknb.sys
13:20:45.0203 0480  C:\WINDOWS\system32\drivers\nwlnknb.sys - ok
13:20:45.0203 0480  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
13:20:45.0203 0480  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
13:20:45.0203 0480  [ 743D7D59767073A617B1DCC6C546F234 ] C:\WINDOWS\system32\drivers\rspndr.sys
13:20:45.0203 0480  C:\WINDOWS\system32\drivers\rspndr.sys - ok
13:20:45.0203 0480  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
13:20:45.0203 0480  C:\WINDOWS\system32\atl.dll - ok
13:20:45.0203 0480  [ C51DE19619D50CBD03708647ACA10E70 ] C:\WINDOWS\system32\dhcpcsvc.dll
13:20:45.0203 0480  C:\WINDOWS\system32\dhcpcsvc.dll - ok
13:20:45.0203 0480  [ D977659AE4D8ECE5286D99D1ED34614D ] C:\WINDOWS\system32\dnsrslvr.dll
13:20:45.0203 0480  C:\WINDOWS\system32\dnsrslvr.dll - ok
13:20:45.0203 0480  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
13:20:45.0203 0480  C:\WINDOWS\system32\dot3api.dll - ok
13:20:45.0203 0480  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
13:20:45.0203 0480  C:\WINDOWS\system32\eapolqec.dll - ok
13:20:45.0203 0480  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
13:20:45.0203 0480  C:\WINDOWS\system32\esent.dll - ok
13:20:45.0203 0480  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
13:20:45.0203 0480  C:\WINDOWS\system32\qutil.dll - ok
13:20:45.0203 0480  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
13:20:45.0203 0480  C:\WINDOWS\system32\rtutils.dll - ok
13:20:45.0218 0480  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
13:20:45.0218 0480  C:\WINDOWS\system32\wmi.dll - ok
13:20:45.0218 0480  [ 349B8D2BB755E8C3B0E3E82A87663E55 ] C:\WINDOWS\system32\wzcsvc.dll
13:20:45.0218 0480  C:\WINDOWS\system32\wzcsvc.dll - ok
13:20:45.0218 0480  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
13:20:45.0218 0480  C:\WINDOWS\system32\clbcatq.dll - ok
13:20:45.0218 0480  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
13:20:45.0218 0480  C:\WINDOWS\system32\comres.dll - ok
13:20:45.0218 0480  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
13:20:45.0218 0480  C:\WINDOWS\system32\cryptui.dll - ok
13:20:45.0218 0480  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
13:20:45.0218 0480  C:\WINDOWS\system32\rastls.dll - ok
13:20:45.0218 0480  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
13:20:45.0218 0480  C:\WINDOWS\system32\activeds.dll - ok
13:20:45.0218 0480  [ 590A6247D56A8420898E6C4DE0983F5C ] C:\WINDOWS\system32\iertutil.dll
13:20:45.0218 0480  C:\WINDOWS\system32\iertutil.dll - ok
13:20:45.0218 0480  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
13:20:45.0218 0480  C:\WINDOWS\system32\mprapi.dll - ok
13:20:45.0218 0480  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
13:20:45.0218 0480  C:\WINDOWS\system32\normaliz.dll - ok
13:20:45.0218 0480  [ 5FA52D59734CEF1E2F3943D67CE37125 ] C:\WINDOWS\system32\urlmon.dll
13:20:45.0218 0480  C:\WINDOWS\system32\urlmon.dll - ok
13:20:45.0218 0480  [ F192D49EEFE297FA858B2C774BA2291D ] C:\WINDOWS\system32\wininet.dll
13:20:45.0218 0480  C:\WINDOWS\system32\wininet.dll - ok
13:20:45.0218 0480  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
13:20:45.0218 0480  C:\WINDOWS\system32\adsldpc.dll - ok
13:20:45.0218 0480  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
13:20:45.0218 0480  C:\WINDOWS\system32\rasapi32.dll - ok
13:20:45.0218 0480  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
13:20:45.0218 0480  C:\WINDOWS\system32\raschap.dll - ok
13:20:45.0218 0480  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
13:20:45.0218 0480  C:\WINDOWS\system32\rasman.dll - ok
13:20:45.0218 0480  [ 4D6C16BA8BEE975E7518DDD2B3C6C66D ] C:\WINDOWS\system32\riched20.dll
13:20:45.0218 0480  C:\WINDOWS\system32\riched20.dll - ok
13:20:45.0234 0480  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
13:20:45.0234 0480  C:\WINDOWS\system32\tapi32.dll - ok
13:20:45.0234 0480  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
13:20:45.0234 0480  C:\WINDOWS\system32\msidle.dll - ok
13:20:45.0234 0480  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
13:20:45.0234 0480  C:\WINDOWS\system32\schedsvc.dll - ok
13:20:45.0234 0480  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
13:20:45.0234 0480  C:\WINDOWS\system32\audiosrv.dll - ok
13:20:45.0234 0480  [ 36B9B950E3D2E100970A48D8BAD86740 ] C:\WINDOWS\system32\drivers\nwrdr.sys
13:20:45.0234 0480  C:\WINDOWS\system32\drivers\nwrdr.sys - ok
13:20:45.0234 0480  [ E77A74BF45361E04C1AB0E9E50C5F855 ] C:\WINDOWS\system32\nwapi32.dll
13:20:45.0234 0480  C:\WINDOWS\system32\nwapi32.dll - ok
13:20:45.0234 0480  [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] C:\WINDOWS\system32\nwwks.dll
13:20:45.0234 0480  C:\WINDOWS\system32\nwwks.dll - ok
13:20:45.0234 0480  [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] C:\WINDOWS\system32\wkssvc.dll
13:20:45.0234 0480  C:\WINDOWS\system32\wkssvc.dll - ok
13:20:45.0234 0480  [ CDE62EEFA40916E2EE7F211B8B99F938 ] C:\WINDOWS\system32\cscdll.dll
13:20:45.0234 0480  C:\WINDOWS\system32\cscdll.dll - ok
13:20:45.0234 0480  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
13:20:45.0234 0480  C:\WINDOWS\system32\dimsntfy.dll - ok
13:20:45.0234 0480  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
13:20:45.0234 0480  C:\WINDOWS\system32\wlnotify.dll - ok
13:20:45.0234 0480  [ 0A25B866933D126D1E831FD025A278C2 ] C:\WINDOWS\system32\drivers\mrxdav.sys
13:20:45.0234 0480  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
13:20:45.0234 0480  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
13:20:45.0234 0480  C:\WINDOWS\system32\webclnt.dll - ok
13:20:45.0234 0480  [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
13:20:45.0234 0480  C:\WINDOWS\system32\mpnotify.exe - ok
13:20:45.0234 0480  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
13:20:45.0234 0480  C:\WINDOWS\system32\cscui.dll - ok
13:20:45.0234 0480  [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
13:20:45.0234 0480  C:\WINDOWS\system32\dpcdll.dll - ok
13:20:45.0234 0480  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
13:20:45.0234 0480  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
13:20:45.0250 0480  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
13:20:45.0250 0480  C:\WINDOWS\system32\wdmaud.drv - ok
13:20:45.0250 0480  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
13:20:45.0250 0480  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
13:20:45.0250 0480  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
13:20:45.0250 0480  C:\WINDOWS\system32\drivers\splitter.sys - ok
13:20:45.0250 0480  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
13:20:45.0250 0480  C:\WINDOWS\system32\drivers\aec.sys - ok
13:20:45.0250 0480  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
13:20:45.0250 0480  C:\WINDOWS\system32\drivers\DMusic.sys - ok
13:20:45.0250 0480  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
13:20:45.0250 0480  C:\WINDOWS\system32\drivers\kmixer.sys - ok
13:20:45.0265 0480  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
13:20:45.0265 0480  C:\WINDOWS\system32\drivers\swmidi.sys - ok
13:20:45.0265 0480  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
13:20:45.0265 0480  C:\WINDOWS\system32\userinit.exe - ok
13:20:45.0265 0480  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
13:20:45.0265 0480  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
13:20:45.0265 0480  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
13:20:45.0265 0480  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
13:20:45.0265 0480  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
13:20:45.0265 0480  C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
13:20:45.0265 0480  [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\system32\msi.dll
13:20:45.0265 0480  C:\WINDOWS\system32\msi.dll - ok
13:20:45.0265 0480  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
13:20:45.0265 0480  C:\WINDOWS\system32\midimap.dll - ok
13:20:45.0265 0480  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
13:20:45.0265 0480  C:\WINDOWS\system32\msacm32.drv - ok
13:20:45.0265 0480  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
13:20:45.0265 0480  C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
13:20:45.0265 0480  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
13:20:45.0265 0480  C:\WINDOWS\system32\dbghelp.dll - ok
13:20:45.0265 0480  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
13:20:45.0265 0480  C:\WINDOWS\system32\mstask.dll - ok
13:20:45.0265 0480  [ 2BB75B7F548D82A099125D0C5971DE7D ] C:\WINDOWS\explorer.exe
13:20:45.0265 0480  C:\WINDOWS\explorer.exe - ok
13:20:45.0265 0480  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
13:20:45.0265 0480  C:\WINDOWS\system32\browseui.dll - ok
13:20:45.0265 0480  [ C5AFD6A152D6A8A71C3F76E6B9549E27 ] C:\WINDOWS\system32\shdocvw.dll
13:20:45.0265 0480  C:\WINDOWS\system32\shdocvw.dll - ok
13:20:45.0265 0480  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
13:20:45.0265 0480  C:\WINDOWS\system32\desk.cpl - ok
13:20:45.0265 0480  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
13:20:45.0265 0480  C:\WINDOWS\system32\msimg32.dll - ok
13:20:45.0281 0480  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
13:20:45.0281 0480  C:\WINDOWS\system32\themeui.dll - ok
13:20:45.0281 0480  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
13:20:45.0281 0480  C:\WINDOWS\system32\actxprxy.dll - ok
13:20:45.0281 0480  [ 22A978E7FE5E3B35B42C7BC7C14E2875 ] C:\WINDOWS\system32\ieframe.dll
13:20:45.0281 0480  C:\WINDOWS\system32\ieframe.dll - ok
13:20:45.0281 0480  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
13:20:45.0281 0480  C:\WINDOWS\system32\cmd.exe - ok
13:20:45.0281 0480  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\Jonathan\LOCALS~1\temp\740EF0F0-81C1-4EA7-81A7-F0B7339955E8.exe
13:20:45.0281 0480  C:\DOCUME~1\Jonathan\LOCALS~1\temp\740EF0F0-81C1-4EA7-81A7-F0B7339955E8.exe - ok
13:20:45.0281 0480  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
13:20:45.0281 0480  C:\WINDOWS\system32\ntshrui.dll - ok
13:20:45.0281 0480  [ 8C77ECF3C7DCBB926312B7ECED6ECA75 ] C:\WINDOWS\system32\winhttp.dll
13:20:45.0281 0480  C:\WINDOWS\system32\winhttp.dll - ok
13:20:45.0281 0480  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
13:20:45.0281 0480  C:\WINDOWS\system32\verclsid.exe - ok
13:20:45.0281 0480  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
13:20:45.0281 0480  C:\WINDOWS\system32\linkinfo.dll - ok
13:20:45.0281 0480  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
13:20:45.0281 0480  C:\WINDOWS\system32\credui.dll - ok
13:20:45.0281 0480  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
13:20:45.0281 0480  C:\WINDOWS\system32\dot3dlg.dll - ok
13:20:45.0281 0480  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
13:20:45.0281 0480  C:\WINDOWS\system32\netshell.dll - ok
13:20:45.0281 0480  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
13:20:45.0281 0480  C:\WINDOWS\system32\onex.dll - ok
13:20:45.0281 0480  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
13:20:45.0281 0480  C:\WINDOWS\system32\eappcfg.dll - ok
13:20:45.0281 0480  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
13:20:45.0281 0480  C:\WINDOWS\system32\eappprxy.dll - ok
13:20:45.0281 0480  [ 82CC8F77E9EC61C6B4D48DD4D5CA78E7 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:20:45.0281 0480  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
13:20:45.0281 0480  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
13:20:45.0281 0480  C:\WINDOWS\system32\rundll32.exe - ok
13:20:45.0296 0480  [ 60C079CB2150760263D1FE5FF6218961 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
13:20:45.0296 0480  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
13:20:45.0296 0480  [ 916A2C4EB028604783FD5EA169236C1D ] C:\Program Files\QuickTime\QTTask.exe
13:20:45.0296 0480  C:\Program Files\QuickTime\QTTask.exe - ok
13:20:45.0296 0480  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
13:20:45.0296 0480  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
13:20:45.0296 0480  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
13:20:45.0296 0480  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
13:20:45.0296 0480  [ 5F3347EBA403EE64780980A5BAF10304 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
13:20:45.0296 0480  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
13:20:45.0296 0480  [ 09B7E7CD6F202247B3CF2306108589C2 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
13:20:45.0296 0480  C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
13:20:45.0296 0480  [ FD86C605FD7AD4A41C01EC7A4A1E1C5D ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
13:20:45.0296 0480  C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
13:20:45.0296 0480  [ 32D78DCABFB942275E01363D5232C77D ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
13:20:45.0296 0480  C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
13:20:45.0296 0480  [ DF1C1CD0C7EE95CC00D71E9E415E7BCD ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
13:20:45.0296 0480  C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
13:20:45.0296 0480  [ D339D7F6E52AECCA9C0898CB547B2902 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
13:20:45.0296 0480  C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
13:20:45.0296 0480  [ 4AFFDCAADCB1DBBFFAF06C7F82E7F6FC ] C:\Program Files\iTunes\iTunesHelper.exe
13:20:45.0296 0480  C:\Program Files\iTunes\iTunesHelper.exe - ok
13:20:45.0296 0480  [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
13:20:45.0296 0480  C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
13:20:45.0296 0480  [ A3609397EF273B03295DBB10274BE12C ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
13:20:45.0296 0480  C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
13:20:45.0296 0480  [ 7B845BFE314509D08AB5865CB141E332 ] C:\Program Files\iTunes\iTunesHelper.dll
13:20:45.0296 0480  C:\Program Files\iTunes\iTunesHelper.dll - ok
13:20:45.0296 0480  [ D63797E8E7781EE1500A810CB6194FA6 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
13:20:45.0296 0480  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
13:20:45.0296 0480  [ A1B303E029EE731119B1D985677FFAD2 ] C:\Program Files\Ask.com\Updater\Updater.exe
13:20:45.0296 0480  C:\Program Files\Ask.com\Updater\Updater.exe - ok
13:20:45.0312 0480  [ BA02F01BE7ED88E8974C798ACB3075F5 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
13:20:45.0312 0480  C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
13:20:45.0312 0480  [ 33D9B7BB7BA323BAFE489DF033DAC824 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
13:20:45.0312 0480  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll - ok
13:20:45.0312 0480  [ 5CEDF292F4573A1F36CC7DE598ECCFC7 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
13:20:45.0312 0480  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
13:20:45.0312 0480  [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
13:20:45.0312 0480  C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
13:20:45.0312 0480  [ 9DEE004269DADEE715BD572410AA6076 ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
13:20:45.0312 0480  C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
13:20:45.0312 0480  [ A7146C0C90D7BA0F251AC073E655D4D2 ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
13:20:45.0312 0480  C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
13:20:45.0312 0480  [ 18301B40411B2108076AB685B4E4B6DC ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
13:20:45.0312 0480  C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
13:20:45.0312 0480  [ C28FD3B37B6F18751C99E6022A2A9782 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
13:20:45.0312 0480  C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
13:20:45.0312 0480  [ A56CCBBFCCEDCE2FD9C69FED24E035E3 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
13:20:45.0312 0480  C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
13:20:45.0312 0480  [ 81FA5BF5C6FB46E58FDD5CA43F5ECF92 ] C:\WINDOWS\system32\msxml3.dll
13:20:45.0312 0480  C:\WINDOWS\system32\msxml3.dll - ok
13:20:45.0312 0480  [ AB781C0E4C09E08F464081D17C0F6184 ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
13:20:45.0312 0480  C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
13:20:45.0312 0480  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\10119658.sys
13:20:45.0312 0480  C:\WINDOWS\system32\drivers\10119658.sys - ok
13:20:45.0312 0480  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
13:20:45.0312 0480  C:\WINDOWS\system32\drivers\parvdm.sys - ok
13:20:45.0312 0480  [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:20:45.0312 0480  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
13:20:45.0312 0480  [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\WINDOWS\system32\dnssd.dll
13:20:45.0312 0480  C:\WINDOWS\system32\dnssd.dll - ok
13:20:45.0312 0480  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
13:20:45.0312 0480  C:\Program Files\Bonjour\mDNSResponder.exe - ok
13:20:45.0312 0480  [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
13:20:45.0312 0480  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
13:20:45.0328 0480  [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
13:20:45.0328 0480  C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
13:20:45.0328 0480  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
13:20:45.0328 0480  C:\WINDOWS\system32\certcli.dll - ok
13:20:45.0328 0480  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
13:20:45.0328 0480  C:\WINDOWS\system32\cryptsvc.dll - ok
13:20:45.0328 0480  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
13:20:45.0328 0480  C:\WINDOWS\system32\dmserver.dll - ok
13:20:45.0328 0480  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
13:20:45.0328 0480  C:\WINDOWS\system32\ersvc.dll - ok
13:20:45.0328 0480  [ 072E7FE333BB59ACE1BD7CB9C93FC5D9 ] C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
13:20:45.0328 0480  C:\Program Files\Flip Video\FlipShare\FlipShareService.exe - ok
13:20:45.0328 0480  [ CE9ED72784CCB29AD745EB7651BF7B54 ] C:\Program Files\Flip Video\FlipShare\QtCore4.dll
13:20:45.0328 0480  C:\Program Files\Flip Video\FlipShare\QtCore4.dll - ok
13:20:45.0328 0480  [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] C:\WINDOWS\system32\es.dll
13:20:45.0328 0480  C:\WINDOWS\system32\es.dll - ok
13:20:45.0328 0480  [ 7FEB1788A6855C5EFC55FC4500B345B4 ] C:\Program Files\Flip Video\FlipShare\Core.dll
13:20:45.0328 0480  C:\Program Files\Flip Video\FlipShare\Core.dll - ok
13:20:45.0328 0480  [ 4A35AFCC8F8F30BD1EB5DAE95B42560E ] C:\Program Files\Flip Video\FlipShare\qca2.dll
13:20:45.0328 0480  C:\Program Files\Flip Video\FlipShare\qca2.dll - ok
13:20:45.0328 0480  [ E0873594C5A39E3EE21C89A620CFEB6D ] C:\Program Files\Flip Video\FlipShare\QtGui4.dll
13:20:45.0328 0480  C:\Program Files\Flip Video\FlipShare\QtGui4.dll - ok
13:20:45.0328 0480  [ 569EFB7717DD8F935990853427752A77 ] C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
13:20:45.0328 0480  C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll - ok
13:20:45.0328 0480  [ 7652FF8A01F263B9E012FC6E286823A3 ] C:\Program Files\Flip Video\FlipShare\QtSql4.dll
13:20:45.0328 0480  C:\Program Files\Flip Video\FlipShare\QtSql4.dll - ok
13:20:45.0328 0480  [ 32147B7D865525319420046A789128F3 ] C:\Program Files\Flip Video\FlipShare\QtXml4.dll
13:20:45.0328 0480  C:\Program Files\Flip Video\FlipShare\QtXml4.dll - ok
13:20:45.0328 0480  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
13:20:45.0328 0480  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
13:20:45.0328 0480  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
13:20:45.0328 0480  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
13:20:45.0328 0480  [ 5739F2821D49975CEDE6BF0153D0CF01 ] C:\Program Files\Java\jre7\bin\jqs.exe
13:20:45.0328 0480  C:\Program Files\Java\jre7\bin\jqs.exe - ok
13:20:45.0343 0480  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
13:20:45.0343 0480  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
13:20:45.0343 0480  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
13:20:45.0343 0480  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
13:20:45.0343 0480  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
13:20:45.0343 0480  C:\WINDOWS\system32\hid.dll - ok
13:20:45.0343 0480  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
13:20:45.0343 0480  C:\WINDOWS\system32\hidserv.dll - ok
13:20:45.0343 0480  [ 1287B4AB3B6A91FD743E9C483EF9B874 ] C:\WINDOWS\system32\odbcbcp.dll
13:20:45.0343 0480  C:\WINDOWS\system32\odbcbcp.dll - ok
13:20:45.0343 0480  [ 054BD21220B8A99B7E8F32B2FBCBDFDB ] C:\WINDOWS\system32\pdh.dll
13:20:45.0343 0480  C:\WINDOWS\system32\pdh.dll - ok
13:20:45.0343 0480  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] C:\WINDOWS\system32\drivers\nwlnkspx.sys
13:20:45.0343 0480  C:\WINDOWS\system32\drivers\nwlnkspx.sys - ok
13:20:45.0343 0480  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
13:20:45.0343 0480  C:\WINDOWS\system32\ipsecsvc.dll - ok
13:20:45.0343 0480  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
13:20:45.0343 0480  C:\WINDOWS\system32\netmsg.dll - ok
13:20:45.0343 0480  [ 7EADBA6D371C60CCA9E4DB57C28C8045 ] C:\WINDOWS\system32\oakley.dll
13:20:45.0343 0480  C:\WINDOWS\system32\oakley.dll - ok
13:20:45.0343 0480  [ 3695B8D03745B2F8022B161238347A9D ] C:\WINDOWS\system32\srvsvc.dll
13:20:45.0343 0480  C:\WINDOWS\system32\srvsvc.dll - ok
13:20:45.0343 0480  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
13:20:45.0343 0480  C:\WINDOWS\system32\winipsec.dll - ok
13:20:45.0343 0480  [ 9B390283569EA58D43D2586032B892F5 ] C:\WINDOWS\system32\drivers\srv.sys
13:20:45.0343 0480  C:\WINDOWS\system32\drivers\srv.sys - ok
13:20:45.0343 0480  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
13:20:45.0343 0480  C:\WINDOWS\system32\dssenh.dll - ok
13:20:45.0343 0480  [ 9C300A0CA0A6CBD50D22B3D725EDEA30 ] C:\WINDOWS\system32\psbase.dll
13:20:45.0343 0480  C:\WINDOWS\system32\psbase.dll - ok
13:20:45.0343 0480  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
13:20:45.0343 0480  C:\WINDOWS\system32\pstorsvc.dll - ok
13:20:45.0343 0480  [ AAED593F84AFA419BBAE8572AF87CF6A ] C:\WINDOWS\system32\locator.exe
13:20:45.0359 0480  C:\WINDOWS\system32\locator.exe - ok
13:20:45.0359 0480  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
13:20:45.0359 0480  C:\WINDOWS\system32\regsvc.dll - ok
13:20:45.0359 0480  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
13:20:45.0359 0480  C:\WINDOWS\system32\seclogon.dll - ok
13:20:45.0359 0480  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
13:20:45.0359 0480  C:\WINDOWS\system32\sens.dll - ok
13:20:45.0359 0480  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
13:20:45.0359 0480  C:\WINDOWS\system32\perfdisk.dll - ok
13:20:45.0359 0480  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
13:20:45.0359 0480  C:\WINDOWS\system32\perfos.dll - ok
13:20:45.0359 0480  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
13:20:45.0359 0480  C:\WINDOWS\system32\mlang.dll - ok
13:20:45.0359 0480  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
13:20:45.0359 0480  C:\WINDOWS\system32\sensapi.dll - ok
13:20:45.0359 0480  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
13:20:45.0359 0480  C:\WINDOWS\system32\webcheck.dll - ok
13:20:45.0359 0480  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\wpdshserviceobj.dll
13:20:45.0359 0480  C:\WINDOWS\system32\wpdshserviceobj.dll - ok
13:20:45.0359 0480  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
13:20:45.0359 0480  C:\WINDOWS\system32\mydocs.dll - ok
13:20:45.0359 0480  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
13:20:45.0359 0480  C:\WINDOWS\system32\batmeter.dll - ok
13:20:45.0359 0480  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\portabledevicetypes.dll
13:20:45.0359 0480  C:\WINDOWS\system32\portabledevicetypes.dll - ok
13:20:45.0359 0480  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
13:20:45.0359 0480  C:\WINDOWS\system32\stobject.dll - ok
13:20:45.0359 0480  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\portabledeviceapi.dll
13:20:45.0359 0480  C:\WINDOWS\system32\portabledeviceapi.dll - ok
13:20:45.0359 0480  [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] C:\WINDOWS\system32\ipnathlp.dll
13:20:45.0359 0480  C:\WINDOWS\system32\ipnathlp.dll - ok
13:20:45.0359 0480  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
13:20:45.0359 0480  C:\WINDOWS\system32\srsvc.dll - ok
13:20:45.0375 0480  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
13:20:45.0375 0480  C:\WINDOWS\system32\cfgmgr32.dll - ok
13:20:45.0375 0480  [ 7ED9AF3E29A3F6A22B7B039CDE5E7D32 ] C:\WINDOWS\system32\mscms.dll
13:20:45.0375 0480  C:\WINDOWS\system32\mscms.dll - ok
13:20:45.0375 0480  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
13:20:45.0375 0480  C:\WINDOWS\system32\trkwks.dll - ok
13:20:45.0375 0480  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
13:20:45.0375 0480  C:\WINDOWS\system32\wiaservc.dll - ok
13:20:45.0375 0480  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
13:20:45.0375 0480  C:\WINDOWS\system32\vssapi.dll - ok
13:20:45.0375 0480  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
13:20:45.0375 0480  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
13:20:45.0375 0480  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
13:20:45.0375 0480  C:\WINDOWS\system32\cabinet.dll - ok
13:20:45.0375 0480  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
13:20:45.0375 0480  C:\WINDOWS\system32\mspatcha.dll - ok
13:20:45.0375 0480  [ 6298277B73C77FA99106B271A7525163 ] C:\WINDOWS\system32\wuaueng.dll
13:20:45.0375 0480  C:\WINDOWS\system32\wuaueng.dll - ok
13:20:45.0375 0480  [ AAE1A6FFBA2B0436E91795120F48C461 ] C:\WINDOWS\system32\wuauserv.dll
13:20:45.0375 0480  C:\WINDOWS\system32\wuauserv.dll - ok
13:20:45.0375 0480  [ A06CE3399D16DB864F55FAEB1F1927A9 ] C:\WINDOWS\system32\browser.dll
13:20:45.0375 0480  C:\WINDOWS\system32\browser.dll - ok
13:20:45.0375 0480  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
13:20:45.0375 0480  C:\WINDOWS\system32\wscsvc.dll - ok
13:20:45.0375 0480  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
13:20:45.0375 0480  C:\WINDOWS\system32\comsvcs.dll - ok
13:20:45.0375 0480  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
13:20:45.0375 0480  C:\WINDOWS\system32\wbem\esscli.dll - ok
13:20:45.0375 0480  [ 600519339671DCFA3DD20216A19817BB ] C:\WINDOWS\system32\wbem\fastprox.dll
13:20:45.0375 0480  C:\WINDOWS\system32\wbem\fastprox.dll - ok
13:20:45.0375 0480  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
13:20:45.0375 0480  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
13:20:45.0375 0480  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
13:20:45.0375 0480  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
13:20:45.0390 0480  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
13:20:45.0390 0480  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
13:20:45.0390 0480  [ 1D326842006C4BE77ECD848CF89F01AB ] C:\WINDOWS\system32\wups.dll
13:20:45.0390 0480  C:\WINDOWS\system32\wups.dll - ok
13:20:45.0390 0480  [ 5BD1234E11B39C63BBA87022AF6D43C2 ] C:\WINDOWS\system32\wups2.dll
13:20:45.0390 0480  C:\WINDOWS\system32\wups2.dll - ok
13:20:45.0390 0480  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
13:20:45.0390 0480  C:\WINDOWS\system32\clusapi.dll - ok
13:20:45.0390 0480  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
13:20:45.0390 0480  C:\WINDOWS\system32\colbact.dll - ok
13:20:45.0390 0480  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
13:20:45.0390 0480  C:\WINDOWS\system32\mtxclu.dll - ok
13:20:45.0390 0480  [ 2B8B64AA14F817BDF3E3204FB041A61D ] C:\WINDOWS\system32\mtxoci.dll
13:20:45.0390 0480  C:\WINDOWS\system32\mtxoci.dll - ok
13:20:45.0390 0480  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
13:20:45.0390 0480  C:\WINDOWS\system32\resutils.dll - ok
13:20:45.0390 0480  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
13:20:45.0390 0480  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
13:20:45.0390 0480  [ A688715EE6D068140180BD16B9A95150 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
13:20:45.0390 0480  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
13:20:45.0390 0480  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
13:20:45.0390 0480  C:\WINDOWS\system32\wbem\wbemess.dll - ok
13:20:45.0390 0480  [ 62BB79160F86CD962F312C68C6239BFD ] C:\WINDOWS\system32\wuauclt.exe
13:20:45.0390 0480  C:\WINDOWS\system32\wuauclt.exe - ok
13:20:45.0390 0480  [ 009758CC06B7F55B4A4D16A66E243C24 ] C:\WINDOWS\system32\wuapi.dll
13:20:45.0390 0480  C:\WINDOWS\system32\wuapi.dll - ok
13:20:45.0390 0480  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
13:20:45.0390 0480  C:\WINDOWS\system32\wbem\ncprov.dll - ok
13:20:45.0390 0480  [ D1E73B6F78DF0AA59B9F160F7B84377F ] C:\Program Files\Java\jre7\bin\awt.dll
13:20:45.0390 0480  C:\Program Files\Java\jre7\bin\awt.dll - ok
13:20:45.0390 0480  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
13:20:45.0390 0480  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
13:20:45.0390 0480  ============================================================
13:20:45.0390 0480  Scan finished
13:20:45.0390 0480  ============================================================
13:20:45.0515 0320  Detected object count: 8
13:20:45.0515 0320  Actual detected object count: 8
13:20:47.0875 0320  drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:47.0875 0320  drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:20:47.0875 0320  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:47.0875 0320  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:20:47.0875 0320  nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:47.0875 0320  nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:20:47.0875 0320  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:47.0875 0320  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:20:47.0875 0320  RoxMediaDB ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:47.0875 0320  RoxMediaDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:20:47.0875 0320  RxFilter ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:47.0875 0320  RxFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:20:47.0875 0320  Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:47.0875 0320  Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:20:47.0890 0320  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:20:47.0890 0320  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 


#15 Jonotron

Jonotron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 05 May 2013 - 02:48 PM

No malware was found with MBAR, so no report was filed. Computer is running fine: no ads, sound is find, and internet is faster. Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users