bleetham Posted September 19, 2012 ID:598973 Share Posted September 19, 2012 After running the Barracuda Malware scan (produced by Malwarebytes) the log shows that there is a file infected with the rootkit.0access. I did not attempt to clean the file. I also ran the trial version of Malwarebytes on the same system and it showed that the system was clean, no issue.I want to make sure that the system is clean, so I've followed the instructions, ran the DDS software and have attached the two text files.Let me know what you see.Thanks!dds.txtattach.txt Link to post Share on other sites More sharing options...
Maniac Posted September 19, 2012 ID:599015 Share Posted September 19, 2012 Hello bleetham and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.BACKDOOR WARNINGOne or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:Help: I Got Hacked. Now What Do I Do?Help: I Got Hacked. Now What Do I Do? Part IIHow Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.Step 1Please download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Put a checkmark beside loaded modules.A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK.Click the Start Scan button.The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Step 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 3Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply In your next reply, post the following log files:TDSSKiller logMalwarebytes' Anti-Malware logaswMBR loga new fresh DDS log Link to post Share on other sites More sharing options...
bleetham Posted September 21, 2012 Author ID:599733 Share Posted September 21, 2012 I tried to copy and paste the log files you requested, but it says the post is now too long. I've attached the logs in a text file. Hopefully this works for you.Thanks,BrianLog files for malwarebytes forum.txt Link to post Share on other sites More sharing options...
Maniac Posted September 22, 2012 ID:599847 Share Posted September 22, 2012 In this case, just post it in several posts.Note: Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look herePlease visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please post the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
bleetham Posted September 24, 2012 Author ID:600801 Share Posted September 24, 2012 I'm will paste the log files over several posts.TDSSKiller:13:25:12.0566 2304 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:2413:25:13.0122 2304 ============================================================13:25:13.0122 2304 Current date / time: 2012/09/21 13:25:13.012213:25:13.0122 2304 SystemInfo:13:25:13.0122 230413:25:13.0122 2304 OS Version: 5.1.2600 ServicePack: 3.013:25:13.0122 2304 Product type: Workstation13:25:13.0122 2304 ComputerName: HHLAW3413:25:13.0138 2304 UserName: bj13:25:13.0138 2304 Windows directory: C:\WINDOWS13:25:13.0138 2304 System windows directory: C:\WINDOWS13:25:13.0138 2304 Processor architecture: Intel x8613:25:13.0138 2304 Number of processors: 113:25:13.0138 2304 Page size: 0x100013:25:13.0138 2304 Boot type: Normal boot13:25:13.0138 2304 ============================================================13:25:13.0554 2304 BG loaded13:25:14.0064 2304 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005813:25:14.0095 2304 ============================================================13:25:14.0095 2304 \Device\Harddisk0\DR0:13:25:14.0095 2304 MBR partitions:13:25:14.0095 2304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC113:25:14.0095 2304 ============================================================13:25:14.0172 2304 C: <-> \Device\Harddisk0\DR0\Partition113:25:14.0172 2304 ============================================================13:25:14.0172 2304 Initialize success13:25:14.0172 2304 ============================================================13:25:21.0383 2064 ============================================================13:25:21.0383 2064 Scan started13:25:21.0383 2064 Mode: Manual; SigCheck; TDLFS;13:25:21.0383 2064 ============================================================13:25:22.0927 2064 ================ Scan system memory ========================13:25:24.0872 2064 System memory - ok13:25:24.0888 2064 ================ Scan services =============================13:25:25.0567 2064 Abiosdsk - ok13:25:25.0583 2064 abp480n5 - ok13:25:25.0629 2064 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys13:25:34.0199 2064 ACPI - ok13:25:34.0276 2064 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys13:25:35.0218 2064 ACPIEC - ok13:25:35.0388 2064 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe13:25:35.0573 2064 AdobeFlashPlayerUpdateSvc - ok13:25:35.0573 2064 adpu160m - ok13:25:35.0635 2064 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys13:25:35.0835 2064 aec - ok13:25:35.0928 2064 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys13:25:36.0082 2064 AFD - ok13:25:36.0098 2064 Aha154x - ok13:25:36.0098 2064 aic78u2 - ok13:25:36.0113 2064 aic78xx - ok13:25:36.0160 2064 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll13:25:36.0329 2064 Alerter - ok13:25:36.0345 2064 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe13:25:36.0407 2064 ALG - ok13:25:36.0422 2064 AliIde - ok13:25:36.0422 2064 amsint - ok13:25:36.0515 2064 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll13:25:36.0685 2064 AppMgmt - ok13:25:36.0685 2064 asc - ok13:25:36.0700 2064 asc3350p - ok13:25:36.0716 2064 asc3550 - ok13:25:36.0870 2064 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe13:25:37.0009 2064 aspnet_state - ok13:25:37.0071 2064 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys13:25:37.0488 2064 AsyncMac - ok13:25:37.0549 2064 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys13:25:38.0028 2064 atapi - ok13:25:38.0028 2064 Atdisk - ok13:25:38.0105 2064 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys13:25:38.0352 2064 Atmarpc - ok13:25:38.0399 2064 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll13:25:38.0785 2064 AudioSrv - ok13:25:38.0846 2064 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys13:25:39.0124 2064 audstub - ok13:25:39.0248 2064 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys13:25:39.0603 2064 Beep - ok13:25:39.0665 2064 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll13:25:40.0221 2064 BITS - ok13:25:40.0298 2064 [ F880EF77CE8D3F9962896623F23F514D ] BMRTSwissArmy C:\WINDOWS\system32\drivers\bmrtswissarmy.sys13:25:40.0344 2064 BMRTSwissArmy - ok13:25:40.0390 2064 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll13:25:40.0576 2064 Browser - ok13:25:40.0715 2064 catchme - ok13:25:40.0746 2064 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys13:25:41.0023 2064 cbidf2k - ok13:25:41.0039 2064 cd20xrnt - ok13:25:41.0116 2064 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys13:25:41.0379 2064 Cdaudio - ok13:25:41.0409 2064 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys13:25:41.0749 2064 Cdfs - ok13:25:41.0795 2064 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys13:25:42.0012 2064 Cdrom - ok13:25:42.0012 2064 Changer - ok13:25:42.0073 2064 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe13:25:42.0274 2064 CiSvc - ok13:25:42.0290 2064 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe13:25:42.0475 2064 ClipSrv - ok13:25:42.0521 2064 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe13:25:42.0799 2064 clr_optimization_v2.0.50727_32 - ok13:25:42.0815 2064 CmdIde - ok13:25:42.0845 2064 COMSysApp - ok13:25:42.0861 2064 Cpqarray - ok13:25:42.0938 2064 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll13:25:43.0231 2064 CryptSvc - ok13:25:43.0247 2064 dac2w2k - ok13:25:43.0247 2064 dac960nt - ok13:25:43.0355 2064 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll13:25:43.0633 2064 DcomLaunch - ok13:25:43.0741 2064 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll13:25:43.0957 2064 Dhcp - ok13:25:44.0019 2064 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys13:25:44.0405 2064 Disk - ok13:25:44.0420 2064 dmadmin - ok13:25:44.0498 2064 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys13:25:45.0038 2064 dmboot - ok13:25:45.0100 2064 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys13:25:45.0440 2064 dmio - ok13:25:45.0517 2064 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys13:25:45.0826 2064 dmload - ok13:25:45.0872 2064 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll13:25:46.0273 2064 dmserver - ok13:25:46.0335 2064 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys13:25:46.0659 2064 DMusic - ok13:25:46.0690 2064 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll13:25:46.0922 2064 Dnscache - ok13:25:46.0984 2064 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll13:25:47.0262 2064 Dot3svc - ok13:25:47.0277 2064 dpti2o - ok13:25:47.0370 2064 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys13:25:47.0648 2064 drmkaud - ok13:25:47.0709 2064 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll13:25:47.0956 2064 EapHost - ok13:25:48.0003 2064 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll13:25:48.0142 2064 ERSvc - ok13:25:48.0188 2064 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe13:25:48.0327 2064 Eventlog - ok13:25:48.0435 2064 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll13:25:49.0084 2064 EventSystem - ok13:25:49.0114 2064 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys13:25:49.0454 2064 Fastfat - ok13:25:49.0500 2064 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll13:25:49.0763 2064 FastUserSwitchingCompatibility - ok13:25:49.0809 2064 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys13:25:50.0149 2064 Fdc - ok13:25:50.0211 2064 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys13:25:50.0581 2064 Fips - ok13:25:50.0612 2064 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys13:25:50.0813 2064 Flpydisk - ok13:25:50.0859 2064 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys13:25:50.0998 2064 FltMgr - ok13:25:51.0060 2064 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe13:25:51.0091 2064 FontCache3.0.0.0 - ok13:25:51.0122 2064 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys13:25:51.0430 2064 Fs_Rec - ok13:25:51.0446 2064 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys13:25:51.0755 2064 Ftdisk - ok13:25:51.0817 2064 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys13:25:52.0141 2064 Gpc - ok13:25:52.0280 2064 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys13:25:52.0558 2064 HDAudBus - ok13:25:52.0635 2064 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll13:25:52.0866 2064 helpsvc - ok13:25:52.0882 2064 HidServ - ok13:25:52.0944 2064 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys13:25:53.0206 2064 HidUsb - ok13:25:53.0252 2064 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll13:25:53.0546 2064 hkmsvc - ok13:25:53.0592 2064 [ 299683D4C8AAA3F6F5D5D226A1782A6E ] HPFXBULK C:\WINDOWS\system32\drivers\hpfxbulk.sys13:25:53.0716 2064 HPFXBULK - ok13:25:53.0716 2064 hpn - ok13:25:53.0777 2064 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys13:25:54.0133 2064 HTTP - ok13:25:54.0179 2064 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll13:25:54.0550 2064 HTTPFilter - ok13:25:54.0550 2064 i2omgmt - ok13:25:54.0565 2064 i2omp - ok13:25:54.0642 2064 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys13:25:54.0982 2064 i8042prt - ok13:25:55.0044 2064 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe13:25:55.0275 2064 idsvc - ok13:25:55.0306 2064 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys13:25:55.0769 2064 Imapi - ok13:25:55.0800 2064 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe13:25:56.0155 2064 ImapiService - ok13:25:56.0171 2064 ini910u - ok13:25:56.0402 2064 [ FB4293B1EAB313C28D4A1B8DB61ACA72 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys13:25:57.0205 2064 IntcAzAudAddService - ok13:25:57.0205 2064 IntelIde - ok13:25:57.0252 2064 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys13:25:57.0499 2064 Ip6Fw - ok13:25:57.0560 2064 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys13:25:57.0792 2064 IpFilterDriver - ok13:25:57.0808 2064 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys13:25:58.0024 2064 IpInIp - ok13:25:58.0055 2064 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys13:25:58.0302 2064 IpNat - ok13:25:58.0332 2064 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys13:25:58.0564 2064 IPSec - ok13:25:58.0610 2064 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys13:25:58.0780 2064 IRENUM - ok13:25:58.0796 2064 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys13:25:59.0058 2064 isapnp - ok13:25:59.0213 2064 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe13:25:59.0243 2064 JavaQuickStarterService - ok13:25:59.0274 2064 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys13:25:59.0599 2064 Kbdclass - ok13:25:59.0614 2064 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys13:25:59.0799 2064 kmixer - ok13:25:59.0846 2064 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys13:26:00.0170 2064 KSecDD - ok13:26:00.0201 2064 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll13:26:00.0371 2064 LanmanServer - ok13:26:00.0448 2064 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll13:26:00.0649 2064 lanmanworkstation - ok13:26:00.0649 2064 lbrtfdc - ok13:26:00.0695 2064 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll13:26:01.0158 2064 LmHosts - ok13:26:01.0174 2064 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys13:26:01.0189 2064 MBAMProtector - ok13:26:01.0251 2064 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe13:26:01.0374 2064 MBAMScheduler - ok13:26:01.0421 2064 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe13:26:01.0637 2064 MBAMService - ok13:26:01.0652 2064 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll13:26:02.0038 2064 Messenger - ok13:26:02.0131 2064 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys13:26:02.0332 2064 mnmdd - ok13:26:02.0378 2064 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe13:26:02.0779 2064 mnmsrvc - ok13:26:02.0810 2064 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys13:26:03.0088 2064 Modem - ok13:26:03.0104 2064 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys13:26:03.0428 2064 Mouclass - ok13:26:03.0474 2064 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys13:26:03.0675 2064 mouhid - ok13:26:03.0706 2064 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys13:26:04.0061 2064 MountMgr - ok13:26:04.0061 2064 mraid35x - ok13:26:04.0076 2064 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys13:26:04.0308 2064 MRxDAV - ok13:26:04.0370 2064 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys13:26:04.0571 2064 MRxSmb - ok13:26:04.0617 2064 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe13:26:04.0787 2064 MSDTC - ok13:26:04.0818 2064 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys13:26:05.0296 2064 Msfs - ok13:26:05.0296 2064 MSIServer - ok13:26:05.0327 2064 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys13:26:05.0620 2064 MSKSSRV - ok13:26:05.0636 2064 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys13:26:06.0084 2064 MSPCLOCK - ok13:26:06.0161 2064 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys13:26:06.0501 2064 MSPQM - ok13:26:06.0609 2064 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys13:26:06.0979 2064 mssmbios - ok13:26:07.0041 2064 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys13:26:07.0412 2064 MTsensor - ok13:26:07.0458 2064 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys13:26:07.0720 2064 Mup - ok13:26:07.0767 2064 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll13:26:08.0076 2064 napagent - ok13:26:08.0137 2064 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys13:26:08.0446 2064 NDIS - ok13:26:08.0477 2064 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys13:26:08.0631 2064 NdisTapi - ok13:26:08.0678 2064 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys13:26:08.0940 2064 Ndisuio - ok13:26:08.0956 2064 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys13:26:09.0234 2064 NdisWan - ok13:26:09.0280 2064 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys13:26:09.0434 2064 NDProxy - ok13:26:09.0481 2064 [ 949941E4DE88DF1FAF49A4B3CFFB756F ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll13:26:09.0604 2064 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning13:26:09.0604 2064 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)13:26:09.0651 2064 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys13:26:09.0867 2064 NetBIOS - ok13:26:09.0867 2064 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys13:26:10.0021 2064 NetBT - ok13:26:10.0098 2064 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe13:26:10.0500 2064 NetDDE - ok13:26:10.0562 2064 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe13:26:10.0855 2064 NetDDEdsdm - ok13:26:10.0901 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe13:26:11.0287 2064 Netlogon - ok13:26:11.0395 2064 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll13:26:11.0611 2064 Netman - ok13:26:11.0689 2064 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe13:26:11.0781 2064 NetTcpPortSharing - ok13:26:11.0812 2064 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll13:26:12.0044 2064 Nla - ok13:26:12.0059 2064 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys13:26:12.0353 2064 Npfs - ok13:26:12.0414 2064 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys13:26:13.0001 2064 Ntfs - ok13:26:13.0017 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe13:26:13.0341 2064 NtLmSsp - ok13:26:13.0387 2064 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll13:26:13.0634 2064 NtmsSvc - ok13:26:13.0650 2064 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys13:26:13.0928 2064 Null - ok13:26:14.0206 2064 [ B095950698ABE343F67098D76810F09E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys13:26:14.0700 2064 nv ( UnsignedFile.Multi.Generic ) - warning13:26:14.0700 2064 nv - detected UnsignedFile.Multi.Generic (1)13:26:14.0746 2064 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys13:26:14.0900 2064 NVENETFD - ok13:26:14.0978 2064 [ EA98BFE4931BD13D747D647C1859796E ] nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys13:26:15.0024 2064 nvgts - ok13:26:15.0070 2064 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys13:26:15.0194 2064 nvnetbus - ok13:26:15.0194 2064 [ E3B98399DA15200060989FA156A5BD1B ] NVSvc C:\WINDOWS\system32\nvsvc32.exe13:26:15.0271 2064 NVSvc ( UnsignedFile.Multi.Generic ) - warning13:26:15.0271 2064 NVSvc - detected UnsignedFile.Multi.Generic (1)13:26:15.0317 2064 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys13:26:15.0456 2064 NwlnkFlt - ok13:26:15.0472 2064 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys13:26:15.0672 2064 NwlnkFwd - ok13:26:15.0811 2064 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE13:26:15.0981 2064 odserv - ok13:26:16.0043 2064 [ 99BF0B1BCADF83102CBBBEA4D0D22732 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE13:26:16.0058 2064 ose - ok13:26:16.0136 2064 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys13:26:16.0429 2064 Parport - ok13:26:16.0444 2064 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys13:26:16.0939 2064 PartMgr - ok13:26:17.0000 2064 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys13:26:17.0216 2064 ParVdm - ok13:26:17.0216 2064 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys13:26:17.0433 2064 PCI - ok13:26:17.0433 2064 PCIDump - ok13:26:17.0510 2064 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys13:26:17.0927 2064 PCIIde - ok13:26:17.0958 2064 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys13:26:18.0158 2064 Pcmcia - ok13:26:18.0174 2064 PDCOMP - ok13:26:18.0220 2064 PDFRAME - ok13:26:18.0236 2064 PDRELI - ok13:26:18.0236 2064 PDRFRAME - ok13:26:18.0251 2064 perc2 - ok13:26:18.0313 2064 perc2hib - ok13:26:18.0390 2064 [ 6B30C1F0E0A2697EAA65D73DCB5953DA ] PGPdisk C:\WINDOWS\system32\drivers\PGPdisk.sys13:26:18.0560 2064 PGPdisk - ok13:26:18.0622 2064 [ 5139FFEFBA327D6ECCD4881E580B66E3 ] pgpfs C:\WINDOWS\system32\Drivers\PGPfsfd.sys13:26:18.0745 2064 pgpfs - ok13:26:18.0761 2064 [ EB80381012EC1BCA1E79859FA74FFEC5 ] PGPsdkDriver C:\WINDOWS\system32\Drivers\PGPsdk.sys13:26:18.0853 2064 PGPsdkDriver - ok13:26:18.0946 2064 [ E83445F19C6BA358107CB8881AB006FA ] PGPserv C:\WINDOWS\system32\PGPserv.exe13:26:18.0961 2064 PGPserv - ok13:26:19.0023 2064 [ BC33D9FBFE525AB9087795C367DEBF53 ] PGPwded C:\WINDOWS\system32\drivers\PGPwded.sys13:26:19.0224 2064 PGPwded - ok13:26:19.0286 2064 [ BDAF4BA02A1775D21CB050810864D0AE ] Pgpwdefs C:\WINDOWS\system32\DRIVERS\Pgpwdefs.sys13:26:19.0424 2064 Pgpwdefs - ok13:26:19.0424 2064 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe13:26:19.0641 2064 PlugPlay - ok13:26:19.0656 2064 [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll13:26:19.0810 2064 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning13:26:19.0810 2064 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)13:26:19.0826 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe13:26:20.0104 2064 PolicyAgent - ok13:26:20.0135 2064 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys13:26:20.0382 2064 PptpMiniport - ok13:26:20.0413 2064 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys13:26:20.0675 2064 Processor - ok13:26:20.0691 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe13:26:20.0999 2064 ProtectedStorage - ok13:26:21.0046 2064 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys13:26:21.0277 2064 PSched - ok13:26:21.0293 2064 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys13:26:21.0432 2064 Ptilink - ok13:26:21.0447 2064 ql1080 - ok13:26:21.0463 2064 Ql10wnt - ok13:26:21.0463 2064 ql12160 - ok13:26:21.0478 2064 ql1240 - ok13:26:21.0494 2064 ql1280 - ok13:26:21.0509 2064 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys13:26:21.0633 2064 RasAcd - ok13:26:21.0663 2064 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll13:26:21.0802 2064 RasAuto - ok13:26:21.0833 2064 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys13:26:21.0957 2064 Rasl2tp - ok13:26:21.0972 2064 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll13:26:22.0173 2064 RasMan - ok13:26:22.0173 2064 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys13:26:22.0327 2064 RasPppoe - ok13:26:22.0343 2064 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys13:26:22.0482 2064 Raspti - ok13:26:22.0513 2064 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys13:26:22.0682 2064 Rdbss - ok13:26:22.0698 2064 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys13:26:22.0837 2064 RDPCDD - ok13:26:22.0883 2064 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys13:26:23.0022 2064 rdpdr - ok13:26:23.0084 2064 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys13:26:23.0346 2064 RDPWD - ok13:26:23.0362 2064 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe13:26:23.0810 2064 RDSessMgr - ok13:26:23.0871 2064 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys13:26:24.0273 2064 redbook - ok13:26:24.0319 2064 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll13:26:24.0520 2064 RemoteAccess - ok13:26:24.0582 2064 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll13:26:25.0060 2064 RemoteRegistry - ok13:26:25.0091 2064 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe13:26:25.0292 2064 RpcLocator - ok13:26:25.0323 2064 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll13:26:25.0616 2064 RpcSs - ok13:26:25.0724 2064 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe13:26:26.0033 2064 RSVP - ok13:26:26.0064 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe13:26:26.0419 2064 SamSs - ok13:26:26.0450 2064 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe13:26:26.0774 2064 SCardSvr - ok13:26:26.0851 2064 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll13:26:27.0114 2064 Schedule - ok13:26:27.0129 2064 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys13:26:27.0299 2064 Secdrv - ok13:26:27.0361 2064 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll13:26:27.0608 2064 seclogon - ok13:26:27.0623 2064 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll13:26:27.0917 2064 SENS - ok13:26:27.0948 2064 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys13:26:28.0241 2064 serenum - ok13:26:28.0257 2064 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys13:26:28.0504 2064 Serial - ok13:26:28.0565 2064 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys13:26:28.0735 2064 Sfloppy - ok13:26:28.0751 2064 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll13:26:28.0921 2064 SharedAccess - ok13:26:28.0936 2064 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll13:26:28.0967 2064 ShellHWDetection - ok13:26:28.0967 2064 Simbad - ok13:26:28.0982 2064 Sparrow - ok13:26:29.0029 2064 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys13:26:29.0214 2064 splitter - ok13:26:29.0291 2064 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe13:26:29.0507 2064 Spooler - ok13:26:29.0554 2064 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys13:26:29.0615 2064 sr - ok13:26:29.0631 2064 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll13:26:29.0693 2064 srservice - ok13:26:29.0754 2064 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys13:26:29.0847 2064 Srv - ok13:26:29.0909 2064 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll13:26:29.0955 2064 SSDPSRV - ok13:26:30.0048 2064 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll13:26:30.0202 2064 stisvc - ok13:26:30.0202 2064 STLH - ok13:26:30.0233 2064 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys13:26:30.0387 2064 swenum - ok13:26:30.0403 2064 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys13:26:30.0542 2064 swmidi - ok13:26:30.0557 2064 SwPrv - ok13:26:30.0573 2064 symc810 - ok13:26:30.0588 2064 symc8xx - ok13:26:30.0588 2064 sym_hi - ok13:26:30.0604 2064 sym_u3 - ok13:26:30.0619 2064 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys13:26:30.0758 2064 sysaudio - ok13:26:30.0804 2064 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe13:26:30.0959 2064 SysmonLog - ok13:26:31.0005 2064 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll13:26:31.0159 2064 TapiSrv - ok13:26:31.0190 2064 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys13:26:31.0252 2064 Tcpip - ok13:26:31.0298 2064 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys13:26:31.0468 2064 TDPIPE - ok13:26:31.0499 2064 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys13:26:31.0638 2064 TDTCP - ok13:26:31.0654 2064 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys13:26:31.0808 2064 TermDD - ok13:26:31.0854 2064 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll13:26:31.0978 2064 TermService - ok13:26:31.0993 2064 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll13:26:32.0009 2064 Themes - ok13:26:32.0055 2064 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe13:26:32.0117 2064 TlntSvr - ok13:26:32.0132 2064 TosIde - ok13:26:32.0179 2064 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll13:26:32.0364 2064 TrkWks - ok13:26:32.0426 2064 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys13:26:32.0595 2064 Udfs - ok13:26:32.0611 2064 ultra - ok13:26:32.0642 2064 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys13:26:32.0812 2064 Update - ok13:26:32.0842 2064 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll13:26:32.0920 2064 upnphost - ok13:26:32.0935 2064 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe13:26:33.0090 2064 UPS - ok13:26:33.0136 2064 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys13:26:33.0259 2064 usbccgp - ok13:26:33.0290 2064 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys13:26:33.0414 2064 usbehci - ok13:26:33.0429 2064 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys13:26:33.0553 2064 usbhub - ok13:26:33.0568 2064 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys13:26:33.0692 2064 usbohci - ok13:26:33.0738 2064 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys13:26:33.0877 2064 usbprint - ok13:26:33.0923 2064 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys13:26:34.0031 2064 usbscan - ok13:26:34.0078 2064 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS13:26:34.0201 2064 USBSTOR - ok13:26:34.0201 2064 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys13:26:34.0325 2064 VgaSave - ok13:26:34.0340 2064 ViaIde - ok13:26:34.0356 2064 [ B67632451F760797BB183E1FB99F4B39 ] vnccom C:\WINDOWS\system32\Drivers\vnccom.SYS13:26:34.0387 2064 vnccom ( UnsignedFile.Multi.Generic ) - warning13:26:34.0387 2064 vnccom - detected UnsignedFile.Multi.Generic (1)13:26:34.0417 2064 [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv C:\WINDOWS\system32\DRIVERS\vncdrv.sys13:26:34.0433 2064 vncdrv ( UnsignedFile.Multi.Generic ) - warning13:26:34.0433 2064 vncdrv - detected UnsignedFile.Multi.Generic (1)13:26:34.0448 2064 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys13:26:34.0618 2064 VolSnap - ok13:26:34.0618 2064 vsdatant - ok13:26:34.0664 2064 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe13:26:34.0726 2064 VSS - ok13:26:34.0788 2064 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll13:26:34.0896 2064 W32Time - ok13:26:34.0912 2064 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys13:26:35.0050 2064 Wanarp - ok13:26:35.0050 2064 WDICA - ok13:26:35.0081 2064 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys13:26:35.0189 2064 wdmaud - ok13:26:35.0205 2064 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll13:26:35.0359 2064 WebClient - ok13:26:35.0436 2064 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll13:26:35.0560 2064 winmgmt - ok13:26:35.0622 2064 [ 913FF5A608DE6A2AB320EB919092049A ] winvnc C:\Program Files\UltraVNC\WinVNC.exe13:26:35.0637 2064 winvnc ( UnsignedFile.Multi.Generic ) - warning13:26:35.0637 2064 winvnc - detected UnsignedFile.Multi.Generic (1)13:26:35.0730 2064 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE13:26:35.0807 2064 wlidsvc - ok13:26:35.0853 2064 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll13:26:35.0977 2064 WmdmPmSN - ok13:26:36.0023 2064 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll13:26:36.0070 2064 Wmi - ok13:26:36.0131 2064 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe13:26:36.0239 2064 WmiApSrv - ok13:26:36.0301 2064 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys13:26:36.0440 2064 WS2IFSL - ok13:26:36.0486 2064 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll13:26:36.0625 2064 wscsvc - ok13:26:36.0625 2064 WSearch - ok13:26:36.0672 2064 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll13:26:36.0795 2064 wuauserv - ok13:26:36.0826 2064 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll13:26:36.0996 2064 WZCSVC - ok13:26:37.0027 2064 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll13:26:37.0166 2064 xmlprov - ok13:26:37.0166 2064 ================ Scan global ===============================13:26:37.0212 2064 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll13:26:37.0258 2064 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll13:26:37.0305 2064 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll13:26:37.0351 2064 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe13:26:37.0367 2064 [Global] - ok13:26:37.0367 2064 ================ Scan MBR ==================================13:26:37.0382 2064 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR013:26:37.0645 2064 \Device\Harddisk0\DR0 - ok13:26:37.0645 2064 ================ Scan VBR ==================================13:26:37.0645 2064 [ DE1F9A895D233B6B59C3F114CE38BB55 ] \Device\Harddisk0\DR0\Partition113:26:37.0645 2064 \Device\Harddisk0\DR0\Partition1 - ok13:26:37.0645 2064 ================ Scan active images ========================13:26:37.0660 2064 [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys13:26:37.0660 2064 C:\WINDOWS\system32\drivers\processr.sys - ok13:26:37.0660 2064 [ D48659BB24C48345D926ECB45C1EBDF5 ] C:\WINDOWS\system32\drivers\ASACPI.sys13:26:37.0660 2064 C:\WINDOWS\system32\drivers\ASACPI.sys - ok13:26:37.0660 2064 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys13:26:37.0660 2064 C:\WINDOWS\system32\drivers\i8042prt.sys - ok13:26:37.0675 2064 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys13:26:37.0675 2064 C:\WINDOWS\system32\drivers\kbdclass.sys - ok13:26:37.0675 2064 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys13:26:37.0675 2064 C:\WINDOWS\system32\drivers\mouclass.sys - ok13:26:37.0691 2064 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys13:26:37.0691 2064 C:\WINDOWS\system32\drivers\serial.sys - ok13:26:37.0691 2064 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys13:26:37.0691 2064 C:\WINDOWS\system32\drivers\serenum.sys - ok13:26:37.0706 2064 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys13:26:37.0706 2064 C:\WINDOWS\system32\drivers\usbport.sys - ok13:26:37.0706 2064 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys13:26:37.0706 2064 C:\WINDOWS\system32\drivers\usbohci.sys - ok13:26:37.0706 2064 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys13:26:37.0706 2064 C:\WINDOWS\system32\drivers\usbehci.sys - ok13:26:37.0722 2064 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys13:26:37.0722 2064 C:\WINDOWS\system32\drivers\cdrom.sys - ok13:26:37.0722 2064 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys13:26:37.0722 2064 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok13:26:37.0737 2064 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys13:26:37.0737 2064 C:\WINDOWS\system32\drivers\ks.sys - ok13:26:37.0737 2064 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys13:26:37.0737 2064 C:\WINDOWS\system32\drivers\redbook.sys - ok13:26:37.0753 2064 [ C5A2952901DC5E1CC33014E809296D30 ] C:\WINDOWS\system32\drivers\nvnrm.sys13:26:37.0753 2064 C:\WINDOWS\system32\drivers\nvnrm.sys - ok13:26:37.0753 2064 [ B64AACEFAD2BE5BFF5353FE681253C67 ] C:\WINDOWS\system32\drivers\nvnetbus.sys13:26:37.0753 2064 C:\WINDOWS\system32\drivers\nvnetbus.sys - ok13:26:37.0768 2064 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys13:26:37.0768 2064 C:\WINDOWS\system32\drivers\videoprt.sys - ok13:26:37.0768 2064 [ B095950698ABE343F67098D76810F09E ] C:\WINDOWS\system32\drivers\nv4_mini.sys13:26:37.0768 2064 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok13:26:37.0783 2064 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys13:26:37.0783 2064 C:\WINDOWS\system32\drivers\audstub.sys - ok13:26:37.0783 2064 [ 4EC979B157D1AA075330362ACB5424E5 ] C:\WINDOWS\system32\drivers\vncdrv.sys13:26:37.0783 2064 C:\WINDOWS\system32\drivers\vncdrv.sys - ok13:26:37.0783 2064 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys13:26:37.0783 2064 C:\WINDOWS\system32\drivers\ndistapi.sys - ok13:26:37.0799 2064 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys13:26:37.0799 2064 C:\WINDOWS\system32\drivers\ndiswan.sys - ok13:26:37.0799 2064 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys13:26:37.0799 2064 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok13:26:37.0814 2064 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys13:26:37.0814 2064 C:\WINDOWS\system32\drivers\raspppoe.sys - ok13:26:37.0814 2064 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys13:26:37.0814 2064 C:\WINDOWS\system32\drivers\tdi.sys - ok13:26:37.0830 2064 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys13:26:37.0830 2064 C:\WINDOWS\system32\drivers\msgpc.sys - ok13:26:37.0830 2064 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys13:26:37.0830 2064 C:\WINDOWS\system32\drivers\psched.sys - ok13:26:37.0830 2064 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys13:26:37.0830 2064 C:\WINDOWS\system32\drivers\raspptp.sys - ok13:26:37.0845 2064 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys13:26:37.0845 2064 C:\WINDOWS\system32\drivers\ptilink.sys - ok13:26:37.0845 2064 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys13:26:37.0845 2064 C:\WINDOWS\system32\drivers\raspti.sys - ok13:26:37.0861 2064 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys13:26:37.0861 2064 C:\WINDOWS\system32\drivers\rdpdr.sys - ok13:26:37.0861 2064 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys13:26:37.0861 2064 C:\WINDOWS\system32\drivers\swenum.sys - ok Link to post Share on other sites More sharing options...
bleetham Posted September 24, 2012 Author ID:600802 Share Posted September 24, 2012 TDSSKiller continued:13:26:37.0876 2064 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys13:26:37.0876 2064 C:\WINDOWS\system32\drivers\termdd.sys - ok13:26:37.0876 2064 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys13:26:37.0876 2064 C:\WINDOWS\system32\drivers\update.sys - ok13:26:37.0892 2064 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys13:26:37.0892 2064 C:\WINDOWS\system32\drivers\mssmbios.sys - ok13:26:37.0892 2064 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys13:26:37.0892 2064 C:\WINDOWS\system32\drivers\ndproxy.sys - ok13:26:37.0892 2064 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys13:26:37.0892 2064 C:\WINDOWS\system32\drivers\usbd.sys - ok13:26:37.0907 2064 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys13:26:37.0907 2064 C:\WINDOWS\system32\drivers\usbhub.sys - ok13:26:37.0907 2064 [ 7D275ECDA4628318912F6C945D5CF963 ] C:\WINDOWS\system32\drivers\NVENETFD.sys13:26:37.0907 2064 C:\WINDOWS\system32\drivers\NVENETFD.sys - ok13:26:37.0922 2064 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys13:26:37.0922 2064 C:\WINDOWS\system32\drivers\drmk.sys - ok13:26:37.0922 2064 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys13:26:37.0922 2064 C:\WINDOWS\system32\drivers\portcls.sys - ok13:26:37.0938 2064 [ FB4293B1EAB313C28D4A1B8DB61ACA72 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys13:26:37.0938 2064 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok13:26:37.0938 2064 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys13:26:37.0938 2064 C:\WINDOWS\system32\drivers\fdc.sys - ok13:26:37.0938 2064 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys13:26:37.0938 2064 C:\WINDOWS\system32\drivers\beep.sys - ok13:26:37.0953 2064 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys13:26:37.0953 2064 C:\WINDOWS\system32\drivers\cdaudio.sys - ok13:26:37.0953 2064 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys13:26:37.0953 2064 C:\WINDOWS\system32\drivers\fs_rec.sys - ok13:26:37.0969 2064 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys13:26:37.0969 2064 C:\WINDOWS\system32\drivers\null.sys - ok13:26:37.0969 2064 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys13:26:37.0969 2064 C:\WINDOWS\system32\drivers\vga.sys - ok13:26:37.0984 2064 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys13:26:37.0984 2064 C:\WINDOWS\system32\drivers\mnmdd.sys - ok13:26:37.0984 2064 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys13:26:37.0984 2064 C:\WINDOWS\system32\drivers\msfs.sys - ok13:26:38.0000 2064 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys13:26:38.0000 2064 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok13:26:38.0000 2064 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys13:26:38.0000 2064 C:\WINDOWS\system32\drivers\ipsec.sys - ok13:26:38.0015 2064 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys13:26:38.0015 2064 C:\WINDOWS\system32\drivers\npfs.sys - ok13:26:38.0015 2064 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys13:26:38.0015 2064 C:\WINDOWS\system32\drivers\rasacd.sys - ok13:26:38.0015 2064 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys13:26:38.0015 2064 C:\WINDOWS\system32\drivers\tcpip.sys - ok13:26:38.0031 2064 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys13:26:38.0031 2064 C:\WINDOWS\system32\drivers\ipnat.sys - ok13:26:38.0031 2064 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys13:26:38.0031 2064 C:\WINDOWS\system32\drivers\netbt.sys - ok13:26:38.0046 2064 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys13:26:38.0046 2064 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok13:26:38.0046 2064 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys13:26:38.0046 2064 C:\WINDOWS\system32\drivers\afd.sys - ok13:26:38.0061 2064 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys13:26:38.0061 2064 C:\WINDOWS\system32\drivers\netbios.sys - ok13:26:38.0061 2064 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys13:26:38.0061 2064 C:\WINDOWS\system32\drivers\wanarp.sys - ok13:26:38.0061 2064 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys13:26:38.0061 2064 C:\WINDOWS\system32\drivers\rdbss.sys - ok13:26:38.0077 2064 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys13:26:38.0077 2064 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok13:26:38.0077 2064 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys13:26:38.0077 2064 C:\WINDOWS\system32\drivers\fips.sys - ok13:26:38.0092 2064 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys13:26:38.0092 2064 C:\WINDOWS\system32\drivers\imapi.sys - ok13:26:38.0092 2064 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe13:26:38.0092 2064 C:\WINDOWS\system32\smss.exe - ok13:26:38.0108 2064 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll13:26:38.0108 2064 C:\WINDOWS\system32\ntdll.dll - ok13:26:38.0108 2064 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe13:26:38.0108 2064 C:\WINDOWS\system32\autochk.exe - ok13:26:38.0108 2064 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll13:26:38.0123 2064 C:\WINDOWS\system32\sfcfiles.dll - ok13:26:38.0123 2064 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys13:26:38.0123 2064 C:\WINDOWS\system32\drivers\cdfs.sys - ok13:26:38.0123 2064 [ E65E2353A5D74EA89971CB918EEEB2F6 ] C:\WINDOWS\system32\drivers\diskdump.sys13:26:38.0123 2064 C:\WINDOWS\system32\drivers\diskdump.sys - ok13:26:38.0139 2064 [ EA98BFE4931BD13D747D647C1859796E ] C:\WINDOWS\system32\drivers\nvgts.sys13:26:38.0139 2064 C:\WINDOWS\system32\drivers\nvgts.sys - ok13:26:38.0139 2064 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys13:26:38.0139 2064 C:\WINDOWS\system32\drivers\dxapi.sys - ok13:26:38.0154 2064 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys13:26:38.0154 2064 C:\WINDOWS\system32\watchdog.sys - ok13:26:38.0154 2064 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll13:26:38.0154 2064 C:\WINDOWS\system32\csrsrv.dll - ok13:26:38.0169 2064 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe13:26:38.0169 2064 C:\WINDOWS\system32\csrss.exe - ok13:26:38.0169 2064 [ D6F934A361D7F0BE8271673988D4E7FD ] C:\WINDOWS\system32\win32k.sys13:26:38.0169 2064 C:\WINDOWS\system32\win32k.sys - ok13:26:38.0169 2064 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll13:26:38.0169 2064 C:\WINDOWS\system32\basesrv.dll - ok13:26:38.0185 2064 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll13:26:38.0185 2064 C:\WINDOWS\system32\winsrv.dll - ok13:26:38.0185 2064 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll13:26:38.0185 2064 C:\WINDOWS\system32\gdi32.dll - ok13:26:38.0200 2064 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll13:26:38.0200 2064 C:\WINDOWS\system32\kernel32.dll - ok13:26:38.0200 2064 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll13:26:38.0200 2064 C:\WINDOWS\system32\user32.dll - ok13:26:38.0216 2064 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys13:26:38.0216 2064 C:\WINDOWS\system32\drivers\dxg.sys - ok13:26:38.0216 2064 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys13:26:38.0216 2064 C:\WINDOWS\system32\drivers\dxgthk.sys - ok13:26:38.0231 2064 [ 524E4D3DFA4FC6F13CCB443F768CF88A ] C:\WINDOWS\system32\nv4_disp.dll13:26:38.0231 2064 C:\WINDOWS\system32\nv4_disp.dll - ok13:26:38.0231 2064 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll13:26:38.0231 2064 C:\WINDOWS\system32\vga.dll - ok13:26:38.0247 2064 [ E07079006AE1A1C7078B73006A510196 ] C:\WINDOWS\system32\vncdrv.dll13:26:38.0247 2064 C:\WINDOWS\system32\vncdrv.dll - ok13:26:38.0247 2064 [ D06C4BAE134961180B439C49A1A82240 ] C:\WINDOWS\system32\vnchelp.dll13:26:38.0247 2064 C:\WINDOWS\system32\vnchelp.dll - ok13:26:38.0247 2064 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe13:26:38.0247 2064 C:\WINDOWS\system32\winlogon.exe - ok13:26:38.0262 2064 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll13:26:38.0262 2064 C:\WINDOWS\system32\advapi32.dll - ok13:26:38.0262 2064 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll13:26:38.0262 2064 C:\WINDOWS\system32\rpcrt4.dll - ok13:26:38.0278 2064 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll13:26:38.0278 2064 C:\WINDOWS\system32\authz.dll - ok13:26:38.0278 2064 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll13:26:38.0278 2064 C:\WINDOWS\system32\secur32.dll - ok13:26:38.0293 2064 [ 64416C6E07606720C1ECE6DD374BDFFD ] C:\WINDOWS\system32\crypt32.dll13:26:38.0293 2064 C:\WINDOWS\system32\crypt32.dll - ok13:26:38.0293 2064 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll13:26:38.0293 2064 C:\WINDOWS\system32\msvcrt.dll - ok13:26:38.0308 2064 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll13:26:38.0308 2064 C:\WINDOWS\system32\msasn1.dll - ok13:26:38.0308 2064 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll13:26:38.0308 2064 C:\WINDOWS\system32\nddeapi.dll - ok13:26:38.0308 2064 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll13:26:38.0308 2064 C:\WINDOWS\system32\netapi32.dll - ok13:26:38.0324 2064 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll13:26:38.0324 2064 C:\WINDOWS\system32\profmap.dll - ok13:26:38.0324 2064 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll13:26:38.0324 2064 C:\WINDOWS\system32\userenv.dll - ok13:26:38.0339 2064 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll13:26:38.0339 2064 C:\WINDOWS\system32\psapi.dll - ok13:26:38.0339 2064 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll13:26:38.0339 2064 C:\WINDOWS\system32\regapi.dll - ok13:26:38.0355 2064 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll13:26:38.0355 2064 C:\WINDOWS\system32\setupapi.dll - ok13:26:38.0355 2064 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll13:26:38.0355 2064 C:\WINDOWS\system32\version.dll - ok13:26:38.0355 2064 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll13:26:38.0355 2064 C:\WINDOWS\system32\winsta.dll - ok13:26:38.0370 2064 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll13:26:38.0370 2064 C:\WINDOWS\system32\imagehlp.dll - ok13:26:38.0370 2064 [ 95F5C420E9BDD4C3569602911420A774 ] C:\WINDOWS\system32\wintrust.dll13:26:38.0370 2064 C:\WINDOWS\system32\wintrust.dll - ok13:26:38.0386 2064 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll13:26:38.0386 2064 C:\WINDOWS\system32\ws2help.dll - ok13:26:38.0386 2064 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll13:26:38.0386 2064 C:\WINDOWS\system32\ws2_32.dll - ok13:26:38.0401 2064 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll13:26:38.0401 2064 C:\WINDOWS\system32\imm32.dll - ok13:26:38.0401 2064 [ 34315EB2D2506FC4A078F448CFA57803 ] C:\WINDOWS\system32\PGPmapih.dll13:26:38.0401 2064 C:\WINDOWS\system32\PGPmapih.dll - ok13:26:38.0417 2064 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll13:26:38.0417 2064 C:\WINDOWS\system32\sxs.dll - ok13:26:38.0417 2064 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll13:26:38.0417 2064 C:\WINDOWS\system32\kbdus.dll - ok13:26:38.0417 2064 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll13:26:38.0417 2064 C:\WINDOWS\system32\msgina.dll - ok13:26:38.0432 2064 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll13:26:38.0432 2064 C:\WINDOWS\system32\comctl32.dll - ok13:26:38.0432 2064 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll13:26:38.0432 2064 C:\WINDOWS\system32\comdlg32.dll - ok13:26:38.0447 2064 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll13:26:38.0447 2064 C:\WINDOWS\system32\odbc32.dll - ok13:26:38.0447 2064 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll13:26:38.0447 2064 C:\WINDOWS\system32\shell32.dll - ok13:26:38.0463 2064 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll13:26:38.0463 2064 C:\WINDOWS\system32\shlwapi.dll - ok13:26:38.0463 2064 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll13:26:38.0463 2064 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok13:26:38.0463 2064 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll13:26:38.0463 2064 C:\WINDOWS\system32\odbcint.dll - ok13:26:38.0478 2064 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll13:26:38.0478 2064 C:\WINDOWS\system32\shsvcs.dll - ok13:26:38.0494 2064 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll13:26:38.0494 2064 C:\WINDOWS\system32\ole32.dll - ok13:26:38.0494 2064 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll13:26:38.0494 2064 C:\WINDOWS\system32\sfc.dll - ok13:26:38.0494 2064 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll13:26:38.0494 2064 C:\WINDOWS\system32\sfc_os.dll - ok13:26:38.0509 2064 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll13:26:38.0509 2064 C:\WINDOWS\system32\apphelp.dll - ok13:26:38.0509 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe13:26:38.0509 2064 C:\WINDOWS\system32\lsass.exe - ok13:26:38.0525 2064 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe13:26:38.0525 2064 C:\WINDOWS\system32\services.exe - ok13:26:38.0525 2064 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll13:26:38.0525 2064 C:\WINDOWS\system32\lsasrv.dll - ok13:26:38.0540 2064 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll13:26:38.0540 2064 C:\WINDOWS\system32\msvcp60.dll - ok13:26:38.0540 2064 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll13:26:38.0540 2064 C:\WINDOWS\system32\ncobjapi.dll - ok13:26:38.0540 2064 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll13:26:38.0540 2064 C:\WINDOWS\system32\scesrv.dll - ok13:26:38.0556 2064 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll13:26:38.0556 2064 C:\WINDOWS\system32\mpr.dll - ok13:26:38.0556 2064 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll13:26:38.0556 2064 C:\WINDOWS\system32\ntdsapi.dll - ok13:26:38.0571 2064 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll13:26:38.0571 2064 C:\WINDOWS\system32\umpnpmgr.dll - ok13:26:38.0571 2064 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll13:26:38.0571 2064 C:\WINDOWS\AppPatch\AcAdProc.dll - ok13:26:38.0586 2064 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll13:26:38.0586 2064 C:\WINDOWS\system32\dnsapi.dll - ok13:26:38.0586 2064 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll13:26:38.0586 2064 C:\WINDOWS\system32\shimeng.dll - ok13:26:38.0602 2064 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll13:26:38.0602 2064 C:\WINDOWS\system32\wldap32.dll - ok13:26:38.0602 2064 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll13:26:38.0602 2064 C:\WINDOWS\system32\samlib.dll - ok13:26:38.0602 2064 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll13:26:38.0602 2064 C:\WINDOWS\system32\samsrv.dll - ok13:26:38.0617 2064 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll13:26:38.0617 2064 C:\WINDOWS\system32\cryptdll.dll - ok13:26:38.0617 2064 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll13:26:38.0617 2064 C:\WINDOWS\AppPatch\AcGenral.dll - ok13:26:38.0633 2064 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll13:26:38.0633 2064 C:\WINDOWS\system32\winmm.dll - ok13:26:38.0633 2064 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll13:26:38.0633 2064 C:\WINDOWS\system32\msacm32.dll - ok13:26:38.0648 2064 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll13:26:38.0648 2064 C:\WINDOWS\system32\oleaut32.dll - ok13:26:38.0648 2064 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll13:26:38.0648 2064 C:\WINDOWS\system32\uxtheme.dll - ok13:26:38.0648 2064 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll13:26:38.0648 2064 C:\WINDOWS\system32\msapsspc.dll - ok13:26:38.0664 2064 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll13:26:38.0664 2064 C:\WINDOWS\system32\msvcrt40.dll - ok13:26:38.0664 2064 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll13:26:38.0664 2064 C:\WINDOWS\system32\digest.dll - ok13:26:38.0679 2064 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll13:26:38.0679 2064 C:\WINDOWS\system32\schannel.dll - ok13:26:38.0679 2064 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll13:26:38.0679 2064 C:\WINDOWS\system32\msnsspc.dll - ok13:26:38.0694 2064 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\MSCTFIME.IME13:26:38.0694 2064 C:\WINDOWS\system32\MSCTFIME.IME - ok13:26:38.0694 2064 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll13:26:38.0694 2064 C:\WINDOWS\system32\msprivs.dll - ok13:26:38.0694 2064 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll13:26:38.0710 2064 C:\WINDOWS\system32\kerberos.dll - ok13:26:38.0710 2064 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll13:26:38.0710 2064 C:\WINDOWS\system32\atmfd.dll - ok13:26:38.0710 2064 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll13:26:38.0710 2064 C:\WINDOWS\system32\msv1_0.dll - ok13:26:38.0725 2064 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll13:26:38.0725 2064 C:\WINDOWS\system32\iphlpapi.dll - ok13:26:38.0725 2064 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll13:26:38.0725 2064 C:\WINDOWS\system32\netlogon.dll - ok13:26:38.0741 2064 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll13:26:38.0741 2064 C:\WINDOWS\system32\w32time.dll - ok13:26:38.0741 2064 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll13:26:38.0741 2064 C:\WINDOWS\system32\rsaenh.dll - ok13:26:38.0756 2064 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll13:26:38.0756 2064 C:\WINDOWS\system32\wdigest.dll - ok13:26:38.0756 2064 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll13:26:38.0756 2064 C:\WINDOWS\system32\winscard.dll - ok13:26:38.0772 2064 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll13:26:38.0772 2064 C:\WINDOWS\system32\wtsapi32.dll - ok13:26:38.0772 2064 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll13:26:38.0772 2064 C:\WINDOWS\system32\scecli.dll - ok13:26:38.0772 2064 [ EE8C5FDBDA84AE3F31C686AE86DAA1C4 ] C:\WINDOWS\system32\PGPpwflt.dll13:26:38.0772 2064 C:\WINDOWS\system32\PGPpwflt.dll - ok13:26:38.0787 2064 [ 553CA68BA710A2B88BA98A2A9DFEECB0 ] C:\WINDOWS\system32\PGPwd.dll13:26:38.0787 2064 C:\WINDOWS\system32\PGPwd.dll - ok13:26:38.0787 2064 [ 65E794E86468B61F2BC79ABC48BC4433 ] C:\WINDOWS\system32\drivers\mbam.sys13:26:38.0787 2064 C:\WINDOWS\system32\drivers\mbam.sys - ok13:26:38.0803 2064 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe13:26:38.0803 2064 C:\WINDOWS\system32\svchost.exe - ok13:26:38.0803 2064 [ CABB50C3C2FA7CEABC3712AE209B7A1B ] C:\WINDOWS\system32\PGPsdk.dll13:26:38.0803 2064 C:\WINDOWS\system32\PGPsdk.dll - ok13:26:38.0818 2064 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll13:26:38.0818 2064 C:\WINDOWS\system32\ntmarta.dll - ok13:26:38.0818 2064 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll13:26:38.0818 2064 C:\WINDOWS\system32\rpcss.dll - ok13:26:38.0833 2064 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll13:26:38.0833 2064 C:\WINDOWS\system32\xpsp2res.dll - ok13:26:38.0833 2064 [ C4300CB4D20B1159DC77E01E8A2525EC ] C:\WINDOWS\system32\wininet.dll13:26:38.0833 2064 C:\WINDOWS\system32\wininet.dll - ok13:26:38.0833 2064 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll13:26:38.0833 2064 C:\WINDOWS\system32\normaliz.dll - ok13:26:38.0849 2064 [ C9335D5B07E6A930BD561D35C431A0AF ] C:\WINDOWS\system32\urlmon.dll13:26:38.0849 2064 C:\WINDOWS\system32\urlmon.dll - ok13:26:38.0849 2064 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll13:26:38.0849 2064 C:\WINDOWS\system32\eventlog.dll - ok13:26:38.0864 2064 [ 46485AE6433AF77F237C792D3DA11F48 ] C:\WINDOWS\system32\iertutil.dll13:26:38.0864 2064 C:\WINDOWS\system32\iertutil.dll - ok13:26:38.0864 2064 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll13:26:38.0864 2064 C:\WINDOWS\system32\mswsock.dll - ok13:26:38.0880 2064 [ 38BF65A5FC6058FDD6E8374B5E2C4176 ] C:\WINDOWS\system32\PGPlsp.dll13:26:38.0880 2064 C:\WINDOWS\system32\PGPlsp.dll - ok13:26:38.0880 2064 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll13:26:38.0880 2064 C:\WINDOWS\system32\hnetcfg.dll - ok13:26:38.0880 2064 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll13:26:38.0895 2064 C:\WINDOWS\system32\winrnr.dll - ok13:26:38.0895 2064 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll13:26:38.0895 2064 C:\WINDOWS\system32\wshtcpip.dll - ok13:26:38.0895 2064 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll13:26:38.0895 2064 C:\WINDOWS\system32\rasadhlp.dll - ok13:26:38.0911 2064 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll13:26:38.0911 2064 C:\WINDOWS\system32\dhcpcsvc.dll - ok13:26:38.0911 2064 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys13:26:38.0911 2064 C:\WINDOWS\system32\drivers\ndisuio.sys - ok13:26:38.0926 2064 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll13:26:38.0926 2064 C:\WINDOWS\system32\dnsrslvr.dll - ok13:26:38.0926 2064 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll13:26:38.0926 2064 C:\WINDOWS\system32\cscdll.dll - ok13:26:38.0942 2064 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll13:26:38.0942 2064 C:\WINDOWS\system32\dimsntfy.dll - ok13:26:38.0942 2064 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll13:26:38.0942 2064 C:\WINDOWS\system32\wlnotify.dll - ok13:26:38.0942 2064 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll13:26:38.0942 2064 C:\WINDOWS\system32\lmhsvc.dll - ok13:26:38.0957 2064 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll13:26:38.0957 2064 C:\WINDOWS\system32\wzcsvc.dll - ok13:26:38.0957 2064 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv13:26:38.0957 2064 C:\WINDOWS\system32\winspool.drv - ok13:26:38.0972 2064 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll13:26:38.0972 2064 C:\WINDOWS\system32\WgaLogon.dll - ok13:26:38.0972 2064 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll13:26:38.0972 2064 C:\WINDOWS\system32\rtutils.dll - ok13:26:38.0988 2064 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll13:26:38.0988 2064 C:\WINDOWS\system32\clbcatq.dll - ok13:26:38.0988 2064 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll13:26:38.0988 2064 C:\WINDOWS\system32\eapolqec.dll - ok13:26:39.0003 2064 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll13:26:39.0003 2064 C:\WINDOWS\system32\wmi.dll - ok13:26:39.0003 2064 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll13:26:39.0003 2064 C:\WINDOWS\system32\atl.dll - ok13:26:39.0019 2064 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll13:26:39.0019 2064 C:\WINDOWS\system32\qutil.dll - ok13:26:39.0019 2064 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll13:26:39.0019 2064 C:\WINDOWS\system32\dot3api.dll - ok13:26:39.0019 2064 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll13:26:39.0019 2064 C:\WINDOWS\system32\esent.dll - ok13:26:39.0034 2064 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll13:26:39.0034 2064 C:\WINDOWS\system32\comres.dll - ok13:26:39.0034 2064 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll13:26:39.0034 2064 C:\WINDOWS\system32\msxml3.dll - ok13:26:39.0050 2064 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll13:26:39.0050 2064 C:\WINDOWS\system32\rastls.dll - ok13:26:39.0050 2064 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll13:26:39.0050 2064 C:\WINDOWS\system32\cryptui.dll - ok13:26:39.0065 2064 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll13:26:39.0065 2064 C:\WINDOWS\system32\activeds.dll - ok13:26:39.0065 2064 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll13:26:39.0065 2064 C:\WINDOWS\system32\mprapi.dll - ok13:26:39.0080 2064 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll13:26:39.0080 2064 C:\WINDOWS\system32\adsldpc.dll - ok13:26:39.0080 2064 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll13:26:39.0080 2064 C:\WINDOWS\system32\rasapi32.dll - ok13:26:39.0080 2064 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll13:26:39.0080 2064 C:\WINDOWS\system32\rasman.dll - ok13:26:39.0096 2064 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll13:26:39.0096 2064 C:\WINDOWS\system32\tapi32.dll - ok13:26:39.0096 2064 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll13:26:39.0096 2064 C:\WINDOWS\system32\riched20.dll - ok13:26:39.0111 2064 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll13:26:39.0111 2064 C:\WINDOWS\system32\raschap.dll - ok13:26:39.0111 2064 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll13:26:39.0111 2064 C:\WINDOWS\system32\schedsvc.dll - ok13:26:39.0127 2064 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll13:26:39.0127 2064 C:\WINDOWS\system32\msidle.dll - ok13:26:39.0127 2064 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe13:26:39.0127 2064 C:\WINDOWS\system32\spoolsv.exe - ok13:26:39.0142 2064 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll13:26:39.0142 2064 C:\WINDOWS\system32\audiosrv.dll - ok13:26:39.0142 2064 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll13:26:39.0142 2064 C:\WINDOWS\system32\wkssvc.dll - ok13:26:39.0142 2064 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys13:26:39.0142 2064 C:\WINDOWS\system32\drivers\mrxdav.sys - ok13:26:39.0158 2064 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll13:26:39.0158 2064 C:\WINDOWS\system32\webclnt.dll - ok13:26:39.0158 2064 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys13:26:39.0158 2064 C:\WINDOWS\system32\drivers\parport.sys - ok13:26:39.0173 2064 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll13:26:39.0173 2064 C:\WINDOWS\system32\cryptsvc.dll - ok13:26:39.0173 2064 [ 6B30C1F0E0A2697EAA65D73DCB5953DA ] C:\WINDOWS\system32\drivers\PGPdisk.sys13:26:39.0173 2064 C:\WINDOWS\system32\drivers\PGPdisk.sys - ok13:26:39.0189 2064 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll13:26:39.0189 2064 C:\WINDOWS\system32\certcli.dll - ok13:26:39.0189 2064 [ 0E410EDC8D0527801B899CF29E60597C ] C:\Program Files\Java\jre6\bin\jqs.exe13:26:39.0189 2064 C:\Program Files\Java\jre6\bin\jqs.exe - ok13:26:39.0189 2064 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll13:26:39.0189 2064 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok13:26:39.0204 2064 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll13:26:39.0204 2064 C:\WINDOWS\system32\dmserver.dll - ok13:26:39.0204 2064 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll13:26:39.0204 2064 C:\WINDOWS\system32\ersvc.dll - ok13:26:39.0219 2064 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll13:26:39.0219 2064 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok13:26:39.0219 2064 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll13:26:39.0219 2064 C:\WINDOWS\system32\es.dll - ok13:26:39.0235 2064 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll13:26:39.0235 2064 C:\WINDOWS\system32\pdh.dll - ok13:26:39.0235 2064 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll13:26:39.0235 2064 C:\WINDOWS\system32\wsock32.dll - ok13:26:39.0250 2064 [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll13:26:39.0250 2064 C:\WINDOWS\system32\icmp.dll - ok13:26:39.0250 2064 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll13:26:39.0250 2064 C:\WINDOWS\system32\odbcbcp.dll - ok13:26:39.0266 2064 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll13:26:39.0266 2064 C:\WINDOWS\system32\srvsvc.dll - ok13:26:39.0266 2064 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll13:26:39.0266 2064 C:\WINDOWS\system32\perfos.dll - ok13:26:39.0266 2064 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll13:26:39.0266 2064 C:\WINDOWS\system32\netmsg.dll - ok13:26:39.0281 2064 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll13:26:39.0281 2064 C:\WINDOWS\system32\perfdisk.dll - ok13:26:39.0281 2064 [ 0DCF16B1449811EFA47AB52CAC84093C ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe13:26:39.0281 2064 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok13:26:39.0297 2064 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys13:26:39.0297 2064 C:\WINDOWS\system32\drivers\srv.sys - ok13:26:39.0297 2064 [ 923BB61D913C37EAB1570F236CCDCE41 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll13:26:39.0297 2064 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok13:26:39.0312 2064 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll13:26:39.0312 2064 C:\WINDOWS\system32\spoolss.dll - ok13:26:39.0312 2064 [ AEBDB652D9273AD61E10C5D8F51C86FB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll13:26:39.0312 2064 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok13:26:39.0312 2064 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll13:26:39.0312 2064 C:\WINDOWS\system32\localspl.dll - ok13:26:39.0328 2064 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll13:26:39.0328 2064 C:\WINDOWS\system32\cnbjmon.dll - ok13:26:39.0328 2064 [ 215CEE8DE5C4BCFF12FD41116BC5B3AE ] C:\WINDOWS\system32\HPTcpMon.dll13:26:39.0328 2064 C:\WINDOWS\system32\HPTcpMon.dll - ok13:26:39.0343 2064 [ 2BE6BBDFC6783B68237B0659949A93D2 ] C:\WINDOWS\system32\HPTcpMUI.dll13:26:39.0343 2064 C:\WINDOWS\system32\HPTcpMUI.dll - ok13:26:39.0343 2064 [ 3584A093E8778C9E5F80CED99F0B7F35 ] C:\WINDOWS\system32\hpzjrd01.dll13:26:39.0343 2064 C:\WINDOWS\system32\hpzjrd01.dll - ok13:26:39.0358 2064 [ 735CE2975646DEA1450440D77DB4F7F3 ] C:\WINDOWS\system32\HPTcpMib.dll13:26:39.0358 2064 C:\WINDOWS\system32\HPTcpMib.dll - ok13:26:39.0358 2064 [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll13:26:39.0358 2064 C:\WINDOWS\system32\mgmtapi.dll - ok13:26:39.0358 2064 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll13:26:39.0358 2064 C:\WINDOWS\system32\snmpapi.dll - ok13:26:39.0374 2064 [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll13:26:39.0374 2064 C:\WINDOWS\system32\wsnmp32.dll - ok13:26:39.0374 2064 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll13:26:39.0374 2064 C:\WINDOWS\system32\pjlmon.dll - ok13:26:39.0389 2064 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll13:26:39.0389 2064 C:\WINDOWS\system32\tcpmon.dll - ok13:26:39.0389 2064 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll13:26:39.0389 2064 C:\WINDOWS\system32\usbmon.dll - ok13:26:39.0405 2064 [ 8EC6AB3EEB8C3051A9372BD524E36EA8 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp6bu.DLL13:26:39.0405 2064 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp6bu.DLL - ok13:26:39.0405 2064 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll13:26:39.0405 2064 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok13:26:39.0420 2064 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll13:26:39.0420 2064 C:\WINDOWS\system32\win32spl.dll - ok13:26:39.0420 2064 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll13:26:39.0420 2064 C:\WINDOWS\system32\netrap.dll - ok13:26:39.0420 2064 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll13:26:39.0420 2064 C:\WINDOWS\system32\inetpp.dll - ok13:26:39.0436 2064 [ 3A237B4A914C20292BA0D7B8CBB72708 ] C:\Program Files\Java\jre6\bin\awt.dll13:26:39.0436 2064 C:\Program Files\Java\jre6\bin\awt.dll - ok13:26:39.0436 2064 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe13:26:39.0436 2064 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok13:26:39.0451 2064 [ 4968722C231761E5B2796FAFC22BD044 ] C:\Program Files\Java\jre6\bin\client\jvm.dll13:26:39.0451 2064 C:\Program Files\Java\jre6\bin\client\jvm.dll - ok13:26:39.0451 2064 [ 420E9BF21339F51B31DF4194D5A0E12E ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll13:26:39.0451 2064 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok13:26:39.0467 2064 [ 10AB27A74C4CFBB7BA2E990D29D190C5 ] C:\Program Files\Java\jre6\bin\dcpr.dll13:26:39.0467 2064 C:\Program Files\Java\jre6\bin\dcpr.dll - ok13:26:39.0467 2064 [ 0258384C1B92AA80A4D986E1E8C170AA ] C:\Program Files\Java\jre6\bin\deploy.dll13:26:39.0467 2064 C:\Program Files\Java\jre6\bin\deploy.dll - ok13:26:39.0482 2064 [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe13:26:39.0482 2064 C:\WINDOWS\system32\mpnotify.exe - ok13:26:39.0482 2064 [ 949941E4DE88DF1FAF49A4B3CFFB756F ] C:\WINDOWS\system32\HPZinw12.dll13:26:39.0482 2064 C:\WINDOWS\system32\HPZinw12.dll - ok13:26:39.0497 2064 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll13:26:39.0497 2064 C:\WINDOWS\system32\netman.dll - ok13:26:39.0497 2064 [ E3B98399DA15200060989FA156A5BD1B ] C:\WINDOWS\system32\nvsvc32.exe13:26:39.0497 2064 C:\WINDOWS\system32\nvsvc32.exe - ok13:26:39.0497 2064 [ B924C303BDD0575CB62CA427FA99F4F9 ] C:\Program Files\Java\jre6\bin\fontmanager.dll13:26:39.0497 2064 C:\Program Files\Java\jre6\bin\fontmanager.dll - ok13:26:39.0513 2064 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll13:26:39.0513 2064 C:\WINDOWS\system32\netshell.dll - ok13:26:39.0513 2064 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll13:26:39.0513 2064 C:\WINDOWS\system32\powrprof.dll - ok13:26:39.0528 2064 [ 1793CC660605F63B14FB96C7707F75BA ] C:\WINDOWS\system32\perfproc.dll13:26:39.0528 2064 C:\WINDOWS\system32\perfproc.dll - ok13:26:39.0528 2064 [ CCEB1B17C1D2B8512D5C94F0A407C6B2 ] C:\Program Files\Java\jre6\bin\hpi.dll13:26:39.0528 2064 C:\Program Files\Java\jre6\bin\hpi.dll - ok13:26:39.0544 2064 [ 8F437CB2F38A637CCE1BF624640F943D ] C:\Program Files\Java\jre6\bin\java.dll13:26:39.0544 2064 C:\Program Files\Java\jre6\bin\java.dll - ok13:26:39.0544 2064 [ 678A869DCD7BB901DAB7C83BC1693B43 ] C:\Program Files\Java\jre6\bin\javaw.exe13:26:39.0544 2064 C:\Program Files\Java\jre6\bin\javaw.exe - ok13:26:39.0544 2064 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll13:26:39.0544 2064 C:\WINDOWS\system32\credui.dll - ok13:26:39.0559 2064 [ EB80381012EC1BCA1E79859FA74FFEC5 ] C:\WINDOWS\system32\drivers\PGPsdk.sys13:26:39.0559 2064 C:\WINDOWS\system32\drivers\PGPsdk.sys - ok13:26:39.0559 2064 [ C88E751D9BA801E5C09C9C37B4A04584 ] C:\WINDOWS\system32\nvcpl.dll13:26:39.0559 2064 C:\WINDOWS\system32\nvcpl.dll - ok13:26:39.0575 2064 [ E83445F19C6BA358107CB8881AB006FA ] C:\WINDOWS\system32\PGPserv.exe13:26:39.0575 2064 C:\WINDOWS\system32\PGPserv.exe - ok13:26:39.0575 2064 [ 9EE6B57E185ABC3D8E88CA34F45DF678 ] C:\Program Files\Java\jre6\bin\jp2native.dll13:26:39.0575 2064 C:\Program Files\Java\jre6\bin\jp2native.dll - ok13:26:39.0590 2064 [ 7BFCD81F9910A83A19DAF793D37665E8 ] C:\Program Files\Java\jre6\bin\jpeg.dll13:26:39.0590 2064 C:\Program Files\Java\jre6\bin\jpeg.dll - ok13:26:39.0590 2064 [ 51355DB69FFE43C918735E2E7FFEEE67 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpmdp6bu.dll13:26:39.0590 2064 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpmdp6bu.dll - ok13:26:39.0605 2064 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll13:26:39.0605 2064 C:\WINDOWS\system32\dot3dlg.dll - ok13:26:39.0605 2064 [ 4F6D34C29E3746C52CCC5A095422A866 ] C:\Program Files\Java\jre6\bin\net.dll13:26:39.0605 2064 C:\Program Files\Java\jre6\bin\net.dll - ok13:26:39.0605 2064 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll13:26:39.0605 2064 C:\WINDOWS\system32\onex.dll - ok13:26:39.0621 2064 [ 84BB245D3AA3BA955DCEE8D8E736DBED ] C:\Program Files\Java\jre6\bin\nio.dll13:26:39.0621 2064 C:\Program Files\Java\jre6\bin\nio.dll - ok13:26:39.0621 2064 [ E814C5CF8FC49C44F272D3E28EAFCC6E ] C:\Program Files\Java\jre6\bin\regutils.dll13:26:39.0621 2064 C:\Program Files\Java\jre6\bin\regutils.dll - ok13:26:39.0636 2064 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll13:26:39.0636 2064 C:\WINDOWS\system32\eappcfg.dll - ok13:26:39.0636 2064 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll13:26:39.0636 2064 C:\WINDOWS\system32\eappprxy.dll - ok13:26:39.0652 2064 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll13:26:39.0652 2064 C:\WINDOWS\system32\wzcsapi.dll - ok13:26:39.0652 2064 [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] C:\WINDOWS\system32\HPZipm12.dll13:26:39.0652 2064 C:\WINDOWS\system32\HPZipm12.dll - ok13:26:39.0652 2064 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll13:26:39.0652 2064 C:\WINDOWS\system32\ipsecsvc.dll - ok13:26:39.0667 2064 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll13:26:39.0667 2064 C:\WINDOWS\system32\oakley.dll - ok13:26:39.0667 2064 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll13:26:39.0667 2064 C:\WINDOWS\system32\regsvc.dll - ok13:26:39.0683 2064 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll13:26:39.0683 2064 C:\WINDOWS\system32\seclogon.dll - ok13:26:39.0683 2064 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll13:26:39.0683 2064 C:\WINDOWS\system32\sens.dll - ok13:26:39.0698 2064 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll13:26:39.0698 2064 C:\WINDOWS\system32\srsvc.dll - ok13:26:39.0698 2064 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll13:26:39.0698 2064 C:\WINDOWS\system32\wiaservc.dll - ok13:26:39.0698 2064 [ 65E41A57F996DF49333D5B8B89691CA1 ] C:\Program Files\Java\jre6\bin\verify.dll13:26:39.0698 2064 C:\Program Files\Java\jre6\bin\verify.dll - ok13:26:39.0714 2064 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll13:26:39.0714 2064 C:\WINDOWS\system32\termsrv.dll - ok13:26:39.0714 2064 [ B67632451F760797BB183E1FB99F4B39 ] C:\WINDOWS\system32\drivers\vnccom.SYS13:26:39.0714 2064 C:\WINDOWS\system32\drivers\vnccom.SYS - ok13:26:39.0729 2064 [ 0431F72308EA427DB50341E15594FFF4 ] C:\Program Files\Java\jre6\bin\zip.dll13:26:39.0729 2064 C:\Program Files\Java\jre6\bin\zip.dll - ok13:26:39.0729 2064 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll13:26:39.0729 2064 C:\WINDOWS\system32\trkwks.dll - ok13:26:39.0744 2064 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll13:26:39.0744 2064 C:\WINDOWS\system32\winipsec.dll - ok13:26:39.0744 2064 [ 913FF5A608DE6A2AB320EB919092049A ] C:\Program Files\UltraVNC\winvnc.exe13:26:39.0744 2064 C:\Program Files\UltraVNC\winvnc.exe - ok13:26:39.0760 2064 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll13:26:39.0760 2064 C:\WINDOWS\system32\wbem\wmisvc.dll - ok13:26:39.0760 2064 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll13:26:39.0760 2064 C:\WINDOWS\system32\pstorsvc.dll - ok13:26:39.0760 2064 [ 3182F47A67F86B5DD991E0FB7659D0E3 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll13:26:39.0760 2064 C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll - ok13:26:39.0775 2064 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll13:26:39.0775 2064 C:\WINDOWS\system32\psbase.dll - ok13:26:39.0775 2064 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll13:26:39.0775 2064 C:\WINDOWS\system32\dssenh.dll - ok13:26:39.0791 2064 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll13:26:39.0791 2064 C:\WINDOWS\system32\cfgmgr32.dll - ok13:26:39.0791 2064 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll13:26:39.0791 2064 C:\WINDOWS\system32\icaapi.dll - ok13:26:39.0806 2064 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll13:26:39.0806 2064 C:\WINDOWS\system32\vssapi.dll - ok13:26:39.0806 2064 [ 5144AE67D60EC653F97DDF3FEED29E77 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE13:26:39.0806 2064 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok13:26:39.0806 2064 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll13:26:39.0806 2064 C:\WINDOWS\system32\mscms.dll - ok13:26:39.0822 2064 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll13:26:39.0822 2064 C:\WINDOWS\system32\mstlsapi.dll - ok13:26:39.0822 2064 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll13:26:39.0822 2064 C:\WINDOWS\system32\comsvcs.dll - ok13:26:39.0837 2064 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll13:26:39.0837 2064 C:\WINDOWS\system32\sensapi.dll - ok13:26:39.0837 2064 [ 5EB87BA0B93CA7E894FC8002E3CE4C2A ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL13:26:39.0837 2064 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok13:26:39.0853 2064 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll13:26:39.0853 2064 C:\WINDOWS\system32\winhttp.dll - ok13:26:39.0853 2064 [ B72A88502EF0FA160728C07A8AEB1D9F ] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcui6bu.DLL13:26:39.0853 2064 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcui6bu.DLL - ok13:26:39.0868 2064 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll13:26:39.0868 2064 C:\WINDOWS\system32\colbact.dll - ok13:26:39.0868 2064 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll13:26:39.0868 2064 C:\WINDOWS\system32\mtxclu.dll - ok13:26:39.0868 2064 [ 7778BDFA3F6F6FBA0E75B9594098F737 ] C:\WINDOWS\system32\searchindexer.exe13:26:39.0868 2064 C:\WINDOWS\system32\searchindexer.exe - ok13:26:39.0883 2064 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll13:26:39.0883 2064 C:\WINDOWS\system32\clusapi.dll - ok13:26:39.0883 2064 [ 0A1D88669C38B3DCD2E8AD9CC3756361 ] C:\WINDOWS\system32\shdocvw.dll13:26:39.0883 2064 C:\WINDOWS\system32\shdocvw.dll - ok13:26:39.0899 2064 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll13:26:39.0899 2064 C:\WINDOWS\system32\resutils.dll - ok13:26:39.0899 2064 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll13:26:39.0899 2064 C:\WINDOWS\system32\actxprxy.dll - ok13:26:39.0914 2064 [ 0CBD1906F74BEB539FCEF6493095B933 ] C:\WINDOWS\system32\tquery.dll13:26:39.0914 2064 C:\WINDOWS\system32\tquery.dll - ok13:26:39.0914 2064 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll13:26:39.0914 2064 C:\WINDOWS\system32\wscsvc.dll - ok13:26:39.0914 2064 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll13:26:39.0914 2064 C:\WINDOWS\system32\msi.dll - ok13:26:39.0930 2064 [ 214B4FD9F9C979E02B8F4564B4BBE4A1 ] C:\WINDOWS\system32\PGPfsshl.dll13:26:39.0930 2064 C:\WINDOWS\system32\PGPfsshl.dll - ok13:26:39.0930 2064 [ 89D74683C859B7982056D15938BACA3E ] C:\WINDOWS\system32\propsys.dll13:26:39.0930 2064 C:\WINDOWS\system32\propsys.dll - ok13:26:39.0945 2064 [ F3DAA4DD728761E1ACACD1D17C6C3C93 ] C:\WINDOWS\system32\compstui.dll13:26:39.0945 2064 C:\WINDOWS\system32\compstui.dll - ok13:26:39.0945 2064 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll13:26:39.0945 2064 C:\WINDOWS\system32\mydocs.dll - ok13:26:39.0961 2064 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll13:26:39.0961 2064 C:\WINDOWS\system32\msimg32.dll - ok13:26:39.0961 2064 [ E65C5F612400B39D7AA83E7057D798C2 ] C:\WINDOWS\system32\mssrch.dll13:26:39.0961 2064 C:\WINDOWS\system32\mssrch.dll - ok13:26:39.0976 2064 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll13:26:39.0976 2064 C:\WINDOWS\system32\ntshrui.dll - ok13:26:39.0976 2064 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll13:26:39.0976 2064 C:\WINDOWS\system32\oleacc.dll - ok13:26:39.0991 2064 [ 478BE1054B516AEC4CF606ED11F863FF ] C:\WINDOWS\system32\nvapi.dll13:26:39.0991 2064 C:\WINDOWS\system32\nvapi.dll - ok13:26:39.0991 2064 [ 5461F14E69B67F5CE6973627B4BB90D9 ] C:\WINDOWS\system32\nvdisps.dll13:26:39.0991 2064 C:\WINDOWS\system32\nvdisps.dll - ok13:26:39.0991 2064 [ 0189EDA4844BDD37C3A077478D66AB9C ] C:\WINDOWS\system32\spool\drivers\w32x86\3\pclxl.DLL13:26:39.0991 2064 C:\WINDOWS\system32\spool\drivers\w32x86\3\pclxl.DLL - ok13:26:40.0007 2064 [ E4D4463D9F2AA018A38C96CA1AEAB8E7 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcst6bu.DLL13:26:40.0007 2064 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcst6bu.DLL - ok13:26:40.0007 2064 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll13:26:40.0007 2064 C:\WINDOWS\system32\dbghelp.dll - ok13:26:40.0022 2064 [ E91B5FA739CCF7F0CE3282B0FCFA5108 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE13:26:40.0022 2064 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok13:26:40.0022 2064 [ A7F361875622AA5829AA39BA248F68E9 ] C:\WINDOWS\system32\adsldp.dll13:26:40.0022 2064 C:\WINDOWS\system32\adsldp.dll - ok13:26:40.0038 2064 [ 43E4758953F454090CAD65C303796ED5 ] C:\WINDOWS\system32\query.dll13:26:40.0038 2064 C:\WINDOWS\system32\query.dll - ok13:26:40.0038 2064 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll13:26:40.0038 2064 C:\WINDOWS\system32\wuaueng.dll - ok13:26:40.0053 2064 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll13:26:40.0053 2064 C:\WINDOWS\system32\wuauserv.dll - ok13:26:40.0053 2064 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll13:26:40.0053 2064 C:\WINDOWS\system32\cabinet.dll - ok13:26:40.0053 2064 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll13:26:40.0053 2064 C:\WINDOWS\system32\ipnathlp.dll - ok13:26:40.0069 2064 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll13:26:40.0069 2064 C:\WINDOWS\system32\mspatcha.dll - ok13:26:40.0069 2064 [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll13:26:40.0069 2064 C:\WINDOWS\system32\xmllite.dll - ok13:26:40.0084 2064 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll13:26:40.0084 2064 C:\WINDOWS\system32\browser.dll - ok13:26:40.0084 2064 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll13:26:40.0084 2064 C:\WINDOWS\system32\wups.dll - ok13:26:40.0100 2064 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll13:26:40.0100 2064 C:\WINDOWS\system32\wups2.dll - ok13:26:40.0100 2064 [ FFB3115AA757ABEFBA7FBA90BAD5DD0A ] C:\WINDOWS\system32\en-US\tquery.dll.mui13:26:40.0100 2064 C:\WINDOWS\system32\en-US\tquery.dll.mui - ok13:26:40.0100 2064 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe13:26:40.0100 2064 C:\WINDOWS\system32\wuauclt.exe - ok13:26:40.0115 2064 [ 8F580BCC5296ECC9DC8A649D75BE6BA5 ] C:\WINDOWS\system32\msscb.dll13:26:40.0115 2064 C:\WINDOWS\system32\msscb.dll - ok13:26:40.0115 2064 [ 8BEAF2B4BCDE405AF7EC46A9E03B2D65 ] C:\WINDOWS\system32\mssprxy.dll13:26:40.0115 2064 C:\WINDOWS\system32\mssprxy.dll - ok13:26:40.0130 2064 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll13:26:40.0130 2064 C:\WINDOWS\system32\wbem\wbemprox.dll - ok13:26:40.0130 2064 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll13:26:40.0130 2064 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok13:26:40.0146 2064 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll13:26:40.0146 2064 C:\WINDOWS\system32\wbem\wbemcore.dll - ok13:26:40.0146 2064 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll13:26:40.0146 2064 C:\WINDOWS\system32\wbem\esscli.dll - ok13:26:40.0146 2064 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll13:26:40.0146 2064 C:\WINDOWS\system32\wbem\fastprox.dll - ok13:26:40.0161 2064 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll13:26:40.0161 2064 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok13:26:40.0161 2064 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll13:26:40.0161 2064 C:\WINDOWS\system32\wbem\wmiutils.dll - ok13:26:40.0177 2064 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll13:26:40.0177 2064 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok13:26:40.0177 2064 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll13:26:40.0177 2064 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok13:26:40.0192 2064 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll13:26:40.0192 2064 C:\WINDOWS\system32\wbem\wbemess.dll - ok13:26:40.0192 2064 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe13:26:40.0192 2064 C:\WINDOWS\system32\alg.exe - ok13:26:40.0192 2064 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll13:26:40.0192 2064 C:\WINDOWS\system32\netcfgx.dll - ok13:26:40.0208 2064 [ F24B67FB9BA35C497102BA0C073A9ED1 ] C:\WINDOWS\system32\iedkcs32.dll13:26:40.0208 2064 C:\WINDOWS\system32\iedkcs32.dll - ok13:26:40.0223 2064 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll13:26:40.0223 2064 C:\WINDOWS\system32\mlang.dll - ok13:26:40.0223 2064 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll13:26:40.0223 2064 C:\WINDOWS\system32\cscui.dll - ok13:26:40.0223 2064 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll13:26:40.0223 2064 C:\WINDOWS\system32\dpcdll.dll - ok13:26:40.0239 2064 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe13:26:40.0239 2064 C:\WINDOWS\system32\userinit.exe - ok13:26:40.0239 2064 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv13:26:40.0239 2064 C:\WINDOWS\system32\wdmaud.drv - ok13:26:40.0254 2064 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys13:26:40.0254 2064 C:\WINDOWS\system32\drivers\wdmaud.sys - ok13:26:40.0254 2064 [ E0D2F6BF46E6053193FAA3E294D657FF ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe13:26:40.0254 2064 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok13:26:40.0269 2064 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys13:26:40.0269 2064 C:\WINDOWS\system32\drivers\sysaudio.sys - ok13:26:40.0269 2064 [ 1CAD39337202BA05BA929A44CA585A6A ] C:\WINDOWS\system32\pautoenr.dll13:26:40.0269 2064 C:\WINDOWS\system32\pautoenr.dll - ok13:26:40.0269 2064 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys13:26:40.0300 2064 C:\WINDOWS\system32\drivers\splitter.sys - ok13:26:40.0300 2064 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys13:26:40.0300 2064 C:\WINDOWS\system32\drivers\aec.sys - ok13:26:40.0316 2064 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll13:26:40.0316 2064 C:\WINDOWS\system32\drprov.dll - ok13:26:40.0316 2064 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys13:26:40.0316 2064 C:\WINDOWS\system32\drivers\swmidi.sys - ok13:26:40.0331 2064 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll13:26:40.0331 2064 C:\WINDOWS\system32\ntlanman.dll - ok13:26:40.0331 2064 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys13:26:40.0331 2064 C:\WINDOWS\system32\drivers\DMusic.sys - ok13:26:40.0331 2064 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll13:26:40.0331 2064 C:\WINDOWS\system32\netui0.dll - ok13:26:40.0347 2064 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys13:26:40.0347 2064 C:\WINDOWS\system32\drivers\kmixer.sys - ok13:26:40.0347 2064 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll13:26:40.0347 2064 C:\WINDOWS\system32\netui1.dll - ok13:26:40.0362 2064 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll13:26:40.0362 2064 C:\WINDOWS\system32\davclnt.dll - ok13:26:40.0362 2064 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys13:26:40.0362 2064 C:\WINDOWS\system32\drivers\drmkaud.sys - ok13:26:40.0378 2064 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe13:26:40.0378 2064 C:\WINDOWS\system32\WgaTray.exe - ok13:26:40.0378 2064 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv13:26:40.0378 2064 C:\WINDOWS\system32\msacm32.drv - ok13:26:40.0378 2064 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll13:26:40.0378 2064 C:\WINDOWS\system32\midimap.dll - ok13:26:40.0393 2064 [ 994AD0D8550B8B26990A6E3AA0791502 ] C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll13:26:40.0393 2064 C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll - ok13:26:40.0393 2064 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll13:26:40.0393 2064 C:\WINDOWS\system32\msisip.dll - ok13:26:40.0408 2064 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll13:26:40.0408 2064 C:\WINDOWS\system32\wshext.dll - ok13:26:40.0408 2064 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe13:26:40.0408 2064 C:\WINDOWS\system32\cmd.exe - ok13:26:40.0424 2064 [ FD3DA8425624B98903407DF608CF2C11 ] C:\WINDOWS\system32\net.exe13:26:40.0424 2064 C:\WINDOWS\system32\net.exe - ok13:26:40.0424 2064 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll13:26:40.0424 2064 C:\WINDOWS\system32\cryptnet.dll - ok13:26:40.0439 2064 [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll13:26:40.0439 2064 C:\WINDOWS\system32\LegitCheckControl.dll - ok13:26:40.0439 2064 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe13:26:40.0439 2064 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok13:26:40.0439 2064 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll13:26:40.0439 2064 C:\WINDOWS\system32\licwmi.dll - ok13:26:40.0455 2064 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll13:26:40.0455 2064 C:\WINDOWS\system32\wbem\framedyn.dll - ok13:26:40.0455 2064 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll13:26:40.0470 2064 C:\WINDOWS\system32\licdll.dll - ok13:26:40.0470 2064 [ A0AE7F043497C9971E9D7FE291099D40 ] C:\WINDOWS\system32\msxml6.dll13:26:40.0470 2064 C:\WINDOWS\system32\msxml6.dll - ok13:26:40.0470 2064 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll13:26:40.0470 2064 C:\WINDOWS\system32\wbem\cimwin32.dll - ok13:26:40.0486 2064 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll13:26:40.0486 2064 C:\WINDOWS\system32\tapisrv.dll - ok13:26:40.0486 2064 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll13:26:40.0486 2064 C:\WINDOWS\system32\rasmans.dll - ok13:26:40.0501 2064 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll13:26:40.0501 2064 C:\WINDOWS\system32\rastapi.dll - ok13:26:40.0501 2064 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp13:26:40.0501 2064 C:\WINDOWS\system32\unimdm.tsp - ok13:26:40.0516 2064 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll13:26:40.0516 2064 C:\WINDOWS\system32\uniplat.dll - ok13:26:40.0516 2064 [ 59AD4CEDBFCD1EEFCAC19E25BA15E2F3 ] C:\WINDOWS\system32\racpldlg.dll13:26:40.0516 2064 C:\WINDOWS\system32\racpldlg.dll - ok13:26:40.0516 2064 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp13:26:40.0516 2064 C:\WINDOWS\system32\kmddsp.tsp - ok13:26:40.0532 2064 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp13:26:40.0532 2064 C:\WINDOWS\system32\ndptsp.tsp - ok13:26:40.0532 2064 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp13:26:40.0532 2064 C:\WINDOWS\system32\ipconf.tsp - ok13:26:40.0547 2064 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp13:26:40.0547 2064 C:\WINDOWS\system32\h323.tsp - ok13:26:40.0547 2064 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp13:26:40.0547 2064 C:\WINDOWS\system32\hidphone.tsp - ok13:26:40.0563 2064 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll13:26:40.0563 2064 C:\WINDOWS\system32\hid.dll - ok13:26:40.0563 2064 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll13:26:40.0563 2064 C:\WINDOWS\system32\rasppp.dll - ok13:26:40.0578 2064 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll13:26:40.0578 2064 C:\WINDOWS\system32\ntlsapi.dll - ok13:26:40.0578 2064 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll13:26:40.0578 2064 C:\WINDOWS\system32\rasqec.dll - ok13:26:40.0578 2064 [ 731F22BA402EE4B62748ADAF6363C182 ] C:\WINDOWS\system32\drivers\ipfltdrv.sys13:26:40.0578 2064 C:\WINDOWS\system32\drivers\ipfltdrv.sys - ok13:26:40.0594 2064 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe13:26:40.0594 2064 C:\WINDOWS\explorer.exe - ok13:26:40.0594 2064 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll13:26:40.0594 2064 C:\WINDOWS\system32\browseui.dll - ok13:26:40.0609 2064 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl13:26:40.0609 2064 C:\WINDOWS\system32\desk.cpl - ok13:26:40.0609 2064 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll13:26:40.0609 2064 C:\WINDOWS\system32\themeui.dll - ok13:26:40.0625 2064 [ CE5BC065C74C0A49486664CF71E0CA0A ] C:\WINDOWS\system32\ieframe.dll13:26:40.0625 2064 C:\WINDOWS\system32\ieframe.dll - ok13:26:40.0625 2064 [ 9ED9F21D73F9D71E30EAB71835E656EB ] C:\DOCUME~1\bj\LOCALS~1\temp\6273E1B0-77AE-44EB-9202-1FF83E04B108.exe13:26:40.0625 2064 C:\DOCUME~1\bj\LOCALS~1\temp\6273E1B0-77AE-44EB-9202-1FF83E04B108.exe - ok13:26:40.0640 2064 [ E8A3670314B3DDFE6DD18C4B501A9476 ] C:\Program Files\Windows Desktop Search\deskbar.dll13:26:40.0640 2064 C:\Program Files\Windows Desktop Search\deskbar.dll - ok13:26:40.0640 2064 [ 2A0B76FCC5138AC0321A01766C980387 ] C:\Program Files\Windows Desktop Search\en-US\dbres.dll.mui13:26:40.0640 2064 C:\Program Files\Windows Desktop Search\en-US\dbres.dll.mui - ok13:26:40.0640 2064 [ F2ECE68ACF2C051EFFB305708C3AEFA9 ] C:\Program Files\Windows Desktop Search\dbres.dll13:26:40.0640 2064 C:\Program Files\Windows Desktop Search\dbres.dll - ok13:26:40.0655 2064 [ B5B27B057B97A947C31B41F0EF3B4D44 ] C:\Program Files\Windows Desktop Search\wordwheel.dll13:26:40.0655 2064 C:\Program Files\Windows Desktop Search\wordwheel.dll - ok13:26:40.0655 2064 [ 0E28E671281EBF1F1F8FE093D2BD4A7B ] C:\Program Files\Windows Desktop Search\en-US\MSNLExtRes.dll.mui13:26:40.0655 2064 C:\Program Files\Windows Desktop Search\en-US\MSNLExtRes.dll.mui - ok13:26:40.0671 2064 [ 2996FAECA864EE4938AA247B2386A69B ] C:\Program Files\Windows Desktop Search\MSNLExtRes.dll13:26:40.0671 2064 C:\Program Files\Windows Desktop Search\MSNLExtRes.dll - ok13:26:40.0671 2064 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll13:26:40.0671 2064 C:\WINDOWS\system32\msutb.dll - ok13:26:40.0686 2064 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\MSCTF.dll13:26:40.0686 2064 C:\WINDOWS\system32\MSCTF.dll - ok13:26:40.0686 2064 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\70008955.sys13:26:40.0686 2064 C:\WINDOWS\system32\drivers\70008955.sys - ok13:26:40.0702 2064 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe13:26:40.0702 2064 C:\WINDOWS\system32\verclsid.exe - ok13:26:40.0702 2064 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll13:26:40.0702 2064 C:\WINDOWS\system32\linkinfo.dll - ok13:26:40.0717 2064 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll13:26:40.0717 2064 C:\WINDOWS\system32\security.dll - ok13:26:40.0717 2064 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll13:26:40.0717 2064 C:\WINDOWS\system32\wbem\wmipcima.dll - ok13:26:40.0717 2064 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll13:26:40.0717 2064 C:\WINDOWS\system32\upnp.dll - ok13:26:40.0733 2064 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll13:26:40.0733 2064 C:\WINDOWS\system32\ssdpapi.dll - ok13:26:40.0733 2064 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys13:26:40.0733 2064 C:\WINDOWS\system32\drivers\http.sys - ok13:26:40.0748 2064 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll13:26:40.0748 2064 C:\WINDOWS\system32\ssdpsrv.dll - ok13:26:40.0748 2064 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll13:26:40.0748 2064 C:\WINDOWS\system32\webcheck.dll - ok13:26:40.0764 2064 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll13:26:40.0764 2064 C:\WINDOWS\system32\stobject.dll - ok13:26:40.0764 2064 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll13:26:40.0764 2064 C:\WINDOWS\system32\batmeter.dll - ok13:26:40.0779 2064 [ 3B1764F98494B0C93F0DF5572C7629E8 ] C:\WINDOWS\RTHDCPL.EXE13:26:40.0779 2064 C:\WINDOWS\RTHDCPL.EXE - ok13:26:40.0779 2064 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe13:26:40.0779 2064 C:\WINDOWS\system32\rundll32.exe - ok13:26:40.0794 2064 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll13:26:40.0794 2064 C:\WINDOWS\system32\rasdlg.dll - ok13:26:40.0794 2064 [ 5AB4130B39B4A52127A3518E39BDD810 ] C:\WINDOWS\system32\nwiz.exe13:26:40.0794 2064 C:\WINDOWS\system32\nwiz.exe - ok13:26:40.0794 2064 [ 3F95F7AB10C61EF9B8409117BF326488 ] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe13:26:40.0794 2064 C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe - ok13:26:40.0810 2064 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll13:26:40.0810 2064 C:\WINDOWS\system32\dsound.dll - ok13:26:40.0810 2064 [ BDF7BA3BD8B15EBDE6EBB566E91543F2 ] C:\Program Files\HP\HP UT\bin\hppusg.exe13:26:40.0810 2064 C:\Program Files\HP\HP UT\bin\hppusg.exe - ok13:26:40.0825 2064 [ 21293443961A4E2597453EE7A9347F22 ] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe13:26:40.0825 2064 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe - ok13:26:40.0825 2064 [ 0600CB2613BEA0C6C0987B58D56D77B9 ] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe13:26:40.0825 2064 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - ok13:26:40.0841 2064 [ E1F3AB2CC3521E68F242FB4D60C52AE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll13:26:40.0841 2064 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll - ok13:26:40.0841 2064 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe13:26:40.0841 2064 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok13:26:40.0856 2064 [ 1C4D0F52B4238B9388F2A28DD0903588 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll13:26:40.0856 2064 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll - ok13:26:40.0856 2064 [ 98A078F838A70F84E1BD490D7C7675F4 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe13:26:40.0856 2064 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok13:26:40.0856 2064 [ 3209B5BC855CB5C7A973A5416FF88538 ] C:\WINDOWS\system32\nvmctray.dll13:26:40.0856 2064 C:\WINDOWS\system32\nvmctray.dll - ok13:26:40.0872 2064 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe13:26:40.0872 2064 C:\WINDOWS\system32\ctfmon.exe - ok13:26:40.0872 2064 [ B5C9F63C01FCFEC3F64EC6A0940A1825 ] C:\Program Files\Windows Desktop Search\WindowsSearch.exe13:26:40.0872 2064 C:\Program Files\Windows Desktop Search\WindowsSearch.exe - ok13:26:40.0887 2064 [ 28F9E1CA62B2667800F5B32D209FD9E6 ] C:\WINDOWS\system32\nview.dll13:26:40.0887 2064 C:\WINDOWS\system32\nview.dll - ok13:26:40.0887 2064 ============================================================13:26:40.0887 2064 Scan finished13:26:40.0887 2064 ============================================================13:26:40.0995 2160 Detected object count: 713:26:40.0995 2160 Actual detected object count: 713:26:47.0666 2160 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user13:26:47.0666 2160 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip13:26:47.0666 2160 nv ( UnsignedFile.Multi.Generic ) - skipped by user13:26:47.0666 2160 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip13:26:47.0681 2160 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user13:26:47.0681 2160 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip13:26:47.0681 2160 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user13:26:47.0681 2160 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip13:26:47.0681 2160 vnccom ( UnsignedFile.Multi.Generic ) - skipped by user13:26:47.0681 2160 vnccom ( UnsignedFile.Multi.Generic ) - User select action: Skip13:26:47.0681 2160 vncdrv ( UnsignedFile.Multi.Generic ) - skipped by user13:26:47.0681 2160 vncdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip13:26:47.0681 2160 winvnc ( UnsignedFile.Multi.Generic ) - skipped by user13:26:47.0681 2160 winvnc ( UnsignedFile.Multi.Generic ) - User select action: Skip Link to post Share on other sites More sharing options...
bleetham Posted September 24, 2012 Author ID:600804 Share Posted September 24, 2012 Last two logs:Malwarebytes scan resultsMalwarebytes Anti-Malware (Trial) 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.09.21.09Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702bj :: HHLAW34 [administrator]Protection: Enabled9/21/2012 1:54:16 PMmbam-log-2012-09-21 (13-54-16).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 452366Time elapsed: 9 minute(s), 41 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)ASWMBR Text file:aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-09-21 14:08:47-----------------------------14:08:47.649 OS Version: Windows 5.1.2600 Service Pack 314:08:47.649 Number of processors: 1 586 0x7F0214:08:47.649 ComputerName: HHLAW34 UserName: bj14:08:48.009 Initialize success14:09:30.147 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun014:09:30.147 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 314:09:30.163 Disk 0 MBR read successfully14:09:30.163 Disk 0 MBR scan14:09:30.163 Disk 0 Windows XP default MBR code14:09:30.163 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 6314:09:30.163 Disk 0 scanning sectors +31256064014:09:30.241 Disk 0 scanning C:\WINDOWS\system32\drivers14:09:35.272 Service scanning14:09:43.397 Modules scanning14:09:48.084 Disk 0 trace - called modules:14:09:48.084 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys14:09:48.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a8fab8]14:09:48.084 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000061[0x84a6c920]14:09:48.600 5 ACPI.sys[f7330620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x84a55a38]14:09:48.600 Scan finished successfully14:10:14.380 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bj\Desktop\MBR.dat"14:10:14.380 The log file has been saved successfully to "C:\Documents and Settings\bj\Desktop\aswMBR.txt"aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-09-21 14:14:15-----------------------------14:14:15.744 OS Version: Windows 5.1.2600 Service Pack 314:14:15.744 Number of processors: 1 586 0x7F0214:14:15.744 ComputerName: HHLAW34 UserName: bj14:14:16.385 Initialize success14:14:30.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun014:14:30.885 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 314:14:30.916 Disk 0 MBR read successfully14:14:30.916 Disk 0 MBR scan14:14:30.916 Disk 0 Windows XP default MBR code14:14:30.916 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 6314:14:30.916 Disk 0 scanning sectors +31256064014:14:30.994 Disk 0 scanning C:\WINDOWS\system32\drivers14:14:35.525 Service scanning14:14:43.587 Modules scanning14:14:47.322 Disk 0 trace - called modules:14:14:47.322 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys14:14:47.322 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a8fab8]14:14:47.322 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000061[0x84a6c920]14:14:47.853 5 ACPI.sys[f7330620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x84a55a38]14:14:47.853 Scan finished successfully14:15:20.665 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bj\Desktop\MBR.dat"14:15:20.680 The log file has been saved successfully to "C:\Documents and Settings\bj\Desktop\aswMBR.txt"DDS LogDDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702Run by bj at 14:18:29 on 2012-09-21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.265 [GMT -7:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PGPserv.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\UltraVNC\WinVNC.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exeC:\Program Files\HP\HP UT\bin\hppusg.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\SearchProtocolHost.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.comBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:onmRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelpermRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLLSP: c:\windows\system32\PGPlsp.dllTrusted Zone: abclegal.comTrusted Zone: accesslaw.comTrusted Zone: adobe.comTrusted Zone: adp.comTrusted Zone: adpselect.comTrusted Zone: adr.orgTrusted Zone: akamai.comTrusted Zone: amadorcourt.orgTrusted Zone: americaninfosource.comTrusted Zone: azdes.govTrusted Zone: azdfi.govTrusted Zone: azdor.govTrusted Zone: backgroundbureau.comTrusted Zone: bankofamerica.comTrusted Zone: blr.comTrusted Zone: ca.govTrusted Zone: ca.gov\*.buttecourtTrusted Zone: ca.gov\*.calbarTrusted Zone: ca.gov\*.courtinfoTrusted Zone: ca.gov\*.courtsTrusted Zone: ca.gov\*.lassencourtTrusted Zone: ca.gov\*.saccourtTrusted Zone: ca.gov\*.sdcourtTrusted Zone: ca.gov\*.tehamacourtTrusted Zone: ca.gov\*.tularesuperiorcourtTrusted Zone: callrecorderTrusted Zone: callrecordercoTrusted Zone: cc-courts.orgTrusted Zone: chase.comTrusted Zone: citigroup.comTrusted Zone: citrix.com\wwwTrusted Zone: collect-max.comTrusted Zone: collectmax.comTrusted Zone: dol.govTrusted Zone: eldoradocourt.orgTrusted Zone: employmentscreener.comTrusted Zone: expbdt.comTrusted Zone: fairisaac.comTrusted Zone: fdic.govTrusted Zone: filice.comTrusted Zone: fresnosuperiorcourt.orgTrusted Zone: google.comTrusted Zone: gotoassist.comTrusted Zone: gotomeeting.comTrusted Zone: healthnet.comTrusted Zone: hhportfordTrusted Zone: hp.comTrusted Zone: hunthenriques.comTrusted Zone: hunthenriques.com\*.barracudawebTrusted Zone: hunthenriques.com\*.hhportfordTrusted Zone: ieaddons.comTrusted Zone: intuit.comTrusted Zone: irs.govTrusted Zone: jamsadr.comTrusted Zone: kaiserpermanente.orgTrusted Zone: kaplan.eduTrusted Zone: kp.orgTrusted Zone: labcorp.comTrusted Zone: lason.comTrusted Zone: lasuperior.orgTrusted Zone: lasuperiorcourt.orgTrusted Zone: lds.orgTrusted Zone: lexis.comTrusted Zone: lexisnexis.comTrusted Zone: livemeeting.comTrusted Zone: livevox.comTrusted Zone: logmein123.comTrusted Zone: logmeinrescue.comTrusted Zone: logmeinrescue.com\*.secureTrusted Zone: maricopa.govTrusted Zone: marincourt.orgTrusted Zone: marinpublic.comTrusted Zone: mcmcg.comTrusted Zone: merced.orgTrusted Zone: mercedcourt.orgTrusted Zone: metlink.comTrusted Zone: microsoft.comTrusted Zone: microsoft.com\*.updateTrusted Zone: mitel-amc.comTrusted Zone: mykplan.comTrusted Zone: nan.netTrusted Zone: ncogroup.comTrusted Zone: ntrglobal.comTrusted Zone: occ.govTrusted Zone: occourts.orgTrusted Zone: onlinemcm.comTrusted Zone: osd.mil\*.dmdcTrusted Zone: pacintegrations.comTrusted Zone: pgp.comTrusted Zone: portfoliorecovery.comTrusted Zone: pradocreq.comTrusted Zone: recaptcha.netTrusted Zone: saccourt.comTrusted Zone: samhsa.comTrusted Zone: san-bernardino.ca.usTrusted Zone: sanmateocourt.orgTrusted Zone: sb-court.orgTrusted Zone: sbcourts.orgTrusted Zone: sccsuperiorcourt.orgTrusted Zone: scscourt.orgTrusted Zone: scu.eduTrusted Zone: securepaymentsbyweb.comTrusted Zone: sfbar.orgTrusted Zone: sfgov.orgTrusted Zone: sfsuperiorcourt.orgTrusted Zone: sftc.orgTrusted Zone: sharefile.com\trpcTrusted Zone: sharpusa.comTrusted Zone: shastacourts.comTrusted Zone: shrm.orgTrusted Zone: slocourts.netTrusted Zone: socialsecurity.govTrusted Zone: solanocourts.comTrusted Zone: stanct.orgTrusted Zone: stocktoncourt.orgTrusted Zone: suttercourts.comTrusted Zone: tcicredit.comTrusted Zone: tfhclient.comTrusted Zone: tmr3.comTrusted Zone: trpcweb.comTrusted Zone: unclaimed.orgTrusted Zone: unum.comTrusted Zone: uscis.govTrusted Zone: uscourts.govTrusted Zone: vendorscape.comTrusted Zone: vresp.comTrusted Zone: vsp.comTrusted Zone: wellsfargo.comTrusted Zone: whymetlife.comTrusted Zone: xarios.comTrusted Zone: youvegotclaims.comTrusted Zone: abclegal.comTrusted Zone: accesslaw.comTrusted Zone: adobe.comTrusted Zone: adp.comTrusted Zone: adpselect.comTrusted Zone: adr.orgTrusted Zone: akamai.comTrusted Zone: amadorcourt.orgTrusted Zone: americaninfosource.comTrusted Zone: azdes.govTrusted Zone: azdfi.govTrusted Zone: azdor.govTrusted Zone: backgroundbureau.comTrusted Zone: bankofamerica.comTrusted Zone: blr.comTrusted Zone: ca.govTrusted Zone: ca.gov\*.buttecourtTrusted Zone: ca.gov\*.calbarTrusted Zone: ca.gov\*.courtinfoTrusted Zone: ca.gov\*.courtsTrusted Zone: ca.gov\*.lassencourtTrusted Zone: ca.gov\*.saccourtTrusted Zone: ca.gov\*.sdcourtTrusted Zone: ca.gov\*.tehamacourtTrusted Zone: ca.gov\*.tularesuperiorcourtTrusted Zone: callrecorderTrusted Zone: callrecordercoTrusted Zone: cc-courts.orgTrusted Zone: chase.comTrusted Zone: citigroup.comTrusted Zone: citrix.com\wwwTrusted Zone: collect-max.comTrusted Zone: collectmax.comTrusted Zone: dol.govTrusted Zone: eldoradocourt.orgTrusted Zone: employmentscreener.comTrusted Zone: expbdt.comTrusted Zone: fairisaac.comTrusted Zone: fdic.govTrusted Zone: filice.comTrusted Zone: fresnosuperiorcourt.orgTrusted Zone: google.comTrusted Zone: gotoassist.comTrusted Zone: gotomeeting.comTrusted Zone: healthnet.comTrusted Zone: hhportfordTrusted Zone: hp.comTrusted Zone: hunthenriques.comTrusted Zone: hunthenriques.com\*.barracudawebTrusted Zone: hunthenriques.com\*.hhportfordTrusted Zone: ieaddons.comTrusted Zone: intuit.comTrusted Zone: irs.govTrusted Zone: jamsadr.comTrusted Zone: kaiserpermanente.orgTrusted Zone: kaplan.eduTrusted Zone: kp.orgTrusted Zone: labcorp.comTrusted Zone: lason.comTrusted Zone: lasuperior.orgTrusted Zone: lasuperiorcourt.orgTrusted Zone: lds.orgTrusted Zone: lexis.comTrusted Zone: lexisnexis.comTrusted Zone: livemeeting.comTrusted Zone: livevox.comTrusted Zone: logmein123.comTrusted Zone: logmeinrescue.comTrusted Zone: logmeinrescue.com\*.secureTrusted Zone: maricopa.govTrusted Zone: marincourt.orgTrusted Zone: marinpublic.comTrusted Zone: mcmcg.comTrusted Zone: merced.orgTrusted Zone: mercedcourt.orgTrusted Zone: metlink.comTrusted Zone: microsoft.comTrusted Zone: microsoft.com\*.updateTrusted Zone: mitel-amc.comTrusted Zone: mykplan.comTrusted Zone: nan.netTrusted Zone: ncogroup.comTrusted Zone: ntrglobal.comTrusted Zone: occ.govTrusted Zone: occourts.orgTrusted Zone: onlinemcm.comTrusted Zone: osd.mil\*.dmdcTrusted Zone: pacintegrations.comTrusted Zone: pgp.comTrusted Zone: portfoliorecovery.comTrusted Zone: pradocreq.comTrusted Zone: recaptcha.netTrusted Zone: saccourt.comTrusted Zone: samhsa.comTrusted Zone: san-bernardino.ca.usTrusted Zone: sanmateocourt.orgTrusted Zone: sb-court.orgTrusted Zone: sbcourts.orgTrusted Zone: sccsuperiorcourt.orgTrusted Zone: scscourt.orgTrusted Zone: scu.eduTrusted Zone: securepaymentsbyweb.comTrusted Zone: sfbar.orgTrusted Zone: sfgov.orgTrusted Zone: sfsuperiorcourt.orgTrusted Zone: sftc.orgTrusted Zone: sharefile.com\trpcTrusted Zone: sharpusa.comTrusted Zone: shastacourts.comTrusted Zone: shrm.orgTrusted Zone: slocourts.netTrusted Zone: socialsecurity.govTrusted Zone: solanocourts.comTrusted Zone: stanct.orgTrusted Zone: stocktoncourt.orgTrusted Zone: suttercourts.comTrusted Zone: tcicredit.comTrusted Zone: tfhclient.comTrusted Zone: tmr3.comTrusted Zone: trpcweb.comTrusted Zone: unclaimed.orgTrusted Zone: unum.comTrusted Zone: uscis.govTrusted Zone: uscourts.govTrusted Zone: vendorscape.comTrusted Zone: vresp.comTrusted Zone: vsp.comTrusted Zone: wellsfargo.comTrusted Zone: whymetlife.comTrusted Zone: xarios.comTrusted Zone: youvegotclaims.comDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253416494187DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347924979437DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: Interfaces\{2507327F-CD44-4B6F-A53E-B60337926981} : NameServer = 192.168.1.3AppInit_DLLs: c:\windows\system32\PGPmapih.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllLSA: Notification Packages = scecli PGPpwflt.============= SERVICES / DRIVERS ===============.R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2010-4-1 136312]R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2010-4-1 13432]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-19 399432]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-19 676936]R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-10-2 6016]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-19 22856]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-25 250568]S3 BMRTSwissArmy;BMRTSwissArmy;c:\windows\system32\drivers\bmrtswissarmy.sys [2011-2-4 38352]S3 STLH;STLH;c:\docume~1\bj\locals~1\temp\stlh.exe --> c:\docume~1\bj\locals~1\temp\STLH.exe [?]S4 vsdatant;vsdatant;a --> a [?].=============== Created Last 30 ================.2012-09-21 21:12:39 -------- d-----w- c:\documents and settings\bj\local settings\application data\Adobe2012-09-19 19:53:55 -------- d-----w- c:\documents and settings\bj\application data\Malwarebytes2012-09-19 19:53:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-09-19 19:53:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-19 19:53:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-09-19 15:53:52 -------- d-sha-r- C:\cmdcons2012-09-19 15:50:47 98816 ----a-w- c:\windows\sed.exe2012-09-19 15:50:47 518144 ----a-w- c:\windows\SWREG.exe2012-09-19 15:50:47 256000 ----a-w- c:\windows\PEV.exe2012-09-19 15:50:47 208896 ----a-w- c:\windows\MBR.exe.==================== Find3M ====================.2012-09-17 23:50:40 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-09-17 23:50:40 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-08-29 03:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll2012-08-29 03:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll2012-08-29 01:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec.============= FINISH: 14:19:16.81 ===============Thanks, Brian Link to post Share on other sites More sharing options...
Maniac Posted September 24, 2012 ID:600846 Share Posted September 24, 2012 Good! Thanks!Please proceed with ComboFix. Link to post Share on other sites More sharing options...
bleetham Posted September 24, 2012 Author ID:600909 Share Posted September 24, 2012 Here is the combofix log:ComboFix 12-09-24.02 - bj 09/24/2012 13:36:54.2.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.397 [GMT -7:00]Running from: c:\documents and settings\bj\Desktop\Combo-Fix.exe..((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))..2012-09-21 21:12 . 2012-09-21 21:12 -------- d-----w- c:\documents and settings\bj\Local Settings\Application Data\Adobe2012-09-19 19:53 . 2012-09-19 19:53 -------- d-----w- c:\documents and settings\bj\Application Data\Malwarebytes2012-09-19 19:53 . 2012-09-19 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-09-19 19:53 . 2012-09-19 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-09-19 19:53 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-17 23:53 . 2012-09-17 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2012-09-17 23:48 . 2012-09-17 23:48 -------- d-sh--w- c:\documents and settings\taylor\PrivacIE...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-09-17 23:50 . 2012-05-25 17:58 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-09-17 23:50 . 2011-06-22 22:09 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-08-29 03:24 . 2012-05-25 18:06 477168 ----a-w- c:\windows\system32\npdeployJava1.dll2012-08-29 03:24 . 2010-06-23 01:09 473072 ----a-w- c:\windows\system32\deployJava1.dll2012-08-29 01:39 . 2012-05-25 18:06 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll2012-08-28 15:14 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-08-28 15:14 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll2012-07-04 14:05 . 2009-09-19 22:41 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]2010-04-01 21:53 613496 ----a-w- c:\windows\system32\PGPfsshl.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-21 13680640]"nwiz"="nwiz.exe" [2009-01-21 1657376]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-21 86016]"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-25 53248]"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696].c:\documents and settings\Brian.HUNTHENRIQUES\Start Menu\Programs\Startup\Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984].c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"SoftwareSASGeneration"= 1 (0x1).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\system32\PGPmapih.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli PGPpwflt.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1202660629-725345543-1003\Scripts\Logon\0\0]"Script"=Alluser.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1202660629-725345543-1035\Scripts\Logon\0\0]"Script"=Alluser.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1202660629-725345543-1356\Scripts\Logon\0\0]"Script"=Alluser.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1202660629-725345543-1429\Scripts\Logon\0\0]"Script"=Alluser.bat.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"=.R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [4/1/2010 2:53 PM 136312]R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [4/1/2010 2:53 PM 13432]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/19/2012 12:53 PM 399432]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/19/2012 12:53 PM 676936]R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [10/2/2009 5:50 PM 6016]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/19/2012 12:53 PM 22856]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/25/2012 10:58 AM 250568]S3 BMRTSwissArmy;BMRTSwissArmy;c:\windows\system32\drivers\bmrtswissarmy.sys [2/4/2011 9:43 AM 38352]S3 STLH;STLH;c:\docume~1\bj\LOCALS~1\Temp\STLH.exe --> c:\docume~1\bj\LOCALS~1\Temp\STLH.exe [?].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12.Contents of the 'Scheduled Tasks' folder.2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 23:50]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}LSP: c:\windows\system32\PGPlsp.dllTrusted Zone: abclegal.comTrusted Zone: accesslaw.comTrusted Zone: adobe.comTrusted Zone: adp.comTrusted Zone: adpselect.comTrusted Zone: adr.orgTrusted Zone: akamai.comTrusted Zone: amadorcourt.orgTrusted Zone: americaninfosource.comTrusted Zone: azdes.govTrusted Zone: azdfi.govTrusted Zone: azdor.govTrusted Zone: backgroundbureau.comTrusted Zone: bankofamerica.comTrusted Zone: blr.comTrusted Zone: ca.govTrusted Zone: ca.gov\*.buttecourtTrusted Zone: ca.gov\*.calbarTrusted Zone: ca.gov\*.courtinfoTrusted Zone: ca.gov\*.courtsTrusted Zone: ca.gov\*.lassencourtTrusted Zone: ca.gov\*.saccourtTrusted Zone: ca.gov\*.sdcourtTrusted Zone: ca.gov\*.tehamacourtTrusted Zone: ca.gov\*.tularesuperiorcourtTrusted Zone: callrecorderTrusted Zone: callrecordercoTrusted Zone: cc-courts.orgTrusted Zone: chase.comTrusted Zone: citigroup.comTrusted Zone: citrix.com\wwwTrusted Zone: collect-max.comTrusted Zone: collectmax.comTrusted Zone: dol.govTrusted Zone: eldoradocourt.orgTrusted Zone: employmentscreener.comTrusted Zone: expbdt.comTrusted Zone: fairisaac.comTrusted Zone: fdic.govTrusted Zone: filice.comTrusted Zone: fresnosuperiorcourt.orgTrusted Zone: google.comTrusted Zone: gotoassist.comTrusted Zone: gotomeeting.comTrusted Zone: healthnet.comTrusted Zone: hhportfordTrusted Zone: hp.comTrusted Zone: hunthenriques.comTrusted Zone: hunthenriques.com\*.barracudawebTrusted Zone: hunthenriques.com\*.hhportfordTrusted Zone: ieaddons.comTrusted Zone: intuit.comTrusted Zone: irs.govTrusted Zone: jamsadr.comTrusted Zone: kaiserpermanente.orgTrusted Zone: kaplan.eduTrusted Zone: kp.orgTrusted Zone: labcorp.comTrusted Zone: lason.comTrusted Zone: lasuperior.orgTrusted Zone: lasuperiorcourt.orgTrusted Zone: lds.orgTrusted Zone: lexis.comTrusted Zone: lexisnexis.comTrusted Zone: livemeeting.comTrusted Zone: livevox.comTrusted Zone: logmein123.comTrusted Zone: logmeinrescue.comTrusted Zone: logmeinrescue.com\*.secureTrusted Zone: maricopa.govTrusted Zone: marincourt.orgTrusted Zone: marinpublic.comTrusted Zone: mcmcg.comTrusted Zone: merced.orgTrusted Zone: mercedcourt.orgTrusted Zone: metlink.comTrusted Zone: microsoft.comTrusted Zone: microsoft.com\*.updateTrusted Zone: mitel-amc.comTrusted Zone: mykplan.comTrusted Zone: nan.netTrusted Zone: ncogroup.comTrusted Zone: ntrglobal.comTrusted Zone: occ.govTrusted Zone: occourts.orgTrusted Zone: onlinemcm.comTrusted Zone: osd.mil\*.dmdcTrusted Zone: pacintegrations.comTrusted Zone: pgp.comTrusted Zone: portfoliorecovery.comTrusted Zone: pradocreq.comTrusted Zone: recaptcha.netTrusted Zone: saccourt.comTrusted Zone: samhsa.comTrusted Zone: san-bernardino.ca.usTrusted Zone: sanmateocourt.orgTrusted Zone: sb-court.orgTrusted Zone: sbcourts.orgTrusted Zone: sccsuperiorcourt.orgTrusted Zone: scscourt.orgTrusted Zone: scu.eduTrusted Zone: securepaymentsbyweb.comTrusted Zone: sfbar.orgTrusted Zone: sfgov.orgTrusted Zone: sfsuperiorcourt.orgTrusted Zone: sftc.orgTrusted Zone: sharefile.com\trpcTrusted Zone: sharpusa.comTrusted Zone: shastacourts.comTrusted Zone: shrm.orgTrusted Zone: slocourts.netTrusted Zone: socialsecurity.govTrusted Zone: solanocourts.comTrusted Zone: stanct.orgTrusted Zone: stocktoncourt.orgTrusted Zone: suttercourts.comTrusted Zone: tcicredit.comTrusted Zone: tfhclient.comTrusted Zone: tmr3.comTrusted Zone: trpcweb.comTrusted Zone: unclaimed.orgTrusted Zone: unum.comTrusted Zone: uscis.govTrusted Zone: uscourts.govTrusted Zone: vendorscape.comTrusted Zone: vresp.comTrusted Zone: vsp.comTrusted Zone: wellsfargo.comTrusted Zone: whymetlife.comTrusted Zone: xarios.comTrusted Zone: youvegotclaims.comTrusted Zone: abclegal.comTrusted Zone: accesslaw.comTrusted Zone: adobe.comTrusted Zone: adp.comTrusted Zone: adpselect.comTrusted Zone: adr.orgTrusted Zone: akamai.comTrusted Zone: amadorcourt.orgTrusted Zone: americaninfosource.comTrusted Zone: azdes.govTrusted Zone: azdfi.govTrusted Zone: azdor.govTrusted Zone: backgroundbureau.comTrusted Zone: bankofamerica.comTrusted Zone: blr.comTrusted Zone: ca.govTrusted Zone: ca.gov\*.buttecourtTrusted Zone: ca.gov\*.calbarTrusted Zone: ca.gov\*.courtinfoTrusted Zone: ca.gov\*.courtsTrusted Zone: ca.gov\*.lassencourtTrusted Zone: ca.gov\*.saccourtTrusted Zone: ca.gov\*.sdcourtTrusted Zone: ca.gov\*.tehamacourtTrusted Zone: ca.gov\*.tularesuperiorcourtTrusted Zone: callrecorderTrusted Zone: callrecordercoTrusted Zone: cc-courts.orgTrusted Zone: chase.comTrusted Zone: citigroup.comTrusted Zone: citrix.com\wwwTrusted Zone: collect-max.comTrusted Zone: collectmax.comTrusted Zone: dol.govTrusted Zone: eldoradocourt.orgTrusted Zone: employmentscreener.comTrusted Zone: expbdt.comTrusted Zone: fairisaac.comTrusted Zone: fdic.govTrusted Zone: filice.comTrusted Zone: fresnosuperiorcourt.orgTrusted Zone: google.comTrusted Zone: gotoassist.comTrusted Zone: gotomeeting.comTrusted Zone: healthnet.comTrusted Zone: hhportfordTrusted Zone: hp.comTrusted Zone: hunthenriques.comTrusted Zone: hunthenriques.com\*.barracudawebTrusted Zone: hunthenriques.com\*.hhportfordTrusted Zone: ieaddons.comTrusted Zone: intuit.comTrusted Zone: irs.govTrusted Zone: jamsadr.comTrusted Zone: kaiserpermanente.orgTrusted Zone: kaplan.eduTrusted Zone: kp.orgTrusted Zone: labcorp.comTrusted Zone: lason.comTrusted Zone: lasuperior.orgTrusted Zone: lasuperiorcourt.orgTrusted Zone: lds.orgTrusted Zone: lexis.comTrusted Zone: lexisnexis.comTrusted Zone: livemeeting.comTrusted Zone: livevox.comTrusted Zone: logmein123.comTrusted Zone: logmeinrescue.comTrusted Zone: logmeinrescue.com\*.secureTrusted Zone: maricopa.govTrusted Zone: marincourt.orgTrusted Zone: marinpublic.comTrusted Zone: mcmcg.comTrusted Zone: merced.orgTrusted Zone: mercedcourt.orgTrusted Zone: metlink.comTrusted Zone: microsoft.comTrusted Zone: microsoft.com\*.updateTrusted Zone: mitel-amc.comTrusted Zone: mykplan.comTrusted Zone: nan.netTrusted Zone: ncogroup.comTrusted Zone: ntrglobal.comTrusted Zone: occ.govTrusted Zone: occourts.orgTrusted Zone: onlinemcm.comTrusted Zone: osd.mil\*.dmdcTrusted Zone: pacintegrations.comTrusted Zone: pgp.comTrusted Zone: portfoliorecovery.comTrusted Zone: pradocreq.comTrusted Zone: recaptcha.netTrusted Zone: saccourt.comTrusted Zone: samhsa.comTrusted Zone: san-bernardino.ca.usTrusted Zone: sanmateocourt.orgTrusted Zone: sb-court.orgTrusted Zone: sbcourts.orgTrusted Zone: sccsuperiorcourt.orgTrusted Zone: scscourt.orgTrusted Zone: scu.eduTrusted Zone: securepaymentsbyweb.comTrusted Zone: sfbar.orgTrusted Zone: sfgov.orgTrusted Zone: sfsuperiorcourt.orgTrusted Zone: sftc.orgTrusted Zone: sharefile.com\trpcTrusted Zone: sharpusa.comTrusted Zone: shastacourts.comTrusted Zone: shrm.orgTrusted Zone: slocourts.netTrusted Zone: socialsecurity.govTrusted Zone: solanocourts.comTrusted Zone: stanct.orgTrusted Zone: stocktoncourt.orgTrusted Zone: suttercourts.comTrusted Zone: tcicredit.comTrusted Zone: tfhclient.comTrusted Zone: tmr3.comTrusted Zone: trpcweb.comTrusted Zone: unclaimed.orgTrusted Zone: unum.comTrusted Zone: uscis.govTrusted Zone: uscourts.govTrusted Zone: vendorscape.comTrusted Zone: vresp.comTrusted Zone: vsp.comTrusted Zone: wellsfargo.comTrusted Zone: whymetlife.comTrusted Zone: xarios.comTrusted Zone: youvegotclaims.comTCP: Interfaces\{2507327F-CD44-4B6F-A53E-B60337926981}: NameServer = 192.168.1.3.- - - - ORPHANS REMOVED - - - -.SafeBoot-62480574.sys...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-09-24 13:46Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]"ImagePath"="a".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(692)c:\windows\system32\PGPmapih.dllc:\windows\system32\PGPlsp.dllc:\windows\system32\WININET.dll.- - - - - - - > 'lsass.exe'(748)c:\windows\system32\PGPmapih.dllc:\windows\system32\PGPlsp.dll.- - - - - - - > 'explorer.exe'(4040)c:\windows\system32\WININET.dllc:\windows\system32\PGPfsshl.dllc:\program files\Windows Desktop Search\deskbar.dllc:\program files\Windows Desktop Search\en-us\dbres.dll.muic:\program files\Windows Desktop Search\dbres.dllc:\program files\Windows Desktop Search\wordwheel.dllc:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.muic:\program files\Windows Desktop Search\msnlExtRes.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.Completion time: 2012-09-24 13:48:09ComboFix-quarantined-files.txt 2012-09-24 20:48ComboFix2.txt 2012-09-19 18:19.Pre-Run: 139,578,744,832 bytes freePost-Run: 139,576,332,288 bytes free.- - End Of File - - F24FF022DB1B609BD15AE032F304713D Link to post Share on other sites More sharing options...
Maniac Posted September 25, 2012 ID:601134 Share Posted September 25, 2012 Good! Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
bleetham Posted September 25, 2012 Author ID:601163 Share Posted September 25, 2012 I ran the scan, it found no threats. Here is the log file. Can you tell from the previous logs if I even had the rootkit virus?ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=1f49007ec933c74f82e38cee43a5730a# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2012-09-25 04:17:16# local_time=2012-09-25 09:17:16 (-0800, Pacific Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=55374# found=0# cleaned=0# scan_time=1769 Link to post Share on other sites More sharing options...
Maniac Posted September 25, 2012 ID:601165 Share Posted September 25, 2012 There is no leftovers, but as I already tell you:We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps. Link to post Share on other sites More sharing options...
bleetham Posted September 25, 2012 Author ID:601261 Share Posted September 25, 2012 Thanks for your help, I really appreciate it. Link to post Share on other sites More sharing options...
Maniac Posted September 26, 2012 ID:601395 Share Posted September 26, 2012 Glad I could help! Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Some malware prevention tips:users.telenet.be/bluepatchy/miekiemoes/prevention.htmlSafe surfing! Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 27, 2012 ID:601779 Share Posted September 27, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts