Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Troubles - Newbie Needs Help


  • This topic is locked This topic is locked
35 replies to this topic

#1 Brett998866

Brett998866

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 14 May 2013 - 09:16 PM

Hello esteemed board leaders.  I am in some desperate times with my computer and before I do any damage to it myself, I thought I would ask for your help.  My virus scan, MS Security Essentials found a virus but the MSE seems to have since been corrupted.  The icon no longer appers in the System tray and I am getting quite a lot of odd behavior on my pc.  Per the instructions, my 2 DSS logs are below.  Thank you in advance.

 

Brett

 

DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by HP_Owner at 22:09:45 on 2013-05-14
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3006.1988 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\Seagate_Media\Sync\MediaAggreService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Get Lyrics: {AF5B5C22-498A-4239-9A51-82BDD99C6A44} - c:\program files\getlyrics\getlrcs.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FreeAgentTheaterTrayIcon] "c:\program files\seagate\seagate_media\agrregationstatus\StxMediaMenuMgr.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342049118609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342390427375
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{570E448B-2E37-41F3-A83B-0C076AA62518} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{80443072-5384-4D29-A197-604ECE8884D8} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-6-15 24328]
R2 FreeAgentTheater Service;Seagate Media;c:\program files\seagate\seagate_media\sync\MediaAggreService.exe [2012-12-20 237248]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2013-2-23 45288]
S0 ruek;ruek;c:\windows\system32\drivers\pxvqk.sys --> c:\windows\system32\drivers\pxvqk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;\??\c:\documents and settings\hp_owner\desktop\aida64extreme250\kerneld.x32 --> c:\documents and settings\hp_owner\desktop\aida64extreme250\kerneld.x32 [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S4 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\mapsga~2\bar\1.bin\39barsvc.exe --> c:\progra~1\mapsga~2\bar\1.bin\39barsvc.exe [?]
.
=============== Created Last 30 ================
.
2013-05-15 01:08:17 16792 ----a-w- C:\FixitRegBackup.reg
2013-05-14 04:06:39 98816 ----a-w- c:\windows\sed.exe
2013-05-14 04:06:39 256000 ----a-w- c:\windows\PEV.exe
2013-05-14 04:06:39 208896 ----a-w- c:\windows\MBR.exe
2013-05-14 03:58:07 526 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-28 00:19:03 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-04-28 00:19:03 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2013-04-28 00:19:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-04-28 00:18:59 -------- d-----w- c:\program files\PDFCreator
2013-04-27 23:13:16 -------- d-----w- c:\program files\Free Download Manager
2013-04-27 23:11:32 -------- d-----w- c:\program files\GetLyrics
2013-04-27 23:10:31 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\Updater12555
2013-04-27 23:09:31 -------- d-----w- c:\documents and settings\hp_owner\application data\Strongvault
2013-04-27 23:08:11 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-04-27 23:07:58 -------- d-----w- c:\documents and settings\all users\application data\Strongvault Online Backup
2013-04-27 23:07:33 -------- d-----w- C:\AI_RecycleBin
2013-04-27 23:03:21 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\CRE
2013-04-27 23:01:04 -------- d-----w- c:\program files\xVidly
2013-04-27 22:56:45 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2013-04-27 22:56:45 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-04-27 22:56:45 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2013-04-27 22:56:45 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2013-04-27 22:56:45 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2013-04-27 22:56:44 -------- d-----w- c:\documents and settings\hp_owner\application data\TFP
2013-04-27 22:55:37 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\Torch
.
==================== Find3M  ====================
.
2013-05-13 21:28:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 21:28:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 22:03:31 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-04-12 22:03:31 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-04-12 22:03:04 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-10 00:09:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 00:09:35 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-10 00:09:33 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-10 00:09:33 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 22:09:52.76 ===============
 

Attach.txt LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/22/2012 5:36:07 PM
System Uptime: 5/14/2013 8:08:31 PM (2 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | NODUSM3
Processor: AMD Athlon™ 64 Processor 3500+ | Socket AM2  | 1784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 80.05 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.518 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP327: 5/9/2013 4:28:13 PM - System Checkpoint
RP328: 5/9/2013 4:47:14 PM - Software Distribution Service 3.0
RP329: 5/9/2013 4:51:45 PM - System Checkpoint
RP330: 5/10/2013 4:49:09 PM - Software Distribution Service 3.0
RP331: 5/11/2013 4:49:22 PM - Software Distribution Service 3.0
RP332: 5/12/2013 5:01:26 PM - System Checkpoint
RP333: 5/13/2013 9:48:08 AM - Software Distribution Service 3.0
RP334: 5/14/2013 9:08:13 PM - Installed Microsoft Fix it 50535
.
==== Installed Programs ======================
.
Adobe Acrobat 6.0 Standard
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BroadJump Client Foundation
BufferChm
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
Diablo II
Diablo III
Easy Internet Sign-up
ESET Online Scanner v3
eSupportQFolder
F300
F300_Help
Fax_CDA
FileHippo.com Update Checker
Free Download Manager 3.9.2
FullDPAppQFolder
Get Lyrics
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareAlert
InstantShareDevices
InstantShareDevicesMFC
iTunes
Java 7 Update 17
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
MapsGalaxy Toolbar
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 8.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2006
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Netscape Browser (remove only)
NewCopy_CDA
NVIDIA Control Panel 301.42
NVIDIA Drivers
NVIDIA Install Application
NVIDIA nView 136.27
NVIDIA Update 1.8.15
NVIDIA Update Components
OptionalContentQFolder
PDFCreator
PhotoGallery
Picture Package Music Transfer
Plants vs. Zombies™
ProductContextNPI
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
ROBLOX Player for HP_Owner
ROBLOX Studio 2013 for HP_Owner
Scan
ScannerCopy
Seagate Media Software
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SkinsHP1
SlideShow
SlideShowMusic
SolutionCenter
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sony Picture Utility
SpywareBlaster 4.6
Status
Toolbox
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Installer for WildTangent Games App
Updates from HP (remove only)
VideoConverter
WebFldrs XP
WebReg
WildTangent Games App (HP Games)
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Service Pack 3
Wizard101
WOT for Internet Explorer
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
5/9/2013 4:28:07 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'imageio609 .. 699452.tmp' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
5/8/2013 6:46:24 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'stats_samj .. unsent.tmp' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
5/14/2013 7:17:38 AM, error: Service Control Manager [7034]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).
5/14/2013 7:03:03 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/13/2013 9:57:39 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdK8 Fips MpFilter
5/13/2013 9:56:21 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/13/2013 9:50:07 PM, error: Service Control Manager [7034]  - The Search Protect by Conduit Updater service terminated unexpectedly.  It has done this 1 time(s).
5/13/2013 9:50:07 PM, error: Service Control Manager [7034]  - The Seagate Media service terminated unexpectedly.  It has done this 1 time(s).
5/13/2013 9:50:07 PM, error: Service Control Manager [7034]  - The McciCMService service terminated unexpectedly.  It has done this 1 time(s).
5/13/2013 9:50:07 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
5/13/2013 9:50:07 PM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
5/13/2013 9:50:07 PM, error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
5/13/2013 9:50:07 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/13/2013 9:08:53 PM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
5/13/2013 9:02:18 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
5/13/2013 10:43:54 AM, error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The file can not be accessed by the system.
5/13/2013 10:43:39 AM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
5/13/2013 10:15:05 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================
 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 14 May 2013 - 09:21 PM


Hello Brett998866

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 14 May 2013 - 09:40 PM

Thanks Gringo.  Below are the logs you requested. 

 

ADWCLEANER:

# AdwCleaner v2.300 - Logfile created 05/14/2013 at 22:24:57
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Owner - YOUNGSPC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Owner\My Documents\av\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21345 octets] - [13/05/2013 23:57:45]
AdwCleaner[S1].txt - [21736 octets] - [13/05/2013 23:58:01]
AdwCleaner[S2].txt - [1605 octets] - [14/05/2013 22:24:57]

########## EOF - C:\AdwCleaner[S2].txt - [1665 octets] ##########

 

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by HP_Owner on Tue 05/14/2013 at 22:30:58.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] mapsgalaxy_39service
Successfully deleted: [Service] mapsgalaxy_39service

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{17EFF792-398A-4D7C-9183-5C6AEFF90ADB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{293BFB61-4A09-496D-B0F2-B675533CCADC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9EDCC2A0-B2BE-4F3B-AEA2-1C0B8319890C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B2BA2C63-78AC-4222-A39E-86910945F011}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc optimizer pro"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Owner\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Owner\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Program Files\infoatoms"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"

 

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/14/2013 at 22:33:12.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 14 May 2013 - 09:41 PM

Sorry Gringo...The post came out very small...Let me try again.

 

ADW Cleaner LOG:

# AdwCleaner v2.300 - Logfile created 05/14/2013 at 22:24:57
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Owner - YOUNGSPC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Owner\My Documents\av\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21345 octets] - [13/05/2013 23:57:45]
AdwCleaner[S1].txt - [21736 octets] - [13/05/2013 23:58:01]
AdwCleaner[S2].txt - [1605 octets] - [14/05/2013 22:24:57]

########## EOF - C:\AdwCleaner[S2].txt - [1665 octets] ##########

 

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by HP_Owner on Tue 05/14/2013 at 22:30:58.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] mapsgalaxy_39service
Successfully deleted: [Service] mapsgalaxy_39service

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{17EFF792-398A-4D7C-9183-5C6AEFF90ADB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{293BFB61-4A09-496D-B0F2-B675533CCADC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9EDCC2A0-B2BE-4F3B-AEA2-1C0B8319890C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B2BA2C63-78AC-4222-A39E-86910945F011}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc optimizer pro"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Owner\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Owner\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Program Files\infoatoms"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"

 

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/14/2013 at 22:33:12.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 14 May 2013 - 09:47 PM


Hello Brett998866

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 14 May 2013 - 10:10 PM

Gringo,

 

Below is the ComboFix log.

 

ComboFix 13-05-14.01 - HP_Owner 05/14/2013  22:54:55.6.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3006.2511 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\My Documents\av\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\temp\IadHide5.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-15 to 2013-05-15  )))))))))))))))))))))))))))))))
.
.
2013-05-15 02:30 . 2013-05-15 02:30 -------- d-----w- c:\windows\ERUNT
2013-05-15 02:30 . 2013-05-15 02:30 -------- d-----w- C:\JRT
2013-05-15 01:08 . 2013-05-15 01:08 16792 ----a-w- C:\FixitRegBackup.reg
2013-05-14 01:51 . 2013-05-14 01:51 -------- d-----w- c:\documents and settings\UpdatusUser\Application Data\Apple Computer
2013-05-14 00:27 . 2013-05-14 00:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2013-04-28 00:19 . 2001-10-28 20:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2013-04-28 00:19 . 1998-06-24 04:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-04-28 00:19 . 1998-07-06 04:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-04-28 00:18 . 2013-04-28 00:19 -------- d-----w- c:\program files\PDFCreator
2013-04-27 23:13 . 2013-04-27 23:14 -------- d-----w- c:\program files\Free Download Manager
2013-04-27 23:11 . 2013-04-27 23:11 -------- d-----w- c:\program files\GetLyrics
2013-04-27 23:10 . 2013-04-27 23:10 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Updater12555
2013-04-27 23:03 . 2013-04-28 00:15 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\CRE
2013-04-27 23:01 . 2013-04-27 23:14 -------- d-----w- c:\program files\xVidly
2013-04-27 22:56 . 2012-05-11 19:47 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2013-04-27 22:56 . 2012-05-11 19:47 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-04-27 22:56 . 2012-05-11 19:47 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2013-04-27 22:56 . 2012-05-11 19:47 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2013-04-27 22:56 . 2012-05-11 19:47 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2013-04-27 22:56 . 2013-04-27 22:56 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\TFP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-13 21:28 . 2012-05-28 14:54 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-13 21:28 . 2012-03-03 22:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2012-01-23 04:11 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 18:50 . 2012-01-23 03:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-10 00:09 . 2013-03-10 00:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 00:09 . 2013-03-10 00:10 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-10 00:09 . 2012-07-15 17:55 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-10 00:09 . 2012-01-23 04:22 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-04 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2004-08-04 11:00 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 11:00 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 11:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-04 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{AF5B5C22-498A-4239-9A51-82BDD99C6A44}]
2013-04-25 10:36 127488 ----a-w- c:\program files\GetLyrics\getlrcs.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-27 180269]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"FreeAgentTheaterTrayIcon"="c:\program files\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe" [2012-12-20 177344]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
.
c:\documents and settings\UpdatusUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
.
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2012-12-24 385024]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2007-1-27 36903]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
.
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [6/15/2012 9:59 PM 24328]
R2 FreeAgentTheater Service;Seagate Media;c:\program files\Seagate\Seagate_Media\Sync\MediaAggreService.exe [12/20/2012 4:13 PM 237248]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2/23/2013 10:20 PM 45288]
S0 ruek;ruek;c:\windows\system32\drivers\pxvqk.sys --> c:\windows\system32\drivers\pxvqk.sys [?]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;\??\c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 --> c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 [?]
S4 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 1:59 PM 206072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 08:51 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 21:28]
.
2013-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-05-15 c:\windows\Tasks\Get Lyrics Update.job
- c:\program files\GetLyrics\GetLyricsUPD.exe [2013-04-25 10:36]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:14]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:14]
.
2013-05-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2013-05-15 c:\windows\Tasks\User_Feed_Synchronization-{C133C753-E9D3-4FD9-A743-3F3603EC1EC1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-14 23:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIDA64Driver]
"ImagePath"="\??\c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Common Files\Apple\Mobile Device Support\SyncServer.exe
.
**************************************************************************
.
Completion time: 2013-05-14  23:07:27 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-15 03:07
ComboFix2.txt  2013-05-14 11:28
ComboFix3.txt  2013-05-14 04:15
.
Pre-Run: 85,933,101,056 bytes free
Post-Run: 85,943,144,448 bytes free
.
- - End Of File - - BF2568037418011C5F5C0194FCCA3C7B
 



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 14 May 2013 - 10:32 PM


Hello Brett998866

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\GetLyrics
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 14 May 2013 - 10:51 PM

Gringo,

 

The new log is below.  You asked how the computer is doing.  Let me describe briefly 2 issues.  I tried all of this before contacting you, so have done nothing other than what you have instructed me to do since I posted my initial post. 

 

1.)  I was running MS Security Essentials.  I believe it is corrupted or impacted by some virus.  I have tried to uninstall it, but I am not able to.  Used the Add/Remove programs, but it fails.  Went to the MS web site and walked through a few different processes to uinstall but it also fails.  When running combo fix, I receive a warning that MSE is still running.  I ran Combofix anyways.

 

2.)  I have Winpatrol running on my pc.  When I reboot, I receive a Winpatrol warning saying that a file called Hosts has been changed.  I then reject the change using WinPatrol.  The path of the file is c:\windows\system32\drivers\etc\hosts

 

 

Combofix Log with CFScript:

ComboFix 13-05-14.01 - HP_Owner 05/14/2013  23:37:09.7.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3006.2467 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\My Documents\av\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GetLyrics
c:\program files\GetLyrics\chrome.crx
c:\program files\GetLyrics\chrome.manifest
c:\program files\GetLyrics\FF\chrome.manifest
c:\program files\GetLyrics\FF\chrome\content\icon.png
c:\program files\GetLyrics\FF\chrome\content\main.js
c:\program files\GetLyrics\FF\chrome\content\overlay.xul
c:\program files\GetLyrics\FF\install.rdf
c:\program files\GetLyrics\getlrcs.dll
c:\program files\GetLyrics\GetLyricsUPD.exe
c:\program files\GetLyrics\Uninstall.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-15 to 2013-05-15  )))))))))))))))))))))))))))))))
.
.
2013-05-15 02:30 . 2013-05-15 02:30 -------- d-----w- c:\windows\ERUNT
2013-05-15 02:30 . 2013-05-15 02:30 -------- d-----w- C:\JRT
2013-05-15 01:08 . 2013-05-15 01:08 16792 ----a-w- C:\FixitRegBackup.reg
2013-05-14 01:51 . 2013-05-14 01:51 -------- d-----w- c:\documents and settings\UpdatusUser\Application Data\Apple Computer
2013-05-14 00:27 . 2013-05-14 00:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2013-04-28 00:19 . 2001-10-28 20:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2013-04-28 00:19 . 1998-06-24 04:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-04-28 00:19 . 1998-07-06 04:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-04-28 00:18 . 2013-04-28 00:19 -------- d-----w- c:\program files\PDFCreator
2013-04-27 23:13 . 2013-04-27 23:14 -------- d-----w- c:\program files\Free Download Manager
2013-04-27 23:10 . 2013-04-27 23:10 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Updater12555
2013-04-27 23:03 . 2013-04-28 00:15 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\CRE
2013-04-27 23:01 . 2013-04-27 23:14 -------- d-----w- c:\program files\xVidly
2013-04-27 22:56 . 2012-05-11 19:47 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2013-04-27 22:56 . 2012-05-11 19:47 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-04-27 22:56 . 2012-05-11 19:47 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2013-04-27 22:56 . 2012-05-11 19:47 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2013-04-27 22:56 . 2012-05-11 19:47 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2013-04-27 22:56 . 2013-04-27 22:56 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\TFP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-13 21:28 . 2012-05-28 14:54 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-13 21:28 . 2012-03-03 22:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2012-01-23 04:11 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 18:50 . 2012-01-23 03:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-10 00:09 . 2013-03-10 00:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 00:09 . 2013-03-10 00:10 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-10 00:09 . 2012-07-15 17:55 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-10 00:09 . 2012-01-23 04:22 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-04 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2004-08-04 11:00 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 11:00 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 11:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-04 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-27 180269]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"FreeAgentTheaterTrayIcon"="c:\program files\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe" [2012-12-20 177344]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
.
c:\documents and settings\UpdatusUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
.
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2012-12-24 385024]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2007-1-27 36903]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
.
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [6/15/2012 9:59 PM 24328]
R2 FreeAgentTheater Service;Seagate Media;c:\program files\Seagate\Seagate_Media\Sync\MediaAggreService.exe [12/20/2012 4:13 PM 237248]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2/23/2013 10:20 PM 45288]
S0 ruek;ruek;c:\windows\system32\drivers\pxvqk.sys --> c:\windows\system32\drivers\pxvqk.sys [?]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;\??\c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 --> c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 [?]
S4 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 1:59 PM 206072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 08:51 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 21:28]
.
2013-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:14]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:14]
.
2013-05-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2013-05-15 c:\windows\Tasks\User_Feed_Synchronization-{C133C753-E9D3-4FD9-A743-3F3603EC1EC1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{AF5B5C22-498A-4239-9A51-82BDD99C6A44} - c:\program files\GetLyrics\getlrcs.dll
AddRemove-Getlyrcis@levaddons.com - c:\program files\GetLyrics\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-14 23:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIDA64Driver]
"ImagePath"="\??\c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-05-14  23:44:05
ComboFix-quarantined-files.txt  2013-05-15 03:44
ComboFix2.txt  2013-05-15 03:07
ComboFix3.txt  2013-05-14 11:28
ComboFix4.txt  2013-05-14 04:15
.
Pre-Run: 85,948,878,848 bytes free
Post-Run: 85,943,689,216 bytes free
.
- - End Of File - - 52D261713FD41E2D7C0887C17A34B0CE
 



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 14 May 2013 - 11:02 PM


Hello Brett998866


lets double check with these two programs then we will go after MSE

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 15 May 2013 - 09:47 PM

Gringo,

 

Sorry for the delay in getting back to you.  Here is the result of the TDS process you asked me to run.  I will post the Rogue Killer results in the next post.  Brett

 

TDS Killer Log:

22:39:01.0109 1964  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:39:02.0531 1964  ============================================================
22:39:02.0531 1964  Current date / time: 2013/05/15 22:39:02.0531
22:39:02.0531 1964  SystemInfo:
22:39:02.0531 1964 
22:39:02.0531 1964  OS Version: 5.1.2600 ServicePack: 3.0
22:39:02.0531 1964  Product type: Workstation
22:39:02.0531 1964  ComputerName: YOUNGSPC
22:39:02.0546 1964  UserName: HP_Owner
22:39:02.0546 1964  Windows directory: C:\WINDOWS
22:39:02.0546 1964  System windows directory: C:\WINDOWS
22:39:02.0546 1964  Processor architecture: Intel x86
22:39:02.0546 1964  Number of processors: 1
22:39:02.0546 1964  Page size: 0x1000
22:39:02.0546 1964  Boot type: Normal boot
22:39:02.0546 1964  ============================================================
22:39:05.0468 1964  BG loaded
22:39:06.0250 1964  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:39:06.0453 1964  ============================================================
22:39:06.0468 1964  \Device\Harddisk0\DR0:
22:39:06.0468 1964  MBR partitions:
22:39:06.0468 1964  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11B731C6
22:39:06.0468 1964  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x11B770C6, BlocksNum 0xEA19FB
22:39:06.0468 1964  ============================================================
22:39:06.0703 1964  C: <-> \Device\Harddisk0\DR0\Partition1
22:39:06.0765 1964  D: <-> \Device\Harddisk0\DR0\Partition2
22:39:06.0812 1964  ============================================================
22:39:06.0812 1964  Initialize success
22:39:06.0812 1964  ============================================================
22:39:34.0453 3228  ============================================================
22:39:34.0453 3228  Scan started
22:39:34.0453 3228  Mode: Manual; SigCheck; TDLFS;
22:39:34.0453 3228  ============================================================
22:39:47.0484 3228  ================ Scan system memory ========================
22:39:47.0500 3228  System memory - ok
22:39:47.0500 3228  ================ Scan services =============================
22:39:48.0578 3228  Abiosdsk - ok
22:39:48.0578 3228  abp480n5 - ok
22:39:48.0812 3228  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:40:10.0484 3228  ACPI - ok
22:40:12.0984 3228  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
22:40:13.0421 3228  ACPIEC - ok
22:40:14.0390 3228  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:40:14.0750 3228  AdobeFlashPlayerUpdateSvc - ok
22:40:14.0750 3228  adpu160m - ok
22:40:14.0875 3228  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
22:40:15.0218 3228  aec - ok
22:40:15.0312 3228  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
22:40:15.0468 3228  AFD - ok
22:40:15.0468 3228  Aha154x - ok
22:40:15.0484 3228  aic78u2 - ok
22:40:15.0484 3228  aic78xx - ok
22:40:15.0859 3228  AIDA64Driver - ok
22:40:16.0000 3228  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
22:40:16.0171 3228  Alerter - ok
22:40:16.0203 3228  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
22:40:16.0359 3228  ALG - ok
22:40:16.0375 3228  AliIde - ok
22:40:16.0406 3228  [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:40:16.0609 3228  AmdK8 - ok
22:40:16.0609 3228  amsint - ok
22:40:17.0843 3228  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:40:17.0859 3228  Apple Mobile Device - ok
22:40:17.0859 3228  AppMgmt - ok
22:40:17.0921 3228  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:40:18.0109 3228  Arp1394 - ok
22:40:18.0109 3228  asc - ok
22:40:18.0109 3228  asc3350p - ok
22:40:18.0125 3228  asc3550 - ok
22:40:19.0109 3228  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:40:19.0343 3228  aspnet_state - ok
22:40:19.0390 3228  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:40:19.0562 3228  AsyncMac - ok
22:40:19.0609 3228  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
22:40:19.0796 3228  atapi - ok
22:40:19.0796 3228  Atdisk - ok
22:40:19.0843 3228  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:40:20.0031 3228  Atmarpc - ok
22:40:20.0109 3228  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
22:40:20.0281 3228  AudioSrv - ok
22:40:20.0359 3228  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
22:40:20.0500 3228  audstub - ok
22:40:20.0531 3228  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:40:20.0703 3228  Beep - ok
22:40:20.0781 3228  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
22:40:21.0593 3228  BITS - ok
22:40:22.0250 3228  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:40:22.0328 3228  Bonjour Service - ok
22:40:22.0390 3228  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
22:40:22.0500 3228  Browser - ok
22:40:22.0500 3228  catchme - ok
22:40:22.0531 3228  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
22:40:22.0765 3228  cbidf2k - ok
22:40:22.0765 3228  cd20xrnt - ok
22:40:22.0843 3228  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
22:40:23.0015 3228  Cdaudio - ok
22:40:23.0140 3228  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
22:40:23.0296 3228  Cdfs - ok
22:40:23.0328 3228  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:40:23.0468 3228  Cdrom - ok
22:40:23.0484 3228  Changer - ok
22:40:23.0531 3228  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
22:40:23.0687 3228  CiSvc - ok
22:40:23.0718 3228  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
22:40:23.0875 3228  ClipSrv - ok
22:40:24.0000 3228  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:25.0156 3228  clr_optimization_v2.0.50727_32 - ok
22:40:25.0328 3228  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:26.0140 3228  clr_optimization_v4.0.30319_32 - ok
22:40:26.0156 3228  CmdIde - ok
22:40:26.0156 3228  COMSysApp - ok
22:40:26.0171 3228  Cpqarray - ok
22:40:26.0328 3228  [ 26CE59F9FC8639FD7FED53CE3B785015 ] cpuz135         C:\WINDOWS\system32\drivers\cpuz135_x32.sys
22:40:26.0359 3228  cpuz135 - ok
22:40:26.0453 3228  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
22:40:26.0671 3228  CryptSvc - ok
22:40:26.0687 3228  dac2w2k - ok
22:40:26.0687 3228  dac960nt - ok
22:40:26.0843 3228  [ CA812B19C0E2BC044214AD3F6436E730 ] dc3d            C:\WINDOWS\system32\DRIVERS\dc3d.sys
22:40:26.0859 3228  dc3d - ok
22:40:27.0203 3228  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:40:27.0515 3228  DcomLaunch - ok
22:40:27.0593 3228  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
22:40:27.0781 3228  Dhcp - ok
22:40:27.0828 3228  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
22:40:28.0140 3228  Disk - ok
22:40:28.0156 3228  dmadmin - ok
22:40:28.0765 3228  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
22:40:29.0890 3228  dmboot - ok
22:40:29.0984 3228  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
22:40:30.0281 3228  dmio - ok
22:40:30.0328 3228  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
22:40:30.0515 3228  dmload - ok
22:40:30.0593 3228  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
22:40:30.0796 3228  dmserver - ok
22:40:30.0875 3228  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
22:40:31.0046 3228  DMusic - ok
22:40:31.0109 3228  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:40:31.0343 3228  Dnscache - ok
22:40:31.0515 3228  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:40:31.0828 3228  Dot3svc - ok
22:40:31.0828 3228  dpti2o - ok
22:40:31.0921 3228  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:40:32.0078 3228  drmkaud - ok
22:40:32.0171 3228  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
22:40:32.0375 3228  EapHost - ok
22:40:32.0468 3228  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
22:40:32.0656 3228  ERSvc - ok
22:40:33.0765 3228  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
22:40:33.0890 3228  Eventlog - ok
22:40:34.0125 3228  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
22:40:34.0234 3228  EventSystem - ok
22:40:34.0390 3228  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
22:40:34.0593 3228  Fastfat - ok
22:40:34.0843 3228  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:40:35.0093 3228  FastUserSwitchingCompatibility - ok
22:40:38.0390 3228  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
22:40:38.0765 3228  Fax - ok
22:40:38.0796 3228  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
22:40:38.0984 3228  Fdc - ok
22:40:39.0046 3228  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
22:40:39.0234 3228  Fips - ok
22:40:39.0281 3228  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
22:40:39.0468 3228  Flpydisk - ok
22:40:39.0578 3228  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:40:39.0796 3228  FltMgr - ok
22:40:40.0093 3228  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:40:40.0218 3228  FontCache3.0.0.0 - ok
22:40:40.0718 3228  [ 61B6CED01608B7BE71C5B7AF7C949BA0 ] FreeAgentTheater Service C:\Program Files\Seagate\Seagate_Media\Sync\MediaAggreService.exe
22:40:40.0734 3228  FreeAgentTheater Service - ok
22:40:40.0828 3228  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:40:41.0031 3228  Fs_Rec - ok
22:40:41.0062 3228  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:40:41.0343 3228  Ftdisk - ok
22:40:41.0421 3228  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
22:40:41.0484 3228  GamesAppService - ok
22:40:41.0640 3228  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:40:41.0656 3228  GEARAspiWDM - ok
22:40:41.0750 3228  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:40:41.0937 3228  Gpc - ok
22:40:42.0390 3228  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:40:42.0406 3228  gupdate - ok
22:40:42.0500 3228  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:40:42.0515 3228  gupdatem - ok
22:40:42.0687 3228  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:40:42.0796 3228  gusvc - ok
22:40:42.0875 3228  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:40:43.0046 3228  HDAudBus - ok
22:40:43.0281 3228  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:40:44.0968 3228  helpsvc - ok
22:40:45.0062 3228  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
22:40:45.0328 3228  HidServ - ok
22:40:45.0421 3228  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:40:45.0546 3228  HidUsb - ok
22:40:45.0625 3228  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
22:40:45.0828 3228  hkmsvc - ok
22:40:45.0828 3228  hpn - ok
22:40:45.0921 3228  [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:40:46.0218 3228  HPZid412 - ok
22:40:46.0234 3228  [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:40:46.0656 3228  HPZipr12 - ok
22:40:46.0750 3228  [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:40:47.0140 3228  HPZius12 - ok
22:40:47.0234 3228  [ 1F5C64B0C6B2E2F48735A77AE714CCB8 ] HSXHWBS2        C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
22:40:47.0312 3228  HSXHWBS2 - ok
22:40:47.0656 3228  [ A7F8C9228898A1E871D2AE7082F50AC3 ] HSX_DP          C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
22:40:47.0828 3228  HSX_DP - ok
22:40:47.0937 3228  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
22:40:48.0000 3228  HTTP - ok
22:40:48.0062 3228  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
22:40:48.0375 3228  HTTPFilter - ok
22:40:48.0375 3228  i2omgmt - ok
22:40:48.0390 3228  i2omp - ok
22:40:48.0468 3228  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:40:48.0640 3228  i8042prt - ok
22:40:48.0859 3228  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:40:49.0125 3228  IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:40:49.0125 3228  IDriverT - detected UnsignedFile.Multi.Generic (1)
22:40:49.0640 3228  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:40:50.0406 3228  idsvc - ok
22:40:50.0453 3228  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
22:40:50.0765 3228  Imapi - ok
22:40:50.0906 3228  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
22:40:51.0062 3228  ImapiService - ok
22:40:51.0078 3228  ini910u - ok
22:40:52.0343 3228  [ AB2FE0FAA519880BD16E4A0792D633D2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:40:52.0812 3228  IntcAzAudAddService - ok
22:40:52.0843 3228  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
22:40:53.0015 3228  IntelIde - ok
22:40:53.0046 3228  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:40:53.0187 3228  intelppm - ok
22:40:53.0203 3228  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
22:40:53.0375 3228  Ip6Fw - ok
22:40:53.0421 3228  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:40:53.0593 3228  IpFilterDriver - ok
22:40:53.0625 3228  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:40:53.0796 3228  IpInIp - ok
22:40:53.0828 3228  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:40:53.0984 3228  IpNat - ok
22:40:54.0109 3228  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:40:54.0171 3228  iPod Service - ok
22:40:54.0218 3228  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:40:54.0390 3228  IPSec - ok
22:40:54.0406 3228  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
22:40:54.0468 3228  IRENUM - ok
22:40:54.0546 3228  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:40:54.0687 3228  isapnp - ok
22:40:55.0156 3228  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:40:55.0171 3228  JavaQuickStarterService - ok
22:40:55.0218 3228  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:40:55.0500 3228  Kbdclass - ok
22:40:55.0531 3228  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
22:40:55.0703 3228  kmixer - ok
22:40:55.0781 3228  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
22:40:56.0125 3228  KSecDD - ok
22:40:56.0203 3228  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
22:40:56.0406 3228  lanmanserver - ok
22:40:56.0562 3228  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:40:56.0656 3228  lanmanworkstation - ok
22:40:56.0671 3228  lbrtfdc - ok
22:40:56.0750 3228  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
22:40:56.0953 3228  LmHosts - ok
22:40:57.0109 3228  [ FB4125937B07247E236BDB49B91102BF ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
22:40:57.0125 3228  McciCMService ( UnsignedFile.Multi.Generic ) - warning
22:40:57.0125 3228  McciCMService - detected UnsignedFile.Multi.Generic (1)
22:40:57.0187 3228  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:40:57.0218 3228  mdmxsdk - ok
22:40:57.0296 3228  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
22:40:57.0468 3228  Messenger - ok
22:40:57.0500 3228  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
22:40:57.0671 3228  mnmdd - ok
22:40:57.0718 3228  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
22:40:57.0921 3228  mnmsrvc - ok
22:40:58.0000 3228  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
22:40:58.0171 3228  Modem - ok
22:40:58.0250 3228  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:40:58.0437 3228  Mouclass - ok
22:40:58.0468 3228  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:40:58.0625 3228  mouhid - ok
22:40:58.0718 3228  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
22:40:58.0921 3228  MountMgr - ok
22:40:59.0265 3228  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:40:59.0328 3228  MpFilter - ok
22:40:59.0328 3228  mraid35x - ok
22:40:59.0406 3228  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
22:40:59.0500 3228  MREMP50 ( UnsignedFile.Multi.Generic ) - warning
22:40:59.0500 3228  MREMP50 - detected UnsignedFile.Multi.Generic (1)
22:40:59.0500 3228  MREMP50a64 - ok
22:40:59.0562 3228  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
22:40:59.0625 3228  MRESP50 ( UnsignedFile.Multi.Generic ) - warning
22:40:59.0625 3228  MRESP50 - detected UnsignedFile.Multi.Generic (1)
22:40:59.0625 3228  MRESP50a64 - ok
22:40:59.0734 3228  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:40:59.0890 3228  MRxDAV - ok
22:41:00.0140 3228  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:41:00.0453 3228  MRxSmb - ok
22:41:00.0484 3228  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:41:00.0640 3228  Msfs - ok
22:41:00.0656 3228  MSIServer - ok
22:41:00.0687 3228  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:41:00.0890 3228  MSKSSRV - ok
22:41:01.0046 3228  MsMpSvc - ok
22:41:01.0093 3228  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:41:01.0343 3228  MSPCLOCK - ok
22:41:01.0375 3228  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:41:01.0578 3228  MSPQM - ok
22:41:01.0640 3228  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:41:01.0828 3228  mssmbios - ok
22:41:01.0906 3228  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
22:41:02.0015 3228  Mup - ok
22:41:02.0187 3228  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
22:41:02.0781 3228  napagent - ok
22:41:02.0921 3228  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
22:41:03.0171 3228  NDIS - ok
22:41:03.0296 3228  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:41:03.0375 3228  NdisTapi - ok
22:41:03.0390 3228  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:41:03.0562 3228  Ndisuio - ok
22:41:03.0671 3228  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:41:03.0890 3228  NdisWan - ok
22:41:03.0968 3228  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:41:04.0031 3228  NDProxy - ok
22:41:04.0046 3228  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:41:04.0218 3228  NetBIOS - ok
22:41:04.0265 3228  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:41:04.0406 3228  NetBT - ok
22:41:04.0750 3228  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
22:41:05.0031 3228  NetDDE - ok
22:41:05.0078 3228  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
22:41:05.0203 3228  NetDDEdsdm - ok
22:41:05.0281 3228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:41:05.0437 3228  Netlogon - ok
22:41:06.0578 3228  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
22:41:06.0734 3228  Netman - ok
22:41:06.0843 3228  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:41:07.0578 3228  NetTcpPortSharing - ok
22:41:07.0687 3228  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:41:07.0921 3228  NIC1394 - ok
22:41:07.0984 3228  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
22:41:08.0015 3228  Nla - ok
22:41:08.0359 3228  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:41:08.0515 3228  Npfs - ok
22:41:08.0953 3228  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:41:09.0828 3228  Ntfs - ok
22:41:09.0859 3228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
22:41:10.0000 3228  NtLmSsp - ok
22:41:10.0203 3228  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
22:41:10.0781 3228  NtmsSvc - ok
22:41:10.0875 3228  [ 37BE10FF10A92031FC5A01E8363925CC ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:41:10.0890 3228  NuidFltr - ok
22:41:11.0000 3228  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:41:11.0125 3228  Null - ok
22:41:13.0640 3228  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:41:16.0812 3228  nv - ok
22:41:16.0875 3228  [ 22EEDB34C4D7613A25B10C347C6C4C21 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:41:16.0921 3228  NVENETFD - ok
22:41:16.0953 3228  [ 5E3F6AD5CAD0F12D3CCCD06FD964087A ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:41:17.0046 3228  nvnetbus - ok
22:41:17.0093 3228  [ 5150B108EA88831E1C599603D8B89621 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
22:41:17.0109 3228  NVSvc - ok
22:41:17.0250 3228  [ 83E8AB7BB3C8956C53FEC071C94F0BBB ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:41:17.0296 3228  nvUpdatusService - ok
22:41:17.0328 3228  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:41:17.0468 3228  NwlnkFlt - ok
22:41:17.0484 3228  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:41:17.0656 3228  NwlnkFwd - ok
22:41:17.0828 3228  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:41:18.0031 3228  ohci1394 - ok
22:41:18.0062 3228  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
22:41:18.0203 3228  Parport - ok
22:41:18.0265 3228  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
22:41:18.0468 3228  PartMgr - ok
22:41:18.0515 3228  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
22:41:18.0718 3228  ParVdm - ok
22:41:18.0750 3228  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
22:41:19.0000 3228  PCI - ok
22:41:19.0015 3228  PCIDump - ok
22:41:19.0031 3228  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
22:41:19.0234 3228  PCIIde - ok
22:41:19.0250 3228  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
22:41:19.0437 3228  Pcmcia - ok
22:41:19.0437 3228  PDCOMP - ok
22:41:19.0453 3228  PDFRAME - ok
22:41:19.0468 3228  PDRELI - ok
22:41:19.0500 3228  PDRFRAME - ok
22:41:19.0515 3228  perc2 - ok
22:41:19.0531 3228  perc2hib - ok
22:41:19.0578 3228  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
22:41:19.0625 3228  PlugPlay - ok
22:41:19.0968 3228  [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
22:41:20.0421 3228  Pml Driver HPZ12 - ok
22:41:20.0437 3228  [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
22:41:20.0437 3228  Point32 - ok
22:41:20.0468 3228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
22:41:20.0593 3228  PolicyAgent - ok
22:41:20.0656 3228  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:41:20.0812 3228  PptpMiniport - ok
22:41:20.0843 3228  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
22:41:21.0062 3228  Processor - ok
22:41:21.0062 3228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:41:21.0203 3228  ProtectedStorage - ok
22:41:21.0218 3228  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
22:41:21.0375 3228  PSched - ok
22:41:21.0406 3228  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:41:21.0562 3228  Ptilink - ok
22:41:21.0640 3228  [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:41:21.0671 3228  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:41:21.0671 3228  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:41:21.0687 3228  ql1080 - ok
22:41:21.0687 3228  Ql10wnt - ok
22:41:21.0687 3228  ql12160 - ok
22:41:21.0703 3228  ql1240 - ok
22:41:21.0703 3228  ql1280 - ok
22:41:21.0718 3228  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:41:21.0859 3228  RasAcd - ok
22:41:21.0906 3228  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:41:22.0046 3228  RasAuto - ok
22:41:22.0078 3228  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:41:22.0250 3228  Rasl2tp - ok
22:41:22.0296 3228  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:41:22.0421 3228  RasMan - ok
22:41:22.0437 3228  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:41:22.0609 3228  RasPppoe - ok
22:41:22.0640 3228  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
22:41:22.0781 3228  Raspti - ok
22:41:22.0796 3228  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:41:22.0953 3228  Rdbss - ok
22:41:23.0000 3228  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:41:23.0125 3228  RDPCDD - ok
22:41:23.0156 3228  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
22:41:23.0265 3228  RDPWD - ok
22:41:23.0312 3228  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
22:41:23.0468 3228  RDSessMgr - ok
22:41:23.0515 3228  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
22:41:23.0671 3228  redbook - ok
22:41:23.0718 3228  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:41:23.0890 3228  RemoteAccess - ok
22:41:23.0906 3228  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:41:24.0046 3228  RpcLocator - ok
22:41:24.0218 3228  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
22:41:24.0234 3228  RpcSs - ok
22:41:24.0265 3228  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
22:41:24.0453 3228  RSVP - ok
22:41:24.0484 3228  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:41:24.0640 3228  rtl8139 - ok
22:41:24.0656 3228  ruek - ok
22:41:24.0671 3228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:41:24.0828 3228  SamSs - ok
22:41:24.0859 3228  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
22:41:25.0078 3228  SCardSvr - ok
22:41:25.0140 3228  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:41:25.0343 3228  Schedule - ok
22:41:25.0375 3228  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:41:25.0468 3228  Secdrv - ok
22:41:25.0515 3228  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
22:41:25.0703 3228  seclogon - ok
22:41:25.0718 3228  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
22:41:25.0890 3228  SENS - ok
22:41:25.0968 3228  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
22:41:26.0093 3228  Serial - ok
22:41:26.0125 3228  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
22:41:26.0296 3228  Sfloppy - ok
22:41:26.0343 3228  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:41:26.0546 3228  SharedAccess - ok
22:41:26.0625 3228  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:41:26.0656 3228  ShellHWDetection - ok
22:41:26.0656 3228  Simbad - ok
22:41:26.0671 3228  Sparrow - ok
22:41:26.0718 3228  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
22:41:26.0890 3228  splitter - ok
22:41:26.0937 3228  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
22:41:27.0000 3228  Spooler - ok
22:41:27.0015 3228  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
22:41:27.0078 3228  sr - ok
22:41:27.0140 3228  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
22:41:27.0203 3228  srservice - ok
22:41:27.0421 3228  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:41:27.0546 3228  Srv - ok
22:41:27.0609 3228  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:41:27.0671 3228  SSDPSRV - ok
22:41:27.0734 3228  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
22:41:27.0859 3228  stisvc - ok
22:41:27.0921 3228  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
22:41:28.0140 3228  swenum - ok
22:41:28.0171 3228  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
22:41:28.0406 3228  swmidi - ok
22:41:28.0406 3228  SwPrv - ok
22:41:28.0421 3228  symc810 - ok
22:41:28.0421 3228  symc8xx - ok
22:41:28.0437 3228  sym_hi - ok
22:41:28.0453 3228  sym_u3 - ok
22:41:28.0468 3228  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
22:41:28.0609 3228  sysaudio - ok
22:41:28.0671 3228  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
22:41:28.0859 3228  SysmonLog - ok
22:41:28.0906 3228  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:41:29.0078 3228  TapiSrv - ok
22:41:29.0156 3228  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:41:29.0218 3228  Tcpip - ok
22:41:29.0265 3228  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
22:41:29.0515 3228  TDPIPE - ok
22:41:29.0531 3228  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
22:41:29.0703 3228  TDTCP - ok
22:41:29.0734 3228  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:41:29.0859 3228  TermDD - ok
22:41:29.0921 3228  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
22:41:30.0093 3228  TermService - ok
22:41:30.0125 3228  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:41:30.0140 3228  Themes - ok
22:41:30.0156 3228  TosIde - ok
22:41:30.0203 3228  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:41:30.0515 3228  TrkWks - ok
22:41:30.0562 3228  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:41:30.0781 3228  Udfs - ok
22:41:30.0781 3228  ultra - ok
22:41:30.0843 3228  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:41:31.0046 3228  Update - ok
22:41:31.0156 3228  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:41:31.0234 3228  upnphost - ok
22:41:31.0265 3228  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
22:41:31.0453 3228  UPS - ok
22:41:31.0515 3228  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
22:41:31.0578 3228  USBAAPL - ok
22:41:31.0625 3228  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:41:31.0796 3228  usbccgp - ok
22:41:31.0828 3228  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:41:31.0984 3228  usbehci - ok
22:41:32.0046 3228  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:41:32.0171 3228  usbhub - ok
22:41:32.0203 3228  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:41:32.0328 3228  usbohci - ok
22:41:32.0375 3228  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:41:32.0546 3228  usbprint - ok
22:41:32.0578 3228  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:41:32.0843 3228  usbscan - ok
22:41:32.0875 3228  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:41:33.0046 3228  usbstor - ok
22:41:33.0078 3228  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:41:33.0265 3228  usbuhci - ok
22:41:33.0296 3228  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
22:41:33.0437 3228  VgaSave - ok
22:41:33.0468 3228  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
22:41:33.0687 3228  ViaIde - ok
22:41:33.0703 3228  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
22:41:33.0843 3228  VolSnap - ok
22:41:33.0890 3228  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
22:41:33.0968 3228  VSS - ok
22:41:34.0000 3228  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
22:41:34.0109 3228  W32Time - ok
22:41:34.0140 3228  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:41:34.0296 3228  Wanarp - ok
22:41:34.0390 3228  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:41:34.0421 3228  Wdf01000 - ok
22:41:34.0437 3228  WDICA - ok
22:41:34.0468 3228  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:41:34.0593 3228  wdmaud - ok
22:41:34.0656 3228  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:41:34.0796 3228  WebClient - ok
22:41:34.0843 3228  [ 11EC1AFCEB5C917CE73D3C301FF4291E ] winachsx        C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
22:41:34.0875 3228  winachsx - ok
22:41:34.0984 3228  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:41:35.0140 3228  winmgmt - ok
22:41:35.0187 3228  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:41:35.0265 3228  WmdmPmSN - ok
22:41:35.0312 3228  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:41:35.0468 3228  WmiApSrv - ok
22:41:35.0578 3228  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
22:41:35.0703 3228  WMPNetworkSvc - ok
22:41:35.0796 3228  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:41:35.0843 3228  WPFFontCache_v0400 - ok
22:41:35.0875 3228  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:41:36.0046 3228  WS2IFSL - ok
22:41:36.0093 3228  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
22:41:36.0250 3228  wscsvc - ok
22:41:36.0296 3228  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
22:41:36.0500 3228  wuauserv - ok
22:41:36.0546 3228  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:41:36.0593 3228  WudfPf - ok
22:41:36.0625 3228  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:41:36.0640 3228  WudfRd - ok
22:41:36.0656 3228  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
22:41:36.0703 3228  WudfSvc - ok
22:41:36.0765 3228  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:41:36.0953 3228  WZCSVC - ok
22:41:36.0984 3228  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
22:41:37.0140 3228  xmlprov - ok
22:41:37.0156 3228  ================ Scan global ===============================
22:41:37.0203 3228  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:41:37.0265 3228  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
22:41:37.0281 3228  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
22:41:37.0296 3228  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:41:37.0296 3228  [Global] - ok
22:41:37.0312 3228  ================ Scan MBR ==================================
22:41:37.0328 3228  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:41:37.0515 3228  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:41:37.0515 3228  \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:41:37.0515 3228  ================ Scan VBR ==================================
22:41:37.0531 3228  [ F17DE2981DE0161B5C1D0E8C8FD4D276 ] \Device\Harddisk0\DR0\Partition1
22:41:37.0531 3228  \Device\Harddisk0\DR0\Partition1 - ok
22:41:37.0562 3228  [ 66ECA95A804B9054ACFA7C0FB00EEDFD ] \Device\Harddisk0\DR0\Partition2
22:41:37.0562 3228  \Device\Harddisk0\DR0\Partition2 - ok
22:41:37.0562 3228  ================ Scan active images ========================
22:41:37.0562 3228  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
22:41:37.0562 3228  C:\WINDOWS\system32\drivers\nic1394.sys - ok
22:41:37.0578 3228  [ 59301936898AE62245A6F09C0ABA9475 ] C:\WINDOWS\system32\drivers\AmdK8.sys
22:41:37.0578 3228  C:\WINDOWS\system32\drivers\AmdK8.sys - ok
22:41:37.0578 3228  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
22:41:37.0578 3228  C:\WINDOWS\system32\drivers\videoprt.sys - ok
22:41:37.0578 3228  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] C:\WINDOWS\system32\drivers\nv4_mini.sys
22:41:37.0578 3228  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
22:41:37.0593 3228  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
22:41:37.0593 3228  C:\WINDOWS\system32\drivers\usbport.sys - ok
22:41:37.0593 3228  [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
22:41:37.0593 3228  C:\WINDOWS\system32\drivers\usbohci.sys - ok
22:41:37.0609 3228  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
22:41:37.0609 3228  C:\WINDOWS\system32\drivers\cdrom.sys - ok
22:41:37.0609 3228  [ 185ADA973B5020655CEE342059A86CBB ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
22:41:37.0609 3228  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
22:41:37.0609 3228  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
22:41:37.0609 3228  C:\WINDOWS\system32\drivers\imapi.sys - ok
22:41:37.0625 3228  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
22:41:37.0625 3228  C:\WINDOWS\system32\drivers\ks.sys - ok
22:41:37.0625 3228  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
22:41:37.0625 3228  C:\WINDOWS\system32\drivers\redbook.sys - ok
22:41:37.0625 3228  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
22:41:37.0625 3228  C:\WINDOWS\system32\drivers\usbehci.sys - ok
22:41:37.0640 3228  [ 1F5C64B0C6B2E2F48735A77AE714CCB8 ] C:\WINDOWS\system32\drivers\HSXHWBS2.sys
22:41:37.0640 3228  C:\WINDOWS\system32\drivers\HSXHWBS2.sys - ok
22:41:37.0640 3228  [ A7F8C9228898A1E871D2AE7082F50AC3 ] C:\WINDOWS\system32\drivers\HSX_DP.sys
22:41:37.0640 3228  C:\WINDOWS\system32\drivers\HSX_DP.sys - ok
22:41:37.0656 3228  [ 11EC1AFCEB5C917CE73D3C301FF4291E ] C:\WINDOWS\system32\drivers\HSX_CNXT.sys
22:41:37.0656 3228  C:\WINDOWS\system32\drivers\HSX_CNXT.sys - ok
22:41:37.0656 3228  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
22:41:37.0656 3228  C:\WINDOWS\system32\drivers\modem.sys - ok
22:41:37.0671 3228  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
22:41:37.0671 3228  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
22:41:37.0671 3228  [ 60CA4F6F077CCC73AF7B5556BE81639A ] C:\WINDOWS\system32\drivers\nvsnpu.sys
22:41:37.0671 3228  C:\WINDOWS\system32\drivers\nvsnpu.sys - ok
22:41:37.0671 3228  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
22:41:37.0671 3228  C:\WINDOWS\system32\drivers\audstub.sys - ok
22:41:37.0687 3228  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
22:41:37.0687 3228  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
22:41:37.0687 3228  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
22:41:37.0687 3228  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
22:41:37.0687 3228  [ 5E3F6AD5CAD0F12D3CCCD06FD964087A ] C:\WINDOWS\system32\drivers\nvnetbus.sys
22:41:37.0687 3228  C:\WINDOWS\system32\drivers\nvnetbus.sys - ok
22:41:37.0703 3228  [ B80EB11F6BA8596153FE7067ACDBFE43 ] C:\WINDOWS\system32\drivers\nvnrm.sys
22:41:37.0703 3228  C:\WINDOWS\system32\drivers\nvnrm.sys - ok
22:41:37.0703 3228  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
22:41:37.0703 3228  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
22:41:37.0718 3228  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
22:41:37.0718 3228  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
22:41:37.0718 3228  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
22:41:37.0718 3228  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
22:41:37.0718 3228  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
22:41:37.0718 3228  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
22:41:37.0734 3228  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
22:41:37.0734 3228  C:\WINDOWS\system32\drivers\tdi.sys - ok
22:41:37.0734 3228  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
22:41:37.0734 3228  C:\WINDOWS\system32\drivers\psched.sys - ok
22:41:37.0750 3228  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
22:41:37.0750 3228  C:\WINDOWS\system32\drivers\raspptp.sys - ok
22:41:37.0750 3228  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
22:41:37.0750 3228  C:\WINDOWS\system32\drivers\msgpc.sys - ok
22:41:37.0750 3228  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
22:41:37.0750 3228  C:\WINDOWS\system32\drivers\ptilink.sys - ok
22:41:37.0765 3228  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
22:41:37.0765 3228  C:\WINDOWS\system32\drivers\raspti.sys - ok
22:41:37.0765 3228  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
22:41:37.0765 3228  C:\WINDOWS\system32\drivers\termdd.sys - ok
22:41:37.0781 3228  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
22:41:37.0781 3228  C:\WINDOWS\system32\drivers\mouclass.sys - ok
22:41:37.0781 3228  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
22:41:37.0781 3228  C:\WINDOWS\system32\drivers\swenum.sys - ok
22:41:37.0781 3228  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
22:41:37.0781 3228  C:\WINDOWS\system32\drivers\update.sys - ok
22:41:37.0796 3228  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
22:41:37.0796 3228  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
22:41:37.0796 3228  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
22:41:37.0796 3228  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
22:41:37.0812 3228  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
22:41:37.0812 3228  C:\WINDOWS\system32\drivers\usbd.sys - ok
22:41:37.0812 3228  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
22:41:37.0812 3228  C:\WINDOWS\system32\drivers\usbhub.sys - ok
22:41:37.0812 3228  [ 22EEDB34C4D7613A25B10C347C6C4C21 ] C:\WINDOWS\system32\drivers\NVENETFD.sys
22:41:37.0812 3228  C:\WINDOWS\system32\drivers\NVENETFD.sys - ok
22:41:37.0828 3228  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
22:41:37.0828 3228  C:\WINDOWS\system32\drivers\drmk.sys - ok
22:41:37.0828 3228  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
22:41:37.0828 3228  C:\WINDOWS\system32\drivers\portcls.sys - ok
22:41:37.0828 3228  [ AB2FE0FAA519880BD16E4A0792D633D2 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:41:37.0843 3228  C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
22:41:37.0843 3228  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
22:41:37.0843 3228  C:\WINDOWS\system32\drivers\fdc.sys - ok
22:41:37.0843 3228  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
22:41:37.0843 3228  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
22:41:37.0859 3228  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
22:41:37.0859 3228  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
22:41:37.0859 3228  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
22:41:37.0859 3228  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
22:41:37.0859 3228  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
22:41:37.0859 3228  C:\WINDOWS\system32\drivers\beep.sys - ok
22:41:37.0875 3228  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
22:41:37.0875 3228  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
22:41:37.0875 3228  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
22:41:37.0875 3228  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
22:41:37.0890 3228  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
22:41:37.0890 3228  C:\WINDOWS\system32\drivers\null.sys - ok
22:41:37.0890 3228  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
22:41:37.0890 3228  C:\WINDOWS\system32\drivers\vga.sys - ok
22:41:37.0890 3228  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
22:41:37.0890 3228  C:\WINDOWS\system32\drivers\msfs.sys - ok
22:41:37.0906 3228  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
22:41:37.0906 3228  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
22:41:37.0906 3228  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
22:41:37.0906 3228  C:\WINDOWS\system32\drivers\npfs.sys - ok
22:41:37.0921 3228  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
22:41:37.0921 3228  C:\WINDOWS\system32\drivers\ipsec.sys - ok
22:41:37.0921 3228  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
22:41:37.0921 3228  C:\WINDOWS\system32\drivers\rasacd.sys - ok
22:41:37.0921 3228  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
22:41:37.0921 3228  C:\WINDOWS\system32\drivers\tcpip.sys - ok
22:41:37.0937 3228  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
22:41:37.0937 3228  C:\WINDOWS\system32\drivers\afd.sys - ok
22:41:37.0937 3228  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
22:41:37.0937 3228  C:\WINDOWS\system32\drivers\ipnat.sys - ok
22:41:37.0937 3228  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
22:41:37.0937 3228  C:\WINDOWS\system32\drivers\netbt.sys - ok
22:41:37.0953 3228  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:41:37.0953 3228  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
22:41:37.0953 3228  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
22:41:37.0953 3228  C:\WINDOWS\system32\drivers\netbios.sys - ok
22:41:37.0968 3228  [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
22:41:37.0968 3228  C:\WINDOWS\system32\drivers\processr.sys - ok
22:41:37.0968 3228  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
22:41:37.0968 3228  C:\WINDOWS\system32\drivers\rdbss.sys - ok
22:41:37.0968 3228  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
22:41:37.0968 3228  C:\WINDOWS\system32\drivers\wanarp.sys - ok
22:41:37.0984 3228  [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
22:41:37.0984 3228  C:\WINDOWS\system32\drivers\arp1394.sys - ok
22:41:37.0984 3228  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
22:41:37.0984 3228  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
22:41:38.0000 3228  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
22:41:38.0000 3228  C:\WINDOWS\system32\drivers\fips.sys - ok
22:41:38.0000 3228  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
22:41:38.0000 3228  C:\WINDOWS\system32\smss.exe - ok
22:41:38.0015 3228  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
22:41:38.0015 3228  C:\WINDOWS\system32\ntdll.dll - ok
22:41:38.0015 3228  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
22:41:38.0015 3228  C:\WINDOWS\system32\autochk.exe - ok
22:41:38.0015 3228  [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
22:41:38.0015 3228  C:\WINDOWS\system32\drivers\fastfat.sys - ok
22:41:38.0031 3228  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
22:41:38.0031 3228  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
22:41:38.0031 3228  [ CA812B19C0E2BC044214AD3F6436E730 ] C:\WINDOWS\system32\drivers\dc3d.sys
22:41:38.0031 3228  C:\WINDOWS\system32\drivers\dc3d.sys - ok
22:41:38.0046 3228  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
22:41:38.0046 3228  C:\WINDOWS\system32\drivers\hidparse.sys - ok
22:41:38.0046 3228  [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
22:41:38.0046 3228  C:\WINDOWS\system32\drivers\wdfldr.sys - ok
22:41:38.0062 3228  [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
22:41:38.0062 3228  C:\WINDOWS\system32\drivers\wdf01000.sys - ok
22:41:38.0062 3228  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
22:41:38.0062 3228  C:\WINDOWS\system32\drivers\hidclass.sys - ok
22:41:38.0078 3228  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
22:41:38.0078 3228  C:\WINDOWS\system32\drivers\hidusb.sys - ok
22:41:38.0078 3228  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
22:41:38.0078 3228  C:\WINDOWS\system32\sfcfiles.dll - ok
22:41:38.0093 3228  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] C:\WINDOWS\system32\drivers\usbaapl.sys
22:41:38.0093 3228  C:\WINDOWS\system32\drivers\usbaapl.sys - ok
22:41:38.0093 3228  [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
22:41:38.0093 3228  C:\WINDOWS\system32\drivers\usbstor.sys - ok
22:41:38.0109 3228  [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
22:41:38.0109 3228  C:\WINDOWS\system32\drivers\usbprint.sys - ok
22:41:38.0109 3228  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] C:\WINDOWS\system32\drivers\usbscan.sys
22:41:38.0109 3228  C:\WINDOWS\system32\drivers\usbscan.sys - ok
22:41:38.0125 3228  [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] C:\WINDOWS\system32\drivers\HPZius12.sys
22:41:38.0125 3228  C:\WINDOWS\system32\drivers\HPZius12.sys - ok
22:41:38.0125 3228  [ 37BE10FF10A92031FC5A01E8363925CC ] C:\WINDOWS\system32\drivers\nuidfltr.sys
22:41:38.0125 3228  C:\WINDOWS\system32\drivers\nuidfltr.sys - ok
22:41:38.0140 3228  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
22:41:38.0140 3228  C:\WINDOWS\system32\drivers\mouhid.sys - ok
22:41:38.0140 3228  [ 896D916DE06F5502D301E8C4DC442AE8 ] C:\WINDOWS\system32\drivers\point32.sys
22:41:38.0140 3228  C:\WINDOWS\system32\drivers\point32.sys - ok
22:41:38.0156 3228  [ 30CA91E657CEDE2F95359D6EF186F650 ] C:\WINDOWS\system32\drivers\HPZid412.sys
22:41:38.0156 3228  C:\WINDOWS\system32\drivers\HPZid412.sys - ok
22:41:38.0156 3228  [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] C:\WINDOWS\system32\drivers\HPZipr12.sys
22:41:38.0156 3228  C:\WINDOWS\system32\drivers\HPZipr12.sys - ok
22:41:38.0171 3228  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
22:41:38.0171 3228  C:\WINDOWS\system32\drivers\wmilib.sys - ok
22:41:38.0171 3228  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
22:41:38.0171 3228  C:\WINDOWS\system32\drivers\atapi.sys - ok
22:41:38.0187 3228  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
22:41:38.0187 3228  C:\WINDOWS\system32\drivers\dxapi.sys - ok
22:41:38.0187 3228  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:41:38.0187 3228  C:\WINDOWS\system32\basesrv.dll - ok
22:41:38.0187 3228  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
22:41:38.0187 3228  C:\WINDOWS\system32\csrsrv.dll - ok
22:41:38.0203 3228  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
22:41:38.0203 3228  C:\WINDOWS\system32\csrss.exe - ok
22:41:38.0203 3228  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
22:41:38.0203 3228  C:\WINDOWS\system32\watchdog.sys - ok
22:41:38.0218 3228  [ FC8A1F72A8097910A11D5184BC3F887B ] C:\WINDOWS\system32\win32k.sys
22:41:38.0218 3228  C:\WINDOWS\system32\win32k.sys - ok
22:41:38.0218 3228  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
22:41:38.0218 3228  C:\WINDOWS\system32\winsrv.dll - ok
22:41:38.0218 3228  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
22:41:38.0218 3228  C:\WINDOWS\system32\gdi32.dll - ok
22:41:38.0234 3228  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
22:41:38.0234 3228  C:\WINDOWS\system32\kernel32.dll - ok
22:41:38.0234 3228  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
22:41:38.0234 3228  C:\WINDOWS\system32\user32.dll - ok
22:41:38.0234 3228  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
22:41:38.0234 3228  C:\WINDOWS\system32\drivers\dxg.sys - ok
22:41:38.0250 3228  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
22:41:38.0250 3228  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
22:41:38.0250 3228  [ 02EF59B043D03C5A75B66B75520CBEDF ] C:\WINDOWS\system32\nv4_disp.dll
22:41:38.0250 3228  C:\WINDOWS\system32\nv4_disp.dll - ok
22:41:38.0250 3228  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
22:41:38.0250 3228  C:\WINDOWS\system32\vga.dll - ok
22:41:38.0265 3228  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
22:41:38.0265 3228  C:\WINDOWS\system32\winlogon.exe - ok
22:41:38.0265 3228  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
22:41:38.0265 3228  C:\WINDOWS\system32\advapi32.dll - ok
22:41:38.0265 3228  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
22:41:38.0265 3228  C:\WINDOWS\system32\rpcrt4.dll - ok
22:41:38.0281 3228  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
22:41:38.0281 3228  C:\WINDOWS\system32\authz.dll - ok
22:41:38.0281 3228  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
22:41:38.0281 3228  C:\WINDOWS\system32\msvcrt.dll - ok
22:41:38.0281 3228  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
22:41:38.0281 3228  C:\WINDOWS\system32\secur32.dll - ok
22:41:38.0296 3228  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
22:41:38.0296 3228  C:\WINDOWS\system32\crypt32.dll - ok
22:41:38.0296 3228  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
22:41:38.0296 3228  C:\WINDOWS\system32\msasn1.dll - ok
22:41:38.0312 3228  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
22:41:38.0312 3228  C:\WINDOWS\system32\nddeapi.dll - ok
22:41:38.0312 3228  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
22:41:38.0312 3228  C:\WINDOWS\system32\netapi32.dll - ok
22:41:38.0312 3228  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
22:41:38.0312 3228  C:\WINDOWS\system32\profmap.dll - ok
22:41:38.0328 3228  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
22:41:38.0328 3228  C:\WINDOWS\system32\userenv.dll - ok
22:41:38.0328 3228  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
22:41:38.0328 3228  C:\WINDOWS\system32\psapi.dll - ok
22:41:38.0328 3228  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
22:41:38.0328 3228  C:\WINDOWS\system32\regapi.dll - ok
22:41:38.0343 3228  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
22:41:38.0343 3228  C:\WINDOWS\system32\setupapi.dll - ok
22:41:38.0343 3228  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
22:41:38.0343 3228  C:\WINDOWS\system32\version.dll - ok
22:41:38.0343 3228  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
22:41:38.0343 3228  C:\WINDOWS\system32\winsta.dll - ok
22:41:38.0359 3228  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
22:41:38.0359 3228  C:\WINDOWS\system32\wintrust.dll - ok
22:41:38.0359 3228  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
22:41:38.0359 3228  C:\WINDOWS\system32\imagehlp.dll - ok
22:41:38.0375 3228  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
22:41:38.0375 3228  C:\WINDOWS\system32\ws2_32.dll - ok
22:41:38.0375 3228  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
22:41:38.0375 3228  C:\WINDOWS\system32\imm32.dll - ok
22:41:38.0375 3228  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
22:41:38.0375 3228  C:\WINDOWS\system32\ws2help.dll - ok
22:41:38.0390 3228  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
22:41:38.0390 3228  C:\WINDOWS\system32\kbdus.dll - ok
22:41:38.0390 3228  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
22:41:38.0390 3228  C:\WINDOWS\system32\msgina.dll - ok
22:41:38.0390 3228  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
22:41:38.0390 3228  C:\WINDOWS\system32\comctl32.dll - ok
22:41:38.0406 3228  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
22:41:38.0406 3228  C:\WINDOWS\system32\odbc32.dll - ok
22:41:38.0406 3228  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
22:41:38.0406 3228  C:\WINDOWS\system32\comdlg32.dll - ok
22:41:38.0406 3228  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
22:41:38.0406 3228  C:\WINDOWS\system32\shell32.dll - ok
22:41:38.0421 3228  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
22:41:38.0421 3228  C:\WINDOWS\system32\shlwapi.dll - ok
22:41:38.0421 3228  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
22:41:38.0421 3228  C:\WINDOWS\system32\sxs.dll - ok
22:41:38.0421 3228  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
22:41:38.0421 3228  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
22:41:38.0437 3228  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
22:41:38.0437 3228  C:\WINDOWS\system32\odbcint.dll - ok
22:41:38.0437 3228  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
22:41:38.0437 3228  C:\WINDOWS\system32\sfc.dll - ok
22:41:38.0453 3228  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
22:41:38.0453 3228  C:\WINDOWS\system32\sfc_os.dll - ok
22:41:38.0453 3228  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
22:41:38.0453 3228  C:\WINDOWS\system32\shsvcs.dll - ok
22:41:38.0453 3228  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
22:41:38.0453 3228  C:\WINDOWS\system32\ole32.dll - ok
22:41:38.0468 3228  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
22:41:38.0468 3228  C:\WINDOWS\system32\apphelp.dll - ok
22:41:38.0468 3228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
22:41:38.0468 3228  C:\WINDOWS\system32\lsass.exe - ok
22:41:38.0468 3228  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:41:38.0468 3228  C:\WINDOWS\system32\services.exe - ok
22:41:38.0484 3228  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
22:41:38.0484 3228  C:\WINDOWS\system32\lsasrv.dll - ok
22:41:38.0484 3228  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
22:41:38.0484 3228  C:\WINDOWS\system32\msvcp60.dll - ok
22:41:38.0484 3228  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
22:41:38.0484 3228  C:\WINDOWS\system32\ncobjapi.dll - ok
22:41:38.0500 3228  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
22:41:38.0500 3228  C:\WINDOWS\system32\scesrv.dll - ok
22:41:38.0500 3228  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
22:41:38.0500 3228  C:\WINDOWS\system32\mpr.dll - ok
22:41:38.0500 3228  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
22:41:38.0500 3228  C:\WINDOWS\system32\ntdsapi.dll - ok
22:41:38.0515 3228  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
22:41:38.0515 3228  C:\WINDOWS\AppPatch\acadproc.dll - ok
22:41:38.0515 3228  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
22:41:38.0515 3228  C:\WINDOWS\system32\dnsapi.dll - ok
22:41:38.0515 3228  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
22:41:38.0515 3228  C:\WINDOWS\system32\shimeng.dll - ok
22:41:38.0531 3228  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
22:41:38.0531 3228  C:\WINDOWS\system32\umpnpmgr.dll - ok
22:41:38.0531 3228  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
22:41:38.0531 3228  C:\WINDOWS\system32\wldap32.dll - ok
22:41:38.0531 3228  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
22:41:38.0531 3228  C:\WINDOWS\system32\samlib.dll - ok
22:41:38.0546 3228  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
22:41:38.0546 3228  C:\WINDOWS\AppPatch\acgenral.dll - ok
22:41:38.0546 3228  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
22:41:38.0546 3228  C:\WINDOWS\system32\cryptdll.dll - ok
22:41:38.0546 3228  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
22:41:38.0562 3228  C:\WINDOWS\system32\samsrv.dll - ok
22:41:38.0562 3228  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
22:41:38.0562 3228  C:\WINDOWS\system32\oleaut32.dll - ok
22:41:38.0562 3228  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
22:41:38.0562 3228  C:\WINDOWS\system32\winmm.dll - ok
22:41:38.0578 3228  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
22:41:38.0578 3228  C:\WINDOWS\system32\msacm32.dll - ok
22:41:38.0578 3228  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
22:41:38.0578 3228  C:\WINDOWS\system32\uxtheme.dll - ok
22:41:38.0578 3228  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
22:41:38.0578 3228  C:\WINDOWS\system32\msapsspc.dll - ok
22:41:38.0593 3228  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
22:41:38.0593 3228  C:\WINDOWS\system32\msvcrt40.dll - ok
22:41:38.0593 3228  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
22:41:38.0593 3228  C:\WINDOWS\system32\digest.dll - ok
22:41:38.0593 3228  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
22:41:38.0593 3228  C:\WINDOWS\system32\msctfime.ime - ok
22:41:38.0609 3228  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
22:41:38.0609 3228  C:\WINDOWS\system32\msnsspc.dll - ok
22:41:38.0609 3228  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
22:41:38.0609 3228  C:\WINDOWS\system32\msprivs.dll - ok
22:41:38.0609 3228  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
22:41:38.0609 3228  C:\WINDOWS\system32\schannel.dll - ok
22:41:38.0625 3228  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
22:41:38.0625 3228  C:\WINDOWS\system32\kerberos.dll - ok
22:41:38.0625 3228  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
22:41:38.0625 3228  C:\WINDOWS\system32\atmfd.dll - ok
22:41:38.0640 3228  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
22:41:38.0640 3228  C:\WINDOWS\system32\msv1_0.dll - ok
22:41:38.0640 3228  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
22:41:38.0640 3228  C:\WINDOWS\system32\iphlpapi.dll - ok
22:41:38.0640 3228  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
22:41:38.0640 3228  C:\WINDOWS\system32\netlogon.dll - ok
22:41:38.0656 3228  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
22:41:38.0656 3228  C:\WINDOWS\system32\w32time.dll - ok
22:41:38.0656 3228  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
22:41:38.0656 3228  C:\WINDOWS\system32\rsaenh.dll - ok
22:41:38.0656 3228  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
22:41:38.0656 3228  C:\WINDOWS\system32\wdigest.dll - ok
22:41:38.0671 3228  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
22:41:38.0671 3228  C:\WINDOWS\system32\winscard.dll - ok
22:41:38.0671 3228  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
22:41:38.0671 3228  C:\WINDOWS\system32\wtsapi32.dll - ok
22:41:38.0671 3228  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
22:41:38.0671 3228  C:\WINDOWS\system32\scecli.dll - ok
22:41:38.0687 3228  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
22:41:38.0687 3228  C:\WINDOWS\system32\svchost.exe - ok
22:41:38.0687 3228  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
22:41:38.0687 3228  C:\WINDOWS\system32\ntmarta.dll - ok
22:41:38.0703 3228  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
22:41:38.0703 3228  C:\WINDOWS\system32\rpcss.dll - ok
22:41:38.0703 3228  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
22:41:38.0703 3228  C:\WINDOWS\system32\xpsp2res.dll - ok
22:41:38.0703 3228  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
22:41:38.0703 3228  C:\WINDOWS\system32\eventlog.dll - ok
22:41:38.0718 3228  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
22:41:38.0718 3228  C:\WINDOWS\system32\mswsock.dll - ok
22:41:38.0718 3228  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
22:41:38.0718 3228  C:\WINDOWS\system32\hnetcfg.dll - ok
22:41:38.0718 3228  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
22:41:38.0718 3228  C:\WINDOWS\system32\wshtcpip.dll - ok
22:41:38.0734 3228  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
22:41:38.0734 3228  C:\Program Files\Bonjour\mdnsNSP.dll - ok
22:41:38.0734 3228  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
22:41:38.0734 3228  C:\WINDOWS\system32\rasadhlp.dll - ok
22:41:38.0734 3228  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
22:41:38.0734 3228  C:\WINDOWS\system32\winrnr.dll - ok
22:41:38.0750 3228  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
22:41:38.0750 3228  C:\WINDOWS\system32\dhcpcsvc.dll - ok
22:41:38.0750 3228  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
22:41:38.0750 3228  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
22:41:38.0750 3228  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
22:41:38.0750 3228  C:\WINDOWS\system32\dnsrslvr.dll - ok
22:41:38.0765 3228  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
22:41:38.0765 3228  C:\WINDOWS\system32\logonui.exe - ok
22:41:38.0765 3228  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
22:41:38.0765 3228  C:\WINDOWS\system32\cscdll.dll - ok
22:41:38.0765 3228  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
22:41:38.0765 3228  C:\WINDOWS\system32\dimsntfy.dll - ok
22:41:38.0781 3228  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
22:41:38.0781 3228  C:\WINDOWS\system32\wlnotify.dll - ok
22:41:38.0781 3228  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
22:41:38.0781 3228  C:\WINDOWS\system32\winspool.drv - ok
22:41:38.0781 3228  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
22:41:38.0781 3228  C:\WINDOWS\system32\duser.dll - ok
22:41:38.0796 3228  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
22:41:38.0796 3228  C:\WINDOWS\system32\lmhsvc.dll - ok
22:41:38.0796 3228  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
22:41:38.0796 3228  C:\WINDOWS\system32\wzcsvc.dll - ok
22:41:38.0812 3228  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
22:41:38.0812 3228  C:\WINDOWS\system32\msimg32.dll - ok
22:41:38.0812 3228  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
22:41:38.0812 3228  C:\WINDOWS\system32\oleacc.dll - ok
22:41:38.0812 3228  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
22:41:38.0812 3228  C:\WINDOWS\system32\rtutils.dll - ok
22:41:38.0828 3228  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
22:41:38.0828 3228  C:\WINDOWS\system32\eapolqec.dll - ok
22:41:38.0828 3228  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
22:41:38.0828 3228  C:\WINDOWS\system32\wmi.dll - ok
22:41:38.0828 3228  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
22:41:38.0828 3228  C:\WINDOWS\system32\atl.dll - ok
22:41:38.0843 3228  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
22:41:38.0843 3228  C:\WINDOWS\system32\qutil.dll - ok
22:41:38.0843 3228  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
22:41:38.0843 3228  C:\WINDOWS\system32\dot3api.dll - ok
22:41:38.0843 3228  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
22:41:38.0843 3228  C:\WINDOWS\system32\esent.dll - ok
22:41:38.0859 3228  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
22:41:38.0859 3228  C:\WINDOWS\system32\clbcatq.dll - ok
22:41:38.0859 3228  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
22:41:38.0859 3228  C:\WINDOWS\system32\comres.dll - ok
22:41:38.0859 3228  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
22:41:38.0859 3228  C:\WINDOWS\system32\shgina.dll - ok
22:41:38.0875 3228  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
22:41:38.0875 3228  C:\WINDOWS\system32\rastls.dll - ok
22:41:38.0875 3228  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
22:41:38.0875 3228  C:\WINDOWS\system32\cryptui.dll - ok
22:41:38.0875 3228  [ 5C4AAC5A91422C95522ECC6C26FB93C8 ] C:\WINDOWS\system32\wininet.dll
22:41:38.0875 3228  C:\WINDOWS\system32\wininet.dll - ok
22:41:38.0890 3228  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
22:41:38.0890 3228  C:\WINDOWS\system32\normaliz.dll - ok
22:41:38.0890 3228  [ 674540915241F737300B604EE811A139 ] C:\WINDOWS\system32\urlmon.dll
22:41:38.0890 3228  C:\WINDOWS\system32\urlmon.dll - ok
22:41:38.0906 3228  [ DCA5BC4913C1DE2668625D7680DF6F18 ] C:\WINDOWS\system32\iertutil.dll
22:41:38.0906 3228  C:\WINDOWS\system32\iertutil.dll - ok
22:41:38.0906 3228  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
22:41:38.0906 3228  C:\WINDOWS\system32\activeds.dll - ok
22:41:38.0906 3228  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
22:41:38.0906 3228  C:\WINDOWS\system32\mprapi.dll - ok
22:41:38.0921 3228  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
22:41:38.0921 3228  C:\WINDOWS\system32\adsldpc.dll - ok
22:41:38.0921 3228  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
22:41:38.0921 3228  C:\WINDOWS\system32\rasapi32.dll - ok
22:41:38.0921 3228  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
22:41:38.0921 3228  C:\WINDOWS\system32\rasman.dll - ok
22:41:38.0937 3228  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
22:41:38.0937 3228  C:\WINDOWS\system32\tapi32.dll - ok
22:41:38.0937 3228  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
22:41:38.0937 3228  C:\WINDOWS\system32\riched20.dll - ok
22:41:38.0937 3228  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
22:41:38.0937 3228  C:\WINDOWS\system32\cscui.dll - ok
22:41:38.0953 3228  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
22:41:38.0953 3228  C:\WINDOWS\system32\raschap.dll - ok
22:41:38.0953 3228  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
22:41:38.0953 3228  C:\WINDOWS\system32\schedsvc.dll - ok
22:41:38.0953 3228  [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
22:41:38.0953 3228  C:\WINDOWS\system32\dpcdll.dll - ok
22:41:38.0968 3228  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
22:41:38.0968 3228  C:\WINDOWS\system32\powrprof.dll - ok
22:41:38.0968 3228  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
22:41:38.0968 3228  C:\WINDOWS\system32\netman.dll - ok
22:41:38.0984 3228  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
22:41:38.0984 3228  C:\WINDOWS\system32\netshell.dll - ok
22:41:38.0984 3228  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
22:41:38.0984 3228  C:\WINDOWS\system32\userinit.exe - ok
22:41:38.0984 3228  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
22:41:38.0984 3228  C:\WINDOWS\system32\credui.dll - ok
22:41:39.0000 3228  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
22:41:39.0000 3228  C:\WINDOWS\explorer.exe - ok
22:41:39.0000 3228  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
22:41:39.0000 3228  C:\WINDOWS\system32\dot3dlg.dll - ok
22:41:39.0000 3228  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
22:41:39.0000 3228  C:\WINDOWS\system32\eappcfg.dll - ok
22:41:39.0015 3228  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
22:41:39.0015 3228  C:\WINDOWS\system32\onex.dll - ok
22:41:39.0015 3228  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
22:41:39.0015 3228  C:\WINDOWS\system32\eappprxy.dll - ok
22:41:39.0015 3228  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
22:41:39.0015 3228  C:\WINDOWS\system32\browseui.dll - ok
22:41:39.0031 3228  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
22:41:39.0031 3228  C:\WINDOWS\system32\wzcsapi.dll - ok
22:41:39.0031 3228  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
22:41:39.0031 3228  C:\WINDOWS\system32\msidle.dll - ok
22:41:39.0031 3228  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
22:41:39.0031 3228  C:\WINDOWS\system32\spoolsv.exe - ok
22:41:39.0046 3228  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
22:41:39.0046 3228  C:\WINDOWS\system32\shdocvw.dll - ok
22:41:39.0046 3228  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
22:41:39.0046 3228  C:\WINDOWS\system32\audiosrv.dll - ok
22:41:39.0046 3228  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
22:41:39.0046 3228  C:\WINDOWS\system32\wkssvc.dll - ok
22:41:39.0062 3228  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
22:41:39.0062 3228  C:\WINDOWS\system32\desk.cpl - ok
22:41:39.0062 3228  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
22:41:39.0062 3228  C:\WINDOWS\system32\themeui.dll - ok
22:41:39.0062 3228  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
22:41:39.0062 3228  C:\WINDOWS\system32\actxprxy.dll - ok
22:41:39.0078 3228  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
22:41:39.0078 3228  C:\WINDOWS\system32\cmd.exe - ok
22:41:39.0078 3228  [ 2223775FDCB2EF7D4EC159AF3C764941 ] C:\WINDOWS\system32\ieframe.dll
22:41:39.0078 3228  C:\WINDOWS\system32\ieframe.dll - ok
22:41:39.0093 3228  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
22:41:39.0093 3228  C:\WINDOWS\system32\wdmaud.drv - ok
22:41:39.0093 3228  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
22:41:39.0093 3228  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
22:41:39.0093 3228  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
22:41:39.0093 3228  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
22:41:39.0109 3228  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
22:41:39.0109 3228  C:\WINDOWS\system32\drivers\splitter.sys - ok
22:41:39.0109 3228  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
22:41:39.0109 3228  C:\WINDOWS\system32\drivers\aec.sys - ok
22:41:39.0109 3228  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
22:41:39.0109 3228  C:\WINDOWS\system32\drivers\swmidi.sys - ok
22:41:39.0125 3228  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
22:41:39.0125 3228  C:\WINDOWS\system32\drivers\dmusic.sys - ok
22:41:39.0125 3228  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
22:41:39.0125 3228  C:\WINDOWS\system32\drivers\kmixer.sys - ok
22:41:39.0125 3228  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
22:41:39.0125 3228  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
22:41:39.0140 3228  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
22:41:39.0140 3228  C:\WINDOWS\system32\midimap.dll - ok
22:41:39.0140 3228  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
22:41:39.0140 3228  C:\WINDOWS\system32\msacm32.drv - ok
22:41:39.0140 3228  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
22:41:39.0140 3228  C:\WINDOWS\system32\cryptnet.dll - ok
22:41:39.0156 3228  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
22:41:39.0156 3228  C:\WINDOWS\system32\sensapi.dll - ok
22:41:39.0156 3228  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
22:41:39.0156 3228  C:\WINDOWS\system32\winhttp.dll - ok
22:41:39.0171 3228  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
22:41:39.0171 3228  C:\WINDOWS\system32\cabinet.dll - ok
22:41:39.0171 3228  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
22:41:39.0171 3228  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
22:41:39.0171 3228  [ 758D99511FD82B6C55E70494039E9F1A ] C:\Program Files\Google\Update\1.3.21.145\goopdate.dll
22:41:39.0171 3228  C:\Program Files\Google\Update\1.3.21.145\goopdate.dll - ok
22:41:39.0187 3228  [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\system32\msi.dll
22:41:39.0187 3228  C:\WINDOWS\system32\msi.dll - ok
22:41:39.0187 3228  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
22:41:39.0187 3228  C:\WINDOWS\system32\dbghelp.dll - ok
22:41:39.0187 3228  [ 76B35CB0F3A4E69D6DFF27F542B9F856 ] C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
22:41:39.0187 3228  C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe - ok
22:41:39.0203 3228  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
22:41:39.0203 3228  C:\WINDOWS\system32\mstask.dll - ok
22:41:39.0203 3228  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
22:41:39.0203 3228  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
22:41:39.0203 3228  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
22:41:39.0203 3228  C:\WINDOWS\system32\webclnt.dll - ok
22:41:39.0218 3228  [ 4FE5C6D40664AE07BE5105874357D2ED ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:41:39.0218 3228  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
22:41:39.0218 3228  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
22:41:39.0218 3228  C:\WINDOWS\system32\drivers\serial.sys - ok
22:41:39.0218 3228  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
22:41:39.0218 3228  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
22:41:39.0234 3228  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
22:41:39.0234 3228  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
22:41:39.0234 3228  [ D7016846DBD0D73E6FBF5E68E0EA370E ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
22:41:39.0234 3228  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
22:41:39.0250 3228  [ 64894527838C86454E2F378FF39FA336 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
22:41:39.0250 3228  C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
22:41:39.0250 3228  [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
22:41:39.0250 3228  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
22:41:39.0250 3228  [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
22:41:39.0250 3228  C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
22:41:39.0250 3228  [ 62169BDD927A67C360A35F4526429B01 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
22:41:39.0250 3228  C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
22:41:39.0265 3228  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
22:41:39.0265 3228  C:\WINDOWS\system32\wsock32.dll - ok
22:41:39.0265 3228  [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
22:41:39.0265 3228  C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
22:41:39.0281 3228  [ 9ABB7CDAC0914579C86990048771B1B4 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
22:41:39.0281 3228  C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
22:41:39.0281 3228  [ D47913F993A0E3A0C9F1E88FD02E98C6 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
22:41:39.0281 3228  C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
22:41:39.0281 3228  [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
22:41:39.0281 3228  C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
22:41:39.0296 3228  [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
22:41:39.0296 3228  C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
22:41:39.0296 3228  [ 4327CF9A9D0864CA0FFC97FCDA97315A ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
22:41:39.0296 3228  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
22:41:39.0296 3228  [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\WINDOWS\system32\dnssd.dll
22:41:39.0296 3228  C:\WINDOWS\system32\dnssd.dll - ok
22:41:39.0312 3228  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
22:41:39.0312 3228  C:\Program Files\Bonjour\mDNSResponder.exe - ok
22:41:39.0312 3228  [ 24665B221424FFD7B71F0D2C398F2F4F ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
22:41:39.0312 3228  C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
22:41:39.0312 3228  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:41:39.0312 3228  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
22:41:39.0328 3228  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
22:41:39.0328 3228  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
22:41:39.0328 3228  [ 58B61578D5704E9FC8B8A9861A85069D ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
22:41:39.0328 3228  C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
22:41:39.0343 3228  [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
22:41:39.0343 3228  C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
22:41:39.0343 3228  [ 128DD9AF8640DBCC711940903C8B554F ] C:\WINDOWS\system32\mscoree.dll
22:41:39.0343 3228  C:\WINDOWS\system32\mscoree.dll - ok
22:41:39.0343 3228  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
22:41:39.0343 3228  C:\WINDOWS\system32\cryptsvc.dll - ok
22:41:39.0359 3228  [ 26CE59F9FC8639FD7FED53CE3B785015 ] C:\WINDOWS\system32\drivers\cpuz135_x32.sys
22:41:39.0359 3228  C:\WINDOWS\system32\drivers\cpuz135_x32.sys - ok
22:41:39.0359 3228  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
22:41:39.0359 3228  C:\WINDOWS\system32\certcli.dll - ok
22:41:39.0359 3228  [ 61B6CED01608B7BE71C5B7AF7C949BA0 ] C:\Program Files\Seagate\Seagate_Media\Sync\MediaAggreService.exe
22:41:39.0359 3228  C:\Program Files\Seagate\Seagate_Media\Sync\MediaAggreService.exe - ok
22:41:39.0375 3228  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
22:41:39.0375 3228  C:\WINDOWS\system32\es.dll - ok
22:41:39.0375 3228  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
22:41:39.0375 3228  C:\WINDOWS\system32\ersvc.dll - ok
22:41:39.0375 3228  [ 8A1CBAE63FC06EDAEDCCE1B23E9C9267 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
22:41:39.0375 3228  C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
22:41:39.0390 3228  [ 932D2A2EF11C23512BDABEAB46213180 ] C:\Program Files\Seagate\Seagate_Media\Sync\STXMEDIADEVIF.dll
22:41:39.0390 3228  C:\Program Files\Seagate\Seagate_Media\Sync\STXMEDIADEVIF.dll - ok
22:41:39.0390 3228  [ F3DE10AABD5C7A1A186C9966F037D0C0 ] C:\WINDOWS\system32\mfc100u.dll
22:41:39.0390 3228  C:\WINDOWS\system32\mfc100u.dll - ok
22:41:39.0406 3228  [ 25F0095BA5A30A31CA538698D6FE234C ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
22:41:39.0406 3228  C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
22:41:39.0406 3228  [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\WINDOWS\system32\msvcr100.dll
22:41:39.0406 3228  C:\WINDOWS\system32\msvcr100.dll - ok
22:41:39.0406 3228  [ BC83108B18756547013ED443B8CDB31B ] C:\WINDOWS\system32\msvcp100.dll
22:41:39.0406 3228  C:\WINDOWS\system32\msvcp100.dll - ok
22:41:39.0421 3228  [ 44A611DCE116D109C8CCF692F09DFBAE ] C:\Program Files\Common Files\Apple\Mobile Device Support\ssleay32.dll
22:41:39.0421 3228  C:\Program Files\Common Files\Apple\Mobile Device Support\ssleay32.dll - ok
22:41:39.0421 3228  [ CFF7CD91E1814438552959BC71FE5342 ] C:\Program Files\Common Files\Apple\Mobile Device Support\libeay32.dll
22:41:39.0421 3228  C:\Program Files\Common Files\Apple\Mobile Device Support\libeay32.dll - ok
22:41:39.0421 3228  [ 2A2C442F00B45E01D4C882EEA69A01BC ] C:\WINDOWS\system32\mfc100enu.dll
22:41:39.0421 3228  C:\WINDOWS\system32\mfc100enu.dll - ok
22:41:39.0437 3228  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
22:41:39.0437 3228  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
22:41:39.0437 3228  [ 999DB5F88C8E145CCA9D471E33227143 ] C:\Program Files\Java\jre7\bin\jqs.exe
22:41:39.0437 3228  C:\Program Files\Java\jre7\bin\jqs.exe - ok
22:41:39.0437 3228  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
22:41:39.0437 3228  C:\WINDOWS\system32\hidserv.dll - ok
22:41:39.0453 3228  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
22:41:39.0453 3228  C:\WINDOWS\system32\hid.dll - ok
22:41:39.0453 3228  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
22:41:39.0453 3228  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
22:41:39.0453 3228  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
22:41:39.0453 3228  C:\WINDOWS\system32\pdh.dll - ok
22:41:39.0468 3228  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
22:41:39.0468 3228  C:\WINDOWS\system32\odbcbcp.dll - ok
22:41:39.0468 3228  [ FB4125937B07247E236BDB49B91102BF ] C:\Program Files\Common Files\Motive\McciCMService.exe
22:41:39.0468 3228  C:\Program Files\Common Files\Motive\McciCMService.exe - ok
22:41:39.0484 3228  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
22:41:39.0484 3228  C:\WINDOWS\system32\srvsvc.dll - ok
22:41:39.0484 3228  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
22:41:39.0484 3228  C:\WINDOWS\system32\drivers\srv.sys - ok
22:41:39.0484 3228  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
22:41:39.0484 3228  C:\WINDOWS\system32\netmsg.dll - ok
22:41:39.0500 3228  [ E246A32C445056996074A397DA56E815 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
22:41:39.0500 3228  C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
22:41:39.0500 3228  [ 5150B108EA88831E1C599603D8B89621 ] C:\WINDOWS\system32\nvsvc32.exe
22:41:39.0500 3228  C:\WINDOWS\system32\nvsvc32.exe - ok
22:41:39.0500 3228  [ 6302835B155332C866884DE5EE844E84 ] C:\Program Files\Seagate\Seagate_Media\Sync\synconf.dll
22:41:39.0500 3228  C:\Program Files\Seagate\Seagate_Media\Sync\synconf.dll - ok
22:41:39.0515 3228  [ B57B1EB2583AB15F3217E33EDD974C42 ] C:\WINDOWS\system32\nvcpl.dll
22:41:39.0515 3228  C:\WINDOWS\system32\nvcpl.dll - ok
22:41:39.0515 3228  [ 83E8AB7BB3C8956C53FEC071C94F0BBB ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:41:39.0515 3228  C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe - ok
22:41:39.0515 3228  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
22:41:39.0515 3228  C:\WINDOWS\system32\perfos.dll - ok
22:41:39.0531 3228  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
22:41:39.0531 3228  C:\WINDOWS\system32\perfdisk.dll - ok
22:41:39.0531 3228  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
22:41:39.0531 3228  C:\WINDOWS\system32\ipsecsvc.dll - ok
22:41:39.0531 3228  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
22:41:39.0531 3228  C:\WINDOWS\system32\oakley.dll - ok
22:41:39.0546 3228  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
22:41:39.0546 3228  C:\WINDOWS\system32\seclogon.dll - ok
22:41:39.0546 3228  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
22:41:39.0546 3228  C:\WINDOWS\system32\sens.dll - ok
22:41:39.0546 3228  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
22:41:39.0546 3228  C:\WINDOWS\system32\spoolss.dll - ok
22:41:39.0562 3228  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
22:41:39.0562 3228  C:\WINDOWS\system32\ipnathlp.dll - ok
22:41:39.0562 3228  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
22:41:39.0562 3228  C:\WINDOWS\system32\localspl.dll - ok
22:41:39.0562 3228  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
22:41:39.0562 3228  C:\WINDOWS\system32\winipsec.dll - ok
22:41:39.0578 3228  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
22:41:39.0578 3228  C:\WINDOWS\system32\pstorsvc.dll - ok
22:41:39.0578 3228  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
22:41:39.0578 3228  C:\WINDOWS\system32\psbase.dll - ok
22:41:39.0593 3228  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
22:41:39.0593 3228  C:\WINDOWS\system32\srsvc.dll - ok
22:41:39.0593 3228  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
22:41:39.0593 3228  C:\WINDOWS\system32\dssenh.dll - ok
22:41:39.0593 3228  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
22:41:39.0593 3228  C:\WINDOWS\system32\wiaservc.dll - ok
22:41:39.0609 3228  [ 381915766C2A5E47A7DB95423CE09A16 ] C:\WINDOWS\system32\AdobePDF.dll
22:41:39.0609 3228  C:\WINDOWS\system32\AdobePDF.dll - ok
22:41:39.0609 3228  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
22:41:39.0609 3228  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
22:41:39.0609 3228  [ F41A8F6E80DB4853CFC8613F72B53E12 ] C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll
22:41:39.0609 3228  C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll - ok
22:41:39.0625 3228  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
22:41:39.0625 3228  C:\WINDOWS\system32\cfgmgr32.dll - ok
22:41:39.0625 3228  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
22:41:39.0625 3228  C:\WINDOWS\system32\mscms.dll - ok
22:41:39.0625 3228  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
22:41:39.0625 3228  C:\WINDOWS\system32\vssapi.dll - ok
22:41:39.0640 3228  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
22:41:39.0640 3228  C:\WINDOWS\system32\cnbjmon.dll - ok
22:41:39.0640 3228  [ 4E460240CB29778F5F8C1FEB38806679 ] C:\WINDOWS\system32\HPTcpMon.dll
22:41:39.0640 3228  C:\WINDOWS\system32\HPTcpMon.dll - ok
22:41:39.0640 3228  [ E9B4525052117D769EF6B597A0D31874 ] C:\WINDOWS\system32\hpowiax2.dll
22:41:39.0640 3228  C:\WINDOWS\system32\hpowiax2.dll - ok
22:41:39.0656 3228  [ EE142789631138C42112B5B757DDE6A9 ] C:\WINDOWS\system32\hpzjrd01.dll
22:41:39.0656 3228  C:\WINDOWS\system32\hpzjrd01.dll - ok
22:41:39.0656 3228  [ E2A611081DC6D6A13AD3A9DD2F291F30 ] C:\WINDOWS\system32\HPTcpMUI.dll
22:41:39.0656 3228  C:\WINDOWS\system32\HPTcpMUI.dll - ok
22:41:39.0671 3228  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
22:41:39.0671 3228  C:\WINDOWS\system32\trkwks.dll - ok
22:41:39.0671 3228  [ ADBB61BF0B9C97DE818090738EC71E57 ] C:\WINDOWS\system32\HPTcpMib.dll
22:41:39.0671 3228  C:\WINDOWS\system32\HPTcpMib.dll - ok
22:41:39.0671 3228  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
22:41:39.0671 3228  C:\WINDOWS\system32\wuauserv.dll - ok
22:41:39.0687 3228  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
22:41:39.0687 3228  C:\WINDOWS\system32\browser.dll - ok
22:41:39.0687 3228  [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll
22:41:39.0687 3228  C:\WINDOWS\system32\mgmtapi.dll - ok
22:41:39.0687 3228  [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
22:41:39.0687 3228  C:\WINDOWS\system32\snmpapi.dll - ok
22:41:39.0703 3228  [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
22:41:39.0703 3228  C:\WINDOWS\system32\wsnmp32.dll - ok
22:41:39.0703 3228  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
22:41:39.0703 3228  C:\WINDOWS\system32\wuaueng.dll - ok
22:41:39.0718 3228  [ 8368F1B57150F129935762E7BE9BC4BA ] C:\WINDOWS\system32\hpzll054.dll
22:41:39.0718 3228  C:\WINDOWS\system32\hpzll054.dll - ok
22:41:39.0718 3228  [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
22:41:39.0718 3228  C:\WINDOWS\system32\fxsmon.dll - ok
22:41:39.0718 3228  [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
22:41:39.0718 3228  C:\WINDOWS\system32\fxsevent.dll - ok
22:41:39.0734 3228  [ AD6390536EEC15B53A3CFFBF2A7B8467 ] C:\WINDOWS\system32\ptpusd.dll
22:41:39.0734 3228  C:\WINDOWS\system32\ptpusd.dll - ok
22:41:39.0734 3228  [ 1574DD9D409F2DC45CF82C22B99164A4 ] C:\WINDOWS\system32\pdfcmnnt.dll
22:41:39.0734 3228  C:\WINDOWS\system32\pdfcmnnt.dll - ok
22:41:39.0734 3228  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
22:41:39.0734 3228  C:\WINDOWS\system32\pjlmon.dll - ok
22:41:39.0750 3228  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
22:41:39.0750 3228  C:\WINDOWS\system32\tcpmon.dll - ok
22:41:39.0750 3228  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
22:41:39.0750 3228  C:\WINDOWS\system32\usbmon.dll - ok
22:41:39.0750 3228  [ 4B410E9DBC93846D2E6C9EBDE8304845 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
22:41:39.0750 3228  C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll - ok
22:41:39.0765 3228  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
22:41:39.0765 3228  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
22:41:39.0765 3228  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
22:41:39.0765 3228  C:\WINDOWS\system32\win32spl.dll - ok
22:41:39.0765 3228  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
22:41:39.0765 3228  C:\WINDOWS\system32\netrap.dll - ok
22:41:39.0781 3228  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
22:41:39.0781 3228  C:\WINDOWS\system32\inetpp.dll - ok
22:41:39.0781 3228  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
22:41:39.0781 3228  C:\WINDOWS\system32\mspatcha.dll - ok
22:41:39.0781 3228  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
22:41:39.0781 3228  C:\WINDOWS\system32\wscsvc.dll - ok
22:41:39.0796 3228  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
22:41:39.0796 3228  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
22:41:39.0796 3228  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
22:41:39.0796 3228  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
22:41:39.0796 3228  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
22:41:39.0796 3228  C:\WINDOWS\system32\comsvcs.dll - ok
22:41:39.0812 3228  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
22:41:39.0812 3228  C:\WINDOWS\system32\colbact.dll - ok
22:41:39.0812 3228  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
22:41:39.0812 3228  C:\WINDOWS\system32\clusapi.dll - ok
22:41:39.0828 3228  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
22:41:39.0828 3228  C:\WINDOWS\system32\mtxclu.dll - ok
22:41:39.0828 3228  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
22:41:39.0828 3228  C:\WINDOWS\system32\resutils.dll - ok
22:41:39.0828 3228  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
22:41:39.0828 3228  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
22:41:39.0843 3228  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
22:41:39.0843 3228  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
22:41:39.0843 3228  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
22:41:39.0843 3228  C:\WINDOWS\system32\wbem\esscli.dll - ok
22:41:39.0843 3228  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
22:41:39.0843 3228  C:\WINDOWS\system32\wbem\fastprox.dll - ok
22:41:39.0859 3228  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
22:41:39.0859 3228  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
22:41:39.0859 3228  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
22:41:39.0859 3228  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
22:41:39.0859 3228  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
22:41:39.0859 3228  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
22:41:39.0875 3228  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
22:41:39.0875 3228  C:\WINDOWS\system32\wups.dll - ok
22:41:39.0875 3228  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
22:41:39.0875 3228  C:\WINDOWS\system32\wups2.dll - ok
22:41:39.0875 3228  [ 288FC8B1A73FB46AE02590157855E302 ] C:\WINDOWS\system32\nvapi.dll
22:41:39.0875 3228  C:\WINDOWS\system32\nvapi.dll - ok
22:41:39.0890 3228  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
22:41:39.0890 3228  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
22:41:39.0890 3228  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
22:41:39.0890 3228  C:\WINDOWS\system32\wbem\wbemess.dll - ok
22:41:39.0906 3228  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
22:41:39.0906 3228  C:\WINDOWS\system32\wuauclt.exe - ok
22:41:39.0906 3228  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
22:41:39.0906 3228  C:\WINDOWS\system32\wuapi.dll - ok
22:41:39.0906 3228  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
22:41:39.0906 3228  C:\WINDOWS\system32\wbem\ncprov.dll - ok
22:41:39.0921 3228  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
22:41:39.0921 3228  C:\WINDOWS\system32\termsrv.dll - ok
22:41:39.0921 3228  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
22:41:39.0921 3228  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
22:41:39.0937 3228  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
22:41:39.0937 3228  C:\WINDOWS\system32\icaapi.dll - ok
22:41:39.0937 3228  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
22:41:39.0937 3228  C:\WINDOWS\system32\mstlsapi.dll - ok
22:41:39.0937 3228  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
22:41:39.0937 3228  C:\WINDOWS\system32\alg.exe - ok
22:41:39.0953 3228  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
22:41:39.0953 3228  C:\WINDOWS\system32\netcfgx.dll - ok
22:41:39.0953 3228  [ 2775CF7A0D1ABEBCBF2296A2D95AF793 ] C:\Program Files\Java\jre7\bin\awt.dll
22:41:39.0953 3228  C:\Program Files\Java\jre7\bin\awt.dll - ok
22:41:39.0953 3228  [ 8839C69D4E9468A1E5BDF4B9F4BCC5FE ] C:\Program Files\Java\jre7\bin\client\jvm.dll
22:41:39.0953 3228  C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
22:41:39.0968 3228  [ 60C2752036FAC5DA6E5F72CB9AB60747 ] C:\Program Files\Java\jre7\bin\dcpr.dll
22:41:39.0968 3228  C:\Program Files\Java\jre7\bin\dcpr.dll - ok
22:41:39.0968 3228  [ F38B92211F961CF9D48B2192BC7B00D6 ] C:\Program Files\Java\jre7\bin\deploy.dll
22:41:39.0968 3228  C:\Program Files\Java\jre7\bin\deploy.dll - ok
22:41:39.0968 3228  [ 24265143B1F4D8C57695630FBF6494CD ] C:\Program Files\Java\jre7\bin\fontmanager.dll
22:41:39.0968 3228  C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
22:41:39.0984 3228  [ 8A53582955841F6FFC62D7FD2E913773 ] C:\Program Files\Java\jre7\bin\java.dll
22:41:39.0984 3228  C:\Program Files\Java\jre7\bin\java.dll - ok
22:41:39.0984 3228  [ 0B56B878192DBA95D66A3162D38911F2 ] C:\Program Files\Java\jre7\bin\javaw.exe
22:41:39.0984 3228  C:\Program Files\Java\jre7\bin\javaw.exe - ok
22:41:39.0984 3228  [ C053C0F4F941A74EE163A601AEFE7AC3 ] C:\Program Files\Java\jre7\bin\jp2native.dll
22:41:39.0984 3228  C:\Program Files\Java\jre7\bin\jp2native.dll - ok
22:41:40.0000 3228  [ 467B0D0BC47D0B9CFA3837DA0A498C7F ] C:\Program Files\Java\jre7\bin\jpeg.dll
22:41:40.0000 3228  C:\Program Files\Java\jre7\bin\jpeg.dll - ok
22:41:40.0000 3228  [ 0A45A39E9A1D3D33A49D1BAF292659E3 ] C:\Program Files\Java\jre7\bin\net.dll
22:41:40.0000 3228  C:\Program Files\Java\jre7\bin\net.dll - ok
22:41:40.0000 3228  [ F897D8369C0523D32A5DD169DF545BCD ] C:\Program Files\Java\jre7\bin\nio.dll
22:41:40.0000 3228  C:\Program Files\Java\jre7\bin\nio.dll - ok
22:41:40.0015 3228  [ 76F27FAB5BA22E336E5D42626702E744 ] C:\Program Files\Java\jre7\bin\verify.dll
22:41:40.0015 3228  C:\Program Files\Java\jre7\bin\verify.dll - ok
22:41:40.0015 3228  [ 95A841BE3CF27181D7E9033DD66BC5CF ] C:\Program Files\Java\jre7\bin\zip.dll
22:41:40.0015 3228  C:\Program Files\Java\jre7\bin\zip.dll - ok
22:41:40.0015 3228  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\HP_Owner\LOCALS~1\temp\F79C3E3A-D208-4716-B762-EE4EE914F6C3.exe
22:41:40.0015 3228  C:\DOCUME~1\HP_Owner\LOCALS~1\temp\F79C3E3A-D208-4716-B762-EE4EE914F6C3.exe - ok
22:41:40.0031 3228  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
22:41:40.0031 3228  C:\WINDOWS\system32\linkinfo.dll - ok
22:41:40.0031 3228  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
22:41:40.0031 3228  C:\WINDOWS\system32\ntshrui.dll - ok
22:41:40.0046 3228  [ 7ED41E534AD1ECB7C75FFDA0C2917144 ] C:\WINDOWS\RTHDCPL.EXE
22:41:40.0046 3228  C:\WINDOWS\RTHDCPL.EXE - ok
22:41:40.0046 3228  [ F3EAEA279F09A7779C18793C87640794 ] C:\WINDOWS\SMINST\Recguard.exe
22:41:40.0046 3228  C:\WINDOWS\SMINST\Recguard.exe - ok
22:41:40.0046 3228  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
22:41:40.0046 3228  C:\WINDOWS\system32\upnp.dll - ok
22:41:40.0062 3228  [ A789B145F17FA5C2326907F4872FE173 ] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
22:41:40.0062 3228  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe - ok
22:41:40.0062 3228  [ C637FC4638A96165256B28D38DE7B953 ] C:\Program Files\HP\HP Software Update\hpwuschd2.exe
22:41:40.0062 3228  C:\Program Files\HP\HP Software Update\hpwuschd2.exe - ok
22:41:40.0062 3228  [ BA9AF06103549A96F77036861FDE357B ] C:\Program Files\BroadJump\Client Foundation\CFD.exe
22:41:40.0062 3228  C:\Program Files\BroadJump\Client Foundation\CFD.exe - ok
22:41:40.0078 3228  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
22:41:40.0078 3228  C:\WINDOWS\system32\ssdpapi.dll - ok
22:41:40.0078 3228  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
22:41:40.0078 3228  C:\WINDOWS\system32\drivers\http.sys - ok
22:41:40.0078 3228  [ 99E7B3F95E0390B931AB60A97A58272D ] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
22:41:40.0078 3228  C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe - ok
22:41:40.0093 3228  [ 1AC2C58B587C70DE64582AD41EE79FBA ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
22:41:40.0093 3228  C:\Program Files\Common Files\Real\Update_OB\realsched.exe - ok
22:41:40.0093 3228  [ 46DA8E7484AC7A52CE1D6E428398724B ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:41:40.0093 3228  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
22:41:40.0093 3228  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
22:41:40.0109 3228  C:\WINDOWS\system32\mlang.dll - ok
22:41:40.0109 3228  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
22:41:40.0109 3228  C:\WINDOWS\system32\oledlg.dll - ok
22:41:40.0109 3228  [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
22:41:40.0109 3228  C:\WINDOWS\system32\olepro32.dll - ok
22:41:40.0125 3228  [ 17D640DAEB5144ED26ED3EE672C5F492 ] C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll
22:41:40.0125 3228  C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll - ok
22:41:40.0125 3228  [ 1715BE44BEAD052CEFBCC3A866DB8CC1 ] C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
22:41:40.0125 3228  C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll - ok
22:41:40.0125 3228  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
22:41:40.0125 3228  C:\WINDOWS\system32\ssdpsrv.dll - ok
22:41:40.0140 3228  [ 5405413FFF79B8D9C747AA900F60F082 ] C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
22:41:40.0140 3228  C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll - ok
22:41:40.0140 3228  [ 3F533D75631178A880AEFFDF117213BE ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
22:41:40.0140 3228  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
22:41:40.0140 3228  [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files\QuickTime\QTTask.exe
22:41:40.0140 3228  C:\Program Files\QuickTime\QTTask.exe - ok
22:41:40.0156 3228  [ 0BAB01576F06431B3ACD90DF93D62FD8 ] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
22:41:40.0156 3228  C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll - ok
22:41:40.0156 3228  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\42559861.sys
22:41:40.0156 3228  C:\WINDOWS\system32\drivers\42559861.sys - ok
22:41:40.0156 3228  [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
22:41:40.0156 3228  C:\WINDOWS\system32\hhctrl.ocx - ok
22:41:40.0171 3228  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
22:41:40.0171 3228  C:\WINDOWS\system32\webcheck.dll - ok
22:41:40.0171 3228  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
22:41:40.0171 3228  C:\WINDOWS\system32\drivers\cdfs.sys - ok
22:41:40.0187 3228  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
22:41:40.0187 3228  C:\WINDOWS\system32\dsound.dll - ok
22:41:40.0187 3228  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
22:41:40.0187 3228  C:\WINDOWS\system32\stobject.dll - ok
22:41:40.0187 3228  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
22:41:40.0187 3228  C:\WINDOWS\system32\batmeter.dll - ok
22:41:40.0203 3228  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
22:41:40.0203 3228  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
22:41:40.0203 3228  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
22:41:40.0203 3228  C:\WINDOWS\system32\imapi.exe - ok
22:41:40.0203 3228  [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:41:40.0203 3228  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
22:41:40.0218 3228  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
22:41:40.0218 3228  C:\WINDOWS\system32\mydocs.dll - ok
22:41:40.0218 3228  [ 966EAEF84F5AF9752FC834E106350532 ] C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
22:41:40.0218 3228  C:\Program Files\BroadJump\Client Foundation\BJComRT.dll - ok
22:41:40.0218 3228  [ 0334F6FD7F32CE4932053B6A1112B5FF ] C:\Program Files\BroadJump\Client Foundation\BasicDiscoveryService.dll
22:41:40.0218 3228  C:\Program Files\BroadJump\Client Foundation\BasicDiscoveryService.dll - ok
22:41:40.0234 3228  [ 88CE1A3BBDD1806A5A997211063E660C ] C:\Program Files\Seagate\Seagate_Media\AgrregationStatus\stxmediamenumgr.exe
22:41:40.0234 3228  C:\Program Files\Seagate\Seagate_Media\AgrregationStatus\stxmediamenumgr.exe - ok
22:41:40.0234 3228  [ E774F875819DEE4A312A921A88F779FE ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
22:41:40.0234 3228  C:\Program Files\Microsoft IntelliPoint\ipoint.exe - ok
22:41:40.0234 3228  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
22:41:40.0234 3228  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
22:41:40.0250 3228  [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
22:41:40.0250 3228  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
22:41:40.0250 3228  [ A432F43D5B25DB0CFE684EFE619D31EB ] C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
22:41:40.0250 3228  C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll - ok
22:41:40.0250 3228  [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
22:41:40.0250 3228  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
22:41:40.0265 3228  [ 142AC121175A52E3F8A4A91489C7AA39 ] C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
22:41:40.0265 3228  C:\Program Files\BroadJump\Client Foundation\AppProperties.dll - ok
22:41:40.0265 3228  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
22:41:40.0265 3228  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
22:41:40.0265 3228  [ 8A9E1CC775AB10C6EA97BE5DDD3C3FBE ] C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
22:41:40.0265 3228  C:\Program Files\BroadJump\Client Foundation\BJComBase.dll - ok
22:41:40.0281 3228  [ B3C243A53F6E37D18E2266197BA8C5DF ] C:\Program Files\Seagate\Seagate_Media\AgrregationStatus\MediaAggreStxMenu.dll
22:41:40.0281 3228  C:\Program Files\Seagate\Seagate_Media\AgrregationStatus\MediaAggreStxMenu.dll - ok
22:41:40.0281 3228  [ DC3078BA1B58562416C843582A42284C ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
22:41:40.0281 3228  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll - ok
22:41:40.0296 3228  [ E180B211CA81F2A6ACD45A476A71A188 ] C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
22:41:40.0296 3228  C:\Program Files\BroadJump\Client Foundation\TimerManager.dll - ok
22:41:40.0296 3228  [ ADD7A08E7016694FE1C73DD7498DEAD6 ] C:\WINDOWS\system32\aspnet_counters.dll
22:41:40.0296 3228  C:\WINDOWS\system32\aspnet_counters.dll - ok
22:41:40.0296 3228  [ F4E9693F449600A30088A0B16079F3CD ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll
22:41:40.0296 3228  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll - ok
22:41:40.0312 3228  [ 336D45A57556FC100D8B8C336E498913 ] C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
22:41:40.0312 3228  C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll - ok
22:41:40.0312 3228  [ 8E2A7F1F62467A7DCB8AB2C0642F47CA ] C:\Program Files\iTunes\iTunesHelper.exe
22:41:40.0312 3228  C:\Program Files\iTunes\iTunesHelper.exe - ok
22:41:40.0312 3228  [ F1430F5D20F4BB71A003209C3DB3ADDF ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
22:41:40.0312 3228  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll - ok
22:41:40.0328 3228  [ 566416162BEC10CBCFEB54E921C78191 ] C:\Program Files\BroadJump\Client Foundation\ConnectivityWatcher.dll
22:41:40.0328 3228  C:\Program Files\BroadJump\Client Foundation\ConnectivityWatcher.dll - ok
22:41:40.0328 3228  [ 3D0A2CB20EF05F32D8116BDF52C34D6B ] C:\Program Files\FileHippo.com\UpdateChecker.exe
22:41:40.0328 3228  C:\Program Files\FileHippo.com\UpdateChecker.exe - ok
22:41:40.0328 3228  [ B4459D13473D07FCB43365C02732DE16 ] C:\WINDOWS\system32\pschdprf.dll
22:41:40.0328 3228  C:\WINDOWS\system32\pschdprf.dll - ok
22:41:40.0343 3228  [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:41:40.0343 3228  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
22:41:40.0343 3228  [ 1F3A82333046F4B97B2BB148ABF38D54 ] C:\WINDOWS\system32\traffic.dll
22:41:40.0343 3228  C:\WINDOWS\system32\traffic.dll - ok
22:41:40.0359 3228  [ F9DD799E07ED5028DB2F1FFEA72C9357 ] C:\WINDOWS\system32\rsvpperf.dll
22:41:40.0359 3228  C:\WINDOWS\system32\rsvpperf.dll - ok
22:41:40.0359 3228  [ 6951B89B4F591AA694048A6CD0E5224A ] C:\WINDOWS\system32\tapiperf.dll
22:41:40.0359 3228  C:\WINDOWS\system32\tapiperf.dll - ok
22:41:40.0359 3228  [ 317C54DCAB9EE29CD4B9F55D197A90D1 ] C:\WINDOWS\system32\msisip.dll
22:41:40.0359 3228  C:\WINDOWS\system32\msisip.dll - ok
22:41:40.0375 3228  [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
22:41:40.0375 3228  C:\WINDOWS\system32\wshext.dll - ok
22:41:40.0375 3228  [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
22:41:40.0375 3228  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
22:41:40.0390 3228  [ 5082BC510FAD849630D09DA626BB7CDA ] C:\Program Files\iTunes\iTunesHelper.dll
22:41:40.0390 3228  C:\Program Files\iTunes\iTunesHelper.dll - ok
22:41:40.0390 3228  [ FB53A700132D9A97D1E10E9F80BD6174 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
22:41:40.0390 3228  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
22:41:40.0390 3228  [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll
22:41:40.0390 3228  C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll - ok
22:41:40.0406 3228  [ 9665507D8585489A1999B4690277D60B ] C:\Program Files\BroadJump\Client Foundation\BJFReg.DLL
22:41:40.0406 3228  C:\Program Files\BroadJump\Client Foundation\BJFReg.DLL - ok
22:41:40.0406 3228  [ F3AD8EA144F411A6292775FA2B230DE5 ] C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll
22:41:40.0406 3228  C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll - ok
22:41:40.0406 3228  [ 78BFE3201ADA2FE02D1E35D2488E5F55 ] C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
22:41:40.0406 3228  C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe - ok
22:41:40.0421 3228  [ 6619FBECBF8AD8148AD0B9EAA6B939B2 ] C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
22:41:40.0421 3228  C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll - ok
22:41:40.0421 3228  [ 4543367E50BD35E7D1269D42841B156E ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
22:41:40.0421 3228  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - ok
22:41:40.0421 3228  [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
22:41:40.0421 3228  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
22:41:40.0437 3228  [ 84A6C6456F86ED03B79DB55BCBCDB2BD ] C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
22:41:40.0437 3228  C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe - ok
22:41:40.0437 3228  [ 149844639A31AD0D97A8B8A10FDC1FAA ] C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\backweb.dll
22:41:40.0437 3228  C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\backweb.dll - ok
22:41:40.0437 3228  [ BE643CD44DD06DA283634A3E51DC22BC ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
22:41:40.0437 3228  C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
22:41:40.0453 3228  [ F138204AE988B12DB24750C2B27F5936 ] C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
22:41:40.0453 3228  C:\Program Files\Microsoft Office\Office\FINDFAST.EXE - ok
22:41:40.0453 3228  [ AFEEAFD7CF8ED6958A81ACC304C17B7D ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
22:41:40.0453 3228  C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
22:41:40.0468 3228  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
22:41:40.0468 3228  C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
22:41:40.0468 3228  [ D06276D4CAD46CDCEABEFDEB1A0D3C0D ] C:\Program Files\Microsoft Office\Office\OSA.EXE
22:41:40.0468 3228  C:\Program Files\Microsoft Office\Office\OSA.EXE - ok
22:41:40.0468 3228  [ 6952642FDDC5BFBFB398F55F71D94FFA ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
22:41:40.0468 3228  C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe - ok
22:41:40.0484 3228  [ C4A2E21E829766FFBA11B854502E81DD ] C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll
22:41:40.0484 3228  C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll - ok
22:41:40.0484 3228  [ ABB858559A86469372663222D552BDB3 ] C:\Program Files\Microsoft Office\Office\MSO97.DLL
22:41:40.0484 3228  C:\Program Files\Microsoft Office\Office\MSO97.DLL - ok
22:41:40.0484 3228  [ 1C22A3866112ED41E1F3684DAE9AD5D2 ] C:\WINDOWS\system32\mmcshext.dll
22:41:40.0484 3228  C:\WINDOWS\system32\mmcshext.dll - ok
22:41:40.0500 3228  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
22:41:40.0500 3228  C:\WINDOWS\system32\qmgr.dll - ok
22:41:40.0500 3228  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
22:41:40.0500 3228  C:\WINDOWS\system32\shfolder.dll - ok
22:41:40.0500 3228  [ D3E868700D9B5E3C54B7EED060215CC1 ] C:\WINDOWS\system32\hhsetup.dll
22:41:40.0500 3228  C:\WINDOWS\system32\hhsetup.dll - ok
22:41:40.0515 3228  [ AC81542BD9AD04189877A4E1A019E0C4 ] C:\Program Files\BroadJump\Client Foundation\xerces-c_1_40_0_DDR.dll
22:41:40.0515 3228  C:\Program Files\BroadJump\Client Foundation\xerces-c_1_40_0_DDR.dll - ok
22:41:40.0515 3228  [ 64D6E922964D2F8F7665DCCE6D13DD51 ] C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
22:41:40.0515 3228  C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll - ok
22:41:40.0515 3228  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
22:41:40.0515 3228  C:\WINDOWS\system32\rasdlg.dll - ok
22:41:40.0531 3228  [ 75ADF315D086042EF52E89551451430F ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
22:41:40.0531 3228  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc - ok
22:41:40.0531 3228  [ A94DC60A90EFD7A35C36D971E3EE7470 ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\msvcp71.dll
22:41:40.0531 3228  C:\Program Files\Sony\Sony Picture Utility\PMBCore\msvcp71.dll - ok
22:41:40.0531 3228  [ 814E84685DB4E9B6971D6247BF33209E ] C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
22:41:40.0531 3228  C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll - ok
22:41:40.0546 3228  [ E97BC7718923E0B9EF6C10984D4E759A ] C:\Program Files\Microsoft IntelliPoint\ipres.dll
22:41:40.0546 3228  C:\Program Files\Microsoft IntelliPoint\ipres.dll - ok
22:41:40.0546 3228  [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
22:41:40.0546 3228  C:\WINDOWS\system32\ksuser.dll - ok
22:41:40.0546 3228  [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
22:41:40.0546 3228  C:\WINDOWS\system32\qmgrprxy.dll - ok
22:41:40.0562 3228  [ C1157B2908F4238BB0D9BFC639197E79 ] C:\Program Files\BroadJump\Client Foundation\ssleay32_1-1-0_DDR.dll
22:41:40.0562 3228  C:\Program Files\BroadJump\Client Foundation\ssleay32_1-1-0_DDR.dll - ok
22:41:40.0562 3228  [ CA2F560921B7B8BE1CF555A5A18D54C3 ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\msvcr71.dll
22:41:40.0562 3228  C:\Program Files\Sony\Sony Picture Utility\PMBCore\msvcr71.dll - ok
22:41:40.0578 3228  [ 42E007B152452D3A5603F62E24CBE347 ] C:\Program Files\BroadJump\Client Foundation\libeay32_1-1-0_DDR.dll
22:41:40.0578 3228  C:\Program Files\BroadJump\Client Foundation\libeay32_1-1-0_DDR.dll - ok
22:41:40.0578 3228  [ 23754E13C135B321D39A6F66A4032D11 ] C:\Program Files\Microsoft IntelliPoint\srres.dll
22:41:40.0578 3228  C:\Program Files\Microsoft IntelliPoint\srres.dll - ok
22:41:40.0578 3228  [ 863ABB8788D7A4562D845A70B3CCA426 ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\MFC71u.dll
22:41:40.0578 3228  C:\Program Files\Sony\Sony Picture Utility\PMBCore\MFC71u.dll - ok
22:41:40.0593 3228  [ 0E21535E9BC633AD345BC0F4D2249B33 ] C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\bwsec.dll
22:41:40.0593 3228  C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\bwsec.dll - ok
22:41:40.0593 3228  [ A12BAA38CE07B522671678500D035D40 ] C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\clntutil.dll
22:41:40.0593 3228  C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\clntutil.dll - ok
22:41:40.0593 3228  [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
22:41:40.0593 3228  C:\WINDOWS\system32\mfc42.dll - ok
22:41:40.0609 3228  [ 21FBF68C66AD1036D8F19B45101DF4F2 ] C:\Program Files\Microsoft Office\Office\OSAINTL.DLL
22:41:40.0609 3228  C:\Program Files\Microsoft Office\Office\OSAINTL.DLL - ok
22:41:40.0609 3228  [ 37CF3324F46CEB3A4F2686C617CBB35C ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
22:41:40.0609 3228  C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
22:41:40.0609 3228  [ CA36F785B4449839CA73E4C2B1A3B662 ] C:\Program Files\BroadJump\Client Foundation\ThirdPartyManager.DLL
22:41:40.0609 3228  C:\Program Files\BroadJump\Client Foundation\ThirdPartyManager.DLL - ok
22:41:40.0625 3228  [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\WINDOWS\system32\MFC71ENU.DLL
22:41:40.0625 3228  C:\WINDOWS\system32\MFC71ENU.DLL - ok
22:41:40.0625 3228  [ 68C5AF0992853123C544E96E34DBF836 ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcherLOC.dll
22:41:40.0625 3228  C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcherLOC.dll - ok
22:41:40.0640 3228  [ 09523AFBC5937D7CC786FC9C74D2D516 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
22:41:40.0640 3228  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll - ok
22:41:40.0640 3228  [ A2B55D601B744D23A2438AC61BBCB0A4 ] C:\Program Files\BroadJump\Client Foundation\BJAgentRegistration.dll
22:41:40.0640 3228  C:\Program Files\BroadJump\Client Foundation\BJAgentRegistration.dll - ok
22:41:40.0640 3228  [ CD81D51CBFD4DC6540340F761BB2E6B6 ] C:\PROGRA~1\UPDATE~1\9972322\632~1.116\Program\EN\ClientRc.dll
22:41:40.0640 3228  C:\PROGRA~1\UPDATE~1\9972322\632~1.116\Program\EN\ClientRc.dll - ok
22:41:40.0656 3228  [ 8E89B72CB355EA260936B3A59B5071A9 ] C:\Program Files\HP\Digital Imaging\Unload\hpnkhTA.dll
22:41:40.0656 3228  C:\Program Files\HP\Digital Imaging\Unload\hpnkhTA.dll - ok
22:41:40.0656 3228  [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\WINDOWS\system32\mfc71.dll
22:41:40.0656 3228  C:\WINDOWS\system32\mfc71.dll - ok
22:41:40.0656 3228  [ E46B17060D3962A384AE484094614788 ] C:\Program Files\iPod\bin\iPodService.exe
22:41:40.0656 3228  C:\Program Files\iPod\bin\iPodService.exe - ok
22:41:40.0671 3228  [ BF8650D4FEFB972A4A6A5FFC1F41C38C ] C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
22:41:40.0671 3228  C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe - ok
22:41:40.0671 3228  [ 64AA01FC56567180989922EE39165EBC ] C:\Program Files\BroadJump\Client Foundation\BJComSPMManager.dll
22:41:40.0671 3228  C:\Program Files\BroadJump\Client Foundation\BJComSPMManager.dll - ok
22:41:40.0671 3228  [ 303A63F4B913AA5D8998161CB77A8CE7 ] C:\WINDOWS\system32\feclient.dll
22:41:40.0671 3228  C:\WINDOWS\system32\feclient.dll - ok
22:41:40.0687 3228  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
22:41:40.0687 3228  C:\WINDOWS\system32\msxml3.dll - ok
22:41:40.0687 3228  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\msvcr71.dll
22:41:40.0687 3228  C:\WINDOWS\system32\msvcr71.dll - ok
22:41:40.0703 3228  [ 854563425495A29FB4B198A6ABEBE06D ] C:\Program Files\iTunes\iTunes.exe
22:41:40.0703 3228  C:\Program Files\iTunes\iTunes.exe - ok
22:41:40.0703 3228  [ 691BAF41144EBDE972A66C5EB5210FC8 ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
22:41:40.0703 3228  C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
22:41:40.0703 3228  [ 2F3BBB26EF3B6A918786F98ACD4E4A0E ] C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\Cpuinf32.dll
22:41:40.0703 3228  C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\Cpuinf32.dll - ok
22:41:40.0718 3228  [ 8F2097E8B174F38178570C611464935F ] C:\WINDOWS\system32\atl71.dll
22:41:40.0718 3228  C:\WINDOWS\system32\atl71.dll - ok
22:41:40.0718 3228  [ 8779099E892C0750321741BB2038BE9F ] C:\Program Files\Updates from HP\9972322\Program\BWfiles-9972322.dll
22:41:40.0718 3228  C:\Program Files\Updates from HP\9972322\Program\BWfiles-9972322.dll - ok
22:41:40.0718 3228  [ 665FBA44C65BAC9EE8AF9A5E37036640 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
22:41:40.0718 3228  C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
22:41:40.0734 3228  [ 8B89AFFB35202B8F15A927DC1169F850 ] C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\bwfiles.dll
22:41:40.0734 3228  C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\bwfiles.dll - ok
22:41:40.0734 3228  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\WINDOWS\system32\msvcp71.dll
22:41:40.0734 3228  C:\WINDOWS\system32\msvcp71.dll - ok
22:41:40.0734 3228  [ 6FC91E0159DBDDD79792A0ABE839C1AD ] C:\Program Files\BroadJump\Client Foundation\ProfileManager.dll
22:41:40.0734 3228  C:\Program Files\BroadJump\Client Foundation\ProfileManager.dll - ok
22:41:40.0750 3228  [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
22:41:40.0750 3228  C:\WINDOWS\system32\msxml6.dll - ok
22:41:40.0750 3228  [ 493CB505A19ED5CB44CFFC260CBDB30C ] C:\Program Files\BroadJump\Client Foundation\ClientUpdate.DLL
22:41:40.0750 3228  C:\Program Files\BroadJump\Client Foundation\ClientUpdate.DLL - ok
22:41:40.0750 3228  [ 4B3685AA700084E4ED6635FC1EFD9CC2 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
22:41:40.0750 3228  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll - ok
22:41:40.0765 3228  [ 909EFA2D854AF25D1164BD5B02065FCE ] C:\DOCUME~1\HP_Owner\LOCALS~1\temp\IadHide5.dll
22:41:40.0765 3228  C:\DOCUME~1\HP_Owner\LOCALS~1\temp\IadHide5.dll - ok
22:41:40.0765 3228  [ 8779099E892C0750321741BB2038BE9F ] C:\Program Files\Updates from HP\9972322\Program\frext-9972322.dll
22:41:40.0765 3228  C:\Program Files\Updates from HP\9972322\Program\frext-9972322.dll - ok
22:41:40.0765 3228  [ 29AED649F05213A527E5F62967DBBA41 ] C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\FrExt.dll
22:41:40.0765 3228  C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\FrExt.dll - ok
22:41:40.0781 3228  [ 3B224591CEFF2F3666C267263F5A3DCD ] C:\Program Files\Updates from HP\9972322\Program\HPClientExt.dll
22:41:40.0781 3228  C:\Program Files\Updates from HP\9972322\Program\HPClientExt.dll - ok
22:41:40.0781 3228  [ BA55ED975E88B6CF9C05DCAD242B5466 ] C:\Program Files\Updates from HP\9972322\Program\NewProbe.exe
22:41:40.0781 3228  C:\Program Files\Updates from HP\9972322\Program\NewProbe.exe - ok
22:41:40.0796 3228  [ 7E4774FA6D6C25762965D4D3CEF35F05 ] C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
22:41:40.0796 3228  C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll - ok
22:41:40.0796 3228  [ 63E8D944AFBEEBB243F25C4ED07E74C5 ] C:\WINDOWS\system32\inetmib1.dll
22:41:40.0796 3228  C:\WINDOWS\system32\inetmib1.dll - ok
22:41:40.0796 3228  [ ACBEFDADE71A28606B7B5D6E03AD0D18 ] C:\Program Files\BroadJump\Client Foundation\BJComVTBlade.dll
22:41:40.0796 3228  C:\Program Files\BroadJump\Client Foundation\BJComVTBlade.dll - ok
22:41:40.0812 3228  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
22:41:40.0812 3228  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
22:41:40.0812 3228  [ 133601A55D03031BD16DC6732D8EF1D1 ] C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
22:41:40.0812 3228  C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll - ok
22:41:40.0812 3228  [ 9D3E1D6C4CFD2F9709721BF1A6904435 ] C:\Program Files\iTunes\iTunes.dll
22:41:40.0812 3228  C:\Program Files\iTunes\iTunes.dll - ok
22:41:40.0828 3228  [ C9C2E4F4F6E92C42CDD2F82C15CCB34F ] C:\Program Files\BroadJump\Client Foundation\BJComAnnouncement.dll
22:41:40.0828 3228  C:\Program Files\BroadJump\Client Foundation\BJComAnnouncement.dll - ok
22:41:40.0828 3228  [ 9EE1F51BCD39FCCFD5A159D14B20936A ] C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
22:41:40.0828 3228  C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc - ok
22:41:40.0828 3228  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
22:41:40.0828 3228  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
22:41:40.0843 3228  [ 8779099E892C0750321741BB2038BE9F ] C:\Program Files\Updates from HP\9972322\Program\frcom-9972322.dll
22:41:40.0843 3228  C:\Program Files\Updates from HP\9972322\Program\frcom-9972322.dll - ok
22:41:40.0843 3228  [ 9DF35470215CC872926B470D110F1A64 ] C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\FrCom.dll
22:41:40.0843 3228  C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\FrCom.dll - ok
22:41:40.0843 3228  [ E3DBBB00C9CEACBDD374EFA2E9684E1F ] C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
22:41:40.0843 3228  C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll - ok
22:41:40.0859 3228  [ BC3BA0DF92A1EDD2A3DA98FFFD9E7F7B ] C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll
22:41:40.0859 3228  C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll - ok
22:41:40.0859 3228  [ 11F096A3AF6A182FE933E0F66F376E1D ] C:\Program Files\Common Files\Apple\Apple Application Support\AVFoundationCF.dll
22:41:40.0859 3228  C:\Program Files\Common Files\Apple\Apple Application Support\AVFoundationCF.dll - ok
22:41:40.0875 3228  [ 90A9B542C9300E540864D9FE1C42A130 ] C:\WINDOWS\system32\fxsst.dll
22:41:40.0875 3228  C:\WINDOWS\system32\fxsst.dll - ok
22:41:40.0875 3228  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
22:41:40.0875 3228  C:\WINDOWS\system32\wbem\framedyn.dll - ok
22:41:40.0875 3228  [ A00885BFA65E4B1A77C6211488EB57B9 ] C:\PROGRA~1\UPDATE~1\9972322\632~1.116\Program\EN\frcomRc.dll
22:41:40.0875 3228  C:\PROGRA~1\UPDATE~1\9972322\632~1.116\Program\EN\frcomRc.dll - ok
22:41:40.0890 3228  [ 249885BC976CE436AF0EAE90FC728336 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll
22:41:40.0890 3228  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll - ok
22:41:40.0890 3228  [ D7C20721D86829842E0F74CBE0A30EEE ] C:\Program Files\Common Files\Apple\Apple Application Support\MediaToolbox.dll
22:41:40.0890 3228  C:\Program Files\Common Files\Apple\Apple Application Support\MediaToolbox.dll - ok
22:41:40.0890 3228  [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
22:41:40.0890 3228  C:\WINDOWS\system32\fxsapi.dll - ok
22:41:40.0906 3228  [ 723528449ED0D1B0AD98AF3EDF23101D ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
22:41:40.0906 3228  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
22:41:40.0906 3228  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
22:41:40.0906 3228  C:\WINDOWS\system32\security.dll - ok
22:41:40.0906 3228  [ 7A7831A07950CD7E8AC82AFA7E44A816 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
22:41:40.0906 3228  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll - ok
22:41:40.0921 3228  [ DD469001F0E4BB6CFEBC9911C2776B6F ] C:\Program Files\Common Files\Apple\Apple Application Support\QuartzCore.dll
22:41:40.0921 3228  C:\Program Files\Common Files\Apple\Apple Application Support\QuartzCore.dll - ok
22:41:40.0921 3228  [ 982E7190DF0B0A79954EF1886D42047D ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
22:41:40.0921 3228  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll - ok
22:41:40.0937 3228  [ AE2523EB48B0401262BEC0A59C1C19C2 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreGraphics.dll
22:41:40.0937 3228  C:\Program Files\Common Files\Apple\Apple Application Support\CoreGraphics.dll - ok
22:41:40.0937 3228  [ 6729B7A0721464EE5CD6DA22C5B36C0F ] C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
22:41:40.0937 3228  C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll - ok
22:41:40.0937 3228  [ 3A5D0507DC6B80BEF409BE7BE9DA8A9B ] C:\Program Files\BroadJump\Client Foundation\DirectoryService.dll
22:41:40.0937 3228  C:\Program Files\BroadJump\Client Foundation\DirectoryService.dll - ok
22:41:40.0953 3228  [ 55E78456E49AAAB5E973D1FCAF4A8207 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreVideo.dll
22:41:40.0953 3228  C:\Program Files\Common Files\Apple\Apple Application Support\CoreVideo.dll - ok
22:41:40.0953 3228  [ 2849F13593D2712CCB97FFBDD3C1232E ] C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
22:41:40.0953 3228  C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - ok
22:41:40.0953 3228  [ 0596623E58BF98B4E5ED79B730CCFEAF ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreText.dll
22:41:40.0953 3228  C:\Program Files\Common Files\Apple\Apple Application Support\CoreText.dll - ok
22:41:40.0968 3228  [ 0C720C33E8D28AD60B7932EAD82309EA ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
22:41:40.0968 3228  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll - ok
22:41:40.0968 3228  [ 8A73BCF073DA081C47C98F16E9805855 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreAudioToolbox.dll
22:41:40.0968 3228  C:\Program Files\Common Files\Apple\Apple Application Support\CoreAudioToolbox.dll - ok
22:41:40.0968 3228  ============================================================
22:41:40.0968 3228  Scan finished
22:41:40.0968 3228  ============================================================
22:41:41.0078 3220  Detected object count: 6
22:41:41.0078 3220  Actual detected object count: 6
22:42:08.0171 3220  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:08.0171 3220  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:42:08.0171 3220  McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:08.0171 3220  McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:42:08.0171 3220  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:08.0171 3220  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:42:08.0187 3220  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:08.0187 3220  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:42:08.0187 3220  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:42:08.0187 3220  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:42:08.0187 3220  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:42:08.0187 3220  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:42:51.0031 1696  Deinitialize success
 



#11 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 15 May 2013 - 09:52 PM

And here is the result of the Rogue Killer log log.  Brett

 

Rogue Killer Log:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Owner [Admin rights]
Mode : Remove -- Date : 05/15/2013 22:49:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++
--- User ---
[MBR] 1fe718b30d8dde5ccd31cc4c1ebfd297
[BSP] 02be4e29c13ca98116e57d99b53da0e6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 145126 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 297234630 | Size: 7491 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05152013_02d2249.txt >>
RKreport[1]_S_05152013_02d2248.txt ; RKreport[2]_D_05152013_02d2249.txt



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 15 May 2013 - 10:09 PM


Hello



I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 15 May 2013 - 10:14 PM

Ok, done.  Do you want the large log posted again?



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 15 May 2013 - 10:30 PM

just the end of it :)
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 15 May 2013 - 10:32 PM

ok, here she is.

 

23:12:03.0343 2868  ============================================================
23:12:03.0343 2868  Scan finished
23:12:03.0343 2868  ============================================================
23:12:03.0453 3544  Detected object count: 6
23:12:03.0453 3544  Actual detected object count: 6
23:13:00.0609 3544  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:13:00.0609 3544  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:13:00.0609 3544  McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
23:13:00.0609 3544  McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:13:00.0609 3544  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:13:00.0609 3544  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:13:00.0609 3544  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:13:00.0609 3544  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:13:00.0625 3544  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
23:13:00.0625 3544  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:13:00.0687 3544  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:13:00.0734 3544  \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
23:13:00.0734 3544  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
23:13:00.0734 3544  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
23:13:00.0734 3544  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
23:13:00.0734 3544  \Device\Harddisk0\DR0\TDLFS - deleted
23:13:00.0734 3544  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
23:13:09.0046 3744  Deinitialize success
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users