Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot reach any www.google site


  • This topic is locked This topic is locked
22 replies to this topic

#1 qpager

qpager

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 July 2013 - 03:30 AM

Hi

I have a Win XP SP3 desktop PC that developed a problem reaching search engine sites.

I have cleared out viruses and malware using various apps including MWB and other security software.

 

Had a problem with Bing but seems to be clear now, but still won't reach any www.google sites. Does reach google sites with prefix, such as maps.google, etc. but none of the www.google sites.

 

In accordance with your instructions I have run diagnostics and attach logs dds.txt and attach.zip

Also attached report from minitoolbox.

 

I hope you may have an answer up your sleeve.

Many thanks for any assistance.

 

Kind regards

Mike

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 23 July 2013 - 03:45 AM


Hello qpager

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 qpager

qpager
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 24 July 2013 - 02:44 PM

Hi Gringo

 

Thanks for coming back to me.

Below are the reports after running AdwCleaner and JRT.

 

I rebooted after running both utilities and find that the PC still cannot access any www.google web sites.

 

Regards, Mike

 

 

 

AdwCleaner:

 

# AdwCleaner v2.306 - Logfile created 07/24/2013 at 20:09:35
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - HP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FunWebProducts

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319576
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2388128
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2452474
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2830584
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [7067 octets] - [24/07/2013 20:09:35]

########## EOF - C:\AdwCleaner[S1].txt - [7127 octets] ##########

 

 

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Microsoft Windows XP x86
Ran by Administrator on 24/07/2013 at 20:18:57.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\mighty magoo"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/07/2013 at 20:22:49.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 24 July 2013 - 04:09 PM


Hello Mike

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 qpager

qpager
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 25 July 2013 - 04:02 PM

Hi

 

Have run ComboFix. Still have same problem of no access to any www.google site.

Also now apparently changed my default browser. Have reversed this.

 

ComboFix log...

 

ComboFix 13-07-25.02 - Administrator 25/07/2013  21:35:54.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.503.224 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))
.
.
2013-07-25 20:19 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A4622E1-B4D2-48DA-859A-ACF20ED9113C}\mpengine.dll
2013-07-24 20:48 . 2011-08-09 16:33 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2013-07-24 20:48 . 2013-07-24 20:48 -------- d-----w- c:\program files\Belarc
2013-07-24 19:49 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-24 19:18 . 2013-07-24 19:18 -------- d-----w- c:\windows\ERUNT
2013-07-24 19:18 . 2013-07-24 19:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2013-07-20 19:02 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2013-07-20 16:58 . 2013-07-20 16:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-07-20 16:54 . 2013-07-20 16:54 26603280 ----a-w- C:\SUPERAntiSpyware.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-07 22:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2003-03-31 02:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2003-03-31 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2003-03-31 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2002-12-12 07:14 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2003-03-31 02:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 08:32 . 2013-05-15 08:32 9456 ----a-w- c:\windows\system32\sabprocenum.sys
2013-05-08 23:28 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2003-03-31 02:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2003-03-31 02:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2013-06-01 13:24 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-01-31 98304]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-05-28 69632]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2002-08-07 485376]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
.
S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 15:53]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 15:53]
.
2013-07-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11]
.
2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{B3310F03-3875-434A-9B38-471812B77F65}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://bt.yahoo.com
mStart Page = hxxp://bt.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
Trusted Zone: motive.com\pbttbc.bt
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-25 21:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1151665980-3329330605-534025026-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,d5,ce,dc,c7,6e,fd,4a,ba,b4,9a,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,d5,ce,dc,c7,6e,fd,4a,ba,b4,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,d5,ce,dc,c7,6e,fd,4a,ba,b4,9a,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,d5,ce,dc,c7,6e,fd,4a,ba,b4,9a,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,d5,ce,dc,c7,6e,fd,4a,ba,b4,9a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-07-25  21:46:22
ComboFix-quarantined-files.txt  2013-07-25 20:46
ComboFix2.txt  2013-07-25 20:12
.
Pre-Run: 9,648,095,232 bytes free
Post-Run: 9,639,845,888 bytes free
.
- - End Of File - - 7E8959526C1F078D0F6C93B4646B8182
E5FA06ACA0D60BA9C870D0EF3D9898C9
 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 25 July 2013 - 10:47 PM



Hello qpager

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 qpager

qpager
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 26 July 2013 - 03:38 PM

OTL.txt below. Still no access to www.google web sites

 

Regards

Mike

 

 

OTL logfile created on: 26/07/2013 21:31:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
503.48 Mb Total Physical Memory | 238.12 Mb Available Physical Memory | 47.30% Memory free
1.20 Gb Paging File | 0.98 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.92 Gb Free Space | 23.94% Space Free | Partition Type: NTFS
 
Computer Name: HP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (lbrtfdc) --  File not found
DRV - (iAimTV2) -- System32\DRIVERS\wATV03nt.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (cpuz134) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (Symmpi) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1151665980-3329330605-534025026-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1151665980-3329330605-534025026-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1151665980-3329330605-534025026-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1151665980-3329330605-534025026-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
IE - HKU\S-1-5-21-1151665980-3329330605-534025026-500\..\SearchScopes,DefaultScope = {F97D4C50-61D6-4E62-BB1F-083EF34BBF63}
IE - HKU\S-1-5-21-1151665980-3329330605-534025026-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1151665980-3329330605-534025026-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1151665980-3329330605-534025026-500\..\SearchScopes\{F97D4C50-61D6-4E62-BB1F-083EF34BBF63}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws
IE - HKU\S-1-5-21-1151665980-3329330605-534025026-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1151665980-3329330605-534025026-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
 
[2011/03/14 15:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
 
O1 HOSTS File: ([2013/07/25 21:08:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1151665980-3329330605-534025026-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1151665980-3329330605-534025026-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1151665980-3329330605-534025026-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1151665980-3329330605-534025026-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1151665980-3329330605-534025026-500\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/BookWorm/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/BookWorm/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/26 21:29:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/07/25 22:04:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/07/25 20:48:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/25 20:44:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/25 20:44:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/25 20:44:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/25 20:44:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/25 20:44:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/25 20:44:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/25 20:42:58 | 005,093,969 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2013/07/24 21:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2013/07/24 20:18:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/07/24 20:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2013/07/24 20:17:22 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2013/07/21 21:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Bleeping Computer
[2013/07/21 12:57:38 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\My Documents\IE8-WindowsXP-x86-ENU.exe
[2013/07/20 20:02:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2013/07/20 19:06:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/07/20 17:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2013/07/20 17:54:20 | 026,603,280 | ---- | C] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[2013/07/20 14:40:12 | 000,000,000 | ---D | C] -- C:\Config.Msi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/26 21:29:41 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3310F03-3875-434A-9B38-471812B77F65}.job
[2013/07/26 21:27:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/26 21:27:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/26 21:27:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/26 21:27:01 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/26 21:26:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/07/25 21:18:11 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/25 21:11:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 21:08:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/07/25 20:48:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/25 20:10:34 | 005,093,969 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2013/07/24 21:48:28 | 000,001,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/07/24 21:48:28 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2013/07/24 21:45:52 | 003,425,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\advisorinstaller.exe
[2013/07/24 20:15:58 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2013/07/24 20:05:00 | 000,666,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2013/07/22 19:48:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/21 17:27:02 | 000,000,162 | ---- | M] () -- C:\WINDOWS\efix.ini
[2013/07/21 14:20:58 | 000,099,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/20 21:37:24 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\My Documents\IE8-WindowsXP-x86-ENU.exe
[2013/07/20 21:33:36 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/07/20 20:04:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/20 20:03:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/07/20 20:03:21 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2013/07/20 17:54:26 | 026,603,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/25 20:48:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/25 20:48:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/25 20:44:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/25 20:44:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/25 20:44:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/25 20:44:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/25 20:44:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/24 21:48:28 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/07/24 21:48:28 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2013/07/24 21:48:28 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2013/07/24 21:48:25 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2013/07/24 21:48:14 | 003,425,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\advisorinstaller.exe
[2013/07/24 20:09:07 | 000,666,633 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2013/07/21 17:21:26 | 000,000,162 | ---- | C] () -- C:\WINDOWS\efix.ini
[2013/07/20 21:33:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/07/20 20:03:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/07/20 20:03:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2013/07/20 19:55:35 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/08/12 12:35:31 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
[2012/04/08 19:17:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 12:51:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/21 17:43:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\SONIC.INI
[2011/04/11 17:18:17 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 06:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 26 July 2013 - 08:43 PM


Hello qpager

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = <http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html>
    IE - HKLM\..\SearchScopes,DefaultScope =
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 qpager

qpager
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 27 July 2013 - 03:04 AM

Hi Gringo

 

Have run otl with control text. Report is below.

IE still does not reach www.google sites.

I have included some tracert results at the bottom in case it helps.

 

 

OLT report:

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: Administrator
->Java cache emptied: 4649074 bytes
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
Total Java Files Cleaned = 4.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 15744898 bytes
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 15.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07272013_082306
 

 

========================================================================

 

tracert results as compared against my win7 machine...

 

tracert             -- Win7  / result -----   -- XP / result ----------

www.google.com      87.125.87.99 / success    173.194.66.99 / times out

www.google.co.uk    173.194.66.94 / success   64.125.87.147 / times out

 

www.maps.google.com 173.194.34.101 / success  173.194.34.105 / success

www.bbc.co.uk       212.58.244.70 / success   212.58.244.70 / success    

www.bing.com        62.252.169.73 / success   62.252.169.73 / success

www.bleepingcomputer.com   208.43.87.2 / success   208.43.87.2 / success

 

==========================================================================

 

Thanks and regards

Mike



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 27 July 2013 - 01:54 PM


Hello

Lets run this and see if it will shed some light

Please download http://www.bleepingcomputer.com/download/minitoolbox/dl/65/ MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 qpager

qpager
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 27 July 2013 - 04:48 PM

Hi Gringo

 

Result of MiniToolBox below...

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Administrator (administrator) on 27-07-2013 at 22:44:48
Running from "C:\Documents and Settings\Administrator\Desktop\Bleeping Computer"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom NetXtreme Gigabit Ethernet for hp = Local Area Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : HP

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet for hp

        Physical Address. . . . . . . . . : 00-11-0A-A3-C8-B5

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 0a a3 c8 b5 ...... Broadcom NetXtreme Gigabit Ethernet for hp - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
  255.255.255.255  255.255.255.255  255.255.255.255               2   1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

**** End of log ****



#12 qpager

qpager
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 30 July 2013 - 05:16 AM

Hi Gringo

 

Update of current status...

 

I cannot reach the following sites...

www.bing.com

www.google.com

www.google.co.uk

www.uk.ask.com

www.uk.yahoo.com

 

I can reach all other non-search sites that I've tried including UK and non-UK sites.

 

Looking forward to hearing from you.

 

Regards

qpager



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 30 July 2013 - 09:18 PM


Hello qpager

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 qpager

qpager
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 31 July 2013 - 03:57 PM

Hi Gringo 

 

Have run TDSSkiller and RogueKiller. Having some issue listing in one post so will try separate posts.

 

Great news... I can now reach all the search sites I was having problems with.

 

Thanks for your help on this.

 

Best wishes

Mike [qpager]



#15 qpager

qpager
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 31 July 2013 - 03:58 PM

TDSSkiller...

 

21:18:22.0062 0784  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:18:22.0812 0784  ============================================================
21:18:22.0812 0784  Current date / time: 2013/07/31 21:18:22.0812
21:18:22.0812 0784  SystemInfo:
21:18:22.0812 0784 
21:18:22.0890 0784  OS Version: 5.1.2600 ServicePack: 3.0
21:18:22.0890 0784  Product type: Workstation
21:18:22.0890 0784  ComputerName: HP
21:18:22.0890 0784  UserName: Administrator
21:18:22.0890 0784  Windows directory: C:\WINDOWS
21:18:22.0890 0784  System windows directory: C:\WINDOWS
21:18:22.0890 0784  Processor architecture: Intel x86
21:18:22.0890 0784  Number of processors: 1
21:18:22.0890 0784  Page size: 0x1000
21:18:22.0890 0784  Boot type: Normal boot
21:18:22.0890 0784  ============================================================
21:18:36.0921 0784  BG loaded
21:18:38.0578 0784  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:18:38.0703 0784  ============================================================
21:18:38.0703 0784  \Device\Harddisk0\DR0:
21:18:39.0062 0784  MBR partitions:
21:18:39.0062 0784  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
21:18:39.0062 0784  ============================================================
21:18:39.0375 0784  C: <-> \Device\Harddisk0\DR0\Partition1
21:18:39.0453 0784  ============================================================
21:18:39.0453 0784  Initialize success
21:18:39.0453 0784  ============================================================
21:19:41.0843 2896  ============================================================
21:19:41.0843 2896  Scan started
21:19:41.0843 2896  Mode: Manual; SigCheck; TDLFS;
21:19:41.0843 2896  ============================================================
21:19:42.0109 2896  ================ Scan system memory ========================
21:19:42.0125 2896  System memory - ok
21:19:42.0125 2896  ================ Scan services =============================
21:19:42.0234 2896  Abiosdsk - ok
21:19:42.0250 2896  abp480n5 - ok
21:19:42.0281 2896  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
21:19:44.0828 2896  ac97intc - ok
21:19:44.0875 2896  [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:19:44.0890 2896  Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17
21:19:44.0890 2896  ACPI ( Virus.Win32.Rloader.a ) - infected
21:19:44.0890 2896  ACPI - detected Virus.Win32.Rloader.a (0)
21:19:44.0921 2896  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:19:45.0250 2896  ACPIEC - ok
21:19:45.0265 2896  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\System32\DRIVERS\adpu160m.sys
21:19:45.0578 2896  adpu160m - ok
21:19:45.0609 2896  [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320         C:\WINDOWS\System32\DRIVERS\adpu320.sys
21:19:45.0687 2896  adpu320 ( UnsignedFile.Multi.Generic ) - warning
21:19:45.0687 2896  adpu320 - detected UnsignedFile.Multi.Generic (1)
21:19:45.0718 2896  [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
21:19:45.0859 2896  aeaudio - ok
21:19:45.0875 2896  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:19:46.0046 2896  aec - ok
21:19:46.0093 2896  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:19:46.0218 2896  AFD - ok
21:19:46.0218 2896  Aha154x - ok
21:19:46.0250 2896  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\System32\DRIVERS\aic78u2.sys
21:19:46.0437 2896  aic78u2 - ok
21:19:46.0453 2896  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\System32\DRIVERS\aic78xx.sys
21:19:46.0625 2896  aic78xx - ok
21:19:46.0671 2896  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:19:46.0859 2896  Alerter - ok
21:19:46.0875 2896  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
21:19:46.0953 2896  ALG - ok
21:19:46.0968 2896  AliIde - ok
21:19:46.0984 2896  amsint - ok
21:19:47.0125 2896  [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:19:47.0140 2896  Apple Mobile Device - ok
21:19:47.0218 2896  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
21:19:47.0328 2896  AppMgmt - ok
21:19:47.0343 2896  asc - ok
21:19:47.0359 2896  asc3350p - ok
21:19:47.0359 2896  asc3550 - ok
21:19:47.0437 2896  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:19:47.0609 2896  AsyncMac - ok
21:19:47.0625 2896  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:19:47.0812 2896  atapi - ok
21:19:47.0812 2896  Atdisk - ok
21:19:47.0859 2896  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:19:48.0031 2896  Atmarpc - ok
21:19:48.0078 2896  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:19:48.0250 2896  AudioSrv - ok
21:19:48.0296 2896  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:19:48.0468 2896  audstub - ok
21:19:48.0531 2896  [ 0E72B88B05A5931C46EFA7D511D9AEB9 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:19:48.0625 2896  b57w2k - ok
21:19:48.0656 2896  [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt         C:\WINDOWS\System32\Drivers\BANTExt.sys
21:19:48.0671 2896  BANTExt ( UnsignedFile.Multi.Generic ) - warning
21:19:48.0671 2896  BANTExt - detected UnsignedFile.Multi.Generic (1)
21:19:48.0703 2896  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:19:48.0875 2896  Beep - ok
21:19:48.0921 2896  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:19:49.0328 2896  BITS - ok
21:19:49.0359 2896  [ 196CC9B84778FB8046A9AF703CA956A2 ] Blfp            C:\WINDOWS\system32\DRIVERS\baspxp32.sys
21:19:49.0437 2896  Blfp - ok
21:19:49.0546 2896  [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:19:49.0625 2896  Bonjour Service - ok
21:19:49.0671 2896  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
21:19:49.0796 2896  Browser - ok
21:19:49.0796 2896  catchme - ok
21:19:49.0812 2896  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:19:50.0000 2896  cbidf2k - ok
21:19:50.0015 2896  cd20xrnt - ok
21:19:50.0062 2896  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:19:50.0218 2896  Cdaudio - ok
21:19:50.0250 2896  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:19:50.0437 2896  Cdfs - ok
21:19:50.0468 2896  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:19:50.0656 2896  Cdrom - ok
21:19:50.0671 2896  Changer - ok
21:19:50.0703 2896  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:19:50.0859 2896  CiSvc - ok
21:19:50.0875 2896  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:19:51.0078 2896  ClipSrv - ok
21:19:51.0078 2896  CmdIde - ok
21:19:51.0093 2896  COMSysApp - ok
21:19:51.0109 2896  Cpqarray - ok
21:19:51.0218 2896  cpuz134 - ok
21:19:51.0250 2896  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:19:51.0437 2896  CryptSvc - ok
21:19:51.0437 2896  dac2w2k - ok
21:19:51.0453 2896  dac960nt - ok
21:19:51.0546 2896  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:19:51.0796 2896  DcomLaunch - ok
21:19:51.0843 2896  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:19:52.0015 2896  Dhcp - ok
21:19:52.0046 2896  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:19:52.0234 2896  Disk - ok
21:19:52.0234 2896  dmadmin - ok
21:19:52.0281 2896  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:19:52.0531 2896  dmboot - ok
21:19:52.0578 2896  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:19:52.0765 2896  dmio - ok
21:19:52.0812 2896  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:19:52.0984 2896  dmload - ok
21:19:53.0031 2896  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:19:53.0234 2896  dmserver - ok
21:19:53.0250 2896  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:19:53.0437 2896  DMusic - ok
21:19:53.0468 2896  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:19:53.0671 2896  Dnscache - ok
21:19:53.0781 2896  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:19:53.0968 2896  Dot3svc - ok
21:19:54.0000 2896  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\System32\DRIVERS\dpti2o.sys
21:19:54.0187 2896  dpti2o - ok
21:19:54.0203 2896  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:19:54.0390 2896  drmkaud - ok
21:19:54.0437 2896  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:19:54.0718 2896  E100B - ok
21:19:54.0750 2896  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:19:54.0937 2896  EapHost - ok
21:19:54.0984 2896  [ 53CE0799C9384CAC99942FF032285F21 ] eaps2kbd        C:\WINDOWS\system32\DRIVERS\eaps2kbd.sys
21:19:55.0078 2896  eaps2kbd - ok
21:19:55.0125 2896  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:19:55.0312 2896  ERSvc - ok
21:19:55.0375 2896  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
21:19:55.0421 2896  Eventlog - ok
21:19:55.0484 2896  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
21:19:55.0578 2896  EventSystem - ok
21:19:55.0609 2896  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:19:55.0796 2896  Fastfat - ok
21:19:55.0890 2896  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:19:56.0031 2896  FastUserSwitchingCompatibility - ok
21:19:56.0062 2896  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:19:56.0265 2896  Fdc - ok
21:19:56.0281 2896  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:19:56.0468 2896  Fips - ok
21:19:56.0515 2896  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:19:56.0687 2896  Flpydisk - ok
21:19:56.0718 2896  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:19:56.0921 2896  FltMgr - ok
21:19:56.0968 2896  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:19:57.0140 2896  Fs_Rec - ok
21:19:57.0171 2896  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:19:57.0328 2896  Ftdisk - ok
21:19:57.0390 2896  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:19:57.0578 2896  Gpc - ok
21:19:57.0687 2896  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:57.0750 2896  gupdate - ok
21:19:57.0765 2896  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:57.0781 2896  gupdatem - ok
21:19:57.0828 2896  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:19:57.0859 2896  gusvc - ok
21:19:57.0937 2896  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:19:58.0140 2896  helpsvc - ok
21:19:58.0171 2896  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:19:58.0359 2896  HidServ - ok
21:19:58.0375 2896  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:19:58.0546 2896  HidUsb - ok
21:19:58.0593 2896  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:19:58.0781 2896  hkmsvc - ok
21:19:58.0796 2896  hpn - ok
21:19:58.0843 2896  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:19:58.0953 2896  HTTP - ok
21:19:59.0000 2896  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:19:59.0156 2896  HTTPFilter - ok
21:19:59.0156 2896  i2omgmt - ok
21:19:59.0171 2896  i2omp - ok
21:19:59.0218 2896  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:19:59.0421 2896  i8042prt - ok
21:19:59.0546 2896  [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x            C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
21:19:59.0734 2896  i81x - ok
21:19:59.0765 2896  [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0         C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
21:19:59.0953 2896  iAimFP0 - ok
21:19:59.0984 2896  [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1         C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
21:20:00.0171 2896  iAimFP1 - ok
21:20:00.0203 2896  [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2         C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
21:20:00.0375 2896  iAimFP2 - ok
21:20:00.0390 2896  [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3         C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
21:20:00.0562 2896  iAimFP3 - ok
21:20:00.0578 2896  [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4         C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
21:20:00.0750 2896  iAimFP4 - ok
21:20:00.0796 2896  [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0         C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
21:20:00.0984 2896  iAimTV0 - ok
21:20:01.0000 2896  [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1         C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
21:20:01.0171 2896  iAimTV1 - ok
21:20:01.0187 2896  iAimTV2 - ok
21:20:01.0203 2896  [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3         C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
21:20:01.0390 2896  iAimTV3 - ok
21:20:01.0406 2896  [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4         C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
21:20:01.0562 2896  iAimTV4 - ok
21:20:01.0609 2896  [ A79029861CB69CD3CF4EAB9EBFEE32DD ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:20:01.0984 2896  ialm - ok
21:20:02.0015 2896  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:20:02.0203 2896  Imapi - ok
21:20:02.0265 2896  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:20:02.0421 2896  ImapiService - ok
21:20:02.0437 2896  ini910u - ok
21:20:02.0468 2896  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
21:20:02.0640 2896  IntelIde - ok
21:20:02.0671 2896  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:20:02.0859 2896  intelppm - ok
21:20:02.0890 2896  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
21:20:03.0046 2896  ip6fw - ok
21:20:03.0093 2896  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:20:03.0250 2896  IpFilterDriver - ok
21:20:03.0265 2896  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:20:03.0453 2896  IpInIp - ok
21:20:03.0500 2896  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:20:03.0671 2896  IpNat - ok
21:20:03.0703 2896  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:20:03.0890 2896  IPSec - ok
21:20:03.0921 2896  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:20:04.0000 2896  IRENUM - ok
21:20:04.0031 2896  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:20:04.0218 2896  isapnp - ok
21:20:04.0312 2896  [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:20:04.0343 2896  JavaQuickStarterService - ok
21:20:04.0375 2896  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:20:04.0562 2896  Kbdclass - ok
21:20:04.0593 2896  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:20:04.0765 2896  kbdhid - ok
21:20:04.0781 2896  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:20:04.0953 2896  kmixer - ok
21:20:04.0984 2896  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:20:05.0093 2896  KSecDD - ok
21:20:05.0125 2896  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:20:05.0234 2896  lanmanserver - ok
21:20:05.0281 2896  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:20:05.0343 2896  lanmanworkstation - ok
21:20:05.0359 2896  lbrtfdc - ok
21:20:05.0406 2896  [ 027D03D9D8AB95194A115A999E960AC0 ] LexBceS         C:\WINDOWS\system32\LEXBCES.EXE
21:20:05.0531 2896  LexBceS - ok
21:20:05.0546 2896  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:20:05.0718 2896  LmHosts - ok
21:20:05.0750 2896  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:20:05.0921 2896  Messenger - ok
21:20:05.0968 2896  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:20:06.0125 2896  mnmdd - ok
21:20:06.0171 2896  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
21:20:06.0359 2896  mnmsrvc - ok
21:20:06.0406 2896  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:20:06.0578 2896  Modem - ok
21:20:06.0609 2896  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:20:06.0781 2896  Mouclass - ok
21:20:06.0812 2896  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:20:06.0984 2896  mouhid - ok
21:20:07.0015 2896  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:20:07.0187 2896  MountMgr - ok
21:20:07.0234 2896  [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:20:07.0296 2896  MpFilter - ok
21:20:07.0296 2896  mraid35x - ok
21:20:07.0375 2896  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:20:07.0390 2896  MREMP50 ( UnsignedFile.Multi.Generic ) - warning
21:20:07.0390 2896  MREMP50 - detected UnsignedFile.Multi.Generic (1)
21:20:07.0406 2896  MREMP50a64 - ok
21:20:07.0406 2896  MREMPR5 - ok
21:20:07.0421 2896  MRENDIS5 - ok
21:20:07.0453 2896  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:20:07.0484 2896  MRESP50 ( UnsignedFile.Multi.Generic ) - warning
21:20:07.0484 2896  MRESP50 - detected UnsignedFile.Multi.Generic (1)
21:20:07.0500 2896  MRESP50a64 - ok
21:20:07.0546 2896  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:20:07.0734 2896  MRxDAV - ok
21:20:07.0781 2896  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:20:07.0937 2896  MRxSmb - ok
21:20:07.0968 2896  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
21:20:08.0140 2896  MSDTC - ok
21:20:08.0171 2896  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:20:08.0328 2896  Msfs - ok
21:20:08.0343 2896  MSIServer - ok
21:20:08.0359 2896  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:20:08.0515 2896  MSKSSRV - ok
21:20:08.0562 2896  [ 3EA6A1A744D79328AE7E2C6FAE4C4420 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:20:08.0593 2896  MsMpSvc - ok
21:20:08.0625 2896  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:20:08.0781 2896  MSPCLOCK - ok
21:20:08.0828 2896  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:20:09.0000 2896  MSPQM - ok
21:20:09.0031 2896  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:20:09.0187 2896  mssmbios - ok
21:20:09.0218 2896  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:20:09.0281 2896  Mup - ok
21:20:09.0359 2896  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:20:09.0593 2896  napagent - ok
21:20:09.0640 2896  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:20:09.0828 2896  NDIS - ok
21:20:09.0859 2896  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:20:09.0968 2896  NdisTapi - ok
21:20:10.0000 2896  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:20:10.0156 2896  Ndisuio - ok
21:20:10.0203 2896  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:20:10.0375 2896  NdisWan - ok
21:20:10.0421 2896  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:20:10.0515 2896  NDProxy - ok
21:20:10.0531 2896  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:20:10.0718 2896  NetBIOS - ok
21:20:10.0765 2896  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:20:10.0921 2896  NetBT - ok
21:20:10.0968 2896  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:20:11.0140 2896  NetDDE - ok
21:20:11.0156 2896  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:20:11.0312 2896  NetDDEdsdm - ok
21:20:11.0359 2896  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:20:11.0531 2896  Netlogon - ok
21:20:11.0562 2896  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
21:20:11.0765 2896  Netman - ok
21:20:11.0796 2896  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:20:11.0859 2896  Nla - ok
21:20:11.0875 2896  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:20:12.0046 2896  Npfs - ok
21:20:12.0093 2896  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:20:12.0312 2896  Ntfs - ok
21:20:12.0343 2896  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
21:20:12.0484 2896  NtLmSsp - ok
21:20:12.0546 2896  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:20:12.0812 2896  NtmsSvc - ok
21:20:12.0843 2896  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
21:20:12.0859 2896  NuidFltr - ok
21:20:12.0890 2896  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:20:13.0046 2896  Null - ok
21:20:13.0078 2896  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:20:13.0250 2896  NwlnkFlt - ok
21:20:13.0265 2896  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:20:13.0421 2896  NwlnkFwd - ok
21:20:13.0437 2896  [ C90018BAFDC7098619A4A95B046B30F3 ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
21:20:13.0593 2896  P3 - ok
21:20:13.0609 2896  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:20:13.0781 2896  Parport - ok
21:20:13.0828 2896  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:20:14.0000 2896  PartMgr - ok
21:20:14.0031 2896  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:20:14.0203 2896  ParVdm - ok
21:20:14.0250 2896  [ ACFF877F5C17B9360919919F10DD6072 ] pcCMService     C:\Program Files\Common Files\Motive\pcCMService.exe
21:20:14.0500 2896  pcCMService ( UnsignedFile.Multi.Generic ) - warning
21:20:14.0500 2896  pcCMService - detected UnsignedFile.Multi.Generic (1)
21:20:14.0546 2896  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:20:14.0718 2896  PCI - ok
21:20:14.0718 2896  PCIDump - ok
21:20:14.0765 2896  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\System32\DRIVERS\pciide.sys
21:20:14.0921 2896  PCIIde - ok
21:20:14.0953 2896  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:20:15.0140 2896  Pcmcia - ok
21:20:15.0156 2896  PDCOMP - ok
21:20:15.0156 2896  PDFRAME - ok
21:20:15.0171 2896  PDRELI - ok
21:20:15.0187 2896  PDRFRAME - ok
21:20:15.0187 2896  perc2 - ok
21:20:15.0203 2896  perc2hib - ok
21:20:15.0250 2896  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:20:15.0312 2896  PlugPlay - ok
21:20:15.0359 2896  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:20:15.0500 2896  PolicyAgent - ok
21:20:15.0531 2896  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:20:15.0718 2896  PptpMiniport - ok
21:20:15.0750 2896  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
21:20:15.0906 2896  Processor - ok
21:20:15.0921 2896  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:20:16.0078 2896  ProtectedStorage - ok
21:20:16.0093 2896  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:20:16.0265 2896  PSched - ok
21:20:16.0296 2896  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:20:16.0484 2896  Ptilink - ok
21:20:16.0500 2896  ql1080 - ok
21:20:16.0500 2896  Ql10wnt - ok
21:20:16.0515 2896  ql12160 - ok
21:20:16.0515 2896  ql1240 - ok
21:20:16.0531 2896  ql1280 - ok
21:20:16.0562 2896  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:20:16.0718 2896  RasAcd - ok
21:20:16.0750 2896  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:20:16.0921 2896  RasAuto - ok
21:20:16.0953 2896  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:20:17.0140 2896  Rasl2tp - ok
21:20:17.0171 2896  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:20:17.0343 2896  RasMan - ok
21:20:17.0359 2896  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:20:17.0562 2896  RasPppoe - ok
21:20:17.0609 2896  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:20:17.0781 2896  Raspti - ok
21:20:17.0812 2896  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:20:17.0984 2896  Rdbss - ok
21:20:18.0015 2896  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:20:18.0187 2896  RDPCDD - ok
21:20:18.0234 2896  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:20:18.0406 2896  rdpdr - ok
21:20:18.0468 2896  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:20:18.0562 2896  RDPWD - ok
21:20:18.0609 2896  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:20:18.0781 2896  RDSessMgr - ok
21:20:18.0828 2896  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:20:19.0000 2896  redbook - ok
21:20:19.0046 2896  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:20:19.0218 2896  RemoteAccess - ok
21:20:19.0250 2896  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:20:19.0421 2896  RemoteRegistry - ok
21:20:19.0453 2896  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
21:20:19.0625 2896  RpcLocator - ok
21:20:19.0671 2896  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
21:20:19.0750 2896  RpcSs - ok
21:20:19.0796 2896  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
21:20:19.0968 2896  RSVP - ok
21:20:20.0000 2896  SABProcEnum - ok
21:20:20.0015 2896  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:20:20.0171 2896  SamSs - ok
21:20:20.0218 2896  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:20:20.0390 2896  SCardSvr - ok
21:20:20.0437 2896  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:20:20.0625 2896  Schedule - ok
21:20:20.0671 2896  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:20:20.0750 2896  Secdrv - ok
21:20:20.0796 2896  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:20:20.0968 2896  seclogon - ok
21:20:21.0000 2896  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
21:20:21.0171 2896  SENS - ok
21:20:21.0203 2896  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:20:21.0375 2896  serenum - ok
21:20:21.0390 2896  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:20:21.0562 2896  Serial - ok
21:20:21.0593 2896  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:20:21.0765 2896  Sfloppy - ok
21:20:21.0796 2896  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:20:21.0984 2896  SharedAccess - ok
21:20:22.0015 2896  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:20:22.0046 2896  ShellHWDetection - ok
21:20:22.0062 2896  Simbad - ok
21:20:22.0109 2896  [ EB3ACCC928B9D97DA89E1D37928167E3 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
21:20:22.0156 2896  smwdm - ok
21:20:22.0203 2896  [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
21:20:22.0234 2896  SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
21:20:22.0234 2896  SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
21:20:22.0250 2896  Sparrow - ok
21:20:22.0265 2896  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:20:22.0453 2896  splitter - ok
21:20:22.0484 2896  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:20:22.0562 2896  Spooler - ok
21:20:22.0593 2896  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:20:22.0687 2896  sr - ok
21:20:22.0718 2896  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:20:22.0812 2896  srservice - ok
21:20:22.0859 2896  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:20:22.0953 2896  Srv - ok
21:20:22.0984 2896  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:20:23.0078 2896  SSDPSRV - ok
21:20:23.0125 2896  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:20:23.0296 2896  stisvc - ok
21:20:23.0328 2896  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:20:23.0500 2896  swenum - ok
21:20:23.0531 2896  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:20:23.0687 2896  swmidi - ok
21:20:23.0703 2896  SwPrv - ok
21:20:23.0750 2896  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\System32\DRIVERS\symc810.sys
21:20:23.0921 2896  symc810 - ok
21:20:23.0937 2896  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\System32\DRIVERS\symc8xx.sys
21:20:24.0093 2896  symc8xx - ok
21:20:24.0109 2896  [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi          C:\WINDOWS\System32\DRIVERS\symmpi.sys
21:20:24.0156 2896  Symmpi ( UnsignedFile.Multi.Generic ) - warning
21:20:24.0156 2896  Symmpi - detected UnsignedFile.Multi.Generic (1)
21:20:24.0156 2896  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\System32\DRIVERS\sym_hi.sys
21:20:24.0343 2896  sym_hi - ok
21:20:24.0343 2896  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\System32\DRIVERS\sym_u3.sys
21:20:24.0515 2896  sym_u3 - ok
21:20:24.0531 2896  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:20:24.0687 2896  sysaudio - ok
21:20:24.0734 2896  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:20:24.0906 2896  SysmonLog - ok
21:20:24.0937 2896  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:20:25.0109 2896  TapiSrv - ok
21:20:25.0156 2896  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:20:25.0218 2896  Tcpip - ok
21:20:25.0250 2896  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:20:25.0437 2896  TDPIPE - ok
21:20:25.0468 2896  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:20:25.0625 2896  TDTCP - ok
21:20:25.0656 2896  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:20:25.0843 2896  TermDD - ok
21:20:25.0890 2896  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
21:20:26.0078 2896  TermService - ok
21:20:26.0109 2896  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:20:26.0140 2896  Themes - ok
21:20:26.0171 2896  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
21:20:26.0265 2896  TlntSvr - ok
21:20:26.0265 2896  TosIde - ok
21:20:26.0312 2896  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:20:26.0515 2896  TrkWks - ok
21:20:26.0546 2896  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:20:26.0734 2896  Udfs - ok
21:20:26.0734 2896  ultra - ok
21:20:26.0812 2896  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:20:27.0015 2896  Update - ok
21:20:27.0062 2896  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:20:27.0140 2896  upnphost - ok
21:20:27.0171 2896  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
21:20:27.0343 2896  UPS - ok
21:20:27.0390 2896  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:20:27.0578 2896  usbccgp - ok
21:20:27.0609 2896  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:20:27.0796 2896  usbehci - ok
21:20:27.0828 2896  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:20:28.0015 2896  usbhub - ok
21:20:28.0062 2896  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:20:28.0250 2896  usbprint - ok
21:20:28.0281 2896  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:20:28.0468 2896  usbscan - ok
21:20:28.0515 2896  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:20:28.0703 2896  USBSTOR - ok
21:20:28.0718 2896  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:20:28.0906 2896  usbuhci - ok
21:20:28.0953 2896  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:20:29.0125 2896  VgaSave - ok
21:20:29.0156 2896  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\System32\DRIVERS\viaide.sys
21:20:29.0312 2896  ViaIde - ok
21:20:29.0359 2896  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:20:29.0546 2896  VolSnap - ok
21:20:29.0578 2896  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
21:20:29.0687 2896  VSS - ok
21:20:29.0718 2896  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
21:20:29.0890 2896  W32Time - ok
21:20:29.0921 2896  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:20:30.0125 2896  Wanarp - ok
21:20:30.0171 2896  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:20:30.0218 2896  Wdf01000 - ok
21:20:30.0234 2896  WDICA - ok
21:20:30.0250 2896  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:20:30.0437 2896  wdmaud - ok
21:20:30.0468 2896  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:20:30.0640 2896  WebClient - ok
21:20:30.0703 2896  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:20:30.0875 2896  winmgmt - ok
21:20:30.0937 2896  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:20:31.0031 2896  WmdmPmSN - ok
21:20:31.0078 2896  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
21:20:31.0171 2896  Wmi - ok
21:20:31.0218 2896  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:20:31.0406 2896  WmiApSrv - ok
21:20:31.0500 2896  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
21:20:31.0609 2896  WMPNetworkSvc - ok
21:20:31.0656 2896  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:20:31.0828 2896  WS2IFSL - ok
21:20:31.0859 2896  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:20:32.0046 2896  wscsvc - ok
21:20:32.0078 2896  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:20:32.0234 2896  wuauserv - ok
21:20:32.0281 2896  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:20:32.0343 2896  WudfPf - ok
21:20:32.0375 2896  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:20:32.0406 2896  WudfRd - ok
21:20:32.0453 2896  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:20:32.0562 2896  WudfSvc - ok
21:20:32.0609 2896  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:20:32.0843 2896  WZCSVC - ok
21:20:32.0890 2896  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:20:33.0062 2896  xmlprov - ok
21:20:33.0109 2896  [ 3EE36328E860FBF102B54608A055C6BE ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
21:20:33.0156 2896  {6080A529-897E-4629-A488-ABA0C29B635E} - ok
21:20:33.0187 2896  [ 17F39A1916733ED228EB46AD67C35426 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
21:20:33.0218 2896  {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
21:20:33.0218 2896  ================ Scan global ===============================
21:20:33.0250 2896  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:20:33.0312 2896  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:20:33.0390 2896  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:20:33.0406 2896  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:20:33.0421 2896  [Global] - ok
21:20:33.0421 2896  ================ Scan MBR ==================================
21:20:33.0437 2896  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk0\DR0
21:20:33.0640 2896  \Device\Harddisk0\DR0 - ok
21:20:33.0656 2896  ================ Scan VBR ==================================
21:20:33.0687 2896  [ 9190D93484B2BD2B8E264FF2D41875E5 ] \Device\Harddisk0\DR0\Partition1
21:20:33.0687 2896  \Device\Harddisk0\DR0\Partition1 - ok
21:20:33.0687 2896  ================ Scan active images ========================
21:20:33.0703 2896  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
21:20:33.0703 2896  C:\WINDOWS\system32\drivers\videoprt.sys - ok
21:20:33.0703 2896  [ A79029861CB69CD3CF4EAB9EBFEE32DD ] C:\WINDOWS\system32\drivers\ialmnt5.sys
21:20:33.0703 2896  C:\WINDOWS\system32\drivers\ialmnt5.sys - ok
21:20:33.0718 2896  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
21:20:33.0718 2896  C:\WINDOWS\system32\drivers\usbport.sys - ok
21:20:33.0718 2896  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
21:20:33.0718 2896  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
21:20:33.0734 2896  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
21:20:33.0734 2896  C:\WINDOWS\system32\drivers\usbehci.sys - ok
21:20:33.0734 2896  [ 0E72B88B05A5931C46EFA7D511D9AEB9 ] C:\WINDOWS\system32\drivers\b57xp32.sys
21:20:33.0734 2896  C:\WINDOWS\system32\drivers\b57xp32.sys - ok
21:20:33.0750 2896  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
21:20:33.0750 2896  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
21:20:33.0750 2896  [ 53CE0799C9384CAC99942FF032285F21 ] C:\WINDOWS\system32\drivers\eaps2kbd.sys
21:20:33.0750 2896  C:\WINDOWS\system32\drivers\eaps2kbd.sys - ok
21:20:33.0750 2896  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
21:20:33.0750 2896  C:\WINDOWS\system32\drivers\mouclass.sys - ok
21:20:33.0765 2896  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
21:20:33.0765 2896  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
21:20:33.0765 2896  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
21:20:33.0765 2896  C:\WINDOWS\system32\drivers\parport.sys - ok
21:20:33.0781 2896  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
21:20:33.0781 2896  C:\WINDOWS\system32\drivers\fdc.sys - ok
21:20:33.0781 2896  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
21:20:33.0781 2896  C:\WINDOWS\system32\drivers\serenum.sys - ok
21:20:33.0796 2896  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
21:20:33.0796 2896  C:\WINDOWS\system32\drivers\serial.sys - ok
21:20:33.0796 2896  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
21:20:33.0796 2896  C:\WINDOWS\system32\drivers\cdrom.sys - ok
21:20:33.0812 2896  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
21:20:33.0812 2896  C:\WINDOWS\system32\drivers\ks.sys - ok
21:20:33.0812 2896  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
21:20:33.0812 2896  C:\WINDOWS\system32\drivers\redbook.sys - ok
21:20:33.0828 2896  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
21:20:33.0828 2896  C:\WINDOWS\system32\drivers\drmk.sys - ok
21:20:33.0828 2896  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
21:20:33.0828 2896  C:\WINDOWS\system32\drivers\portcls.sys - ok
21:20:33.0843 2896  [ EB3ACCC928B9D97DA89E1D37928167E3 ] C:\WINDOWS\system32\drivers\smwdm.sys
21:20:33.0843 2896  C:\WINDOWS\system32\drivers\smwdm.sys - ok
21:20:33.0843 2896  [ E696E749BEDCDA8B23757B8B5EA93780 ] C:\WINDOWS\system32\drivers\aeaudio.sys
21:20:33.0843 2896  C:\WINDOWS\system32\drivers\aeaudio.sys - ok
21:20:33.0859 2896  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
21:20:33.0859 2896  C:\WINDOWS\system32\drivers\intelppm.sys - ok
21:20:33.0859 2896  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
21:20:33.0859 2896  C:\WINDOWS\system32\drivers\audstub.sys - ok
21:20:33.0875 2896  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
21:20:33.0875 2896  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
21:20:33.0875 2896  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
21:20:33.0875 2896  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
21:20:33.0890 2896  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
21:20:33.0890 2896  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
21:20:33.0890 2896  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
21:20:33.0890 2896  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
21:20:33.0906 2896  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
21:20:33.0906 2896  C:\WINDOWS\system32\drivers\tdi.sys - ok
21:20:33.0906 2896  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
21:20:33.0906 2896  C:\WINDOWS\system32\drivers\psched.sys - ok
21:20:33.0921 2896  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
21:20:33.0921 2896  C:\WINDOWS\system32\drivers\raspptp.sys - ok
21:20:33.0921 2896  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
21:20:33.0921 2896  C:\WINDOWS\system32\drivers\msgpc.sys - ok
21:20:33.0937 2896  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
21:20:33.0937 2896  C:\WINDOWS\system32\drivers\ptilink.sys - ok
21:20:33.0937 2896  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
21:20:33.0937 2896  C:\WINDOWS\system32\drivers\raspti.sys - ok
21:20:33.0953 2896  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
21:20:33.0953 2896  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
21:20:33.0953 2896  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
21:20:33.0953 2896  C:\WINDOWS\system32\drivers\swenum.sys - ok
21:20:33.0968 2896  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
21:20:33.0968 2896  C:\WINDOWS\system32\drivers\termdd.sys - ok
21:20:33.0968 2896  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
21:20:33.0968 2896  C:\WINDOWS\system32\drivers\update.sys - ok
21:20:33.0984 2896  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
21:20:33.0984 2896  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
21:20:33.0984 2896  [ 17F39A1916733ED228EB46AD67C35426 ] C:\WINDOWS\system32\drivers\ialmkchw.sys
21:20:33.0984 2896  C:\WINDOWS\system32\drivers\ialmkchw.sys - ok
21:20:33.0984 2896  [ 3EE36328E860FBF102B54608A055C6BE ] C:\WINDOWS\system32\drivers\ialmsbw.sys
21:20:33.0984 2896  C:\WINDOWS\system32\drivers\ialmsbw.sys - ok
21:20:34.0000 2896  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
21:20:34.0000 2896  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
21:20:34.0000 2896  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
21:20:34.0000 2896  C:\WINDOWS\system32\drivers\usbd.sys - ok
21:20:34.0015 2896  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
21:20:34.0015 2896  C:\WINDOWS\system32\drivers\usbhub.sys - ok
21:20:34.0015 2896  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
21:20:34.0015 2896  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
21:20:34.0031 2896  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
21:20:34.0031 2896  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
21:20:34.0031 2896  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
21:20:34.0031 2896  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
21:20:34.0046 2896  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
21:20:34.0046 2896  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
21:20:34.0046 2896  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
21:20:34.0046 2896  C:\WINDOWS\system32\drivers\null.sys - ok
21:20:34.0062 2896  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
21:20:34.0062 2896  C:\WINDOWS\system32\drivers\beep.sys - ok
21:20:34.0062 2896  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
21:20:34.0062 2896  C:\WINDOWS\system32\drivers\hidparse.sys - ok
21:20:34.0078 2896  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
21:20:34.0078 2896  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
21:20:34.0078 2896  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
21:20:34.0078 2896  C:\WINDOWS\system32\drivers\vga.sys - ok
21:20:34.0093 2896  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
21:20:34.0093 2896  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
21:20:34.0093 2896  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
21:20:34.0093 2896  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
21:20:34.0109 2896  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
21:20:34.0109 2896  C:\WINDOWS\system32\drivers\msfs.sys - ok
21:20:34.0109 2896  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
21:20:34.0109 2896  C:\WINDOWS\system32\drivers\npfs.sys - ok
21:20:34.0125 2896  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
21:20:34.0125 2896  C:\WINDOWS\system32\drivers\rasacd.sys - ok
21:20:34.0125 2896  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
21:20:34.0125 2896  C:\WINDOWS\system32\drivers\ipsec.sys - ok
21:20:34.0140 2896  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
21:20:34.0140 2896  C:\WINDOWS\system32\drivers\tcpip.sys - ok
21:20:34.0140 2896  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
21:20:34.0140 2896  C:\WINDOWS\system32\drivers\netbt.sys - ok
21:20:34.0140 2896  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
21:20:34.0140 2896  C:\WINDOWS\system32\drivers\ipnat.sys - ok
21:20:34.0156 2896  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
21:20:34.0156 2896  C:\WINDOWS\system32\drivers\afd.sys - ok
21:20:34.0171 2896  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
21:20:34.0171 2896  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
21:20:34.0171 2896  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
21:20:34.0171 2896  C:\WINDOWS\system32\drivers\wanarp.sys - ok
21:20:34.0187 2896  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
21:20:34.0187 2896  C:\WINDOWS\system32\drivers\netbios.sys - ok
21:20:34.0187 2896  [ C90018BAFDC7098619A4A95B046B30F3 ] C:\WINDOWS\system32\drivers\p3.sys
21:20:34.0187 2896  C:\WINDOWS\system32\drivers\p3.sys - ok
21:20:34.0203 2896  [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
21:20:34.0203 2896  C:\WINDOWS\system32\drivers\processr.sys - ok
21:20:34.0203 2896  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
21:20:34.0203 2896  C:\WINDOWS\system32\drivers\rdbss.sys - ok
21:20:34.0203 2896  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
21:20:34.0203 2896  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
21:20:34.0218 2896  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
21:20:34.0218 2896  C:\WINDOWS\system32\drivers\imapi.sys - ok
21:20:34.0218 2896  [ 5D7BE7B19E827125E016325334E58FF1 ] C:\WINDOWS\system32\drivers\BANTExt.sys
21:20:34.0218 2896  C:\WINDOWS\system32\drivers\BANTExt.sys - ok
21:20:34.0234 2896  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
21:20:34.0234 2896  C:\WINDOWS\system32\drivers\fips.sys - ok
21:20:34.0234 2896  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
21:20:34.0234 2896  C:\WINDOWS\system32\smss.exe - ok
21:20:34.0250 2896  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
21:20:34.0250 2896  C:\WINDOWS\system32\ntdll.dll - ok
21:20:34.0250 2896  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
21:20:34.0250 2896  C:\WINDOWS\system32\drivers\hidclass.sys - ok
21:20:34.0265 2896  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
21:20:34.0265 2896  C:\WINDOWS\system32\drivers\hidusb.sys - ok
21:20:34.0265 2896  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
21:20:34.0265 2896  C:\WINDOWS\system32\autochk.exe - ok
21:20:34.0281 2896  [ CF7E041663119E09D2E118521ADA9300 ] C:\WINDOWS\system32\drivers\nuidfltr.sys
21:20:34.0281 2896  C:\WINDOWS\system32\drivers\nuidfltr.sys - ok
21:20:34.0281 2896  [ DED98A3E466251CCAB93D579144B048C ] C:\WINDOWS\system32\drivers\wdfldr.sys
21:20:34.0281 2896  C:\WINDOWS\system32\drivers\wdfldr.sys - ok
21:20:34.0296 2896  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
21:20:34.0296 2896  C:\WINDOWS\system32\drivers\mouhid.sys - ok
21:20:34.0296 2896  [ FD47474BD21794508AF449D9D91AF6E6 ] C:\WINDOWS\system32\drivers\wdf01000.sys
21:20:34.0296 2896  C:\WINDOWS\system32\drivers\wdf01000.sys - ok
21:20:34.0312 2896  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
21:20:34.0312 2896  C:\WINDOWS\system32\sfcfiles.dll - ok
21:20:34.0312 2896  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
21:20:34.0312 2896  C:\WINDOWS\system32\drivers\cdfs.sys - ok
21:20:34.0328 2896  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
21:20:34.0328 2896  C:\WINDOWS\system32\drivers\wmilib.sys - ok
21:20:34.0328 2896  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
21:20:34.0328 2896  C:\WINDOWS\system32\drivers\atapi.sys - ok
21:20:34.0343 2896  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
21:20:34.0343 2896  C:\WINDOWS\system32\drivers\dxapi.sys - ok
21:20:34.0343 2896  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
21:20:34.0343 2896  C:\WINDOWS\system32\watchdog.sys - ok
21:20:34.0359 2896  [ A1886BEBC12536FE2FA8464B7FA6F0FC ] C:\WINDOWS\system32\win32k.sys
21:20:34.0359 2896  C:\WINDOWS\system32\win32k.sys - ok
21:20:34.0359 2896  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
21:20:34.0359 2896  C:\WINDOWS\system32\csrss.exe - ok
21:20:34.0375 2896  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
21:20:34.0375 2896  C:\WINDOWS\system32\csrsrv.dll - ok
21:20:34.0375 2896  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:20:34.0375 2896  C:\WINDOWS\system32\basesrv.dll - ok
21:20:34.0390 2896  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:20:34.0390 2896  C:\WINDOWS\system32\winsrv.dll - ok
21:20:34.0390 2896  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
21:20:34.0390 2896  C:\WINDOWS\system32\gdi32.dll - ok
21:20:34.0390 2896  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
21:20:34.0390 2896  C:\WINDOWS\system32\kernel32.dll - ok
21:20:34.0406 2896  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
21:20:34.0406 2896  C:\WINDOWS\system32\user32.dll - ok
21:20:34.0421 2896  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
21:20:34.0421 2896  C:\WINDOWS\system32\drivers\dxg.sys - ok
21:20:34.0421 2896  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
21:20:34.0421 2896  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
21:20:34.0437 2896  [ AEF144C9D85E3388F7A6796D1717DF70 ] C:\WINDOWS\system32\ialmdnt5.dll
21:20:34.0437 2896  C:\WINDOWS\system32\ialmdnt5.dll - ok
21:20:34.0437 2896  [ B28F58A8911C2FB458C22E914B46D28F ] C:\WINDOWS\system32\ialmrnt5.dll
21:20:34.0437 2896  C:\WINDOWS\system32\ialmrnt5.dll - ok
21:20:34.0437 2896  [ 4888EEB04B9161BD95345553F3398FE6 ] C:\WINDOWS\system32\ialmdev5.dll
21:20:34.0437 2896  C:\WINDOWS\system32\ialmdev5.dll - ok
21:20:34.0453 2896  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
21:20:34.0453 2896  C:\WINDOWS\system32\vga.dll - ok
21:20:34.0453 2896  [ 3AE8BF540820F28BE385E06911ECD526 ] C:\WINDOWS\system32\ialmdd5.dll
21:20:34.0453 2896  C:\WINDOWS\system32\ialmdd5.dll - ok
21:20:34.0468 2896  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
21:20:34.0468 2896  C:\WINDOWS\system32\winlogon.exe - ok
21:20:34.0468 2896  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
21:20:34.0468 2896  C:\WINDOWS\system32\advapi32.dll - ok
21:20:34.0484 2896  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
21:20:34.0484 2896  C:\WINDOWS\system32\rpcrt4.dll - ok
21:20:34.0484 2896  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
21:20:34.0484 2896  C:\WINDOWS\system32\secur32.dll - ok
21:20:34.0500 2896  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
21:20:34.0500 2896  C:\WINDOWS\system32\authz.dll - ok
21:20:34.0500 2896  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
21:20:34.0500 2896  C:\WINDOWS\system32\msvcrt.dll - ok
21:20:34.0515 2896  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
21:20:34.0515 2896  C:\WINDOWS\system32\crypt32.dll - ok
21:20:34.0515 2896  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
21:20:34.0515 2896  C:\WINDOWS\system32\msasn1.dll - ok
21:20:34.0531 2896  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
21:20:34.0531 2896  C:\WINDOWS\system32\nddeapi.dll - ok
21:20:34.0531 2896  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
21:20:34.0531 2896  C:\WINDOWS\system32\profmap.dll - ok
21:20:34.0546 2896  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
21:20:34.0546 2896  C:\WINDOWS\system32\netapi32.dll - ok
21:20:34.0546 2896  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
21:20:34.0546 2896  C:\WINDOWS\system32\userenv.dll - ok
21:20:34.0562 2896  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
21:20:34.0562 2896  C:\WINDOWS\system32\psapi.dll - ok
21:20:34.0562 2896  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
21:20:34.0562 2896  C:\WINDOWS\system32\regapi.dll - ok
21:20:34.0578 2896  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
21:20:34.0578 2896  C:\WINDOWS\system32\setupapi.dll - ok
21:20:34.0578 2896  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
21:20:34.0578 2896  C:\WINDOWS\system32\version.dll - ok
21:20:34.0593 2896  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
21:20:34.0593 2896  C:\WINDOWS\system32\winsta.dll - ok
21:20:34.0593 2896  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
21:20:34.0593 2896  C:\WINDOWS\system32\wintrust.dll - ok
21:20:34.0593 2896  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
21:20:34.0593 2896  C:\WINDOWS\system32\imagehlp.dll - ok
21:20:34.0609 2896  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
21:20:34.0609 2896  C:\WINDOWS\system32\ws2_32.dll - ok
21:20:34.0609 2896  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
21:20:34.0609 2896  C:\WINDOWS\system32\ws2help.dll - ok
21:20:34.0625 2896  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
21:20:34.0625 2896  C:\WINDOWS\system32\imm32.dll - ok
21:20:34.0625 2896  [ DAB9952E3626D84E74CBF4958B1B1F52 ] C:\WINDOWS\system32\kbduk.dll
21:20:34.0625 2896  C:\WINDOWS\system32\kbduk.dll - ok
21:20:34.0640 2896  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
21:20:34.0640 2896  C:\WINDOWS\system32\kbdus.dll - ok
21:20:34.0640 2896  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
21:20:34.0640 2896  C:\WINDOWS\system32\msgina.dll - ok
21:20:34.0656 2896  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
21:20:34.0656 2896  C:\WINDOWS\system32\comctl32.dll - ok
21:20:34.0656 2896  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
21:20:34.0656 2896  C:\WINDOWS\system32\odbc32.dll - ok
21:20:34.0671 2896  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
21:20:34.0671 2896  C:\WINDOWS\system32\comdlg32.dll - ok
21:20:34.0671 2896  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
21:20:34.0671 2896  C:\WINDOWS\system32\shell32.dll - ok
21:20:34.0687 2896  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
21:20:34.0687 2896  C:\WINDOWS\system32\shlwapi.dll - ok
21:20:34.0687 2896  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
21:20:34.0687 2896  C:\WINDOWS\system32\sxs.dll - ok
21:20:34.0703 2896  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
21:20:34.0703 2896  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
21:20:34.0703 2896  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
21:20:34.0703 2896  C:\WINDOWS\system32\odbcint.dll - ok
21:20:34.0718 2896  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
21:20:34.0718 2896  C:\WINDOWS\system32\sfc.dll - ok
21:20:34.0718 2896  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
21:20:34.0718 2896  C:\WINDOWS\system32\shsvcs.dll - ok
21:20:34.0734 2896  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
21:20:34.0734 2896  C:\WINDOWS\system32\ole32.dll - ok
21:20:34.0734 2896  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
21:20:34.0734 2896  C:\WINDOWS\system32\sfc_os.dll - ok
21:20:34.0750 2896  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
21:20:34.0750 2896  C:\WINDOWS\system32\apphelp.dll - ok
21:20:34.0750 2896  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
21:20:34.0750 2896  C:\WINDOWS\system32\lsass.exe - ok
21:20:34.0765 2896  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:20:34.0765 2896  C:\WINDOWS\system32\services.exe - ok
21:20:34.0765 2896  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
21:20:34.0765 2896  C:\WINDOWS\system32\lsasrv.dll - ok
21:20:34.0781 2896  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
21:20:34.0781 2896  C:\WINDOWS\system32\ncobjapi.dll - ok
21:20:34.0781 2896  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
21:20:34.0781 2896  C:\WINDOWS\system32\msvcp60.dll - ok
21:20:34.0781 2896  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
21:20:34.0781 2896  C:\WINDOWS\system32\mpr.dll - ok
21:20:34.0796 2896  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
21:20:34.0796 2896  C:\WINDOWS\system32\scesrv.dll - ok
21:20:34.0796 2896  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
21:20:34.0796 2896  C:\WINDOWS\system32\ntdsapi.dll - ok
21:20:34.0812 2896  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
21:20:34.0812 2896  C:\WINDOWS\system32\dnsapi.dll - ok
21:20:34.0812 2896  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
21:20:34.0812 2896  C:\WINDOWS\system32\umpnpmgr.dll - ok
21:20:34.0828 2896  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
21:20:34.0828 2896  C:\WINDOWS\system32\wldap32.dll - ok
21:20:34.0828 2896  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
21:20:34.0828 2896  C:\WINDOWS\system32\shimeng.dll - ok
21:20:34.0843 2896  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
21:20:34.0843 2896  C:\WINDOWS\AppPatch\acadproc.dll - ok
21:20:34.0843 2896  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
21:20:34.0843 2896  C:\WINDOWS\system32\samlib.dll - ok
21:20:34.0859 2896  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
21:20:34.0859 2896  C:\WINDOWS\system32\samsrv.dll - ok
21:20:34.0859 2896  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
21:20:34.0859 2896  C:\WINDOWS\system32\cryptdll.dll - ok
21:20:34.0875 2896  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
21:20:34.0875 2896  C:\WINDOWS\AppPatch\acgenral.dll - ok
21:20:34.0875 2896  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
21:20:34.0875 2896  C:\WINDOWS\system32\winmm.dll - ok
21:20:34.0890 2896  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
21:20:34.0890 2896  C:\WINDOWS\system32\oleaut32.dll - ok
21:20:34.0890 2896  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
21:20:34.0890 2896  C:\WINDOWS\system32\msacm32.dll - ok
21:20:34.0906 2896  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
21:20:34.0906 2896  C:\WINDOWS\system32\uxtheme.dll - ok
21:20:34.0906 2896  [ BD9B4450D00D4AC891407B8C0E08DE9C ] C:\WINDOWS\system32\Syncor11.dll
21:20:34.0906 2896  C:\WINDOWS\system32\Syncor11.dll - ok
21:20:34.0921 2896  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
21:20:34.0921 2896  C:\WINDOWS\system32\msapsspc.dll - ok
21:20:34.0921 2896  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
21:20:34.0921 2896  C:\WINDOWS\system32\msvcrt40.dll - ok
21:20:34.0937 2896  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
21:20:34.0937 2896  C:\WINDOWS\system32\schannel.dll - ok
21:20:34.0937 2896  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
21:20:34.0937 2896  C:\WINDOWS\system32\digest.dll - ok
21:20:34.0953 2896  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
21:20:34.0953 2896  C:\WINDOWS\system32\msnsspc.dll - ok
21:20:34.0953 2896  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
21:20:34.0953 2896  C:\WINDOWS\system32\msctfime.ime - ok
21:20:34.0968 2896  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
21:20:34.0968 2896  C:\WINDOWS\system32\msprivs.dll - ok
21:20:34.0968 2896  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
21:20:34.0968 2896  C:\WINDOWS\system32\kerberos.dll - ok
21:20:34.0984 2896  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
21:20:34.0984 2896  C:\WINDOWS\system32\msv1_0.dll - ok
21:20:34.0984 2896  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
21:20:34.0984 2896  C:\WINDOWS\system32\iphlpapi.dll - ok
21:20:35.0000 2896  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
21:20:35.0000 2896  C:\WINDOWS\system32\netlogon.dll - ok
21:20:35.0000 2896  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
21:20:35.0000 2896  C:\WINDOWS\system32\w32time.dll - ok
21:20:35.0015 2896  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
21:20:35.0015 2896  C:\WINDOWS\system32\wdigest.dll - ok
21:20:35.0015 2896  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
21:20:35.0015 2896  C:\WINDOWS\system32\rsaenh.dll - ok
21:20:35.0015 2896  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
21:20:35.0015 2896  C:\WINDOWS\system32\winscard.dll - ok
21:20:35.0031 2896  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
21:20:35.0031 2896  C:\WINDOWS\system32\wtsapi32.dll - ok
21:20:35.0031 2896  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
21:20:35.0031 2896  C:\WINDOWS\system32\scecli.dll - ok
21:20:35.0046 2896  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
21:20:35.0046 2896  C:\WINDOWS\system32\svchost.exe - ok
21:20:35.0046 2896  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
21:20:35.0046 2896  C:\WINDOWS\system32\ntmarta.dll - ok
21:20:35.0062 2896  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
21:20:35.0062 2896  C:\WINDOWS\system32\rpcss.dll - ok
21:20:35.0062 2896  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
21:20:35.0062 2896  C:\WINDOWS\system32\xpsp2res.dll - ok
21:20:35.0078 2896  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
21:20:35.0078 2896  C:\WINDOWS\system32\eventlog.dll - ok
21:20:35.0078 2896  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
21:20:35.0078 2896  C:\WINDOWS\system32\mswsock.dll - ok
21:20:35.0093 2896  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
21:20:35.0093 2896  C:\WINDOWS\system32\hnetcfg.dll - ok
21:20:35.0093 2896  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
21:20:35.0093 2896  C:\WINDOWS\system32\wshtcpip.dll - ok
21:20:35.0109 2896  [ 5F2917842D9FBB4CB11F76B0C00A1F5B ] C:\Program Files\Bonjour\mdnsNSP.dll
21:20:35.0109 2896  C:\Program Files\Bonjour\mdnsNSP.dll - ok
21:20:35.0109 2896  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
21:20:35.0109 2896  C:\WINDOWS\system32\winrnr.dll - ok
21:20:35.0125 2896  [ 3EA6A1A744D79328AE7E2C6FAE4C4420 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:20:35.0125 2896  C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
21:20:35.0125 2896  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
21:20:35.0125 2896  C:\WINDOWS\system32\rasadhlp.dll - ok
21:20:35.0140 2896  [ 17486A83D647542CE7B84CBD757D79D7 ] C:\Program Files\Microsoft Security Client\MpSvc.dll
21:20:35.0140 2896  C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
21:20:35.0140 2896  [ 172CBB4D826119F33DA5AE7F3D58C897 ] C:\Program Files\Microsoft Security Client\MpClient.dll
21:20:35.0140 2896  C:\Program Files\Microsoft Security Client\MpClient.dll - ok
21:20:35.0156 2896  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
21:20:35.0156 2896  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
21:20:35.0156 2896  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
21:20:35.0156 2896  C:\WINDOWS\system32\dhcpcsvc.dll - ok
21:20:35.0171 2896  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
21:20:35.0171 2896  C:\WINDOWS\system32\dnsrslvr.dll - ok
21:20:35.0171 2896  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
21:20:35.0171 2896  C:\WINDOWS\system32\cscdll.dll - ok
21:20:35.0187 2896  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
21:20:35.0187 2896  C:\WINDOWS\system32\logonui.exe - ok
21:20:35.0187 2896  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
21:20:35.0187 2896  C:\WINDOWS\system32\dimsntfy.dll - ok
21:20:35.0203 2896  [ 969A4489A402DF8FD5C694857CEFAD48 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
21:20:35.0203 2896  C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
21:20:35.0203 2896  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
21:20:35.0203 2896  C:\WINDOWS\system32\wlnotify.dll - ok
21:20:35.0218 2896  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
21:20:35.0218 2896  C:\WINDOWS\system32\duser.dll - ok
21:20:35.0218 2896  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
21:20:35.0218 2896  C:\WINDOWS\system32\lmhsvc.dll - ok
21:20:35.0218 2896  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
21:20:35.0218 2896  C:\WINDOWS\system32\wzcsvc.dll - ok
21:20:35.0234 2896  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
21:20:35.0234 2896  C:\WINDOWS\system32\winspool.drv - ok
21:20:35.0234 2896  [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
21:20:35.0234 2896  C:\WINDOWS\system32\WgaLogon.dll - ok
21:20:35.0250 2896  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
21:20:35.0250 2896  C:\WINDOWS\system32\msimg32.dll - ok
21:20:35.0250 2896  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
21:20:35.0250 2896  C:\WINDOWS\system32\oleacc.dll - ok
21:20:35.0265 2896  [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
21:20:35.0265 2896  C:\WINDOWS\system32\fltlib.dll - ok
21:20:35.0265 2896  [ 6604C8C15B3AFD280F12B1FF4C7EF2B2 ] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DD4756D-945A-474C-B59A-F3002D844FF1}\mpengine.dll
21:20:35.0265 2896  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DD4756D-945A-474C-B59A-F3002D844FF1}\mpengine.dll - ok
21:20:35.0281 2896  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
21:20:35.0281 2896  C:\WINDOWS\system32\rtutils.dll - ok
21:20:35.0281 2896  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
21:20:35.0281 2896  C:\WINDOWS\system32\clbcatq.dll - ok
21:20:35.0296 2896  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
21:20:35.0296 2896  C:\WINDOWS\system32\wmi.dll - ok
21:20:35.0296 2896  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
21:20:35.0296 2896  C:\WINDOWS\system32\eapolqec.dll - ok
21:20:35.0312 2896  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
21:20:35.0312 2896  C:\WINDOWS\system32\atl.dll - ok
21:20:35.0312 2896  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
21:20:35.0312 2896  C:\WINDOWS\system32\qutil.dll - ok
21:20:35.0328 2896  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
21:20:35.0328 2896  C:\WINDOWS\system32\dot3api.dll - ok
21:20:35.0328 2896  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
21:20:35.0328 2896  C:\WINDOWS\system32\esent.dll - ok
21:20:35.0343 2896  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
21:20:35.0343 2896  C:\WINDOWS\system32\comres.dll - ok
21:20:35.0343 2896  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
21:20:35.0343 2896  C:\WINDOWS\system32\msxml3.dll - ok
21:20:35.0359 2896  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
21:20:35.0359 2896  C:\WINDOWS\system32\shgina.dll - ok
21:20:35.0359 2896  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
21:20:35.0359 2896  C:\WINDOWS\system32\rastls.dll - ok
21:20:35.0375 2896  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
21:20:35.0375 2896  C:\WINDOWS\system32\cryptui.dll - ok
21:20:35.0375 2896  [ C087CC88D7CD554409CBB5EBC29E8E38 ] C:\WINDOWS\system32\wininet.dll
21:20:35.0375 2896  C:\WINDOWS\system32\wininet.dll - ok
21:20:35.0375 2896  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
21:20:35.0375 2896  C:\WINDOWS\system32\normaliz.dll - ok
21:20:35.0390 2896  [ 28F73A450AA227894E2E6288F8681E79 ] C:\WINDOWS\system32\urlmon.dll
21:20:35.0390 2896  C:\WINDOWS\system32\urlmon.dll - ok
21:20:35.0390 2896  [ 81FAEFC42D0B236C62C3401558867FAA ] C:\WINDOWS\system32\iertutil.dll
21:20:35.0390 2896  C:\WINDOWS\system32\iertutil.dll - ok
21:20:35.0406 2896  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
21:20:35.0406 2896  C:\WINDOWS\system32\mprapi.dll - ok
21:20:35.0421 2896  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
21:20:35.0421 2896  C:\WINDOWS\system32\activeds.dll - ok
21:20:35.0421 2896  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
21:20:35.0421 2896  C:\WINDOWS\system32\adsldpc.dll - ok
21:20:35.0437 2896  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
21:20:35.0437 2896  C:\WINDOWS\system32\rasapi32.dll - ok
21:20:35.0437 2896  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
21:20:35.0437 2896  C:\WINDOWS\system32\rasman.dll - ok
21:20:35.0437 2896  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
21:20:35.0437 2896  C:\WINDOWS\system32\tapi32.dll - ok
21:20:35.0453 2896  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
21:20:35.0453 2896  C:\WINDOWS\system32\riched20.dll - ok
21:20:35.0453 2896  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
21:20:35.0453 2896  C:\WINDOWS\system32\raschap.dll - ok
21:20:35.0468 2896  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
21:20:35.0468 2896  C:\WINDOWS\system32\cscui.dll - ok
21:20:35.0468 2896  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
21:20:35.0468 2896  C:\WINDOWS\system32\schedsvc.dll - ok
21:20:35.0484 2896  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
21:20:35.0484 2896  C:\WINDOWS\system32\netman.dll - ok
21:20:35.0484 2896  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
21:20:35.0484 2896  C:\WINDOWS\system32\powrprof.dll - ok
21:20:35.0500 2896  [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
21:20:35.0500 2896  C:\WINDOWS\system32\dpcdll.dll - ok
21:20:35.0500 2896  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
21:20:35.0500 2896  C:\WINDOWS\system32\netshell.dll - ok
21:20:35.0515 2896  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
21:20:35.0515 2896  C:\WINDOWS\system32\userinit.exe - ok
21:20:35.0515 2896  [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
21:20:35.0515 2896  C:\WINDOWS\system32\WgaTray.exe - ok
21:20:35.0531 2896  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
21:20:35.0531 2896  C:\WINDOWS\explorer.exe - ok
21:20:35.0531 2896  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
21:20:35.0531 2896  C:\WINDOWS\system32\credui.dll - ok
21:20:35.0546 2896  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
21:20:35.0546 2896  C:\WINDOWS\system32\dot3dlg.dll - ok
21:20:35.0546 2896  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
21:20:35.0546 2896  C:\WINDOWS\system32\onex.dll - ok
21:20:35.0562 2896  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
21:20:35.0562 2896  C:\WINDOWS\system32\browseui.dll - ok
21:20:35.0562 2896  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
21:20:35.0562 2896  C:\WINDOWS\system32\eappcfg.dll - ok
21:20:35.0562 2896  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
21:20:35.0562 2896  C:\WINDOWS\system32\cryptnet.dll - ok
21:20:35.0578 2896  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
21:20:35.0578 2896  C:\WINDOWS\system32\sensapi.dll - ok
21:20:35.0578 2896  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
21:20:35.0578 2896  C:\WINDOWS\system32\eappprxy.dll - ok
21:20:35.0593 2896  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
21:20:35.0593 2896  C:\WINDOWS\system32\winhttp.dll - ok
21:20:35.0593 2896  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
21:20:35.0593 2896  C:\WINDOWS\system32\wzcsapi.dll - ok
21:20:35.0609 2896  [ 027D03D9D8AB95194A115A999E960AC0 ] C:\WINDOWS\system32\LEXBCES.EXE
21:20:35.0609 2896  C:\WINDOWS\system32\LEXBCES.EXE - ok
21:20:35.0609 2896  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
21:20:35.0609 2896  C:\WINDOWS\system32\msidle.dll - ok
21:20:35.0625 2896  [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
21:20:35.0625 2896  C:\WINDOWS\system32\LegitCheckControl.dll - ok
21:20:35.0625 2896  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
21:20:35.0625 2896  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
21:20:35.0640 2896  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
21:20:35.0640 2896  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
21:20:35.0640 2896  [ 8D836E60877ED79C409712B9BE2DFC3B ] C:\WINDOWS\system32\LEXPPS.EXE
21:20:35.0640 2896  C:\WINDOWS\system32\LEXPPS.EXE - ok
21:20:35.0656 2896  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
21:20:35.0656 2896  C:\WINDOWS\system32\spoolsv.exe - ok
21:20:35.0656 2896  [ 525DFDB929AD3F9B1F4AD8CED4E5F044 ] C:\WINDOWS\system32\shdocvw.dll
21:20:35.0656 2896  C:\WINDOWS\system32\shdocvw.dll - ok
21:20:35.0671 2896  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
21:20:35.0671 2896  C:\WINDOWS\system32\audiosrv.dll - ok
21:20:35.0671 2896  [ 00E2AE113DD2ED2F20A715710A255D3E ] C:\WINDOWS\system32\LEXBCE.DLL
21:20:35.0671 2896  C:\WINDOWS\system32\LEXBCE.DLL - ok
21:20:35.0687 2896  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
21:20:35.0687 2896  C:\WINDOWS\system32\wkssvc.dll - ok
21:20:35.0687 2896  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
21:20:35.0687 2896  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
21:20:35.0703 2896  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
21:20:35.0703 2896  C:\WINDOWS\system32\webclnt.dll - ok
21:20:35.0703 2896  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
21:20:35.0703 2896  C:\WINDOWS\system32\drivers\parvdm.sys - ok
21:20:35.0718 2896  [ 70D7BE78061126DD0C3ACCDB7E129017 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:20:35.0718 2896  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
21:20:35.0718 2896  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
21:20:35.0718 2896  C:\WINDOWS\system32\wsock32.dll - ok
21:20:35.0718 2896  [ 673CF4F6BB1FBE09331B526802FBB892 ] C:\Program Files\Bonjour\mDNSResponder.exe
21:20:35.0718 2896  C:\Program Files\Bonjour\mDNSResponder.exe - ok
21:20:35.0734 2896  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
21:20:35.0734 2896  C:\WINDOWS\system32\qmgr.dll - ok
21:20:35.0734 2896  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
21:20:35.0734 2896  C:\WINDOWS\system32\wdmaud.drv - ok
21:20:35.0750 2896  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
21:20:35.0750 2896  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
21:20:35.0750 2896  [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
21:20:35.0750 2896  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
21:20:35.0765 2896  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
21:20:35.0765 2896  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
21:20:35.0765 2896  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
21:20:35.0765 2896  C:\WINDOWS\system32\drivers\splitter.sys - ok
21:20:35.0781 2896  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
21:20:35.0781 2896  C:\WINDOWS\system32\drivers\aec.sys - ok
21:20:35.0781 2896  [ FF60B8C5BBE73B0790B3332783B6FD81 ] C:\Program Files\Google\Update\1.3.21.153\goopdate.dll
21:20:35.0781 2896  C:\Program Files\Google\Update\1.3.21.153\goopdate.dll - ok
21:20:35.0796 2896  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
21:20:35.0796 2896  C:\WINDOWS\system32\cryptsvc.dll - ok
21:20:35.0796 2896  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
21:20:35.0796 2896  C:\WINDOWS\system32\shfolder.dll - ok
21:20:35.0812 2896  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
21:20:35.0812 2896  C:\WINDOWS\system32\certcli.dll - ok
21:20:35.0812 2896  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
21:20:35.0812 2896  C:\WINDOWS\system32\drivers\swmidi.sys - ok
21:20:35.0828 2896  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
21:20:35.0828 2896  C:\WINDOWS\system32\drivers\dmusic.sys - ok
21:20:35.0828 2896  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
21:20:35.0828 2896  C:\WINDOWS\system32\drivers\kmixer.sys - ok
21:20:35.0843 2896  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
21:20:35.0843 2896  C:\WINDOWS\system32\ersvc.dll - ok
21:20:35.0843 2896  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
21:20:35.0843 2896  C:\WINDOWS\system32\dmserver.dll - ok
21:20:35.0859 2896  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
21:20:35.0859 2896  C:\WINDOWS\system32\es.dll - ok
21:20:35.0859 2896  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
21:20:35.0859 2896  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
21:20:35.0859 2896  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
21:20:35.0859 2896  C:\WINDOWS\system32\msi.dll - ok
21:20:35.0875 2896  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
21:20:35.0875 2896  C:\WINDOWS\system32\msacm32.drv - ok
21:20:35.0875 2896  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
21:20:35.0875 2896  C:\WINDOWS\system32\midimap.dll - ok
21:20:35.0890 2896  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
21:20:35.0890 2896  C:\WINDOWS\system32\desk.cpl - ok
21:20:35.0890 2896  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
21:20:35.0890 2896  C:\WINDOWS\system32\themeui.dll - ok
21:20:35.0906 2896  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
21:20:35.0906 2896  C:\WINDOWS\system32\actxprxy.dll - ok
21:20:35.0921 2896  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
21:20:35.0921 2896  C:\WINDOWS\system32\cmd.exe - ok
21:20:35.0921 2896  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
21:20:35.0921 2896  C:\WINDOWS\system32\dbghelp.dll - ok
21:20:35.0921 2896  [ 35EA674E7239B527AD98AFD1DBC1EFD6 ] C:\WINDOWS\system32\ieframe.dll
21:20:35.0921 2896  C:\WINDOWS\system32\ieframe.dll - ok
21:20:35.0937 2896  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:20:35.0937 2896  C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok
21:20:35.0937 2896  [ 8726802EA4FBFFA3FD54FD2449BF51D4 ] C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
21:20:35.0937 2896  C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe - ok
21:20:35.0953 2896  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
21:20:35.0953 2896  C:\WINDOWS\system32\mstask.dll - ok
21:20:35.0953 2896  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
21:20:35.0953 2896  C:\WINDOWS\system32\hidserv.dll - ok
21:20:35.0968 2896  [ 5739F2821D49975CEDE6BF0153D0CF01 ] C:\Program Files\Java\jre7\bin\jqs.exe
21:20:35.0968 2896  C:\Program Files\Java\jre7\bin\jqs.exe - ok
21:20:35.0968 2896  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
21:20:35.0968 2896  C:\WINDOWS\system32\hid.dll - ok
21:20:35.0984 2896  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
21:20:35.0984 2896  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
21:20:35.0984 2896  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
21:20:35.0984 2896  C:\WINDOWS\system32\pdh.dll - ok
21:20:36.0000 2896  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
21:20:36.0000 2896  C:\WINDOWS\system32\odbcbcp.dll - ok
21:20:36.0000 2896  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
21:20:36.0000 2896  C:\WINDOWS\system32\srvsvc.dll - ok
21:20:36.0015 2896  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
21:20:36.0015 2896  C:\WINDOWS\system32\perfos.dll - ok
21:20:36.0015 2896  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
21:20:36.0015 2896  C:\WINDOWS\system32\perfdisk.dll - ok
21:20:36.0031 2896  [ ACFF877F5C17B9360919919F10DD6072 ] C:\Program Files\Common Files\Motive\pcCMService.exe
21:20:36.0031 2896  C:\Program Files\Common Files\Motive\pcCMService.exe - ok
21:20:36.0031 2896  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
21:20:36.0031 2896  C:\WINDOWS\system32\netmsg.dll - ok
21:20:36.0046 2896  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
21:20:36.0046 2896  C:\WINDOWS\system32\drivers\srv.sys - ok
21:20:36.0046 2896  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
21:20:36.0046 2896  C:\WINDOWS\system32\ipsecsvc.dll - ok
21:20:36.0062 2896  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
21:20:36.0062 2896  C:\WINDOWS\system32\oakley.dll - ok
21:20:36.0062 2896  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
21:20:36.0062 2896  C:\WINDOWS\system32\regsvc.dll - ok
21:20:36.0062 2896  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
21:20:36.0062 2896  C:\WINDOWS\system32\seclogon.dll - ok
21:20:36.0078 2896  [ 3978F082274F723AD5A0A8058C2417DD ] C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
21:20:36.0078 2896  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe - ok
21:20:36.0078 2896  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
21:20:36.0078 2896  C:\WINDOWS\system32\sens.dll - ok
21:20:36.0093 2896  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
21:20:36.0093 2896  C:\WINDOWS\system32\srsvc.dll - ok
21:20:36.0093 2896  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
21:20:36.0093 2896  C:\WINDOWS\system32\wiaservc.dll - ok
21:20:36.0109 2896  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
21:20:36.0109 2896  C:\WINDOWS\system32\trkwks.dll - ok
21:20:36.0109 2896  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
21:20:36.0109 2896  C:\WINDOWS\system32\winipsec.dll - ok
21:20:36.0125 2896  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
21:20:36.0125 2896  C:\WINDOWS\system32\pstorsvc.dll - ok
21:20:36.0125 2896  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
21:20:36.0125 2896  C:\WINDOWS\system32\psbase.dll - ok
21:20:36.0140 2896  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
21:20:36.0140 2896  C:\WINDOWS\system32\browser.dll - ok
21:20:36.0140 2896  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
21:20:36.0140 2896  C:\WINDOWS\system32\dssenh.dll - ok
21:20:36.0156 2896  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
21:20:36.0156 2896  C:\WINDOWS\system32\cfgmgr32.dll - ok
21:20:36.0156 2896  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
21:20:36.0156 2896  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
21:20:36.0171 2896  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
21:20:36.0171 2896  C:\WINDOWS\system32\wuauserv.dll - ok
21:20:36.0171 2896  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
21:20:36.0171 2896  C:\WINDOWS\system32\mscms.dll - ok
21:20:36.0187 2896  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
21:20:36.0187 2896  C:\WINDOWS\system32\vssapi.dll - ok
21:20:36.0187 2896  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
21:20:36.0187 2896  C:\WINDOWS\system32\wuaueng.dll - ok
21:20:36.0203 2896  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\3104D03D-538A-4589-87F3-44A56EBDA1DD.exe
21:20:36.0203 2896  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\3104D03D-538A-4589-87F3-44A56EBDA1DD.exe - ok
21:20:36.0203 2896  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
21:20:36.0203 2896  C:\WINDOWS\system32\spoolss.dll - ok
21:20:36.0218 2896  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
21:20:36.0218 2896  C:\WINDOWS\system32\localspl.dll - ok
21:20:36.0218 2896  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
21:20:36.0218 2896  C:\WINDOWS\system32\cnbjmon.dll - ok
21:20:36.0234 2896  [ D4A932612C4E4A42A5227005D106C92C ] C:\WINDOWS\system32\LEXLMPM.DLL
21:20:36.0234 2896  C:\WINDOWS\system32\LEXLMPM.DLL - ok
21:20:36.0234 2896  [ 1C3A51A4847DF611D5C3AD16BBF8F6CB ] C:\WINDOWS\system32\LEXP2P32.DLL
21:20:36.0234 2896  C:\WINDOWS\system32\LEXP2P32.DLL - ok
21:20:36.0250 2896  [ B3548DF8DB695E8CF02EC379B2307883 ] C:\WINDOWS\system32\LEX2KUSB.DLL
21:20:36.0250 2896  C:\WINDOWS\system32\LEX2KUSB.DLL - ok
21:20:36.0250 2896  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
21:20:36.0250 2896  C:\WINDOWS\system32\cabinet.dll - ok
21:20:36.0265 2896  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
21:20:36.0265 2896  C:\WINDOWS\system32\mspatcha.dll - ok
21:20:36.0265 2896  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
21:20:36.0265 2896  C:\WINDOWS\system32\ipnathlp.dll - ok
21:20:36.0265 2896  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
21:20:36.0265 2896  C:\WINDOWS\system32\pjlmon.dll - ok
21:20:36.0281 2896  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
21:20:36.0281 2896  C:\WINDOWS\system32\tcpmon.dll - ok
21:20:36.0281 2896  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
21:20:36.0281 2896  C:\WINDOWS\system32\usbmon.dll - ok
21:20:36.0296 2896  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
21:20:36.0296 2896  C:\WINDOWS\system32\msutb.dll - ok
21:20:36.0296 2896  [ C213C40D8E9F2D1AFFBD1262CD23E026 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL
21:20:36.0296 2896  C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL - ok
21:20:36.0312 2896  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
21:20:36.0312 2896  C:\WINDOWS\system32\win32spl.dll - ok
21:20:36.0312 2896  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
21:20:36.0312 2896  C:\WINDOWS\system32\wscsvc.dll - ok
21:20:36.0328 2896  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
21:20:36.0328 2896  C:\WINDOWS\system32\msctf.dll - ok
21:20:36.0328 2896  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
21:20:36.0328 2896  C:\WINDOWS\system32\netrap.dll - ok
21:20:36.0343 2896  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
21:20:36.0343 2896  C:\WINDOWS\system32\comsvcs.dll - ok
21:20:36.0343 2896  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
21:20:36.0343 2896  C:\WINDOWS\system32\inetpp.dll - ok
21:20:36.0359 2896  [ 780682EE1AB47FA8A46A776800484527 ] C:\WINDOWS\system32\lxbkpwr.dll
21:20:36.0359 2896  C:\WINDOWS\system32\lxbkpwr.dll - ok
21:20:36.0359 2896  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
21:20:36.0359 2896  C:\WINDOWS\system32\colbact.dll - ok
21:20:36.0375 2896  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
21:20:36.0375 2896  C:\WINDOWS\system32\clusapi.dll - ok
21:20:36.0375 2896  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
21:20:36.0375 2896  C:\WINDOWS\system32\mtxclu.dll - ok
21:20:36.0390 2896  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
21:20:36.0390 2896  C:\WINDOWS\system32\verclsid.exe - ok
21:20:36.0390 2896  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
21:20:36.0390 2896  C:\WINDOWS\system32\linkinfo.dll - ok
21:20:36.0406 2896  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
21:20:36.0406 2896  C:\WINDOWS\system32\resutils.dll - ok
21:20:36.0406 2896  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
21:20:36.0406 2896  C:\WINDOWS\system32\ntshrui.dll - ok
21:20:36.0421 2896  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
21:20:36.0421 2896  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
21:20:36.0421 2896  [ 1B84CFBFF768206CFF895B852B76977B ] C:\WINDOWS\system32\igfxtray.exe
21:20:36.0421 2896  C:\WINDOWS\system32\igfxtray.exe - ok
21:20:36.0437 2896  [ D2805723C9D5BA94E81A01D8AD0657CC ] C:\WINDOWS\system32\hccutils.dll
21:20:36.0453 2896  C:\WINDOWS\system32\hccutils.dll - ok
21:20:36.0453 2896  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
21:20:36.0453 2896  C:\WINDOWS\system32\mlang.dll - ok
21:20:36.0468 2896  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
21:20:36.0468 2896  C:\WINDOWS\system32\wbem\esscli.dll - ok
21:20:36.0468 2896  [ 3E42BA7F24390F4A61E3544AD79E61E5 ] C:\WINDOWS\system32\igfxdev.dll
21:20:36.0468 2896  C:\WINDOWS\system32\igfxdev.dll - ok
21:20:36.0484 2896  [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
21:20:36.0484 2896  C:\WINDOWS\system32\ddraw.dll - ok
21:20:36.0484 2896  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
21:20:36.0484 2896  C:\WINDOWS\system32\wbem\fastprox.dll - ok
21:20:36.0500 2896  [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
21:20:36.0500 2896  C:\WINDOWS\system32\dciman32.dll - ok
21:20:36.0500 2896  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
21:20:36.0500 2896  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
21:20:36.0515 2896  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
21:20:36.0515 2896  C:\WINDOWS\system32\wups.dll - ok
21:20:36.0515 2896  [ 4EC9B66AA45683B89D58C3B2C3E64E49 ] C:\WINDOWS\system32\hkcmd.exe
21:20:36.0515 2896  C:\WINDOWS\system32\hkcmd.exe - ok
21:20:36.0531 2896  [ 55F743C7047F8AE5A6A2A4B65B001622 ] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
21:20:36.0531 2896  C:\Program Files\Analog Devices\SoundMAX\SMTray.exe - ok
21:20:36.0531 2896  [ 959B435B73C2AB7807161E99D80F68CC ] C:\WINDOWS\system32\igfxsrvc.dll
21:20:36.0531 2896  C:\WINDOWS\system32\igfxsrvc.dll - ok
21:20:36.0531 2896  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
21:20:36.0531 2896  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
21:20:36.0546 2896  [ 1B98EB0D40F74D0A8D153A52C2DB993B ] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
21:20:36.0546 2896  C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe - ok
21:20:36.0546 2896  [ 787B8AD5FEF1A68D3ED00E4E393B9D18 ] C:\cpqs\scom\srmclean.exe
21:20:36.0546 2896  C:\cpqs\scom\srmclean.exe - ok
21:20:36.0562 2896  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
21:20:36.0562 2896  C:\WINDOWS\system32\wups2.dll - ok
21:20:36.0562 2896  [ D38A601C00279A691E72DAF74AC4963B ] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
21:20:36.0562 2896  C:\Program Files\Compaq\SetRefresh\SetRefresh.exe - ok
21:20:36.0578 2896  [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
21:20:36.0578 2896  C:\WINDOWS\system32\mfc42.dll - ok
21:20:36.0578 2896  [ D20AE344322F8927AC04AEC0834AEB84 ] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
21:20:36.0578 2896  C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe - ok
21:20:36.0593 2896  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
21:20:36.0593 2896  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
21:20:36.0593 2896  [ 8E7939D19E49D071110D780BF1EDEC21 ] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
21:20:36.0593 2896  C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe - ok
21:20:36.0609 2896  [ A22052E71E79729B4309441D9D34AE6A ] C:\WINDOWS\system32\igfxres.dll
21:20:36.0609 2896  C:\WINDOWS\system32\igfxres.dll - ok
21:20:36.0609 2896  [ D2DAD71C96C113ED07F7BB79AD831C28 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
21:20:36.0609 2896  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
21:20:36.0625 2896  [ 9C2991D06E1F40ADBDED988B013828C8 ] C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
21:20:36.0625 2896  C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe - ok
21:20:36.0625 2896  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
21:20:36.0625 2896  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
21:20:36.0640 2896  [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files\QuickTime\QTTask.exe
21:20:36.0640 2896  C:\Program Files\QuickTime\QTTask.exe - ok
21:20:36.0640 2896  [ C77E23D57E0EA061C0A9982AE2EBE56E ] C:\Program Files\Microsoft Security Client\msseces.exe
21:20:36.0640 2896  C:\Program Files\Microsoft Security Client\msseces.exe - ok
21:20:36.0656 2896  [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
21:20:36.0656 2896  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
21:20:36.0656 2896  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
21:20:36.0656 2896  C:\WINDOWS\system32\webcheck.dll - ok
21:20:36.0671 2896  [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
21:20:36.0671 2896  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
21:20:36.0671 2896  [ 3C69380ABFE416B76E85C21456340526 ] C:\Program Files\Lexmark X1100 Series\rtscan.dll
21:20:36.0671 2896  C:\Program Files\Lexmark X1100 Series\rtscan.dll - ok
21:20:36.0687 2896  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
21:20:36.0687 2896  C:\WINDOWS\system32\upnp.dll - ok
21:20:36.0687 2896  [ E807D618BF2A6D612B9D513BBCFCB2F2 ] C:\WINDOWS\system32\igfxhk.dll
21:20:36.0687 2896  C:\WINDOWS\system32\igfxhk.dll - ok
21:20:36.0703 2896  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
21:20:36.0703 2896  C:\WINDOWS\system32\stobject.dll - ok
21:20:36.0703 2896  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
21:20:36.0703 2896  C:\WINDOWS\system32\ssdpapi.dll - ok
21:20:36.0718 2896  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
21:20:36.0718 2896  C:\WINDOWS\system32\batmeter.dll - ok
21:20:36.0718 2896  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
21:20:36.0718 2896  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
21:20:36.0734 2896  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
21:20:36.0734 2896  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
21:20:36.0734 2896  [ 914BD10158E20A524AC9387F4B613FF4 ] C:\WINDOWS\system32\igfxress.dll
21:20:36.0734 2896  C:\WINDOWS\system32\igfxress.dll - ok
21:20:36.0750 2896  [ 29ECDA17BA5E6D98430F698587569ACC ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll
21:20:36.0750 2896  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll - ok
21:20:36.0750 2896  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
21:20:36.0750 2896  C:\WINDOWS\system32\ctfmon.exe - ok
21:20:36.0750 2896  [ 605C6370240FC79CADBCD34960A741D2 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
21:20:36.0750 2896  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
21:20:36.0765 2896  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
21:20:36.0765 2896  C:\WINDOWS\system32\mydocs.dll - ok
21:20:36.0765 2896  [ 7290A6DD34862278DF9E26D96E5A95D8 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
21:20:36.0765 2896  C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
21:20:36.0781 2896  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\40585780.sys
21:20:36.0781 2896  C:\WINDOWS\system32\drivers\40585780.sys - ok
21:20:36.0781 2896  [ 2FDFA845DCE5D6A843E413F18307561A ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
21:20:36.0781 2896  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
21:20:36.0781 2896  [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
21:20:36.0781 2896  C:\WINDOWS\system32\msisip.dll - ok
21:20:36.0796 2896  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
21:20:36.0796 2896  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
21:20:36.0796 2896  [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
21:20:36.0796 2896  C:\WINDOWS\system32\wshext.dll - ok
21:20:36.0812 2896  [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
21:20:36.0812 2896  C:\WINDOWS\ime\sptip.dll - ok
21:20:36.0812 2896  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
21:20:36.0812 2896  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
21:20:36.0828 2896  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
21:20:36.0828 2896  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
21:20:36.0828 2896  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
21:20:36.0828 2896  C:\WINDOWS\system32\wuauclt.exe - ok
21:20:36.0828 2896  [ 0EEE814627F4384291687671F76419F6 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
21:20:36.0828 2896  C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
21:20:36.0843 2896  [ DEB88AEF013DD1EEFB462D7CAD642166 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
21:20:36.0843 2896  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - ok
21:20:36.0843 2896  [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
21:20:36.0843 2896  C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
21:20:36.0859 2896  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\WINDOWS\system32\msvcp71.dll
21:20:36.0859 2896  C:\WINDOWS\system32\msvcp71.dll - ok
21:20:36.0859 2896  [ 0DFA4D5E8205614EDA53394E637812E4 ] C:\WINDOWS\system32\vdmdbg.dll
21:20:36.0859 2896  C:\WINDOWS\system32\vdmdbg.dll - ok
21:20:36.0875 2896  [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
21:20:36.0875 2896  C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
21:20:36.0875 2896  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
21:20:36.0875 2896  C:\WINDOWS\system32\wbem\wbemess.dll - ok
21:20:36.0875 2896  [ C2307DA9F94E1CB73295F08E2EEFAB76 ] C:\Program Files\Common Files\Motive\pcContextX.dll
21:20:36.0875 2896  C:\Program Files\Common Files\Motive\pcContextX.dll - ok
21:20:36.0890 2896  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\msvcr71.dll
21:20:36.0890 2896  C:\WINDOWS\system32\msvcr71.dll - ok
21:20:36.0890 2896  [ 9ABB7CDAC0914579C86990048771B1B4 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
21:20:36.0890 2896  C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
21:20:36.0906 2896  [ E407256F4A2AC1AD68F32574900038F7 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
21:20:36.0906 2896  C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
21:20:36.0906 2896  [ FBB0DE846D994704FDECFC1DC912FD68 ] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
21:20:36.0906 2896  C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe - ok
21:20:36.0906 2896  [ C8E17690581C1DC393A5A24F69D0C1BD ] C:\Program Files\Common Files\Motive\pcContextDetectorWin32_DSR.dll
21:20:36.0906 2896  C:\Program Files\Common Files\Motive\pcContextDetectorWin32_DSR.dll - ok
21:20:36.0921 2896  [ D47913F993A0E3A0C9F1E88FD02E98C6 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
21:20:36.0921 2896  C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
21:20:36.0921 2896  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
21:20:36.0921 2896  C:\WINDOWS\system32\netcfgx.dll - ok
21:20:36.0937 2896  [ 855F6333E3A4DFC6F3C8B0520C261FCD ] C:\WINDOWS\system32\msftedit.dll
21:20:36.0937 2896  C:\WINDOWS\system32\msftedit.dll - ok
21:20:36.0937 2896  [ AFF1C482BE6C8FF9D63CB74564E0209D ] C:\Program Files\Common Files\Motive\pcContextHook_DSR.dll
21:20:36.0937 2896  C:\Program Files\Common Files\Motive\pcContextHook_DSR.dll - ok
21:20:36.0937 2896  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
21:20:36.0937 2896  C:\WINDOWS\system32\wuapi.dll - ok
21:20:36.0953 2896  [ 84AA73DAEAA9F60413B74617CE381638 ] C:\Program Files\Common Files\Motive\pcContextDetectorEmail_DSR.dll
21:20:36.0953 2896  C:\Program Files\Common Files\Motive\pcContextDetectorEmail_DSR.dll - ok
21:20:36.0953 2896  [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
21:20:36.0953 2896  C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
21:20:36.0968 2896  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
21:20:36.0968 2896  C:\WINDOWS\system32\rasmans.dll - ok
21:20:36.0968 2896  [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
21:20:36.0968 2896  C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
21:20:36.0968 2896  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
21:20:36.0968 2896  C:\WINDOWS\system32\termsrv.dll - ok
21:20:36.0984 2896  [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
21:20:36.0984 2896  C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
21:20:36.0984 2896  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
21:20:36.0984 2896  C:\WINDOWS\system32\icaapi.dll - ok
21:20:37.0000 2896  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
21:20:37.0000 2896  C:\WINDOWS\system32\mstlsapi.dll - ok
21:20:37.0000 2896  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
21:20:37.0000 2896  C:\WINDOWS\system32\wbem\ncprov.dll - ok
21:20:37.0015 2896  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
21:20:37.0015 2896  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
21:20:37.0015 2896  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
21:20:37.0015 2896  C:\WINDOWS\system32\drivers\http.sys - ok
21:20:37.0015 2896  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
21:20:37.0015 2896  C:\WINDOWS\system32\ssdpsrv.dll - ok
21:20:37.0031 2896  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
21:20:37.0031 2896  C:\WINDOWS\system32\tapisrv.dll - ok
21:20:37.0031 2896  [ 691771D7570A53130E7E885D8266E6C0 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
21:20:37.0031 2896  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
21:20:37.0046 2896  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
21:20:37.0046 2896  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
21:20:37.0046 2896  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
21:20:37.0046 2896  C:\WINDOWS\system32\rastapi.dll - ok
21:20:37.0046 2896  [ 2D0157B482115B37F1D84D69A22790D4 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
21:20:37.0046 2896  C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
21:20:37.0062 2896  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
21:20:37.0062 2896  C:\WINDOWS\system32\alg.exe - ok
21:20:37.0062 2896  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
21:20:37.0062 2896  C:\WINDOWS\system32\unimdm.tsp - ok
21:20:37.0078 2896  [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
21:20:37.0078 2896  C:\WINDOWS\system32\licwmi.dll - ok
21:20:37.0078 2896  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
21:20:37.0078 2896  C:\WINDOWS\system32\uniplat.dll - ok
21:20:37.0093 2896  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
21:20:37.0093 2896  C:\WINDOWS\system32\wbem\framedyn.dll - ok
21:20:37.0093 2896  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
21:20:37.0093 2896  C:\WINDOWS\system32\kmddsp.tsp - ok
21:20:37.0093 2896  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
21:20:37.0093 2896  C:\WINDOWS\system32\ndptsp.tsp - ok
21:20:37.0109 2896  [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
21:20:37.0109 2896  C:\WINDOWS\system32\licdll.dll - ok
21:20:37.0109 2896  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
21:20:37.0109 2896  C:\WINDOWS\system32\ipconf.tsp - ok
21:20:37.0125 2896  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
21:20:37.0125 2896  C:\WINDOWS\system32\h323.tsp - ok
21:20:37.0125 2896  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
21:20:37.0125 2896  C:\WINDOWS\system32\hidphone.tsp - ok
21:20:37.0125 2896  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
21:20:37.0125 2896  C:\WINDOWS\system32\rasppp.dll - ok
21:20:37.0140 2896  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
21:20:37.0140 2896  C:\WINDOWS\system32\ntlsapi.dll - ok
21:20:37.0140 2896  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
21:20:37.0140 2896  C:\WINDOWS\system32\rasqec.dll - ok
21:20:37.0156 2896  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
21:20:37.0156 2896  C:\WINDOWS\system32\rasdlg.dll - ok
21:20:37.0156 2896  [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
21:20:37.0156 2896  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
21:20:37.0156 2896  [ 8A1CBAE63FC06EDAEDCCE1B23E9C9267 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
21:20:37.0156 2896  C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
21:20:37.0171 2896  [ 76A0CF7F71B56CF9CCF46536AFFE3E26 ] C:\WINDOWS\system32\mshtml.dll
21:20:37.0171 2896  C:\WINDOWS\system32\mshtml.dll - ok
21:20:37.0171 2896  [ 58B61578D5704E9FC8B8A9861A85069D ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
21:20:37.0171 2896  C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
21:20:37.0187 2896  [ C3C8D359D1FCB72941F75F8A302BFBDE ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
21:20:37.0187 2896  C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
21:20:37.0187 2896  [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
21:20:37.0187 2896  C:\WINDOWS\system32\msls31.dll - ok
21:20:37.0203 2896  [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
21:20:37.0203 2896  C:\WINDOWS\system32\msxml6.dll - ok
21:20:37.0203 2896  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
21:20:37.0203 2896  C:\WINDOWS\system32\drprov.dll - ok
21:20:37.0203 2896  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
21:20:37.0203 2896  C:\WINDOWS\system32\ntlanman.dll - ok
21:20:37.0218 2896  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
21:20:37.0218 2896  C:\WINDOWS\system32\netui0.dll - ok
21:20:37.0218 2896  [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\msimtf.dll
21:20:37.0218 2896  C:\WINDOWS\system32\msimtf.dll - ok
21:20:37.0234 2896  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
21:20:37.0234 2896  C:\WINDOWS\system32\netui1.dll - ok
21:20:37.0234 2896  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
21:20:37.0234 2896  C:\WINDOWS\system32\davclnt.dll - ok
21:20:37.0234 2896  [ 0689622E6484934EB6E5F4D3A96311F9 ] C:\WINDOWS\system32\jscript.dll
21:20:37.0234 2896  C:\WINDOWS\system32\jscript.dll - ok
21:20:37.0250 2896  [ 2CECA14213ACC1813440B74A99A7F542 ] C:\Program Files\Common Files\Motive\pcLogX.dll
21:20:37.0250 2896  C:\Program Files\Common Files\Motive\pcLogX.dll - ok
21:20:37.0250 2896  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
21:20:37.0250 2896  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
21:20:37.0265 2896  [ A04ACB0A18ED65ED4E601E49B76EDD9A ] C:\Program Files\Common Files\Motive\ICSWirelessManagerApp.dll
21:20:37.0265 2896  C:\Program Files\Common Files\Motive\ICSWirelessManagerApp.dll - ok
21:20:37.0265 2896  [ EFDF63694CA7879157F1E6C6A0D3BBC9 ] C:\Program Files\Common Files\Motive\pcSMX.dll
21:20:37.0265 2896  C:\Program Files\Common Files\Motive\pcSMX.dll - ok
21:20:37.0281 2896  [ 4FB995DCF985D3AA07CD3B9862738566 ] C:\Program Files\Common Files\Motive\pcUtilsX.dll
21:20:37.0281 2896  C:\Program Files\Common Files\Motive\pcUtilsX.dll - ok
21:20:37.0281 2896  [ 4599494DCACBFB7D74E4CED3CDD0D342 ] C:\Program Files\Common Files\Motive\pcSysNetX.dll
21:20:37.0281 2896  C:\Program Files\Common Files\Motive\pcSysNetX.dll - ok
21:20:37.0281 2896  [ 42B928FC8518D793BF7A5EAFC57B1D8B ] C:\WINDOWS\system32\imgutil.dll
21:20:37.0281 2896  C:\WINDOWS\system32\imgutil.dll - ok
21:20:37.0296 2896  [ E5FA1B044DAC5F6F600A1742D73F6936 ] C:\WINDOWS\system32\pngfilt.dll
21:20:37.0296 2896  C:\WINDOWS\system32\pngfilt.dll - ok
21:20:37.0296 2896  [ A234CEC0C09E8FA71E45141E53073710 ] C:\Program Files\Common Files\Motive\MREW32N55_550-1804-3.dll
21:20:37.0296 2896  C:\Program Files\Common Files\Motive\MREW32N55_550-1804-3.dll - ok
21:20:37.0312 2896  [ F761EBB1848F8D631EE44B7496D32436 ] C:\Program Files\Common Files\Motive\pcSysX.dll
21:20:37.0312 2896  C:\Program Files\Common Files\Motive\pcSysX.dll - ok
21:20:37.0312 2896  [ 084C82966315B94E7A19E6ED8C56DFDB ] C:\Program Files\Common Files\Motive\pcWirelessClientAppX.dll
21:20:37.0312 2896  C:\Program Files\Common Files\Motive\pcWirelessClientAppX.dll - ok
21:20:37.0328 2896  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] C:\PROGRA~1\COMMON~1\Motive\MRESP50.sys
21:20:37.0328 2896  C:\PROGRA~1\COMMON~1\Motive\MRESP50.sys - ok
21:20:37.0328 2896  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
21:20:37.0328 2896  C:\WINDOWS\system32\security.dll - ok
21:20:37.0328 2896  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
21:20:37.0328 2896  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
21:20:37.0343 2896  ============================================================
21:20:37.0343 2896  Scan finished
21:20:37.0343 2896  ============================================================
21:20:37.0453 2888  Detected object count: 8
21:20:37.0453 2888  Actual detected object count: 8
21:27:05.0312 2888  C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
21:27:09.0578 2888  Backup copy found, using it..
21:27:10.0078 2888  C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
21:27:10.0078 2888  ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
21:27:10.0078 2888  adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:10.0093 2888  adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:27:10.0093 2888  BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:10.0093 2888  BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:27:10.0093 2888  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:10.0093 2888  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:27:10.0093 2888  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:10.0093 2888  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:27:10.0125 2888  pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:10.0125 2888  pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:27:10.0125 2888  SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:10.0125 2888  SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:27:10.0125 2888  Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:10.0125 2888  Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:37.0109 0436  Deinitialize success
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users