Jump to content

windows startup issues etc etc etc


Recommended Posts

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

 

 

 

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.57

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

SUPERAntiSpyware

Malwarebytes Anti-Malware version 1.65.1.1000

CCleaner

Java 6 Update 26

Java version out of Date!

Adobe Flash Player 11.2.202.235

Adobe Reader 10.1.5 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 32% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

# AdwCleaner v2.109 - Logfile created 01/31/2013 at 23:54:54

# Updated 26/01/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Preston - PRESTON-103484B

# Boot Mode : Safe mode with networking

# Running from : C:\Documents and Settings\Preston\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint

Folder Deleted : C:\Documents and Settings\Preston\Local Settings\Application Data\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7327C09-B521-4EDB-8509-7D2660C9EC98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}

Key Deleted : HKCU\Software\Viewpoint

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager

Key Deleted : HKLM\Software\Orbit\OpenCandy

Key Deleted : HKLM\Software\Viewpoint

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Preston\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [2464 octets] - [31/01/2013 23:54:54]

########## EOF - C:\AdwCleaner[s1].txt - [2524 octets] ##########

Link to post
Share on other sites

RogueKiller V8.4.3 [Jan 31 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User : Preston [Admin rights]

Mode : Scan -- Date : 02/01/2013 00:06:11

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][PREVRUN] HKCU\[...]\Run : WebCheckChannelAgent (rundll32.exe "C:\Documents and Settings\Preston\Local Settings\Application Data\WebCheckChannelAgent\DevnetPlay.dll",kbdapi80 BthPadplugin) -> FOUND

[RUN][PREVRUN] HKCU\[...]\Run : WinRAR SFX (rundll32.exe "C:\Documents and Settings\Preston\Local Settings\Application Data\WinRAR SFX\buqtovxf.dll",VisioLibMain) -> FOUND

[RUN][PREVRUN] HKLM\[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit) -> FOUND

[RUN][PREVRUN] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) -> FOUND

[RUN][PREVRUN] HKUS\S-1-5-21-1454471165-861567501-725345543-1003[...]\Run : WebCheckChannelAgent (rundll32.exe "C:\Documents and Settings\Preston\Local Settings\Application Data\WebCheckChannelAgent\DevnetPlay.dll",kbdapi80 BthPadplugin) -> FOUND

[RUN][PREVRUN] HKUS\S-1-5-21-1454471165-861567501-725345543-1003[...]\Run : WinRAR SFX (rundll32.exe "C:\Documents and Settings\Preston\Local Settings\Application Data\WinRAR SFX\buqtovxf.dll",VisioLibMain) -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$0d10f176b0bc9d991dbae0af48141387\@ --> FOUND

[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-1454471165-861567501-725345543-1003\$0d10f176b0bc9d991dbae0af48141387\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$0d10f176b0bc9d991dbae0af48141387\U --> FOUND

[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-1454471165-861567501-725345543-1003\$0d10f176b0bc9d991dbae0af48141387\U --> FOUND

[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-18\$0d10f176b0bc9d991dbae0af48141387\L --> FOUND

[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-1454471165-861567501-725345543-1003\$0d10f176b0bc9d991dbae0af48141387\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\WINDOWS\Assembly\GAC\Desktop.ini --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 37c70ca52df0d18db10ab4012e5bc84a

[bSP] bba20645603afc859c33e9a590c6a645 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143078 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] e88606872ea1336c79e4e51cbeba674c

[bSP] bba20645603afc859c33e9a590c6a645 : Windows XP MBR Code

Partition table:

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143078 Mo

Finished : << RKreport[1]_S_02012013_02d0006.txt >>

RKreport[1]_S_02012013_02d0006.txt

Link to post
Share on other sites

Ok, it appears we're on the right track. I am able to logon to my profile and run windows normally, but there is an incessant svchost.exe process that keeps popping up and bogging down the computer. Also, I would like to be able to startup windows with only the necessary processes at startup. Can you clue me in on how I should go about this? Thanks so much for your help!

Link to post
Share on other sites

  • Staff

Hello

Also, I would like to be able to startup windows with only the necessary processes at startup. - I will get to this a little bit later as soon as I feel the computer is cleaner

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

ComboFix 13-02-01.04 - Preston 02/01/2013 19:36:07.2.2 - x86

Running from: c:\documents and settings\Preston\Desktop\ComboFix.exe

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Guest\Local Settings\Application Data\assembly\tmp

c:\documents and settings\Preston\awt43abr.exe

c:\documents and settings\Preston\Local Settings\Application Data\assembly\tmp

c:\documents and settings\Preston\Local Settings\Application Data\assembly\tmp\9IPX4CZ7\__AssemblyInfo__.ini

c:\documents and settings\Preston\Local Settings\Application Data\assembly\tmp\9IPX4CZ7\FsdCommon.DLL

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))

.

.

2013-01-28 20:00 . 2013-01-28 20:00 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\WinRAR SFX

2013-01-28 20:00 . 2013-01-28 20:00 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\WebCheckChannelAgent

2013-01-28 20:00 . 2013-01-29 18:21 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\kvenZz7qZyWVto

2013-01-03 02:39 . 2008-04-14 06:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2013-01-03 02:39 . 2008-04-14 06:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2013-01-03 02:39 . 2008-04-14 06:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2013-01-03 02:39 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-22 01:51 . 2012-04-14 02:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-22 01:51 . 2011-09-02 01:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 22:49 . 2011-08-30 13:37 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01 . 2008-10-03 21:10 1371648 ----a-w- c:\windows\system32\msxml6.dll

2007-02-13 09:43 . 2007-02-13 09:43 35302248 -c--a-w- c:\program files\5.05.25.00_ntune_winxp_international.exe

2004-08-04 12:00 . 2010-09-24 06:26 221184 -c--a-w- c:\program files\opera\program\plugins\wmpns.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-08-08 16:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIIUE.EXE" [2012-02-27 249440]

"EPLTarget\P0000000000000001"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIIUE.EXE" [2012-02-27 249440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]

"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-11-9 1154848]

QuickBooks Web Connector.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2009-2-9 300328]

SolidWorks Background Downloader.lnk - c:\program files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2010-11-2 1826600]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk

backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk

backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-12-12 13:30 132392 -c--a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2006-08-17 17:32 17920 -c--a-w- c:\windows\CTHELPER.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

2006-12-12 15:46 20480 -c--a-w- c:\windows\system32\Ctxfihlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2006-11-12 10:48 157592 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]

2004-09-03 08:58 65536 -c----w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]

2004-06-15 01:54 200704 -c--a-w- c:\program files\Gigabyte\ET5\GUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]

2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2008-08-08 16:27 1083176 -c--a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]

2006-03-08 13:56 278528 -c----w- c:\program files\Creative\MediaSource5\MtdAcqu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-12-02 20:29 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-11-06 13:25 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-10-16 18:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-01-22 23:22 81920 -c--a-w- c:\program files\NVIDIA Corporation\nTune\ntunecmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-10-16 18:04 110696 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]

2005-06-17 00:25 49152 ----a-w- c:\program files\Creative\Shared Files\Module Loader\dllml.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2008-08-08 16:28 2049320 -c--a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-11-23 06:27 1242448 ----a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SolidWorks Licensing Service"=3 (0x3)

"NeroRegInCDSrv"=2 (0x2)

"Nero BackItUp Scheduler 3"=2 (0x2)

"MSSQLServerADHelper"=3 (0x3)

"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)

"LightScribeService"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"gupdate"=2 (0x2)

"WZCSVC"=2 (0x2)

"UPS"=3 (0x3)

"TrkWks"=2 (0x2)

"TermService"=3 (0x3)

"TapiSrv"=3 (0x3)

"SoundMovieServer"=3 (0x3)

"mnmsrvc"=3 (0x3)

"LiveUpdate"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"ISSVC"=2 (0x2)

"nTuneService"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/20/2011 12:18 AM 239168]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 12:54 PM 116608]

R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2/2/2011 2:08 PM 18656]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 6:35 AM 819600]

R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [5/10/2012 2:00 PM 539744]

R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [1/2/2013 7:44 AM 122000]

R2 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;c:\program files\SolidWorks\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [9/8/2010 12:03 AM 89864]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 2:04 PM 447832]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/30/2011 7:37 AM 21104]

R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 2:04 PM 543064]

R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 2:04 PM 190312]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 2:05 PM 21864]

R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 2:04 PM 14680]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 2:04 PM 203608]

R3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [8/9/2007 1:35 AM 506496]

R3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [3/28/2008 5:19 PM 3768]

S0 AmdAcpi;AmdAcpi Bus Filter Driver; [x]

S0 sqcfvcsa;sqcfvcsa;c:\windows\system32\drivers\vpss.sys --> c:\windows\system32\drivers\vpss.sys [?]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/16/2012 9:30 PM 398184]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/30/2011 7:37 AM 682344]

S3 amdtools;AMD Special Tools Driver; [x]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks\swScheduler\DTSCoordinatorService.exe [10/5/2010 7:07 AM 87336]

S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2/13/2007 3:51 AM 96256]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S3 hitmanpro36;HitmanPro 3.6 Support Driver;\??\c:\windows\system32\drivers\hitmanpro36.sys --> c:\windows\system32\drivers\hitmanpro36.sys [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]

S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 10:28 AM 53032]

S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/28/2008 5:19 PM 184320]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/13/2007 11:20 PM 691696]

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 08:28]

.

2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 08:28]

.

2013-02-01 c:\windows\Tasks\User_Feed_Synchronization-{561DDAE7-884D-4921-9C0C-F2EA28E4F39D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

TCP: DhcpNameServer = 69.49.208.10 69.7.80.10

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} - hxxps://www.wm-mobile.ubs.com/md/plugin/excel_mobil/excel.cab

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-01 20:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD1500ADFD-00NLR1 rev.20.07P20 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A54C2E2

user & kernel MBR OK

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,53,44,36,19,1a,25,48,91,4b,b8,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,53,44,36,19,1a,25,48,91,4b,b8,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(904)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(964)

c:\windows\system32\WININET.dll

.

Completion time: 2013-02-01 20:21:50

ComboFix-quarantined-files.txt 2013-02-02 02:21

ComboFix2.txt 2012-09-17 04:58

.

Pre-Run: 18,726,203,392 bytes free

Post-Run: 18,860,478,464 bytes free

.

- - End Of File - - CB0482A2DF2ADC97FE0FC300A428F888

Link to post
Share on other sites

Combofix stalled out at stage 48. I noticed that same svchost.exe process was active and I shut it down. At this point combofix started working again. Everything seems to be working fine except when that svchost.exe process starts running again. Some of my display settings have changed (no big deal) and I can't use hyperlinks in my emails because of restricted access even though I'm on the admin profile (kind of a big deal).

Again, you're help is greatly appreciated. Thanks!

Link to post
Share on other sites

  • Staff

 

 

 

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

 

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

19:44:06.0607 3648 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

19:44:07.0138 3648 ============================================================

19:44:07.0138 3648 Current date / time: 2013/02/03 19:44:07.0138

19:44:07.0138 3648 SystemInfo:

19:44:07.0138 3648

19:44:07.0138 3648 OS Version: 5.1.2600 ServicePack: 3.0

19:44:07.0138 3648 Product type: Workstation

19:44:07.0138 3648 ComputerName: PRESTON-103484B

19:44:07.0138 3648 UserName: Preston

19:44:07.0138 3648 Windows directory: C:\WINDOWS

19:44:07.0138 3648 System windows directory: C:\WINDOWS

19:44:07.0138 3648 Processor architecture: Intel x86

19:44:07.0138 3648 Number of processors: 2

19:44:07.0138 3648 Page size: 0x1000

19:44:07.0138 3648 Boot type: Normal boot

19:44:07.0138 3648 ============================================================

19:44:16.0558 3648 BG loaded

19:44:19.0338 3648 Drive \Device\Harddisk0\DR0 - Size: 0x22EF035E00 (139.73 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:44:19.0666 3648 ============================================================

19:44:19.0666 3648 \Device\Harddisk0\DR0:

19:44:19.0697 3648 MBR partitions:

19:44:19.0697 3648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11773701

19:44:19.0697 3648 ============================================================

19:44:22.0353 3648 C: <-> \Device\Harddisk0\DR0\Partition1

19:44:22.0618 3648 ============================================================

19:44:22.0618 3648 Initialize success

19:44:22.0618 3648 ============================================================

19:44:52.0047 1180 ============================================================

19:44:52.0047 1180 Scan started

19:44:52.0047 1180 Mode: Manual;

19:44:52.0047 1180 ============================================================

19:44:58.0936 1180 ================ Scan system memory ========================

19:44:58.0936 1180 System memory - ok

19:44:58.0936 1180 ================ Scan services =============================

19:44:59.0561 1180 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

19:44:59.0608 1180 !SASCORE - ok

19:45:03.0653 1180 Abiosdsk - ok

19:45:03.0653 1180 abp480n5 - ok

19:45:03.0747 1180 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:45:03.0810 1180 ACPI - ok

19:45:03.0856 1180 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

19:45:03.0888 1180 ACPIEC - ok

19:45:03.0888 1180 adpu160m - ok

19:45:03.0919 1180 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

19:45:04.0153 1180 aec - ok

19:45:04.0216 1180 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

19:45:04.0231 1180 AFD - ok

19:45:04.0231 1180 AgereSoftModem - ok

19:45:04.0231 1180 Aha154x - ok

19:45:04.0247 1180 aic78u2 - ok

19:45:04.0247 1180 aic78xx - ok

19:45:04.0309 1180 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

19:45:04.0372 1180 Alerter - ok

19:45:04.0856 1180 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

19:45:04.0856 1180 ALG - ok

19:45:04.0856 1180 AliIde - ok

19:45:04.0872 1180 AmdAcpi - ok

19:45:04.0872 1180 AmdK8 - ok

19:45:04.0872 1180 AmdLLD - ok

19:45:06.0075 1180 AMDPCI - ok

19:45:06.0121 1180 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

19:45:06.0121 1180 AmdPPM - ok

19:45:06.0137 1180 amdtools - ok

19:45:06.0137 1180 amsint - ok

19:45:06.0246 1180 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

19:45:06.0340 1180 AppMgmt - ok

19:45:06.0418 1180 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

19:45:06.0418 1180 Arp1394 - ok

19:45:06.0434 1180 asc - ok

19:45:06.0434 1180 asc3350p - ok

19:45:06.0449 1180 asc3550 - ok

19:45:06.0699 1180 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

19:45:06.0777 1180 aspnet_state - ok

19:45:06.0856 1180 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:45:06.0871 1180 AsyncMac - ok

19:45:06.0965 1180 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

19:45:06.0965 1180 atapi - ok

19:45:06.0965 1180 Atdisk - ok

19:45:06.0981 1180 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:45:06.0996 1180 Atmarpc - ok

19:45:07.0043 1180 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

19:45:07.0043 1180 AudioSrv - ok

19:45:07.0090 1180 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

19:45:07.0090 1180 audstub - ok

19:45:07.0371 1180 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe

19:45:07.0371 1180 Autodesk Content Service - ok

19:45:07.0434 1180 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

19:45:07.0434 1180 Beep - ok

19:45:07.0496 1180 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

19:45:07.0637 1180 BITS - ok

19:45:07.0715 1180 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys

19:45:07.0730 1180 Bridge - ok

19:45:07.0746 1180 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys

19:45:07.0746 1180 BridgeMP - ok

19:45:07.0777 1180 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

19:45:07.0777 1180 Browser - ok

19:45:07.0777 1180 catchme - ok

19:45:07.0793 1180 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

19:45:07.0793 1180 cbidf2k - ok

19:45:07.0793 1180 cd20xrnt - ok

19:45:07.0808 1180 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

19:45:07.0808 1180 Cdaudio - ok

19:45:07.0840 1180 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

19:45:07.0840 1180 Cdfs - ok

19:45:07.0887 1180 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:45:07.0887 1180 Cdrom - ok

19:45:07.0902 1180 Changer - ok

19:45:07.0949 1180 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

19:45:07.0965 1180 CiSvc - ok

19:45:08.0011 1180 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

19:45:08.0043 1180 ClipSrv - ok

19:45:08.0339 1180 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:45:09.0074 1180 clr_optimization_v2.0.50727_32 - ok

19:45:09.0199 1180 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:45:09.0527 1180 clr_optimization_v4.0.30319_32 - ok

19:45:09.0527 1180 CmdIde - ok

19:45:09.0527 1180 COMSysApp - ok

19:45:10.0620 1180 [ F46FF007508C32788D8D5F32F27C25C7 ] CoordinatorServiceHost C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe

19:45:10.0651 1180 CoordinatorServiceHost - ok

19:45:10.0651 1180 Cpqarray - ok

19:45:10.0776 1180 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE

19:45:10.0776 1180 Creative Service for CDROM Access - ok

19:45:10.0839 1180 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

19:45:10.0839 1180 CryptSvc - ok

19:45:11.0011 1180 [ 177BC4EE3840119A780EAFAD5A010F8F ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys

19:45:11.0011 1180 ctac32k - ok

19:45:11.0104 1180 [ EB0C0D62D8D2B8F41DA149C866E93397 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys

19:45:11.0104 1180 ctaud2k - ok

19:45:11.0182 1180 [ F02E5E05AD79111F3B975E2A654AA050 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys

19:45:11.0323 1180 ctdvda2k - ok

19:45:11.0432 1180 [ E2B1AEDB62845581D848037F0A614EE6 ] ctlsb16 C:\WINDOWS\system32\drivers\ctlsb16.sys

19:45:11.0464 1180 ctlsb16 - ok

19:45:11.0479 1180 [ 7D7EEA7FFBC19E1B712D241490BE51ED ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys

19:45:11.0479 1180 ctprxy2k - ok

19:45:11.0604 1180 [ 538122D33DD4B04CC189D5CA72BD6706 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys

19:45:11.0604 1180 ctsfm2k - ok

19:45:11.0948 1180 [ 9F38FEB92D18468012543E1AFCF79BBC ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

19:45:11.0948 1180 cvhsvc - ok

19:45:11.0948 1180 dac2w2k - ok

19:45:11.0963 1180 dac960nt - ok

19:45:12.0088 1180 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

19:45:12.0088 1180 DcomLaunch - ok

19:45:12.0182 1180 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

19:45:12.0198 1180 Dhcp - ok

19:45:12.0245 1180 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:12.0276 1180 Disk - ok

19:45:12.0276 1180 dmadmin - ok

19:45:12.0323 1180 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

19:45:12.0323 1180 dmboot - ok

19:45:12.0354 1180 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

19:45:12.0385 1180 dmio - ok

19:45:12.0666 1180 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

19:45:12.0760 1180 dmload - ok

19:45:13.0307 1180 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

19:45:13.0307 1180 dmserver - ok

19:45:13.0385 1180 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

19:45:13.0385 1180 DMusic - ok

19:45:13.0416 1180 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

19:45:13.0432 1180 Dnscache - ok

19:45:13.0666 1180 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

19:45:13.0760 1180 Dot3svc - ok

19:45:13.0775 1180 dpti2o - ok

19:45:13.0869 1180 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

19:45:13.0869 1180 drmkaud - ok

19:45:13.0963 1180 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

19:45:13.0963 1180 dtsoftbus01 - ok

19:45:13.0994 1180 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

19:45:14.0103 1180 EapHost - ok

19:45:14.0463 1180 [ 96BCD90ED9235A21629EFFDE5E941FB1 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

19:45:14.0478 1180 eeCtrl - ok

19:45:14.0525 1180 [ 8E0EB62BE9F9BEE7C2E4C50685038E8D ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys

19:45:14.0541 1180 emupia - ok

19:45:14.0619 1180 [ FD9FC82F134B1C91004FFC76A5AE494B ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys

19:45:14.0666 1180 ENTECH - ok

19:45:14.0931 1180 [ 138FA38DC0AC61F39C99B801BF11D867 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

19:45:14.0931 1180 EpsonCustomerParticipation - ok

19:45:15.0025 1180 [ E9EFCB47B90FD5498695BB7FEFD36CAE ] EpsonScanSvc C:\WINDOWS\system32\EscSvc.exe

19:45:15.0025 1180 EpsonScanSvc - ok

19:45:15.0025 1180 EraserUtilRebootDrv - ok

19:45:15.0072 1180 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

19:45:15.0072 1180 ERSvc - ok

19:45:15.0119 1180 [ 8C0A2CA0306AF00F8DDF7D40A304E21E ] ET5Drv C:\WINDOWS\system32\Drivers\ET5Drv.sys

19:45:15.0181 1180 ET5Drv - ok

19:45:15.0228 1180 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

19:45:15.0244 1180 Eventlog - ok

19:45:15.0353 1180 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

19:45:15.0353 1180 EventSystem - ok

19:45:15.0431 1180 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

19:45:15.0431 1180 Fastfat - ok

19:45:15.0587 1180 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

19:45:15.0587 1180 FastUserSwitchingCompatibility - ok

19:45:15.0603 1180 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

19:45:15.0603 1180 Fdc - ok

19:45:15.0619 1180 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

19:45:15.0619 1180 Fips - ok

19:45:15.0900 1180 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

19:45:16.0243 1180 FLEXnet Licensing Service - ok

19:45:16.0259 1180 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:45:16.0259 1180 Flpydisk - ok

19:45:16.0353 1180 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

19:45:16.0431 1180 FltMgr - ok

19:45:16.0572 1180 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

19:45:16.0634 1180 FontCache3.0.0.0 - ok

19:45:16.0853 1180 [ 5F964BD0C8A6B5B74AF7F8A2CDB6BB14 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

19:45:16.0853 1180 ForceWare Intelligent Application Manager (IAM) - ok

19:45:16.0931 1180 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:45:16.0931 1180 Fs_Rec - ok

19:45:16.0993 1180 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:45:17.0024 1180 Ftdisk - ok

19:45:17.0087 1180 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

19:45:17.0087 1180 GEARAspiWDM - ok

19:45:17.0118 1180 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:45:17.0118 1180 Gpc - ok

19:45:17.0337 1180 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

19:45:17.0353 1180 gupdate - ok

19:45:17.0399 1180 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

19:45:17.0399 1180 gupdatem - ok

19:45:17.0681 1180 [ F2607D0D89F57D3564CF65A61A237F1A ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys

19:45:17.0681 1180 ha20x2k - ok

19:45:17.0977 1180 [ D64A40B94602158E40527AE95E7A9193 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys

19:45:17.0993 1180 Hardlock - ok

19:45:18.0071 1180 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:45:18.0071 1180 HDAudBus - ok

19:45:18.0290 1180 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

19:45:18.0290 1180 helpsvc - ok

19:45:18.0290 1180 HidServ - ok

19:45:18.0337 1180 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:45:18.0337 1180 HidUsb - ok

19:45:18.0352 1180 hitmanpro36 - ok

19:45:18.0430 1180 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

19:45:18.0477 1180 hkmsvc - ok

19:45:18.0477 1180 hpn - ok

19:45:18.0540 1180 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

19:45:18.0540 1180 HTTP - ok

19:45:18.0555 1180 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

19:45:18.0587 1180 HTTPFilter - ok

19:45:18.0587 1180 i2omgmt - ok

19:45:18.0587 1180 i2omp - ok

19:45:18.0602 1180 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:45:18.0602 1180 i8042prt - ok

19:45:18.0774 1180 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:45:18.0805 1180 idsvc - ok

19:45:18.0836 1180 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

19:45:18.0836 1180 Imapi - ok

19:45:18.0883 1180 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

19:45:18.0915 1180 ImapiService - ok

19:45:18.0946 1180 [ 914B9BD741189335C1F8D0CCEDA8B639 ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys

19:45:18.0946 1180 InCDfs - ok

19:45:18.0961 1180 [ 4750CB7883952F873F778BDCF09E6C93 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys

19:45:18.0961 1180 InCDPass - ok

19:45:18.0977 1180 [ 4FADCD138C649545BFA9DC3BBC8FEE0D ] InCDRec C:\WINDOWS\system32\drivers\InCDRec.sys

19:45:18.0977 1180 InCDRec - ok

19:45:18.0993 1180 [ EFE97B244C8DC63600777207DF6AFAC1 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys

19:45:18.0993 1180 incdrm - ok

19:45:19.0289 1180 [ 32CD31A1262A577AB723DBB3894175F0 ] InCDsrv C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

19:45:19.0289 1180 InCDsrv - ok

19:45:19.0289 1180 ini910u - ok

19:45:19.0305 1180 IntcAzAudAddService - ok

19:45:19.0305 1180 IntelIde - ok

19:45:19.0352 1180 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

19:45:19.0352 1180 Ip6Fw - ok

19:45:19.0383 1180 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:45:19.0399 1180 IpFilterDriver - ok

19:45:19.0414 1180 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:45:19.0414 1180 IpInIp - ok

19:45:19.0461 1180 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:45:19.0461 1180 IpNat - ok

19:45:19.0477 1180 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:45:19.0493 1180 IPSec - ok

19:45:19.0524 1180 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

19:45:19.0524 1180 IRENUM - ok

19:45:19.0539 1180 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:45:19.0539 1180 isapnp - ok

19:45:19.0649 1180 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

19:45:19.0649 1180 JavaQuickStarterService - ok

19:45:19.0664 1180 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys

19:45:19.0664 1180 JGOGO - ok

19:45:19.0664 1180 [ 06B9C22897EBDC6ABA993C77F173D882 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys

19:45:19.0664 1180 JRAID - ok

19:45:19.0680 1180 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:45:19.0680 1180 Kbdclass - ok

19:45:19.0727 1180 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

19:45:19.0742 1180 kmixer - ok

19:45:19.0758 1180 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

19:45:19.0758 1180 KSecDD - ok

19:45:19.0774 1180 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

19:45:19.0774 1180 lanmanserver - ok

19:45:19.0805 1180 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

19:45:19.0805 1180 lanmanworkstation - ok

19:45:19.0805 1180 lbrtfdc - ok

19:45:19.0867 1180 [ C1135AE77CFF2623A11DA62F982E2A5F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

19:45:19.0883 1180 LightScribeService - ok

19:45:19.0899 1180 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

19:45:19.0899 1180 LmHosts - ok

19:45:19.0930 1180 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

19:45:19.0930 1180 MBAMProtector - ok

19:45:20.0008 1180 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

19:45:20.0008 1180 MBAMScheduler - ok

19:45:20.0070 1180 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

19:45:20.0070 1180 MBAMService - ok

19:45:20.0149 1180 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe

19:45:20.0149 1180 McciCMService - ok

19:45:20.0149 1180 mcdbus - ok

19:45:20.0195 1180 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

19:45:20.0195 1180 Messenger - ok

19:45:20.0227 1180 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

19:45:20.0227 1180 mnmdd - ok

19:45:20.0258 1180 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

19:45:20.0258 1180 mnmsrvc - ok

19:45:20.0274 1180 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

19:45:20.0274 1180 Modem - ok

19:45:20.0289 1180 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:45:20.0289 1180 Mouclass - ok

19:45:20.0320 1180 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:45:20.0320 1180 mouhid - ok

19:45:20.0336 1180 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

19:45:20.0336 1180 MountMgr - ok

19:45:20.0336 1180 mraid35x - ok

19:45:20.0352 1180 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

19:45:20.0352 1180 MREMP50 - ok

19:45:20.0367 1180 MREMP50a64 - ok

19:45:20.0367 1180 MREMPR5 - ok

19:45:20.0367 1180 MRENDIS5 - ok

19:45:20.0383 1180 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

19:45:20.0399 1180 MRESP50 - ok

19:45:20.0399 1180 MRESP50a64 - ok

19:45:20.0414 1180 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:45:20.0414 1180 MRxDAV - ok

19:45:20.0445 1180 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:45:20.0445 1180 MRxSmb - ok

19:45:20.0477 1180 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

19:45:20.0477 1180 MSDTC - ok

19:45:20.0492 1180 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

19:45:20.0492 1180 Msfs - ok

19:45:20.0492 1180 MSIServer - ok

19:45:20.0492 1180 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:45:20.0492 1180 MSKSSRV - ok

19:45:20.0508 1180 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:45:20.0508 1180 MSPCLOCK - ok

19:45:20.0523 1180 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

19:45:20.0523 1180 MSPQM - ok

19:45:20.0555 1180 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:45:20.0555 1180 mssmbios - ok

19:45:21.0398 1180 [ 1B959A0614D575D0AB3B09095F0A8B83 ] MSSQL$MICROSOFTSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

19:45:23.0882 1180 MSSQL$MICROSOFTSMLBIZ - ok

19:45:23.0976 1180 [ 1D1B22613EAB9287AF902398867BC93C ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

19:45:23.0976 1180 MSSQLServerADHelper - ok

19:45:24.0460 1180 [ 73FA09B84B23A1897809A84F976D5D99 ] msvsmon80 C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

19:45:24.0663 1180 msvsmon80 - ok

19:45:24.0710 1180 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

19:45:24.0725 1180 Mup - ok

19:45:24.0819 1180 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

19:45:24.0850 1180 napagent - ok

19:45:24.0897 1180 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

19:45:24.0897 1180 NDIS - ok

19:45:24.0944 1180 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:45:24.0944 1180 NdisTapi - ok

19:45:25.0007 1180 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:45:25.0038 1180 Ndisuio - ok

19:45:25.0053 1180 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:45:25.0053 1180 NdisWan - ok

19:45:25.0085 1180 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

19:45:25.0085 1180 NDProxy - ok

19:45:25.0288 1180 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

19:45:25.0366 1180 Nero BackItUp Scheduler 3 - ok

19:45:25.0397 1180 [ BF11B59A84BC6237E90FA477A1432626 ] NeroRegInCDSrv C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe

19:45:25.0413 1180 NeroRegInCDSrv - ok

19:45:25.0444 1180 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

19:45:25.0444 1180 NetBIOS - ok

19:45:25.0475 1180 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

19:45:25.0475 1180 NetBT - ok

19:45:25.0538 1180 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

19:45:25.0538 1180 NetDDE - ok

19:45:25.0538 1180 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

19:45:25.0553 1180 NetDDEdsdm - ok

19:45:25.0569 1180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

19:45:25.0569 1180 Netlogon - ok

19:45:25.0585 1180 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

19:45:25.0600 1180 Netman - ok

19:45:25.0631 1180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

19:45:25.0631 1180 NetTcpPortSharing - ok

19:45:25.0663 1180 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

19:45:25.0663 1180 NIC1394 - ok

19:45:25.0678 1180 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

19:45:25.0678 1180 Nla - ok

19:45:25.0756 1180 [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

19:45:25.0772 1180 NMIndexingService - ok

19:45:25.0788 1180 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

19:45:25.0788 1180 Npfs - ok

19:45:25.0803 1180 [ 3581422BC6AB5D31843F7952C69CD78F ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

19:45:25.0803 1180 nSvcIp - ok

19:45:25.0850 1180 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

19:45:25.0866 1180 Ntfs - ok

19:45:25.0866 1180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

19:45:25.0866 1180 NtLmSsp - ok

19:45:25.0897 1180 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

19:45:25.0913 1180 NtmsSvc - ok

19:45:25.0928 1180 nTuneService - ok

19:45:25.0944 1180 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

19:45:25.0944 1180 Null - ok

19:45:26.0147 1180 [ B9B1BB146EB9A83DCF0F5635B09D3D43 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

19:45:26.0194 1180 nv - ok

19:45:26.0225 1180 [ CC34564BCA235EBAD8B308D871EFA2DF ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

19:45:26.0225 1180 NVENETFD - ok

19:45:26.0256 1180 [ 46FDB8D07DD4FC81093B0ACB243A525D ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

19:45:26.0256 1180 nvnetbus - ok

19:45:26.0303 1180 [ CC4F8220EAD1F6A38D51679708F435B9 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

19:45:26.0319 1180 NVSvc - ok

19:45:26.0334 1180 [ 57D0FB1B75420DB651A71D5517AFDF8A ] NVTCP C:\WINDOWS\system32\DRIVERS\NVTcp.sys

19:45:26.0334 1180 NVTCP - ok

19:45:26.0366 1180 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:45:26.0381 1180 NwlnkFlt - ok

19:45:26.0397 1180 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:45:26.0397 1180 NwlnkFwd - ok

19:45:26.0412 1180 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

19:45:26.0428 1180 ohci1394 - ok

19:45:26.0475 1180 [ 067DB5B067722997FCAFE1858163D411 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:45:26.0506 1180 ose - ok

19:45:26.0803 1180 [ 928C8060A555F0622CC4CAC672B08573 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:45:26.0944 1180 osppsvc - ok

19:45:26.0959 1180 [ 611B58C2FD89AA9E80743A197BA62277 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys

19:45:26.0975 1180 ossrv - ok

19:45:26.0990 1180 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

19:45:26.0990 1180 Parport - ok

19:45:27.0006 1180 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

19:45:27.0022 1180 PartMgr - ok

19:45:27.0037 1180 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

19:45:27.0037 1180 ParVdm - ok

19:45:27.0084 1180 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

19:45:27.0084 1180 PCI - ok

19:45:27.0084 1180 PCIDump - ok

19:45:27.0100 1180 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

19:45:27.0115 1180 PCIIde - ok

19:45:27.0147 1180 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

19:45:27.0162 1180 Pcmcia - ok

19:45:27.0162 1180 PDCOMP - ok

19:45:27.0178 1180 PDFRAME - ok

19:45:27.0178 1180 PDRELI - ok

19:45:27.0178 1180 PDRFRAME - ok

19:45:27.0193 1180 perc2 - ok

19:45:27.0193 1180 perc2hib - ok

19:45:27.0225 1180 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe

19:45:27.0225 1180 PLFlash DeviceIoControl Service - ok

19:45:27.0240 1180 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

19:45:27.0240 1180 PlugPlay - ok

19:45:27.0256 1180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

19:45:27.0256 1180 PolicyAgent - ok

19:45:27.0287 1180 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:45:27.0287 1180 PptpMiniport - ok

19:45:27.0318 1180 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

19:45:27.0318 1180 Processor - ok

19:45:27.0318 1180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

19:45:27.0318 1180 ProtectedStorage - ok

19:45:27.0334 1180 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

19:45:27.0334 1180 PSched - ok

19:45:27.0381 1180 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:45:27.0381 1180 Ptilink - ok

19:45:27.0459 1180 [ 67BFD5FBE6A5497076B85AC93BFB188B ] QBCFMonitorService c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

19:45:27.0459 1180 QBCFMonitorService - ok

19:45:27.0521 1180 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

19:45:27.0537 1180 QBFCService - ok

19:45:27.0553 1180 ql1080 - ok

19:45:27.0553 1180 Ql10wnt - ok

19:45:27.0553 1180 ql12160 - ok

19:45:27.0568 1180 ql1240 - ok

19:45:27.0568 1180 ql1280 - ok

19:45:27.0584 1180 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:45:27.0584 1180 RasAcd - ok

19:45:27.0600 1180 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

19:45:27.0631 1180 RasAuto - ok

19:45:27.0646 1180 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:45:27.0646 1180 Rasl2tp - ok

19:45:27.0693 1180 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

19:45:27.0693 1180 RasMan - ok

19:45:27.0693 1180 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:45:27.0709 1180 RasPppoe - ok

19:45:27.0709 1180 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

19:45:27.0709 1180 Raspti - ok

19:45:27.0725 1180 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:45:27.0725 1180 Rdbss - ok

19:45:27.0740 1180 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:45:27.0740 1180 RDPCDD - ok

19:45:27.0756 1180 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:45:27.0756 1180 rdpdr - ok

19:45:27.0818 1180 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

19:45:27.0818 1180 RDPWD - ok

19:45:27.0850 1180 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

19:45:27.0850 1180 RDSessMgr - ok

19:45:27.0850 1180 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

19:45:27.0850 1180 redbook - ok

19:45:27.0974 1180 [ F424AEE4E895CF8D819ADFC08D906699 ] Remote Solver for Flow Simulation 2011 C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe

19:45:27.0974 1180 Remote Solver for Flow Simulation 2011 - ok

19:45:27.0990 1180 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

19:45:27.0990 1180 RemoteAccess - ok

19:45:28.0021 1180 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

19:45:28.0021 1180 RemoteRegistry - ok

19:45:28.0021 1180 RimUsb - ok

19:45:28.0053 1180 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys

19:45:28.0053 1180 RimVSerPort - ok

19:45:28.0068 1180 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys

19:45:28.0068 1180 ROOTMODEM - ok

19:45:28.0099 1180 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

19:45:28.0099 1180 RpcLocator - ok

19:45:28.0131 1180 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

19:45:28.0131 1180 RpcSs - ok

19:45:28.0146 1180 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

19:45:28.0146 1180 RSVP - ok

19:45:28.0162 1180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

19:45:28.0162 1180 SamSs - ok

19:45:28.0193 1180 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

19:45:28.0193 1180 SASDIFSV - ok

19:45:28.0209 1180 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

19:45:28.0209 1180 SASKUTIL - ok

19:45:28.0209 1180 SBRE - ok

19:45:28.0224 1180 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

19:45:28.0224 1180 SCardSvr - ok

19:45:28.0256 1180 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

19:45:28.0256 1180 Schedule - ok

19:45:28.0287 1180 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:45:28.0287 1180 Secdrv - ok

19:45:28.0302 1180 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

19:45:28.0302 1180 seclogon - ok

19:45:28.0318 1180 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

19:45:28.0318 1180 SENS - ok

19:45:28.0349 1180 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

19:45:28.0349 1180 serenum - ok

19:45:28.0381 1180 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

19:45:28.0381 1180 Serial - ok

19:45:28.0396 1180 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

19:45:28.0396 1180 Sfloppy - ok

19:45:28.0443 1180 [ 21FD68E11D15AC0C4B3A0846E39BE565 ] sftfs C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys

19:45:28.0443 1180 sftfs - ok

19:45:28.0474 1180 [ 7F8260BA2F62C010174431FBF5095DC4 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

19:45:28.0474 1180 sftlist - ok

19:45:28.0490 1180 [ 38FD811E7F58250916548031BD9308D0 ] sftplay C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys

19:45:28.0490 1180 sftplay - ok

19:45:28.0506 1180 [ 1F13F3C7907588D017299B008EEED06C ] Sftredir C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys

19:45:28.0506 1180 Sftredir - ok

19:45:28.0521 1180 [ 634274439E8701799F6FCE42933CDB06 ] sftvol C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys

19:45:28.0521 1180 sftvol - ok

19:45:28.0537 1180 [ 17CF4AB893DE9AAF57B45BFCF88C5278 ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

19:45:28.0537 1180 sftvsa - ok

19:45:28.0599 1180 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

19:45:28.0615 1180 SharedAccess - ok

19:45:28.0631 1180 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

19:45:28.0631 1180 ShellHWDetection - ok

19:45:28.0646 1180 Simbad - ok

19:45:28.0709 1180 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

19:45:28.0724 1180 SolidWorks Licensing Service - ok

19:45:28.0771 1180 [ 99EA315050AFF995FE38A885E8367D74 ] SoundMovieServer C:\WINDOWS\system32\snmvtsvc.exe

19:45:28.0771 1180 SoundMovieServer - ok

19:45:28.0771 1180 Sparrow - ok

19:45:28.0802 1180 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

19:45:28.0802 1180 splitter - ok

19:45:28.0849 1180 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

19:45:28.0849 1180 Spooler - ok

19:45:28.0927 1180 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys

19:45:28.0943 1180 sptd - ok

19:45:28.0943 1180 sqcfvcsa - ok

19:45:29.0021 1180 [ 352E375AB298C23B0F9BC307652C7F50 ] SQLAgent$MICROSOFTSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE

19:45:29.0037 1180 SQLAgent$MICROSOFTSMLBIZ - ok

19:45:29.0068 1180 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

19:45:29.0084 1180 sr - ok

19:45:29.0115 1180 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

19:45:29.0115 1180 srservice - ok

19:45:29.0162 1180 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

19:45:29.0162 1180 Srv - ok

19:45:29.0193 1180 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

19:45:29.0208 1180 SSDPSRV - ok

19:45:29.0240 1180 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

19:45:29.0240 1180 stisvc - ok

19:45:29.0271 1180 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

19:45:29.0271 1180 swenum - ok

19:45:29.0287 1180 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

19:45:29.0287 1180 swmidi - ok

19:45:29.0302 1180 SwPrv - ok

19:45:29.0458 1180 [ FA2F6A8849219B16460BF44F9D1F3AA7 ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

19:45:29.0474 1180 Symantec Core LC - ok

19:45:29.0474 1180 symc810 - ok

19:45:29.0474 1180 symc8xx - ok

19:45:29.0505 1180 SYMIDSCO - ok

19:45:29.0537 1180 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:\WINDOWS\system32\drivers\symlcbrd.sys

19:45:29.0537 1180 symlcbrd - ok

19:45:29.0537 1180 sym_hi - ok

19:45:29.0552 1180 sym_u3 - ok

19:45:29.0568 1180 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

19:45:29.0568 1180 sysaudio - ok

19:45:29.0583 1180 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

19:45:29.0599 1180 SysmonLog - ok

19:45:29.0646 1180 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

19:45:29.0661 1180 TapiSrv - ok

19:45:29.0693 1180 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:45:29.0693 1180 Tcpip - ok

19:45:29.0740 1180 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

19:45:29.0740 1180 TDPIPE - ok

19:45:29.0755 1180 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

19:45:29.0771 1180 TDTCP - ok

19:45:29.0786 1180 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

19:45:29.0786 1180 TermDD - ok

19:45:29.0818 1180 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

19:45:29.0849 1180 TermService - ok

19:45:29.0865 1180 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

19:45:29.0865 1180 Themes - ok

19:45:29.0911 1180 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

19:45:29.0927 1180 TlntSvr - ok

19:45:29.0927 1180 TosIde - ok

19:45:29.0958 1180 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

19:45:29.0990 1180 TrkWks - ok

19:45:30.0052 1180 [ A1B4A9A1ACED50BA37D9776DE3E23D27 ] TunRDriverV32 C:\WINDOWS\system32\drivers\TunRDriverV32.sys

19:45:30.0052 1180 TunRDriverV32 - ok

19:45:30.0083 1180 [ 9EA0C7DFD322748C6FF9FAEC690A09E4 ] TunRVideo32 C:\WINDOWS\system32\DRIVERS\TunRVideo32.sys

19:45:30.0083 1180 TunRVideo32 - ok

19:45:30.0114 1180 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

19:45:30.0130 1180 Udfs - ok

19:45:30.0130 1180 ultra - ok

19:45:30.0271 1180 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

19:45:30.0286 1180 Update - ok

19:45:30.0411 1180 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

19:45:30.0505 1180 upnphost - ok

19:45:30.0677 1180 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

19:45:30.0677 1180 UPS - ok

19:45:30.0708 1180 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:45:30.0708 1180 usbccgp - ok

19:45:30.0786 1180 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:45:30.0786 1180 usbehci - ok

19:45:30.0817 1180 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:45:30.0817 1180 usbhub - ok

19:45:30.0896 1180 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

19:45:30.0896 1180 usbohci - ok

19:45:30.0958 1180 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:45:30.0989 1180 usbprint - ok

19:45:31.0114 1180 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:45:31.0114 1180 usbscan - ok

19:45:31.0145 1180 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:31.0161 1180 USBSTOR - ok

19:45:31.0192 1180 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

19:45:31.0192 1180 VgaSave - ok

19:45:31.0192 1180 ViaIde - ok

19:45:31.0224 1180 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

19:45:31.0224 1180 VolSnap - ok

19:45:31.0286 1180 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

19:45:31.0317 1180 VSS - ok

19:45:31.0348 1180 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

19:45:31.0348 1180 W32Time - ok

19:45:31.0364 1180 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:45:31.0364 1180 Wanarp - ok

19:45:31.0411 1180 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

19:45:31.0411 1180 Wdf01000 - ok

19:45:31.0427 1180 WDICA - ok

19:45:31.0442 1180 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

19:45:31.0442 1180 wdmaud - ok

19:45:31.0458 1180 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

19:45:31.0458 1180 WebClient - ok

19:45:31.0505 1180 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

19:45:31.0505 1180 winmgmt - ok

19:45:31.0536 1180 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

19:45:31.0536 1180 WmdmPmSN - ok

19:45:31.0567 1180 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

19:45:31.0567 1180 Wmi - ok

19:45:31.0614 1180 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

19:45:31.0614 1180 WmiApSrv - ok

19:45:31.0708 1180 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

19:45:31.0723 1180 WPFFontCache_v0400 - ok

19:45:31.0739 1180 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:45:31.0739 1180 WS2IFSL - ok

19:45:31.0755 1180 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

19:45:31.0755 1180 wscsvc - ok

19:45:31.0786 1180 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

19:45:31.0801 1180 wuauserv - ok

19:45:31.0817 1180 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:45:31.0817 1180 WudfPf - ok

19:45:31.0833 1180 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:45:31.0833 1180 WudfRd - ok

19:45:31.0848 1180 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

19:45:31.0848 1180 WudfSvc - ok

19:45:31.0895 1180 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

19:45:31.0895 1180 WZCSVC - ok

19:45:31.0911 1180 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

19:45:31.0926 1180 xmlprov - ok

19:45:31.0926 1180 ================ Scan global ===============================

19:45:31.0942 1180 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

19:45:31.0989 1180 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

19:45:32.0005 1180 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

19:45:32.0020 1180 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

19:45:32.0020 1180 [Global] - ok

19:45:32.0020 1180 ================ Scan MBR ==================================

19:45:32.0036 1180 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

19:45:32.0036 1180 Suspicious mbr (Forged): \Device\Harddisk0\DR0

19:45:32.0051 1180 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

19:45:32.0051 1180 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

19:45:32.0051 1180 ================ Scan VBR ==================================

19:45:32.0051 1180 [ 66E5815B1D1EDA6508EE48545B6B195A ] \Device\Harddisk0\DR0\Partition1

19:45:32.0051 1180 \Device\Harddisk0\DR0\Partition1 - ok

19:45:32.0051 1180 ================ Scan active images ========================

19:45:32.0067 1180 [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys

19:45:32.0067 1180 C:\WINDOWS\system32\drivers\processr.sys - ok

19:45:32.0067 1180 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys

19:45:32.0067 1180 C:\WINDOWS\system32\drivers\videoprt.sys - ok

19:45:32.0067 1180 [ B9B1BB146EB9A83DCF0F5635B09D3D43 ] C:\WINDOWS\system32\drivers\nv4_mini.sys

19:45:32.0067 1180 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok

19:45:32.0083 1180 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys

19:45:32.0083 1180 C:\WINDOWS\system32\drivers\usbport.sys - ok

19:45:32.0083 1180 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys

19:45:32.0083 1180 C:\WINDOWS\system32\drivers\usbohci.sys - ok

19:45:32.0083 1180 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys

19:45:32.0083 1180 C:\WINDOWS\system32\drivers\usbehci.sys - ok

19:45:32.0083 1180 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys

19:45:32.0083 1180 C:\WINDOWS\system32\drivers\imapi.sys - ok

19:45:32.0098 1180 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys

19:45:32.0098 1180 C:\WINDOWS\system32\drivers\cdrom.sys - ok

19:45:32.0098 1180 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys

19:45:32.0098 1180 C:\WINDOWS\system32\drivers\ks.sys - ok

19:45:32.0098 1180 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys

19:45:32.0098 1180 C:\WINDOWS\system32\drivers\redbook.sys - ok

19:45:32.0114 1180 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys

19:45:32.0114 1180 C:\WINDOWS\system32\drivers\drmk.sys - ok

19:45:32.0114 1180 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

19:45:32.0114 1180 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok

19:45:32.0114 1180 [ 4750CB7883952F873F778BDCF09E6C93 ] C:\WINDOWS\system32\drivers\InCDPass.sys

19:45:32.0114 1180 C:\WINDOWS\system32\drivers\InCDPass.sys - ok

19:45:32.0130 1180 [ EFE97B244C8DC63600777207DF6AFAC1 ] C:\WINDOWS\system32\drivers\InCDRm.sys

19:45:32.0130 1180 C:\WINDOWS\system32\drivers\InCDRm.sys - ok

19:45:32.0130 1180 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys

19:45:32.0130 1180 C:\WINDOWS\system32\drivers\portcls.sys - ok

19:45:32.0130 1180 [ EB0C0D62D8D2B8F41DA149C866E93397 ] C:\WINDOWS\system32\drivers\ctaud2k.sys

19:45:32.0130 1180 C:\WINDOWS\system32\drivers\ctaud2k.sys - ok

19:45:32.0145 1180 [ 611B58C2FD89AA9E80743A197BA62277 ] C:\WINDOWS\system32\drivers\ctoss2k.sys

19:45:32.0145 1180 C:\WINDOWS\system32\drivers\ctoss2k.sys - ok

19:45:32.0145 1180 [ 7D7EEA7FFBC19E1B712D241490BE51ED ] C:\WINDOWS\system32\drivers\ctprxy2k.sys

19:45:32.0145 1180 C:\WINDOWS\system32\drivers\ctprxy2k.sys - ok

19:45:32.0161 1180 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys

19:45:32.0161 1180 C:\WINDOWS\system32\drivers\nic1394.sys - ok

19:45:32.0161 1180 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys

19:45:32.0161 1180 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok

19:45:32.0161 1180 [ 4BB268F95C4E24A8897347FC0965E539 ] C:\WINDOWS\system32\drivers\nvnrm.sys

19:45:32.0161 1180 C:\WINDOWS\system32\drivers\nvnrm.sys - ok

19:45:32.0176 1180 [ 614168F1121C64B786DE94ED7B3317A3 ] C:\WINDOWS\system32\drivers\nvsnpu.sys

19:45:32.0176 1180 C:\WINDOWS\system32\drivers\nvsnpu.sys - ok

19:45:32.0176 1180 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys

19:45:32.0176 1180 C:\WINDOWS\system32\drivers\fdc.sys - ok

19:45:32.0176 1180 [ 46FDB8D07DD4FC81093B0ACB243A525D ] C:\WINDOWS\system32\drivers\nvnetbus.sys

19:45:32.0176 1180 C:\WINDOWS\system32\drivers\nvnetbus.sys - ok

19:45:32.0192 1180 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys

19:45:32.0192 1180 C:\WINDOWS\system32\drivers\serenum.sys - ok

19:45:32.0192 1180 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys

19:45:32.0192 1180 C:\WINDOWS\system32\drivers\serial.sys - ok

19:45:32.0192 1180 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys

19:45:32.0192 1180 C:\WINDOWS\system32\drivers\i8042prt.sys - ok

19:45:32.0192 1180 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys

19:45:32.0192 1180 C:\WINDOWS\system32\drivers\kbdclass.sys - ok

19:45:32.0208 1180 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys

19:45:32.0208 1180 C:\WINDOWS\system32\drivers\parport.sys - ok

19:45:32.0208 1180 [ 9EA0C7DFD322748C6FF9FAEC690A09E4 ] C:\WINDOWS\system32\drivers\TunRVideo32.sys

19:45:32.0208 1180 C:\WINDOWS\system32\drivers\TunRVideo32.sys - ok

19:45:32.0208 1180 [ A1B4A9A1ACED50BA37D9776DE3E23D27 ] C:\WINDOWS\system32\drivers\TunRDriverV32.sys

19:45:32.0208 1180 C:\WINDOWS\system32\drivers\TunRDriverV32.sys - ok

19:45:32.0223 1180 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys

19:45:32.0223 1180 C:\WINDOWS\system32\drivers\audstub.sys - ok

19:45:32.0223 1180 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys

19:45:32.0223 1180 C:\WINDOWS\system32\drivers\ndistapi.sys - ok

19:45:32.0223 1180 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys

19:45:32.0223 1180 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok

19:45:32.0239 1180 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys

19:45:32.0239 1180 C:\WINDOWS\system32\drivers\ndiswan.sys - ok

19:45:32.0239 1180 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys

19:45:32.0239 1180 C:\WINDOWS\system32\drivers\psched.sys - ok

19:45:32.0239 1180 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys

19:45:32.0239 1180 C:\WINDOWS\system32\drivers\raspppoe.sys - ok

19:45:32.0254 1180 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys

19:45:32.0254 1180 C:\WINDOWS\system32\drivers\raspptp.sys - ok

19:45:32.0254 1180 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys

19:45:32.0254 1180 C:\WINDOWS\system32\drivers\tdi.sys - ok

19:45:32.0254 1180 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys

19:45:32.0254 1180 C:\WINDOWS\system32\drivers\msgpc.sys - ok

19:45:32.0270 1180 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys

19:45:32.0270 1180 C:\WINDOWS\system32\drivers\ptilink.sys - ok

19:45:32.0270 1180 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys

19:45:32.0270 1180 C:\WINDOWS\system32\drivers\mouclass.sys - ok

19:45:32.0270 1180 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys

19:45:32.0270 1180 C:\WINDOWS\system32\drivers\raspti.sys - ok

19:45:32.0286 1180 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys

19:45:32.0286 1180 C:\WINDOWS\system32\drivers\rdpdr.sys - ok

19:45:32.0286 1180 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys

19:45:32.0286 1180 C:\WINDOWS\system32\drivers\termdd.sys - ok

19:45:32.0286 1180 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys

19:45:32.0286 1180 C:\WINDOWS\system32\drivers\swenum.sys - ok

19:45:32.0301 1180 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys

19:45:32.0301 1180 C:\WINDOWS\system32\drivers\update.sys - ok

19:45:32.0301 1180 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys

19:45:32.0301 1180 C:\WINDOWS\system32\drivers\mssmbios.sys - ok

19:45:32.0301 1180 [ FB38473835476A6FB272215A1D972AF9 ] C:\WINDOWS\system32\drivers\dtsoftbus01.sys

19:45:32.0301 1180 C:\WINDOWS\system32\drivers\dtsoftbus01.sys - ok

19:45:32.0301 1180 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys

19:45:32.0301 1180 C:\WINDOWS\system32\drivers\ndproxy.sys - ok

19:45:32.0317 1180 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys

19:45:32.0317 1180 C:\WINDOWS\system32\drivers\usbd.sys - ok

19:45:32.0317 1180 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys

19:45:32.0317 1180 C:\WINDOWS\system32\drivers\usbhub.sys - ok

19:45:32.0317 1180 [ 8E0EB62BE9F9BEE7C2E4C50685038E8D ] C:\WINDOWS\system32\drivers\emupia2k.sys

19:45:32.0317 1180 C:\WINDOWS\system32\drivers\emupia2k.sys - ok

19:45:32.0333 1180 [ F2607D0D89F57D3564CF65A61A237F1A ] C:\WINDOWS\system32\drivers\ha20x2k.sys

19:45:32.0333 1180 C:\WINDOWS\system32\drivers\ha20x2k.sys - ok

19:45:32.0333 1180 [ 177BC4EE3840119A780EAFAD5A010F8F ] C:\WINDOWS\system32\drivers\ctac32k.sys

19:45:32.0333 1180 C:\WINDOWS\system32\drivers\ctac32k.sys - ok

19:45:32.0333 1180 [ 538122D33DD4B04CC189D5CA72BD6706 ] C:\WINDOWS\system32\drivers\ctsfm2k.sys

19:45:32.0333 1180 C:\WINDOWS\system32\drivers\ctsfm2k.sys - ok

19:45:32.0348 1180 [ CC34564BCA235EBAD8B308D871EFA2DF ] C:\WINDOWS\system32\drivers\NVENETFD.sys

19:45:32.0348 1180 C:\WINDOWS\system32\drivers\NVENETFD.sys - ok

19:45:32.0348 1180 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys

19:45:32.0348 1180 C:\WINDOWS\system32\drivers\flpydisk.sys - ok

19:45:32.0348 1180 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys

19:45:32.0348 1180 C:\WINDOWS\system32\drivers\beep.sys - ok

19:45:32.0348 1180 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys

19:45:32.0348 1180 C:\WINDOWS\system32\drivers\cdaudio.sys - ok

19:45:32.0364 1180 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys

19:45:32.0364 1180 C:\WINDOWS\system32\drivers\fs_rec.sys - ok

19:45:32.0364 1180 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys

19:45:32.0364 1180 C:\WINDOWS\system32\drivers\null.sys - ok

19:45:32.0364 1180 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys

19:45:32.0364 1180 C:\WINDOWS\system32\drivers\sfloppy.sys - ok

19:45:32.0379 1180 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys

19:45:32.0379 1180 C:\WINDOWS\system32\drivers\vga.sys - ok

19:45:32.0379 1180 [ 914B9BD741189335C1F8D0CCEDA8B639 ] C:\WINDOWS\system32\drivers\InCDfs.sys

19:45:32.0379 1180 C:\WINDOWS\system32\drivers\InCDfs.sys - ok

19:45:32.0379 1180 [ 4FADCD138C649545BFA9DC3BBC8FEE0D ] C:\WINDOWS\system32\drivers\InCDrec.sys

19:45:32.0379 1180 C:\WINDOWS\system32\drivers\InCDrec.sys - ok

19:45:32.0395 1180 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys

19:45:32.0395 1180 C:\WINDOWS\system32\drivers\mnmdd.sys - ok

19:45:32.0395 1180 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys

19:45:32.0395 1180 C:\WINDOWS\system32\drivers\msfs.sys - ok

19:45:32.0395 1180 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys

19:45:32.0395 1180 C:\WINDOWS\system32\drivers\npfs.sys - ok

19:45:32.0411 1180 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys

19:45:32.0411 1180 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok

19:45:32.0411 1180 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys

19:45:32.0411 1180 C:\WINDOWS\system32\drivers\ipsec.sys - ok

19:45:32.0411 1180 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys

19:45:32.0411 1180 C:\WINDOWS\system32\drivers\rasacd.sys - ok

19:45:32.0411 1180 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys

19:45:32.0411 1180 C:\WINDOWS\system32\drivers\tcpip.sys - ok

19:45:32.0426 1180 [ 57D0FB1B75420DB651A71D5517AFDF8A ] C:\WINDOWS\system32\drivers\nvtcp.sys

19:45:32.0426 1180 C:\WINDOWS\system32\drivers\nvtcp.sys - ok

19:45:32.0426 1180 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys

19:45:32.0426 1180 C:\WINDOWS\system32\drivers\arp1394.sys - ok

19:45:32.0426 1180 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys

19:45:32.0426 1180 C:\WINDOWS\system32\drivers\ipnat.sys - ok

19:45:32.0442 1180 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys

19:45:32.0442 1180 C:\WINDOWS\system32\drivers\netbt.sys - ok

19:45:32.0442 1180 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys

19:45:32.0442 1180 C:\WINDOWS\system32\drivers\wanarp.sys - ok

19:45:32.0442 1180 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys

19:45:32.0442 1180 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok

19:45:32.0458 1180 [ 39763504067962108505BFF25F024345 ] C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

19:45:32.0458 1180 C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok

19:45:32.0458 1180 [ 77B9FC20084B48408AD3E87570EB4A85 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

19:45:32.0458 1180 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok

19:45:32.0458 1180 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys

19:45:32.0458 1180 C:\WINDOWS\system32\drivers\afd.sys - ok

19:45:32.0473 1180 [ 033448D435E65C4BD72E70521FD05C76 ] C:\WINDOWS\system32\drivers\AmdPPM.sys

19:45:32.0473 1180 C:\WINDOWS\system32\drivers\AmdPPM.sys - ok

19:45:32.0473 1180 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys

19:45:32.0473 1180 C:\WINDOWS\system32\drivers\netbios.sys - ok

19:45:32.0473 1180 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys

19:45:32.0473 1180 C:\WINDOWS\system32\drivers\rdbss.sys - ok

19:45:32.0473 1180 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys

19:45:32.0473 1180 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok

19:45:32.0489 1180 [ 96BCD90ED9235A21629EFFDE5E941FB1 ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

19:45:32.0489 1180 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok

19:45:32.0489 1180 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys

19:45:32.0489 1180 C:\WINDOWS\system32\drivers\fips.sys - ok

19:45:32.0489 1180 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll

19:45:32.0489 1180 C:\WINDOWS\system32\ntdll.dll - ok

19:45:32.0504 1180 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe

19:45:32.0504 1180 C:\WINDOWS\system32\smss.exe - ok

19:45:32.0504 1180 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe

19:45:32.0504 1180 C:\WINDOWS\system32\autochk.exe - ok

19:45:32.0504 1180 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll

19:45:32.0504 1180 C:\WINDOWS\system32\sfcfiles.dll - ok

19:45:32.0520 1180 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys

19:45:32.0520 1180 C:\WINDOWS\system32\drivers\cdfs.sys - ok

19:45:32.0520 1180 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys

19:45:32.0520 1180 C:\WINDOWS\system32\drivers\usbccgp.sys - ok

19:45:32.0520 1180 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys

19:45:32.0520 1180 C:\WINDOWS\system32\drivers\hidparse.sys - ok

19:45:32.0520 1180 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys

19:45:32.0520 1180 C:\WINDOWS\system32\drivers\hidclass.sys - ok

19:45:32.0536 1180 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys

19:45:32.0536 1180 C:\WINDOWS\system32\drivers\hidusb.sys - ok

19:45:32.0536 1180 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys

19:45:32.0536 1180 C:\WINDOWS\system32\drivers\mouhid.sys - ok

19:45:32.0536 1180 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys

19:45:32.0536 1180 C:\WINDOWS\system32\drivers\wmilib.sys - ok

19:45:32.0551 1180 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys

19:45:32.0551 1180 C:\WINDOWS\system32\drivers\atapi.sys - ok

19:45:32.0551 1180 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys

19:45:32.0551 1180 C:\WINDOWS\system32\drivers\dxapi.sys - ok

19:45:32.0551 1180 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys

19:45:32.0551 1180 C:\WINDOWS\system32\watchdog.sys - ok

19:45:32.0551 1180 [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys

19:45:32.0551 1180 C:\WINDOWS\system32\win32k.sys - ok

19:45:32.0567 1180 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll

19:45:32.0567 1180 C:\WINDOWS\system32\csrsrv.dll - ok

19:45:32.0567 1180 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe

19:45:32.0567 1180 C:\WINDOWS\system32\csrss.exe - ok

19:45:32.0567 1180 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

19:45:32.0567 1180 C:\WINDOWS\system32\basesrv.dll - ok

19:45:32.0583 1180 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

19:45:32.0583 1180 C:\WINDOWS\system32\winsrv.dll - ok

19:45:32.0583 1180 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll

19:45:32.0583 1180 C:\WINDOWS\system32\gdi32.dll - ok

19:45:32.0583 1180 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll

19:45:32.0583 1180 C:\WINDOWS\system32\kernel32.dll - ok

19:45:32.0598 1180 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll

19:45:32.0598 1180 C:\WINDOWS\system32\user32.dll - ok

19:45:32.0598 1180 [ 012DF358CEBAA23ACB26D82077820817 ] C:\WINDOWS\system32\lpk.dll

19:45:32.0598 1180 C:\WINDOWS\system32\lpk.dll - ok

19:45:32.0598 1180 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll

19:45:32.0598 1180 C:\WINDOWS\system32\usp10.dll - ok

19:45:32.0598 1180 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll

19:45:32.0598 1180 C:\WINDOWS\system32\advapi32.dll - ok

19:45:32.0614 1180 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll

19:45:32.0614 1180 C:\WINDOWS\system32\rpcrt4.dll - ok

19:45:32.0614 1180 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys

19:45:32.0614 1180 C:\WINDOWS\system32\drivers\dxg.sys - ok

19:45:32.0614 1180 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys

19:45:32.0614 1180 C:\WINDOWS\system32\drivers\dxgthk.sys - ok

19:45:32.0629 1180 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll

19:45:32.0629 1180 C:\WINDOWS\system32\secur32.dll - ok

19:45:32.0629 1180 [ 0B0DDC97D6E6B93C769EA61B2385F889 ] C:\WINDOWS\system32\nv4_disp.dll

19:45:32.0629 1180 C:\WINDOWS\system32\nv4_disp.dll - ok

19:45:32.0629 1180 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll

19:45:32.0629 1180 C:\WINDOWS\system32\vga.dll - ok

19:45:32.0645 1180 [ 5CC8FC89F8CC03D2192E383F67379ABE ] C:\WINDOWS\system32\TunRVideo32.dll

19:45:32.0645 1180 C:\WINDOWS\system32\TunRVideo32.dll - ok

19:45:32.0645 1180 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe

19:45:32.0645 1180 C:\WINDOWS\system32\winlogon.exe - ok

19:45:32.0645 1180 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll

19:45:32.0645 1180 C:\WINDOWS\system32\authz.dll - ok

19:45:32.0645 1180 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll

19:45:32.0645 1180 C:\WINDOWS\system32\msvcrt.dll - ok

19:45:32.0661 1180 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll

19:45:32.0661 1180 C:\WINDOWS\system32\crypt32.dll - ok

19:45:32.0661 1180 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll

19:45:32.0661 1180 C:\WINDOWS\system32\msasn1.dll - ok

19:45:32.0661 1180 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll

19:45:32.0661 1180 C:\WINDOWS\system32\nddeapi.dll - ok

19:45:32.0676 1180 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll

19:45:32.0676 1180 C:\WINDOWS\system32\netapi32.dll - ok

19:45:32.0676 1180 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll

19:45:32.0676 1180 C:\WINDOWS\system32\profmap.dll - ok

19:45:32.0676 1180 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll

19:45:32.0676 1180 C:\WINDOWS\system32\userenv.dll - ok

19:45:32.0692 1180 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll

19:45:32.0692 1180 C:\WINDOWS\system32\psapi.dll - ok

19:45:32.0692 1180 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll

19:45:32.0692 1180 C:\WINDOWS\system32\regapi.dll - ok

19:45:32.0692 1180 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll

19:45:32.0692 1180 C:\WINDOWS\system32\setupapi.dll - ok

19:45:32.0692 1180 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll

19:45:32.0692 1180 C:\WINDOWS\system32\version.dll - ok

19:45:32.0707 1180 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll

19:45:32.0707 1180 C:\WINDOWS\system32\winsta.dll - ok

19:45:32.0707 1180 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll

19:45:32.0707 1180 C:\WINDOWS\system32\wintrust.dll - ok

19:45:32.0707 1180 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll

19:45:32.0707 1180 C:\WINDOWS\system32\imagehlp.dll - ok

19:45:32.0723 1180 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll

19:45:32.0723 1180 C:\WINDOWS\system32\ws2help.dll - ok

19:45:32.0723 1180 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll

19:45:32.0723 1180 C:\WINDOWS\system32\ws2_32.dll - ok

19:45:32.0723 1180 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll

19:45:32.0723 1180 C:\WINDOWS\system32\imm32.dll - ok

19:45:32.0723 1180 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll

19:45:32.0723 1180 C:\WINDOWS\system32\shlwapi.dll - ok

19:45:32.0739 1180 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll

19:45:32.0739 1180 C:\WINDOWS\system32\atl.dll - ok

19:45:32.0739 1180 [ 9AD88EA663124336E88EB031F917CE20 ] C:\WINDOWS\system32\wininet.dll

19:45:32.0739 1180 C:\WINDOWS\system32\wininet.dll - ok

19:45:32.0739 1180 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll

19:45:32.0739 1180 C:\WINDOWS\system32\normaliz.dll - ok

19:45:32.0754 1180 [ BCA608797A3E8EEC0094CD6D596D77D7 ] C:\WINDOWS\system32\urlmon.dll

19:45:32.0754 1180 C:\WINDOWS\system32\urlmon.dll - ok

19:45:32.0754 1180 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll

19:45:32.0754 1180 C:\WINDOWS\system32\ole32.dll - ok

19:45:32.0754 1180 [ 994B77915EA49A467CDA144806AE42D6 ] C:\WINDOWS\system32\iertutil.dll

19:45:32.0754 1180 C:\WINDOWS\system32\iertutil.dll - ok

19:45:32.0770 1180 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll

19:45:32.0770 1180 C:\WINDOWS\system32\oleaut32.dll - ok

19:45:32.0770 1180 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll

19:45:32.0770 1180 C:\WINDOWS\system32\sxs.dll - ok

19:45:32.0770 1180 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

19:45:32.0770 1180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok

19:45:32.0786 1180 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll

19:45:32.0786 1180 C:\WINDOWS\system32\shell32.dll - ok

19:45:32.0786 1180 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll

19:45:32.0786 1180 C:\WINDOWS\system32\winmm.dll - ok

19:45:32.0786 1180 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll

19:45:32.0786 1180 C:\WINDOWS\system32\comctl32.dll - ok

19:45:32.0786 1180 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll

19:45:32.0786 1180 C:\WINDOWS\system32\kbdus.dll - ok

19:45:32.0801 1180 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll

19:45:32.0801 1180 C:\WINDOWS\system32\msgina.dll - ok

19:45:32.0801 1180 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll

19:45:32.0801 1180 C:\WINDOWS\system32\comdlg32.dll - ok

19:45:32.0801 1180 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll

19:45:32.0801 1180 C:\WINDOWS\system32\odbc32.dll - ok

Link to post
Share on other sites

19:45:32.0801 1180 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll

19:45:32.0801 1180 C:\WINDOWS\system32\odbcint.dll - ok

19:45:32.0817 1180 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll

19:45:32.0817 1180 C:\WINDOWS\system32\sfc.dll - ok

19:45:32.0817 1180 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll

19:45:32.0817 1180 C:\WINDOWS\system32\sfc_os.dll - ok

19:45:32.0817 1180 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll

19:45:32.0817 1180 C:\WINDOWS\system32\shsvcs.dll - ok

19:45:32.0832 1180 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll

19:45:32.0832 1180 C:\WINDOWS\system32\apphelp.dll - ok

19:45:32.0832 1180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe

19:45:32.0832 1180 C:\WINDOWS\system32\lsass.exe - ok

19:45:32.0832 1180 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

19:45:32.0832 1180 C:\WINDOWS\system32\services.exe - ok

19:45:32.0832 1180 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll

19:45:32.0832 1180 C:\WINDOWS\system32\lsasrv.dll - ok

19:45:32.0848 1180 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll

19:45:32.0848 1180 C:\WINDOWS\system32\ncobjapi.dll - ok

19:45:32.0848 1180 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll

19:45:32.0848 1180 C:\WINDOWS\system32\msvcp60.dll - ok

19:45:32.0848 1180 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll

19:45:32.0848 1180 C:\WINDOWS\system32\scesrv.dll - ok

19:45:32.0864 1180 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll

19:45:32.0864 1180 C:\WINDOWS\system32\mpr.dll - ok

19:45:32.0864 1180 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll

19:45:32.0864 1180 C:\WINDOWS\system32\ntdsapi.dll - ok

19:45:32.0864 1180 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll

19:45:32.0864 1180 C:\WINDOWS\system32\umpnpmgr.dll - ok

19:45:32.0864 1180 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll

19:45:32.0864 1180 C:\WINDOWS\AppPatch\acadproc.dll - ok

19:45:32.0879 1180 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll

19:45:32.0879 1180 C:\WINDOWS\system32\dnsapi.dll - ok

19:45:32.0879 1180 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll

19:45:32.0879 1180 C:\WINDOWS\system32\shimeng.dll - ok

19:45:32.0879 1180 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll

19:45:32.0879 1180 C:\WINDOWS\system32\wldap32.dll - ok

19:45:32.0895 1180 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll

19:45:32.0895 1180 C:\WINDOWS\AppPatch\acgenral.dll - ok

19:45:32.0895 1180 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll

19:45:32.0895 1180 C:\WINDOWS\system32\cryptdll.dll - ok

19:45:32.0895 1180 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll

19:45:32.0895 1180 C:\WINDOWS\system32\samlib.dll - ok

19:45:32.0911 1180 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll

19:45:32.0911 1180 C:\WINDOWS\system32\samsrv.dll - ok

19:45:32.0911 1180 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll

19:45:32.0911 1180 C:\WINDOWS\system32\msacm32.dll - ok

19:45:32.0911 1180 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll

19:45:32.0911 1180 C:\WINDOWS\system32\uxtheme.dll - ok

19:45:32.0911 1180 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll

19:45:32.0911 1180 C:\WINDOWS\system32\msapsspc.dll - ok

19:45:32.0926 1180 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll

19:45:32.0926 1180 C:\WINDOWS\system32\msvcrt40.dll - ok

19:45:32.0926 1180 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll

19:45:32.0926 1180 C:\WINDOWS\system32\digest.dll - ok

19:45:32.0926 1180 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll

19:45:32.0926 1180 C:\WINDOWS\system32\msnsspc.dll - ok

19:45:32.0942 1180 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll

19:45:32.0942 1180 C:\WINDOWS\system32\schannel.dll - ok

19:45:32.0942 1180 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll

19:45:32.0942 1180 C:\WINDOWS\system32\kerberos.dll - ok

19:45:32.0942 1180 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime

19:45:32.0942 1180 C:\WINDOWS\system32\msctfime.ime - ok

19:45:32.0957 1180 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll

19:45:32.0957 1180 C:\WINDOWS\system32\msprivs.dll - ok

19:45:32.0957 1180 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll

19:45:32.0957 1180 C:\WINDOWS\system32\atmfd.dll - ok

19:45:32.0957 1180 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll

19:45:32.0957 1180 C:\WINDOWS\system32\iphlpapi.dll - ok

19:45:32.0957 1180 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll

19:45:32.0957 1180 C:\WINDOWS\system32\msv1_0.dll - ok

19:45:32.0973 1180 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll

19:45:32.0973 1180 C:\WINDOWS\system32\netlogon.dll - ok

19:45:32.0973 1180 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll

19:45:32.0973 1180 C:\WINDOWS\system32\w32time.dll - ok

19:45:32.0973 1180 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll

19:45:32.0973 1180 C:\WINDOWS\system32\rsaenh.dll - ok

19:45:32.0989 1180 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll

19:45:32.0989 1180 C:\WINDOWS\system32\wdigest.dll - ok

19:45:32.0989 1180 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll

19:45:32.0989 1180 C:\WINDOWS\system32\winscard.dll - ok

19:45:32.0989 1180 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll

19:45:32.0989 1180 C:\WINDOWS\system32\wtsapi32.dll - ok

19:45:32.0989 1180 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll

19:45:32.0989 1180 C:\WINDOWS\system32\scecli.dll - ok

19:45:33.0004 1180 [ 634274439E8701799F6FCE42933CDB06 ] C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys

19:45:33.0004 1180 C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys - ok

19:45:33.0004 1180 [ 629CABB0421668C9D3D402A3C3D77E14 ] C:\WINDOWS\system32\drivers\mbam.sys

19:45:33.0004 1180 C:\WINDOWS\system32\drivers\mbam.sys - ok

19:45:33.0004 1180 [ CC4F8220EAD1F6A38D51679708F435B9 ] C:\WINDOWS\system32\nvsvc32.exe

19:45:33.0004 1180 C:\WINDOWS\system32\nvsvc32.exe - ok

19:45:33.0020 1180 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll

19:45:33.0020 1180 C:\WINDOWS\system32\powrprof.dll - ok

19:45:33.0020 1180 [ F0E62893EAD9CA1782754DB1A362302C ] C:\WINDOWS\system32\nvcpl.dll

19:45:33.0020 1180 C:\WINDOWS\system32\nvcpl.dll - ok

19:45:33.0020 1180 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv

19:45:33.0020 1180 C:\WINDOWS\system32\winspool.drv - ok

19:45:33.0036 1180 [ ED1E6778AA183E3F88F084D71D0D9ADB ] C:\WINDOWS\system32\nvapi.dll

19:45:33.0036 1180 C:\WINDOWS\system32\nvapi.dll - ok

19:45:33.0036 1180 [ 9DF110638531196E4946CD6A67F360E7 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll

19:45:33.0036 1180 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok

19:45:33.0036 1180 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe

19:45:33.0036 1180 C:\WINDOWS\system32\logonui.exe - ok

19:45:33.0036 1180 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll

19:45:33.0036 1180 C:\WINDOWS\system32\duser.dll - ok

19:45:33.0051 1180 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll

19:45:33.0051 1180 C:\WINDOWS\system32\msimg32.dll - ok

19:45:33.0051 1180 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll

19:45:33.0051 1180 C:\WINDOWS\system32\oleacc.dll - ok

19:45:33.0051 1180 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll

19:45:33.0051 1180 C:\WINDOWS\system32\clbcatq.dll - ok

19:45:33.0067 1180 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll

19:45:33.0067 1180 C:\WINDOWS\system32\comres.dll - ok

19:45:33.0067 1180 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll

19:45:33.0067 1180 C:\WINDOWS\system32\shgina.dll - ok

19:45:33.0067 1180 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe

19:45:33.0067 1180 C:\WINDOWS\system32\svchost.exe - ok

19:45:33.0067 1180 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll

19:45:33.0067 1180 C:\WINDOWS\system32\ntmarta.dll - ok

19:45:33.0082 1180 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll

19:45:33.0082 1180 C:\WINDOWS\system32\rpcss.dll - ok

19:45:33.0082 1180 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll

19:45:33.0082 1180 C:\WINDOWS\system32\xpsp2res.dll - ok

19:45:33.0082 1180 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll

19:45:33.0082 1180 C:\WINDOWS\system32\eventlog.dll - ok

19:45:33.0098 1180 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll

19:45:33.0098 1180 C:\WINDOWS\system32\mswsock.dll - ok

19:45:33.0098 1180 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll

19:45:33.0098 1180 C:\WINDOWS\system32\hnetcfg.dll - ok

19:45:33.0098 1180 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll

19:45:33.0098 1180 C:\WINDOWS\system32\rasadhlp.dll - ok

19:45:33.0098 1180 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll

19:45:33.0098 1180 C:\WINDOWS\system32\winrnr.dll - ok

19:45:33.0114 1180 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll

19:45:33.0114 1180 C:\WINDOWS\system32\wshtcpip.dll - ok

19:45:33.0114 1180 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll

19:45:33.0114 1180 C:\WINDOWS\system32\dsound.dll - ok

19:45:33.0114 1180 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll

19:45:33.0114 1180 C:\WINDOWS\system32\dhcpcsvc.dll - ok

19:45:33.0129 1180 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll

19:45:33.0129 1180 C:\WINDOWS\system32\cscdll.dll - ok

19:45:33.0129 1180 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll

19:45:33.0129 1180 C:\WINDOWS\system32\dimsntfy.dll - ok

19:45:33.0129 1180 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll

19:45:33.0129 1180 C:\WINDOWS\system32\wlnotify.dll - ok

19:45:33.0145 1180 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll

19:45:33.0145 1180 C:\WINDOWS\system32\WgaLogon.dll - ok

19:45:33.0145 1180 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll

19:45:33.0145 1180 C:\WINDOWS\system32\dnsrslvr.dll - ok

19:45:33.0145 1180 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll

19:45:33.0145 1180 C:\WINDOWS\system32\msxml3.dll - ok

19:45:33.0145 1180 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll

19:45:33.0145 1180 C:\WINDOWS\system32\lmhsvc.dll - ok

19:45:33.0160 1180 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll

19:45:33.0160 1180 C:\WINDOWS\system32\schedsvc.dll - ok

19:45:33.0160 1180 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll

19:45:33.0160 1180 C:\WINDOWS\system32\msidle.dll - ok

19:45:33.0160 1180 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe

19:45:33.0160 1180 C:\WINDOWS\system32\spoolsv.exe - ok

19:45:33.0176 1180 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll

19:45:33.0176 1180 C:\WINDOWS\system32\audiosrv.dll - ok

19:45:33.0176 1180 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll

19:45:33.0176 1180 C:\WINDOWS\system32\cscui.dll - ok

19:45:33.0176 1180 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll

19:45:33.0176 1180 C:\WINDOWS\system32\dpcdll.dll - ok

19:45:33.0192 1180 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll

19:45:33.0192 1180 C:\WINDOWS\system32\wkssvc.dll - ok

19:45:33.0192 1180 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll

19:45:33.0192 1180 C:\WINDOWS\system32\mprapi.dll - ok

19:45:33.0192 1180 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll

19:45:33.0192 1180 C:\WINDOWS\system32\activeds.dll - ok

19:45:33.0192 1180 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll

19:45:33.0192 1180 C:\WINDOWS\system32\adsldpc.dll - ok

19:45:33.0207 1180 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll

19:45:33.0207 1180 C:\WINDOWS\system32\rtutils.dll - ok

19:45:33.0207 1180 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll

19:45:33.0207 1180 C:\WINDOWS\system32\drprov.dll - ok

19:45:33.0207 1180 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll

19:45:33.0207 1180 C:\WINDOWS\system32\netui0.dll - ok

19:45:33.0223 1180 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll

19:45:33.0223 1180 C:\WINDOWS\system32\ntlanman.dll - ok

19:45:33.0223 1180 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll

19:45:33.0223 1180 C:\WINDOWS\system32\davclnt.dll - ok

19:45:33.0223 1180 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll

19:45:33.0223 1180 C:\WINDOWS\system32\netrap.dll - ok

19:45:33.0223 1180 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll

19:45:33.0223 1180 C:\WINDOWS\system32\netui1.dll - ok

19:45:33.0239 1180 [ 69A5ADF546505F4C69EF3046BF798B49 ] C:\WINDOWS\system32\mprui.dll

19:45:33.0239 1180 C:\WINDOWS\system32\mprui.dll - ok

19:45:33.0239 1180 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll

19:45:33.0239 1180 C:\WINDOWS\system32\netmsg.dll - ok

19:45:33.0239 1180 [ 1414E666316CA7D9823DBD2D4ADA5971 ] C:\WINDOWS\system32\netui2.dll

19:45:33.0239 1180 C:\WINDOWS\system32\netui2.dll - ok

19:45:33.0254 1180 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys

19:45:33.0254 1180 C:\WINDOWS\system32\drivers\wdmaud.sys - ok

19:45:33.0254 1180 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv

19:45:33.0254 1180 C:\WINDOWS\system32\wdmaud.drv - ok

19:45:33.0254 1180 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys

19:45:33.0254 1180 C:\WINDOWS\system32\drivers\sysaudio.sys - ok

19:45:33.0270 1180 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys

19:45:33.0270 1180 C:\WINDOWS\system32\drivers\splitter.sys - ok

19:45:33.0270 1180 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys

19:45:33.0270 1180 C:\WINDOWS\system32\drivers\aec.sys - ok

19:45:33.0270 1180 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys

19:45:33.0270 1180 C:\WINDOWS\system32\drivers\dmusic.sys - ok

19:45:33.0270 1180 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys

19:45:33.0270 1180 C:\WINDOWS\system32\drivers\swmidi.sys - ok

19:45:33.0285 1180 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys

19:45:33.0285 1180 C:\WINDOWS\system32\drivers\drmkaud.sys - ok

19:45:33.0285 1180 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys

19:45:33.0285 1180 C:\WINDOWS\system32\drivers\kmixer.sys - ok

19:45:33.0285 1180 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv

19:45:33.0285 1180 C:\WINDOWS\system32\msacm32.drv - ok

19:45:33.0301 1180 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll

19:45:33.0301 1180 C:\WINDOWS\system32\midimap.dll - ok

19:45:33.0301 1180 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys

19:45:33.0301 1180 C:\WINDOWS\system32\drivers\mrxdav.sys - ok

19:45:33.0301 1180 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll

19:45:33.0301 1180 C:\WINDOWS\system32\webclnt.dll - ok

19:45:33.0301 1180 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys

19:45:33.0301 1180 C:\WINDOWS\system32\drivers\parvdm.sys - ok

19:45:33.0317 1180 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] C:\Program Files\SUPERAntiSpyware\SASCore.exe

19:45:33.0317 1180 C:\Program Files\SUPERAntiSpyware\SASCore.exe - ok

19:45:33.0317 1180 [ 1992C2A1867D95AA3A0802539358D162 ] C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe

19:45:33.0317 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe - ok

19:45:33.0317 1180 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll

19:45:33.0317 1180 C:\WINDOWS\system32\mscoree.dll - ok

19:45:33.0332 1180 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

19:45:33.0332 1180 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok

19:45:33.0332 1180 [ 82A98D0EB83505529AD81E4C1FADC37D ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll

19:45:33.0332 1180 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok

19:45:33.0332 1180 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll

19:45:33.0332 1180 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok

19:45:33.0348 1180 [ FDA1BA7B2179F29D6DEB3DEC9C9037D0 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll

19:45:33.0348 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll - ok

19:45:33.0348 1180 [ 1986443C2F2C0E2A18E908DD241BF84D ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll

19:45:33.0348 1180 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll - ok

19:45:33.0348 1180 [ E5BC8D93CDCB957146D971647849A154 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll

19:45:33.0348 1180 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - ok

19:45:33.0364 1180 [ 07BBB3CBB86D2626B46BC1D210C4781B ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll

19:45:33.0364 1180 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - ok

19:45:33.0364 1180 [ 44AD39A50E3E4956E0BB91917DD7D619 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll

19:45:33.0364 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll - ok

19:45:33.0379 1180 [ B820EB2B67A51593EA042BFD8B38F851 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9fe6a89ed637863398d1f655170b8b96\System.ServiceProcess.ni.dll

19:45:33.0379 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9fe6a89ed637863398d1f655170b8b96\System.ServiceProcess.ni.dll - ok

19:45:33.0379 1180 [ 1EE316574719D1FDF285AB464BBD80BA ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll

19:45:33.0379 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll - ok

19:45:33.0379 1180 [ D5AE5995907556C2B70AB6EC69A00C7D ] C:\Program Files\Autodesk\Content Service\Connect.Shared.ResourcesAndLocale.dll

19:45:33.0379 1180 C:\Program Files\Autodesk\Content Service\Connect.Shared.ResourcesAndLocale.dll - ok

19:45:33.0395 1180 [ 0404124AD180B07668390693B285B09F ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll

19:45:33.0395 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll - ok

19:45:33.0395 1180 [ 0B274BEFE0DD98C4559277450A1D7F3C ] C:\Program Files\Autodesk\Content Service\Connect.Service.Indexing.dll

19:45:33.0395 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.Indexing.dll - ok

19:45:33.0395 1180 [ 2A9672C08A63DB146B3793A641FC9DED ] C:\Program Files\Autodesk\Content Service\Connect.Service.MetaStore.dll

19:45:33.0395 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.MetaStore.dll - ok

19:45:33.0410 1180 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:45:33.0410 1180 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok

19:45:33.0410 1180 [ 3FBEBCDD9075383B1B895E92DCA85F75 ] C:\Program Files\Autodesk\Content Service\Connect.Service.Content.dll

19:45:33.0410 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.Content.dll - ok

19:45:33.0410 1180 [ B91CB0D8EFA913935901FE1978ACE016 ] C:\Program Files\Autodesk\Content Service\Connect.Service.Services.dll

19:45:33.0410 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.Services.dll - ok

19:45:33.0426 1180 [ 4AB06E59C0813AFEBCD9F5E6166B3EBF ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll

19:45:33.0426 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll - ok

19:45:33.0426 1180 [ 3C8B6609712F4FF78E521F6DCFC4032B ] C:\WINDOWS\system32\CTSVCCDA.EXE

19:45:33.0426 1180 C:\WINDOWS\system32\CTSVCCDA.EXE - ok

19:45:33.0426 1180 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll

19:45:33.0426 1180 C:\WINDOWS\system32\cryptsvc.dll - ok

19:45:33.0442 1180 [ 138FA38DC0AC61F39C99B801BF11D867 ] C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

19:45:33.0442 1180 C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe - ok

19:45:33.0442 1180 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll

19:45:33.0442 1180 C:\WINDOWS\system32\certcli.dll - ok

19:45:33.0442 1180 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll

19:45:33.0442 1180 C:\WINDOWS\system32\cryptui.dll - ok

19:45:33.0457 1180 [ 508E91B39E0C08656E5C11A68C43F687 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\90aa475ae4f67c45538cede327c086aa\System.ServiceModel.ni.dll

19:45:33.0457 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\90aa475ae4f67c45538cede327c086aa\System.ServiceModel.ni.dll - ok

19:45:33.0457 1180 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll

19:45:33.0457 1180 C:\WINDOWS\system32\esent.dll - ok

19:45:33.0457 1180 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

19:45:33.0457 1180 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok

19:45:33.0473 1180 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll

19:45:33.0473 1180 C:\WINDOWS\system32\winhttp.dll - ok

19:45:33.0473 1180 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe

19:45:33.0473 1180 C:\WINDOWS\system32\userinit.exe - ok

19:45:33.0473 1180 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe

19:45:33.0473 1180 C:\WINDOWS\system32\WgaTray.exe - ok

19:45:33.0489 1180 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll

19:45:33.0489 1180 C:\WINDOWS\system32\riched20.dll - ok

19:45:33.0489 1180 [ E9EFCB47B90FD5498695BB7FEFD36CAE ] C:\WINDOWS\system32\escsvc.exe

19:45:33.0489 1180 C:\WINDOWS\system32\escsvc.exe - ok

19:45:33.0489 1180 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll

19:45:33.0489 1180 C:\WINDOWS\system32\spoolss.dll - ok

19:45:33.0489 1180 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll

19:45:33.0489 1180 C:\WINDOWS\system32\localspl.dll - ok

19:45:33.0504 1180 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll

19:45:33.0504 1180 C:\WINDOWS\system32\cnbjmon.dll - ok

19:45:33.0504 1180 [ 52CEA1A344A14D6B3AD8F3BB29220A16 ] C:\WINDOWS\system32\E_TLBIUE.DLL

19:45:33.0504 1180 C:\WINDOWS\system32\E_TLBIUE.DLL - ok

19:45:33.0504 1180 [ 1498B92DB24988F5A093E55028EE8840 ] C:\WINDOWS\system32\enppmon.dll

19:45:33.0504 1180 C:\WINDOWS\system32\enppmon.dll - ok

19:45:33.0520 1180 [ D289490C15678D961B8CCA03E32952FA ] C:\WINDOWS\system32\enpres.dll

19:45:33.0520 1180 C:\WINDOWS\system32\enpres.dll - ok

19:45:33.0520 1180 [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\WINDOWS\system32\mdimon.dll

19:45:33.0520 1180 C:\WINDOWS\system32\mdimon.dll - ok

19:45:33.0520 1180 [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\system32\msi.dll

19:45:33.0520 1180 C:\WINDOWS\system32\msi.dll - ok

19:45:33.0520 1180 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll

19:45:33.0520 1180 C:\WINDOWS\system32\dmserver.dll - ok

19:45:33.0535 1180 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe

19:45:33.0535 1180 C:\Program Files\Google\Update\GoogleUpdate.exe - ok

19:45:33.0535 1180 [ 903C8C110131B8A71501514B61A17761 ] C:\WINDOWS\system32\ieframe.dll

19:45:33.0535 1180 C:\WINDOWS\system32\ieframe.dll - ok

19:45:33.0535 1180 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll

19:45:33.0535 1180 C:\WINDOWS\system32\pjlmon.dll - ok

19:45:33.0551 1180 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll

19:45:33.0551 1180 C:\WINDOWS\system32\tcpmon.dll - ok

19:45:33.0551 1180 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll

19:45:33.0551 1180 C:\WINDOWS\system32\usbmon.dll - ok

19:45:33.0551 1180 [ EA8647A21BCB56C5F15712D4B7407501 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

19:45:33.0551 1180 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok

19:45:33.0551 1180 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

19:45:33.0551 1180 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok

19:45:33.0567 1180 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll

19:45:33.0567 1180 C:\WINDOWS\system32\win32spl.dll - ok

19:45:33.0567 1180 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll

19:45:33.0567 1180 C:\WINDOWS\system32\inetpp.dll - ok

19:45:33.0567 1180 [ AF176CC272D122558738095C7DC5CA0C ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TMAIIUE.DLL

19:45:33.0567 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TMAIIUE.DLL - ok

19:45:33.0582 1180 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll

19:45:33.0582 1180 C:\WINDOWS\system32\mscms.dll - ok

19:45:33.0582 1180 [ 7867D405B735D80EB56415D3D50D2D25 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TUICIUE.DLL

19:45:33.0582 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TUICIUE.DLL - ok

19:45:33.0582 1180 [ 9E03D1217CDF1A1AB083E79124802588 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TAUDIUE.DLL

19:45:33.0582 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TAUDIUE.DLL - ok

19:45:33.0598 1180 [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll

19:45:33.0598 1180 C:\WINDOWS\system32\wsnmp32.dll - ok

19:45:33.0598 1180 [ 56D058BF131859DA9806A8135B1B3BDB ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TASKIUE.DLL

19:45:33.0598 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TASKIUE.DLL - ok

19:45:33.0598 1180 [ 9B56E16AB0EB4E22A2A48D046AC75416 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TAPRIUE.DLL

19:45:33.0598 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TAPRIUE.DLL - ok

19:45:33.0613 1180 [ A7B17996CD41212A6BBEFB0A510E76AC ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TABRIUE.DLL

19:45:33.0613 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TABRIUE.DLL - ok

19:45:33.0613 1180 [ 8669DE40CC29BABE0976C66F48EACA07 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TBA7IUE.DLL

19:45:33.0613 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TBA7IUE.DLL - ok

19:45:33.0629 1180 [ C9FC430129DB4E5272003E9307759987 ] C:\WINDOWS\system32\bidispl.dll

19:45:33.0629 1180 C:\WINDOWS\system32\bidispl.dll - ok

19:45:33.0629 1180 [ C6557AB85E548F752EB905CA5EE66A34 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TBL6IUE.DLL

19:45:33.0629 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TBL6IUE.DLL - ok

19:45:33.0629 1180 [ F75602E4B9ECC65410AC9B7205CF445C ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TBEWIUE.DLL

19:45:33.0629 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TBEWIUE.DLL - ok

19:45:33.0645 1180 [ 14D497970C1C43B8159D59BC7FAF8A4C ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TERSIUE.DLL

19:45:33.0645 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TERSIUE.DLL - ok

19:45:33.0645 1180 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe

19:45:33.0645 1180 C:\WINDOWS\explorer.exe - ok

19:45:33.0645 1180 [ 400E0C650443A99C8ADB5B6C2D06E0BC ] C:\Program Files\Autodesk\Content Service\Connect.Service.Logging.dll

19:45:33.0645 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.Logging.dll - ok

19:45:33.0660 1180 [ 156FDE0E85025D180598E8FBD4DB3D23 ] C:\Program Files\Autodesk\Content Service\System.Data.SqlServerCE.dll

19:45:33.0660 1180 C:\Program Files\Autodesk\Content Service\System.Data.SqlServerCE.dll - ok

19:45:33.0660 1180 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll

19:45:33.0660 1180 C:\WINDOWS\system32\browseui.dll - ok

19:45:33.0660 1180 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll

19:45:33.0660 1180 C:\WINDOWS\system32\shdocvw.dll - ok

19:45:33.0676 1180 [ 0719DA56ABC6B3A3D6711084E9020314 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll

19:45:33.0676 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll - ok

19:45:33.0676 1180 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll

19:45:33.0676 1180 C:\WINDOWS\system32\netman.dll - ok

19:45:33.0676 1180 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll

19:45:33.0676 1180 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok

19:45:33.0676 1180 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll

19:45:33.0676 1180 C:\WINDOWS\system32\netshell.dll - ok

19:45:33.0692 1180 [ B02A99F527ACA02B3F2711FC29A95935 ] C:\WINDOWS\system32\AcSignIcon.dll

19:45:33.0692 1180 C:\WINDOWS\system32\AcSignIcon.dll - ok

19:45:33.0692 1180 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll

19:45:33.0692 1180 C:\WINDOWS\system32\ersvc.dll - ok

19:45:33.0692 1180 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll

19:45:33.0692 1180 C:\WINDOWS\system32\es.dll - ok

19:45:33.0707 1180 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

19:45:33.0707 1180 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok

19:45:33.0707 1180 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll

19:45:33.0707 1180 C:\WINDOWS\system32\dbghelp.dll - ok

19:45:33.0707 1180 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll

19:45:33.0707 1180 C:\WINDOWS\system32\rasapi32.dll - ok

19:45:33.0723 1180 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll

19:45:33.0723 1180 C:\WINDOWS\system32\rasman.dll - ok

19:45:33.0723 1180 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll

19:45:33.0723 1180 C:\WINDOWS\system32\tapi32.dll - ok

19:45:33.0723 1180 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll

19:45:33.0723 1180 C:\WINDOWS\system32\credui.dll - ok

19:45:33.0738 1180 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll

19:45:33.0738 1180 C:\WINDOWS\system32\dot3api.dll - ok

19:45:33.0738 1180 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll

19:45:33.0738 1180 C:\WINDOWS\system32\dot3dlg.dll - ok

19:45:33.0738 1180 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

19:45:33.0738 1180 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok

19:45:33.0754 1180 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll

19:45:33.0754 1180 C:\WINDOWS\system32\cryptnet.dll - ok

19:45:33.0754 1180 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll

19:45:33.0754 1180 C:\WINDOWS\system32\mstask.dll - ok

19:45:33.0754 1180 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll

19:45:33.0754 1180 C:\WINDOWS\system32\onex.dll - ok

19:45:33.0754 1180 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll

19:45:33.0754 1180 C:\WINDOWS\system32\rasmans.dll - ok

19:45:33.0770 1180 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll

19:45:33.0770 1180 C:\WINDOWS\system32\sensapi.dll - ok

19:45:33.0770 1180 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll

19:45:33.0770 1180 C:\WINDOWS\system32\eappcfg.dll - ok

19:45:33.0770 1180 [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll

19:45:33.0770 1180 C:\WINDOWS\system32\LegitCheckControl.dll - ok

19:45:33.0785 1180 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll

19:45:33.0785 1180 C:\WINDOWS\system32\sens.dll - ok

19:45:33.0785 1180 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll

19:45:33.0785 1180 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok

19:45:33.0785 1180 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll

19:45:33.0785 1180 C:\WINDOWS\system32\wbem\wbemprox.dll - ok

19:45:33.0801 1180 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll

19:45:33.0801 1180 C:\WINDOWS\system32\winipsec.dll - ok

19:45:33.0801 1180 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll

19:45:33.0801 1180 C:\WINDOWS\system32\eappprxy.dll - ok

19:45:33.0801 1180 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll

19:45:33.0801 1180 C:\WINDOWS\system32\netcfgx.dll - ok

19:45:33.0801 1180 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll

19:45:33.0801 1180 C:\WINDOWS\system32\wzcsapi.dll - ok

19:45:33.0817 1180 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll

19:45:33.0817 1180 C:\WINDOWS\system32\wzcsvc.dll - ok

19:45:33.0817 1180 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll

19:45:33.0817 1180 C:\WINDOWS\system32\clusapi.dll - ok

19:45:33.0817 1180 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll

19:45:33.0817 1180 C:\WINDOWS\system32\eapolqec.dll - ok

19:45:33.0817 1180 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll

19:45:33.0817 1180 C:\WINDOWS\system32\qutil.dll - ok

19:45:33.0832 1180 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll

19:45:33.0832 1180 C:\WINDOWS\system32\wmi.dll - ok

19:45:33.0832 1180 [ 621B8A1AA85635B59837F44D853B5859 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

19:45:33.0832 1180 C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - ok

19:45:33.0848 1180 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

19:45:33.0848 1180 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok

19:45:33.0848 1180 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll

19:45:33.0848 1180 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok

19:45:33.0848 1180 [ 7E77B66ED125533EDC24DA8B4A43800F ] C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

19:45:33.0848 1180 C:\Program Files\Nero\Nero8\InCD\NBHShx.dll - ok

19:45:33.0863 1180 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

19:45:33.0863 1180 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok

19:45:33.0863 1180 [ 595836B04C7E7763D174B598912F5C5E ] C:\Program Files\Nero\Nero8\InCD\NBHStr.dll

19:45:33.0863 1180 C:\Program Files\Nero\Nero8\InCD\NBHStr.dll - ok

19:45:33.0879 1180 [ 0B00F2B2917E643FD47A47F328D81613 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll

19:45:33.0879 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll - ok

19:45:33.0879 1180 [ 2975C66459C426C20BC22D639DF6B611 ] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

19:45:33.0879 1180 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok

19:45:33.0879 1180 [ D64A40B94602158E40527AE95E7A9193 ] C:\WINDOWS\system32\drivers\hardlock.sys

19:45:33.0879 1180 C:\WINDOWS\system32\drivers\hardlock.sys - ok

19:45:33.0895 1180 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll

19:45:33.0895 1180 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll - ok

19:45:33.0895 1180 [ 41962D5E18E9874390BC1F074571A6BB ] C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

19:45:33.0895 1180 C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - ok

19:45:33.0895 1180 [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys

19:45:33.0895 1180 C:\WINDOWS\system32\drivers\fastfat.sys - ok

19:45:33.0910 1180 [ 47490A142617A48673FD4561E78D36BA ] C:\Program Files\Autodesk\Content Service\Connect.Service.Utilities.dll

19:45:33.0910 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.Utilities.dll - ok

19:45:33.0910 1180 [ 32CD31A1262A577AB723DBB3894175F0 ] C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

19:45:33.0910 1180 C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe - ok

19:45:33.0910 1180 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll

19:45:33.0910 1180 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok

19:45:33.0926 1180 [ 179BF8161E6C87E312AEFCD3862A869A ] C:\Program Files\Autodesk\Content Service\Connect.Service.Exception.dll

19:45:33.0926 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.Exception.dll - ok

19:45:33.0926 1180 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll

19:45:33.0926 1180 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll - ok

19:45:33.0926 1180 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll

19:45:33.0926 1180 C:\WINDOWS\system32\shfolder.dll - ok

19:45:33.0941 1180 [ 063AA78559CCD459E8613A727EE1CBE4 ] C:\Program Files\Autodesk\Content Service\sqlceme35.dll

19:45:33.0941 1180 C:\Program Files\Autodesk\Content Service\sqlceme35.dll - ok

19:45:33.0941 1180 [ D42F02942D41FB3DF4E889ABBE159F82 ] C:\Program Files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll

19:45:33.0941 1180 C:\Program Files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll - ok

19:45:33.0941 1180 [ 0BE914C883471E9F728E9E690D51BDEC ] C:\Program Files\Autodesk\Content Service\sqlceer35EN.dll

19:45:33.0941 1180 C:\Program Files\Autodesk\Content Service\sqlceer35EN.dll - ok

19:45:33.0957 1180 [ F400387A9F86CA917D89E53D46DEB02E ] C:\Program Files\Autodesk\Content Service\sqlcese35.dll

19:45:33.0957 1180 C:\Program Files\Autodesk\Content Service\sqlcese35.dll - ok

19:45:33.0957 1180 [ 30B8190C119EE82A2FEA935C82F90BF8 ] C:\Program Files\Autodesk\Content Service\sqlceqp35.dll

19:45:33.0957 1180 C:\Program Files\Autodesk\Content Service\sqlceqp35.dll - ok

19:45:33.0957 1180 [ EA076CF4BAAACD2735475FF3C0878822 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll

19:45:33.0957 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll - ok

19:45:33.0973 1180 [ 768230C78724CB23F8166D6F6A2106AD ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.Wrapper.dll

19:45:33.0973 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.Wrapper.dll - ok

19:45:33.0973 1180 [ C755E17BAC396F9A9F468320B3F6CF46 ] C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

19:45:33.0973 1180 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll - ok

19:45:33.0973 1180 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll

19:45:33.0973 1180 C:\WINDOWS\system32\faultrep.dll - ok

19:45:33.0988 1180 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl

19:45:33.0988 1180 C:\WINDOWS\system32\desk.cpl - ok

19:45:33.0988 1180 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll

19:45:33.0988 1180 C:\WINDOWS\system32\themeui.dll - ok

19:45:33.0988 1180 [ 0354270C25863AE7C8A7D06031943B57 ] C:\Program Files\Autodesk\Content Service\Connect.Service.Scheduler.dll

19:45:33.0988 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.Scheduler.dll - ok

19:45:34.0004 1180 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] C:\Program Files\Java\jre6\bin\jqs.exe

19:45:34.0004 1180 C:\Program Files\Java\jre6\bin\jqs.exe - ok

19:45:34.0004 1180 [ 010D7BD766C2C1E1A116712967FF4BD2 ] C:\Program Files\Common Files\Nero\Lib\DriveLocker.dll

19:45:34.0004 1180 C:\Program Files\Common Files\Nero\Lib\DriveLocker.dll - ok

19:45:34.0004 1180 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll

19:45:34.0004 1180 C:\WINDOWS\system32\actxprxy.dll - ok

19:45:34.0020 1180 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll

19:45:34.0020 1180 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok

19:45:34.0020 1180 [ F3C799C021D13DD6C320F53E0430443B ] C:\Program Files\Autodesk\Content Service\Connect.Service.Users.dll

19:45:34.0020 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.Users.dll - ok

19:45:34.0020 1180 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll

19:45:34.0020 1180 C:\WINDOWS\system32\pdh.dll - ok

19:45:34.0020 1180 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll

19:45:34.0020 1180 C:\WINDOWS\system32\odbcbcp.dll - ok

19:45:34.0035 1180 [ B89CB7F3F1A1E2807E708F5435DEB13D ] C:\Program Files\Autodesk\Content Service\log4net.dll

19:45:34.0035 1180 C:\Program Files\Autodesk\Content Service\log4net.dll - ok

19:45:34.0035 1180 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

19:45:34.0035 1180 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok

19:45:34.0035 1180 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll

19:45:34.0035 1180 C:\WINDOWS\system32\srvsvc.dll - ok

19:45:34.0051 1180 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys

19:45:34.0051 1180 C:\WINDOWS\system32\drivers\srv.sys - ok

19:45:34.0051 1180 [ 4C759C5DE4A29D7088793D534F9F1A87 ] C:\Program Files\Autodesk\Content Service\Lucene.Net.dll

19:45:34.0051 1180 C:\Program Files\Autodesk\Content Service\Lucene.Net.dll - ok

19:45:34.0051 1180 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll

19:45:34.0051 1180 C:\WINDOWS\system32\perfos.dll - ok

19:45:34.0051 1180 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll

19:45:34.0051 1180 C:\WINDOWS\system32\perfdisk.dll - ok

19:45:34.0066 1180 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe

19:45:34.0066 1180 C:\WINDOWS\system32\cmd.exe - ok

19:45:34.0066 1180 [ 7AA68448BD94AE9F1CE9C23290B97F75 ] C:\Program Files\Autodesk\Content Service\Connect.Service.FileStore.dll

19:45:34.0066 1180 C:\Program Files\Autodesk\Content Service\Connect.Service.FileStore.dll - ok

19:45:34.0066 1180 [ 8624E0E2418413614EE1FECDB7B76B88 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

19:45:34.0066 1180 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok

19:45:34.0082 1180 [ D4467A285C91752018F67CDBA8680BAB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll

19:45:34.0082 1180 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok

19:45:34.0082 1180 [ 1FA582B46F20AA1949FD6326061706AC ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b7f418545abc074940776fea9ad635e\SMDiagnostics.ni.dll

19:45:34.0082 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b7f418545abc074940776fea9ad635e\SMDiagnostics.ni.dll - ok

19:45:34.0082 1180 [ E6FFC1F2F73D03EFC30AAF6440EC46D3 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f616e6911a3d461193cd0e6e003adca5\System.Runtime.DurableInstancing.ni.dll

19:45:34.0082 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f616e6911a3d461193cd0e6e003adca5\System.Runtime.DurableInstancing.ni.dll - ok

19:45:34.0098 1180 [ 5C6CFD56BA7AEAC84693E78690E30499 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fe0d8dda05b9d38bbb664432300b4f42\System.Runtime.Serialization.ni.dll

19:45:34.0098 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fe0d8dda05b9d38bbb664432300b4f42\System.Runtime.Serialization.ni.dll - ok

19:45:34.0098 1180 [ AD739DC6E2EFB5F55F181A3EF54A206E ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll

19:45:34.0098 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll - ok

19:45:34.0113 1180 [ 8619CA3C961686F5FA7B1BEB1EB1420E ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\9480ffd884404a8b0fe8278ce70a73be\System.WorkflowServices.ni.dll

19:45:34.0113 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\9480ffd884404a8b0fe8278ce70a73be\System.WorkflowServices.ni.dll - ok

19:45:34.0113 1180 [ C2218898E619A08D9E50C80B28CA9EF4 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b9810b8ed4fc94ec682ee8217a6c905b\System.ServiceModel.Web.ni.dll

19:45:34.0113 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b9810b8ed4fc94ec682ee8217a6c905b\System.ServiceModel.Web.ni.dll - ok

19:45:34.0113 1180 [ E013180337B10410A3811F506832892E ] C:\WINDOWS\system32\spool\drivers\w32x86\3\EFXGI09A.DLL

19:45:34.0113 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\EFXGI09A.DLL - ok

19:45:34.0129 1180 [ 045842FCB9DBD6A50F6D6B78B900DC08 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\EFXMI09A.DLL

19:45:34.0129 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\EFXMI09A.DLL - ok

19:45:34.0129 1180 [ 273BCBEA3A2C3F9AD8584AD4E281DFC0 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\EFXUI09A.DLL

19:45:34.0129 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\EFXUI09A.DLL - ok

19:45:34.0129 1180 [ 749B95B9F28C28ABDBAF801A704F02D0 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8f02a194fe5bce225a63ca0587065830\System.ServiceModel.Discovery.ni.dll

19:45:34.0129 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8f02a194fe5bce225a63ca0587065830\System.ServiceModel.Discovery.ni.dll - ok

19:45:34.0145 1180 [ 9DCB4F9D640778D381CA88293A65EC87 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\db54a8a55271ac4ce8bbaa435f474ed6\System.ServiceModel.Activities.ni.dll

19:45:34.0145 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\db54a8a55271ac4ce8bbaa435f474ed6\System.ServiceModel.Activities.ni.dll - ok

19:45:34.0145 1180 [ 4763C8693B363AA9EF0E57BEB507BDF8 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0c6552cb44af800ced291796ff32b748\System.ServiceModel.Routing.ni.dll

19:45:34.0145 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0c6552cb44af800ced291796ff32b748\System.ServiceModel.Routing.ni.dll - ok

19:45:34.0145 1180 [ 50695BBE456B93444FA6F9CE7EBA0975 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ab0b49150543e689844c607fe344057d\System.ServiceModel.Channels.ni.dll

19:45:34.0145 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ab0b49150543e689844c607fe344057d\System.ServiceModel.Channels.ni.dll - ok

19:45:34.0160 1180 [ C959794C4F7079E81A43E86194FE5CAB ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\2e384b7a68ed602006571cfa37ede224\System.Web.Services.ni.dll

19:45:34.0160 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\2e384b7a68ed602006571cfa37ede224\System.Web.Services.ni.dll - ok

19:45:34.0160 1180 [ 5AEEC49819073034305633D58A5E500F ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d39d7af1c84535e19dbf92d804f906a2\System.IdentityModel.ni.dll

19:45:34.0160 1180 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d39d7af1c84535e19dbf92d804f906a2\System.IdentityModel.ni.dll - ok

19:45:34.0176 1180 [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll

19:45:34.0176 1180 C:\WINDOWS\system32\httpapi.dll - ok

19:45:34.0176 1180 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

19:45:34.0176 1180 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok

19:45:34.0176 1180 [ 4BE1DCAD76BE96D1EC887A41E570C404 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll

19:45:34.0176 1180 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok

19:45:34.0176 1180 [ E6CB119EF2E148EAA1A247343550756E ] C:\Program Files\Common Files\Motive\McciCMService.exe

19:45:34.0176 1180 C:\Program Files\Common Files\Motive\McciCMService.exe - ok

19:45:34.0191 1180 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] C:\WINDOWS\system32\IoctlSvc.exe

19:45:34.0191 1180 C:\WINDOWS\system32\IoctlSvc.exe - ok

19:45:34.0191 1180 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll

19:45:34.0191 1180 C:\WINDOWS\system32\ipsecsvc.dll - ok

19:45:34.0191 1180 [ 67BFD5FBE6A5497076B85AC93BFB188B ] C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

19:45:34.0191 1180 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe - ok

19:45:34.0207 1180 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll

19:45:34.0207 1180 C:\WINDOWS\system32\oakley.dll - ok

19:45:34.0207 1180 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll

19:45:34.0207 1180 C:\WINDOWS\system32\pstorsvc.dll - ok

19:45:34.0207 1180 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll

19:45:34.0207 1180 C:\WINDOWS\system32\psbase.dll - ok

19:45:34.0223 1180 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll

19:45:34.0223 1180 C:\WINDOWS\system32\dssenh.dll - ok

19:45:34.0223 1180 [ FB53A700132D9A97D1E10E9F80BD6174 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

19:45:34.0223 1180 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok

19:45:34.0223 1180 [ 09523AFBC5937D7CC786FC9C74D2D516 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll

19:45:34.0223 1180 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll - ok

19:45:34.0238 1180 [ 4B3685AA700084E4ED6635FC1EFD9CC2 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll

19:45:34.0238 1180 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll - ok

19:45:34.0238 1180 [ 741BDBA1E61DA6C56DD1C13BDDF1A7EE ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll

19:45:34.0238 1180 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll - ok

19:45:34.0238 1180 [ 723528449ED0D1B0AD98AF3EDF23101D ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

19:45:34.0238 1180 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok

19:45:34.0254 1180 [ 3201582A7BC2D16D3633D010AE633218 ] C:\Program Files\Common Files\Intuit\QuickBooks\CFScan.dll

19:45:34.0254 1180 C:\Program Files\Common Files\Intuit\QuickBooks\CFScan.dll - ok

19:45:34.0254 1180 [ 1A2AA70EE7C0C0C06B1CD1B0C84458F3 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBDBPortFinder.DLL

19:45:34.0254 1180 C:\Program Files\Common Files\Intuit\QuickBooks\QBDBPortFinder.DLL - ok

19:45:34.0254 1180 [ FC2741A70B84D7E7BA5F51A352669EE8 ] C:\Program Files\Common Files\Intuit\QuickBooks\stlport_r50.dll

19:45:34.0254 1180 C:\Program Files\Common Files\Intuit\QuickBooks\stlport_r50.dll - ok

19:45:34.0270 1180 [ F424AEE4E895CF8D819ADFC08D906699 ] C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe

19:45:34.0270 1180 C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe - ok

19:45:34.0270 1180 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

19:45:34.0270 1180 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok

19:45:34.0270 1180 [ 107D6B494FFBAF9BB4D114A588802DE3 ] C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\FwProxy.dll

19:45:34.0270 1180 C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\FwProxy.dll - ok

19:45:34.0285 1180 [ 860FAD57B4668A9F5F350A9D5444AE89 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

19:45:34.0285 1180 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok

19:45:34.0285 1180 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll

19:45:34.0285 1180 C:\WINDOWS\system32\wsock32.dll - ok

19:45:34.0285 1180 [ EA1C08C1EF7EADD4FF0CEC88E10C7815 ] C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\fwconst.dll

19:45:34.0285 1180 C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\fwconst.dll - ok

19:45:34.0301 1180 [ B63F1EF00BC529DF216F94AB6E4A66C8 ] C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\nikplatformclientinterfacesimpl.dll

19:45:34.0301 1180 C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\nikplatformclientinterfacesimpl.dll - ok

19:45:34.0301 1180 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\WINDOWS\system32\drivers\secdrv.sys

19:45:34.0301 1180 C:\WINDOWS\system32\drivers\secdrv.sys - ok

19:45:34.0301 1180 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll

19:45:34.0301 1180 C:\WINDOWS\system32\regsvc.dll - ok

19:45:34.0316 1180 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll

19:45:34.0316 1180 C:\WINDOWS\system32\seclogon.dll - ok

19:45:34.0316 1180 [ 21FD68E11D15AC0C4B3A0846E39BE565 ] C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys

19:45:34.0316 1180 C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys - ok

19:45:34.0316 1180 [ 38FD811E7F58250916548031BD9308D0 ] C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys

19:45:34.0316 1180 C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys - ok

19:45:34.0316 1180 [ 17CF4AB893DE9AAF57B45BFCF88C5278 ] C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

19:45:34.0316 1180 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe - ok

19:45:34.0332 1180 [ B240339BAAF0C59CE907D8A1016DC0B0 ] C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\ngp_utils.dll

19:45:34.0332 1180 C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\ngp_utils.dll - ok

19:45:34.0332 1180 [ 46F7114135545D7028AC277F97FC03D1 ] C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\ngp_system.dll

19:45:34.0332 1180 C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\ngp_system.dll - ok

19:45:34.0332 1180 [ DF8304BECFE3BAE94F6A2A4B30EB664E ] C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\ngp_projectpropimpl.dll

19:45:34.0332 1180 C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\ngp_projectpropimpl.dll - ok

19:45:34.0348 1180 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll

19:45:34.0348 1180 C:\WINDOWS\system32\ipnathlp.dll - ok

19:45:34.0348 1180 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll

19:45:34.0348 1180 C:\WINDOWS\system32\srsvc.dll - ok

19:45:34.0348 1180 [ 3745642455368883E097EAB1EDD86559 ] C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\nikevalexpressions.dll

19:45:34.0348 1180 C:\Program Files\SolidWorks\SolidWorks Flow Simulation\binCFW\nikevalexpressions.dll - ok

19:45:34.0363 1180 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll

19:45:34.0363 1180 C:\WINDOWS\system32\cabinet.dll - ok

19:45:34.0363 1180 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll

19:45:34.0363 1180 C:\WINDOWS\system32\wiaservc.dll - ok

19:45:34.0363 1180 [ FA2F6A8849219B16460BF44F9D1F3AA7 ] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

19:45:34.0363 1180 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe - ok

19:45:34.0379 1180 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll

19:45:34.0379 1180 C:\WINDOWS\system32\cfgmgr32.dll - ok

19:45:34.0379 1180 [ 7C7E6566AD8F97630E40E079E8160EBE ] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll

19:45:34.0379 1180 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll - ok

19:45:34.0379 1180 [ B226F8A4D780ACDF76145B58BB791D5B ] C:\WINDOWS\system32\drivers\symlcbrd.sys

19:45:34.0379 1180 C:\WINDOWS\system32\drivers\symlcbrd.sys - ok

19:45:34.0379 1180 [ 7F8260BA2F62C010174431FBF5095DC4 ] C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

19:45:34.0379 1180 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe - ok

19:45:34.0394 1180 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll

19:45:34.0394 1180 C:\WINDOWS\system32\wbem\wmisvc.dll - ok

19:45:34.0394 1180 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll

19:45:34.0394 1180 C:\WINDOWS\system32\vssapi.dll - ok

19:45:34.0394 1180 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll

19:45:34.0394 1180 C:\WINDOWS\system32\browser.dll - ok

19:45:34.0410 1180 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll

19:45:34.0410 1180 C:\WINDOWS\system32\wuauserv.dll - ok

19:45:34.0410 1180 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll

19:45:34.0410 1180 C:\WINDOWS\system32\wuaueng.dll - ok

19:45:34.0410 1180 [ 0A12AB3CE474A57EE50D73F03779D3F1 ] C:\Program Files\Microsoft Application Virtualization Client\sftsync.dll

19:45:34.0410 1180 C:\Program Files\Microsoft Application Virtualization Client\sftsync.dll - ok

19:45:34.0426 1180 [ E3F138DDF15DF1089D3DD3A457DECADD ] C:\Program Files\Microsoft Application Virtualization Client\sftuser.dll

19:45:34.0426 1180 C:\Program Files\Microsoft Application Virtualization Client\sftuser.dll - ok

19:45:34.0426 1180 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll

19:45:34.0426 1180 C:\WINDOWS\system32\mspatcha.dll - ok

19:45:34.0426 1180 [ A963589E68EF52185A43160219E0DBF7 ] C:\Program Files\Microsoft Application Virtualization Client\sftcore.dll

19:45:34.0426 1180 C:\Program Files\Microsoft Application Virtualization Client\sftcore.dll - ok

19:45:34.0426 1180 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll

19:45:34.0426 1180 C:\WINDOWS\system32\comsvcs.dll - ok

19:45:34.0441 1180 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll

19:45:34.0441 1180 C:\WINDOWS\system32\colbact.dll - ok

19:45:34.0441 1180 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll

19:45:34.0441 1180 C:\WINDOWS\system32\mtxclu.dll - ok

19:45:34.0441 1180 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll

19:45:34.0441 1180 C:\WINDOWS\system32\resutils.dll - ok

19:45:34.0457 1180 [ 5173306C3CE37D3C589B8A48D3E05068 ] C:\Program Files\Microsoft Application Virtualization Client\sftpsr.dll

19:45:34.0457 1180 C:\Program Files\Microsoft Application Virtualization Client\sftpsr.dll - ok

19:45:34.0457 1180 [ A6C5F03C2C200A15C18AD3655D7F0EEC ] C:\Program Files\Microsoft Application Virtualization Client\sftfsi.dll

19:45:34.0457 1180 C:\Program Files\Microsoft Application Virtualization Client\sftfsi.dll - ok

19:45:34.0457 1180 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll

19:45:34.0457 1180 C:\WINDOWS\system32\wups.dll - ok

19:45:34.0473 1180 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll

19:45:34.0473 1180 C:\WINDOWS\system32\wups2.dll - ok

19:45:34.0473 1180 [ AA023CC125C3839FF770121A1E3D82F1 ] C:\Program Files\Microsoft Application Virtualization Client\sftcomp.dll

19:45:34.0473 1180 C:\Program Files\Microsoft Application Virtualization Client\sftcomp.dll - ok

19:45:34.0473 1180 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe

19:45:34.0473 1180 C:\WINDOWS\system32\wuauclt.exe - ok

19:45:34.0473 1180 [ 5F964BD0C8A6B5B74AF7F8A2CDB6BB14 ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

19:45:34.0473 1180 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe - ok

19:45:34.0488 1180 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll

19:45:34.0488 1180 C:\WINDOWS\system32\wscsvc.dll - ok

19:45:34.0488 1180 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll

19:45:34.0488 1180 C:\WINDOWS\system32\fltlib.dll - ok

19:45:34.0488 1180 [ 1F13F3C7907588D017299B008EEED06C ] C:\WINDOWS\system32\drivers\Sftredirxp.sys

19:45:34.0488 1180 C:\WINDOWS\system32\drivers\Sftredirxp.sys - ok

19:45:34.0504 1180 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll

19:45:34.0504 1180 C:\WINDOWS\system32\wbem\wbemcore.dll - ok

19:45:34.0504 1180 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll

19:45:34.0504 1180 C:\WINDOWS\system32\wbem\esscli.dll - ok

19:45:34.0504 1180 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll

19:45:34.0504 1180 C:\WINDOWS\system32\wbem\fastprox.dll - ok

19:45:34.0519 1180 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll

19:45:34.0519 1180 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok

19:45:34.0519 1180 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll

19:45:34.0519 1180 C:\WINDOWS\system32\wbem\wmiutils.dll - ok

19:45:34.0519 1180 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll

19:45:34.0519 1180 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok

19:45:34.0535 1180 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll

19:45:34.0535 1180 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok

19:45:34.0535 1180 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll

19:45:34.0535 1180 C:\WINDOWS\system32\wbem\wbemess.dll - ok

19:45:34.0535 1180 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe

19:45:34.0535 1180 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok

19:45:34.0535 1180 [ 4CC0700F59E21604A4195D1AB9B91379 ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nmi.dll

19:45:34.0535 1180 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nmi.dll - ok

19:45:34.0551 1180 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll

19:45:34.0551 1180 C:\WINDOWS\system32\wbem\framedyn.dll - ok

19:45:34.0551 1180 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll

19:45:34.0551 1180 C:\WINDOWS\system32\wuapi.dll - ok

19:45:34.0551 1180 [ FFA2BD207444D34751D4011D0CBC514B ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll

19:45:34.0551 1180 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll - ok

19:45:34.0566 1180 [ 35D6465E4C2F250801FAB42A3063EA3E ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\SpecialCase.dll

19:45:34.0566 1180 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\SpecialCase.dll - ok

19:45:34.0566 1180 [ D4598FB64871FC37FE60146930D82560 ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common_firewall.dll

19:45:34.0566 1180 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common_firewall.dll - ok

19:45:34.0566 1180 [ 3581422BC6AB5D31843F7952C69CD78F ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

19:45:34.0566 1180 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe - ok

19:45:34.0582 1180 [ 75D6946AAB6C9ACDEE0E455099265EAA ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_resource_L1033.dll

19:45:34.0582 1180 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_resource_L1033.dll - ok

19:45:34.0582 1180 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll

19:45:34.0582 1180 C:\WINDOWS\system32\wbem\ncprov.dll - ok

19:45:34.0582 1180 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll

19:45:34.0582 1180 C:\WINDOWS\system32\wbem\cimwin32.dll - ok

19:45:34.0582 1180 [ C0DDF8E2C66E77E53F8287FD1D9D9C6E ] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nmp.dll

19:45:34.0582 1180 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nmp.dll - ok

19:45:34.0598 1180 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll

19:45:34.0598 1180 C:\WINDOWS\system32\msxml6.dll - ok

19:45:34.0598 1180 [ 9F38FEB92D18468012543E1AFCF79BBC ] C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

19:45:34.0598 1180 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE - ok

19:45:34.0598 1180 [ 601C04910746EB756CFA769DA128695E ] C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSHARED.DLL

19:45:34.0598 1180 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSHARED.DLL - ok

19:45:34.0613 1180 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll

19:45:34.0613 1180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok

19:45:34.0613 1180 [ 4B3F282C998813C86A6CF89615960630 ] C:\WINDOWS\system32\hlink.dll

19:45:34.0613 1180 C:\WINDOWS\system32\hlink.dll - ok

19:45:34.0613 1180 [ 889DABEF52A0F45E5B4EA6FAE0D02612 ] C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\en-us\CVHIntl.dll

19:45:34.0613 1180 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\en-us\CVHIntl.dll - ok

19:45:34.0629 1180 [ 34470FE158AAEC6FB7D6C0E8C8252263 ] C:\Program Files\Microsoft Application Virtualization Client\sftintf.dll

19:45:34.0629 1180 C:\Program Files\Microsoft Application Virtualization Client\sftintf.dll - ok

19:45:34.0629 1180 [ FA784AFE3925C4D1E7EB65CA3A9CC72F ] C:\Program Files\Java\jre6\bin\awt.dll

19:45:34.0629 1180 C:\Program Files\Java\jre6\bin\awt.dll - ok

19:45:34.0629 1180 [ E039FEC74CD7CF8C664138ADE6B688F4 ] C:\Program Files\Java\jre6\bin\client\jvm.dll

19:45:34.0629 1180 C:\Program Files\Java\jre6\bin\client\jvm.dll - ok

19:45:34.0644 1180 [ FC384144E1C6390B6E576C641A9D9F99 ] C:\Program Files\Java\jre6\bin\dcpr.dll

19:45:34.0644 1180 C:\Program Files\Java\jre6\bin\dcpr.dll - ok

19:45:34.0644 1180 [ 2D3E7A71A93D6D6D063CB391D225AF08 ] C:\Program Files\Java\jre6\bin\deploy.dll

19:45:34.0644 1180 C:\Program Files\Java\jre6\bin\deploy.dll - ok

19:45:34.0644 1180 [ 4B267FFF6BA9E985D7964440A69E8146 ] C:\Program Files\Java\jre6\bin\fontmanager.dll

19:45:34.0644 1180 C:\Program Files\Java\jre6\bin\fontmanager.dll - ok

19:45:34.0660 1180 [ 97AD9A55A6F4D8D825A718081BFD72EA ] C:\Program Files\Java\jre6\bin\hpi.dll

19:45:34.0660 1180 C:\Program Files\Java\jre6\bin\hpi.dll - ok

19:45:34.0660 1180 [ BD1D0F150C25F972951FF1E7381CFB67 ] C:\Program Files\Java\jre6\bin\java.dll

19:45:34.0660 1180 C:\Program Files\Java\jre6\bin\java.dll - ok

19:45:34.0660 1180 [ FD8AB373BD7834A65114DD899199D00B ] C:\Program Files\Java\jre6\bin\javaw.exe

19:45:34.0660 1180 C:\Program Files\Java\jre6\bin\javaw.exe - ok

19:45:34.0676 1180 [ A75020E93E606BEF7609E9AF061A2117 ] C:\Program Files\Java\jre6\bin\jp2native.dll

19:45:34.0676 1180 C:\Program Files\Java\jre6\bin\jp2native.dll - ok

19:45:34.0676 1180 [ C3F7A1E52F753EB5D0AF61A0C0AF9F67 ] C:\Program Files\Java\jre6\bin\jpeg.dll

19:45:34.0676 1180 C:\Program Files\Java\jre6\bin\jpeg.dll - ok

19:45:34.0676 1180 [ F00769B92D4FBBCC66AC298658BBCB69 ] C:\Program Files\Java\jre6\bin\net.dll

19:45:34.0676 1180 C:\Program Files\Java\jre6\bin\net.dll - ok

19:45:34.0691 1180 [ D5DEC0FE419EF7FDE0691E876518C74C ] C:\Program Files\Java\jre6\bin\nio.dll

19:45:34.0691 1180 C:\Program Files\Java\jre6\bin\nio.dll - ok

19:45:34.0691 1180 [ 655E7B6BBA29D1AA5A024C580C7FC9C8 ] C:\Program Files\Java\jre6\bin\regutils.dll

19:45:34.0691 1180 C:\Program Files\Java\jre6\bin\regutils.dll - ok

19:45:34.0691 1180 [ 048DFF56FAF13418A4883EBA57E0F532 ] C:\Program Files\Java\jre6\bin\verify.dll

19:45:34.0691 1180 C:\Program Files\Java\jre6\bin\verify.dll - ok

19:45:34.0691 1180 [ 9649B2B14C6AA0B4AD02BBA93CA7DC0F ] C:\Program Files\Java\jre6\bin\zip.dll

19:45:34.0691 1180 C:\Program Files\Java\jre6\bin\zip.dll - ok

19:45:34.0707 1180 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll

19:45:34.0707 1180 C:\WINDOWS\system32\security.dll - ok

19:45:34.0707 1180 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll

19:45:34.0707 1180 C:\WINDOWS\system32\wbem\wmipcima.dll - ok

19:45:34.0707 1180 [ 8FED1E0A491D4990853D23F21C59C730 ] C:\WINDOWS\system32\advpack.dll

19:45:34.0707 1180 C:\WINDOWS\system32\advpack.dll - ok

19:45:34.0723 1180 [ C88C65DF1ED4DFD34CFBD11CDFE519A3 ] C:\WINDOWS\system32\wucltui.dll

19:45:34.0723 1180 C:\WINDOWS\system32\wucltui.dll - ok

19:45:34.0723 1180 [ C31DD4CEC06D2908AE5F212A0B13805B ] C:\WINDOWS\system32\wuaucpl.cpl

19:45:34.0723 1180 C:\WINDOWS\system32\wuaucpl.cpl - ok

19:45:34.0723 1180 [ BBDFDBEAD1B7A1CFD44BFFFD177FB627 ] C:\WINDOWS\system32\mucltui.dll

19:45:34.0723 1180 C:\WINDOWS\system32\mucltui.dll - ok

19:45:34.0738 1180 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\Preston\LOCALS~1\temp\F48C918B-208E-430A-ABCD-FE0CBC3028CC.exe

19:45:34.0738 1180 C:\DOCUME~1\Preston\LOCALS~1\temp\F48C918B-208E-430A-ABCD-FE0CBC3028CC.exe - ok

19:45:34.0738 1180 [ 6143EC5FE54DB6AD0551546F49C62EAE ] C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll

19:45:34.0738 1180 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll - ok

19:45:34.0738 1180 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll

19:45:34.0738 1180 C:\WINDOWS\system32\linkinfo.dll - ok

19:45:34.0754 1180 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll

19:45:34.0754 1180 C:\WINDOWS\system32\ntshrui.dll - ok

19:45:34.0754 1180 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe

19:45:34.0754 1180 C:\WINDOWS\system32\verclsid.exe - ok

19:45:34.0754 1180 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll

19:45:34.0754 1180 C:\WINDOWS\system32\wbem\wbemcons.dll - ok

19:45:34.0769 1180 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\13785323.sys

19:45:34.0769 1180 C:\WINDOWS\system32\drivers\13785323.sys - ok

19:45:34.0769 1180 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll

19:45:34.0769 1180 C:\WINDOWS\system32\webcheck.dll - ok

19:45:34.0769 1180 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll

19:45:34.0769 1180 C:\WINDOWS\system32\mlang.dll - ok

19:45:34.0769 1180 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll

19:45:34.0769 1180 C:\WINDOWS\system32\stobject.dll - ok

19:45:34.0785 1180 [ 8C2DB4B2962D47DF7F21935DBEAF5E88 ] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe

19:45:34.0785 1180 C:\Program Files\NVIDIA Corporation\nView\nwiz.exe - ok

19:45:34.0785 1180 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll

19:45:34.0785 1180 C:\WINDOWS\system32\batmeter.dll - ok

19:45:34.0785 1180 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll

19:45:34.0785 1180 C:\WINDOWS\system32\WPDShServiceObj.dll - ok

19:45:34.0801 1180 [ EAA7D4CA20E9D5B2BB33CCC41D5D08A3 ] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe

19:45:34.0801 1180 C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe - ok

19:45:34.0801 1180 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll

19:45:34.0801 1180 C:\WINDOWS\system32\mydocs.dll - ok

19:45:34.0801 1180 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

19:45:34.0801 1180 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok

19:45:34.0801 1180 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll

19:45:34.0801 1180 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok

19:45:34.0816 1180 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll

19:45:34.0816 1180 C:\WINDOWS\system32\PortableDeviceApi.dll - ok

19:45:34.0816 1180 [ 86F33213C450FED3C7E32F9473415E7E ] C:\Program Files\EPSON Software\Event Manager\EEventManager.exe

19:45:34.0816 1180 C:\Program Files\EPSON Software\Event Manager\EEventManager.exe - ok

19:45:34.0816 1180 [ 0B0E075EF0AE1CD8526D6D851E684224 ] C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe

19:45:34.0816 1180 C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe - ok

19:45:34.0832 1180 [ 55436C4848E1EB25644C70EF78D53FF9 ] C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe

19:45:34.0832 1180 C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe - ok

19:45:34.0832 1180 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe

19:45:34.0832 1180 C:\WINDOWS\system32\rundll32.exe - ok

19:45:34.0832 1180 [ A9D6FD155C4143242BA1FEAFE54129A7 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIIUE.EXE

19:45:34.0832 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIIUE.EXE - ok

19:45:34.0847 1180 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe

19:45:34.0847 1180 C:\WINDOWS\system32\ctfmon.exe - ok

19:45:34.0847 1180 [ 317C54DCAB9EE29CD4B9F55D197A90D1 ] C:\WINDOWS\system32\msisip.dll

19:45:34.0847 1180 C:\WINDOWS\system32\msisip.dll - ok

19:45:34.0847 1180 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll

19:45:34.0847 1180 C:\WINDOWS\system32\wshext.dll - ok

19:45:34.0847 1180 [ 40FA2F035ED88108850757CA51DAD942 ] C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL

19:45:34.0847 1180 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL - ok

19:45:34.0863 1180 [ 559D9CBFC29DEE2773B28D38851683BA ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll

19:45:34.0863 1180 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok

19:45:34.0863 1180 [ EC20D3A79B472C4CCE6A55460A0CB752 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

19:45:34.0863 1180 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - ok

19:45:34.0863 1180 [ 1C22A3866112ED41E1F3684DAE9AD5D2 ] C:\WINDOWS\system32\mmcshext.dll

19:45:34.0863 1180 C:\WINDOWS\system32\mmcshext.dll - ok

19:45:34.0879 1180 [ D3E868700D9B5E3C54B7EED060215CC1 ] C:\WINDOWS\system32\hhsetup.dll

19:45:34.0879 1180 C:\WINDOWS\system32\hhsetup.dll - ok

19:45:34.0879 1180 [ B164CC5FAF9B611619D9DB23FB0C39E4 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe

19:45:34.0879 1180 C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe - ok

19:45:34.0879 1180 [ F22CEB590CF8359D72620F680AAB737D ] C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe

19:45:34.0879 1180 C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe - ok

19:45:34.0894 1180 [ 165AE7A443F2139DD2C078AD87699F91 ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL

19:45:34.0894 1180 C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok

19:45:34.0894 1180 [ 83F59DF33950CC21AEAB737C681AFC6F ] C:\Program Files\NVIDIA Corporation\nView\nView.dll

19:45:34.0894 1180 C:\Program Files\NVIDIA Corporation\nView\nView.dll - ok

19:45:34.0894 1180 [ 58D8F10B1F2C2C4F8C3A57830EB72852 ] C:\WINDOWS\system32\nvwddi.dll

19:45:34.0894 1180 C:\WINDOWS\system32\nvwddi.dll - ok

19:45:34.0910 1180 [ 81ADBC4E31A721AEF23251A952049BA2 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe

19:45:34.0910 1180 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok

19:45:34.0910 1180 [ 7A7831A07950CD7E8AC82AFA7E44A816 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll

19:45:34.0910 1180 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll - ok

19:45:34.0910 1180 [ 5A2FDF0D90643A3279E14E1525D02773 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll

19:45:34.0910 1180 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll - ok

19:45:34.0926 1180 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll

19:45:34.0926 1180 C:\WINDOWS\system32\oledlg.dll - ok

19:45:34.0926 1180 [ B0B59E13EEC2FA1584DE87B72B56E370 ] C:\Program Files\EPSON Software\FAX Utility\Resource\FUCMNMSG.dll

19:45:34.0926 1180 C:\Program Files\EPSON Software\FAX Utility\Resource\FUCMNMSG.dll - ok

19:45:34.0926 1180 [ A88110E864EEB5B2334F645D00591AC3 ] C:\Program Files\EPSON Software\FAX Utility\Resource\FUFAXRCV.dll

19:45:34.0926 1180 C:\Program Files\EPSON Software\FAX Utility\Resource\FUFAXRCV.dll - ok

19:45:34.0941 1180 [ 7A6F66796DF720708FF522421F115C40 ] C:\Program Files\EPSON Software\FAX Utility\Library\FUDRVUTL.dll

19:45:34.0941 1180 C:\Program Files\EPSON Software\FAX Utility\Library\FUDRVUTL.dll - ok

19:45:34.0941 1180 [ C1070A91B14A4E12D90B1A421C72F88D ] C:\Program Files\EPSON Software\FAX Utility\FUSVCCLT.dll

19:45:34.0941 1180 C:\Program Files\EPSON Software\FAX Utility\FUSVCCLT.dll - ok

19:45:34.0941 1180 [ FF2AA9A817482AEC14980F07C94E26D0 ] C:\Program Files\EPSON Software\FAX Utility\EbpD4Fax.dll

19:45:34.0941 1180 C:\Program Files\EPSON Software\FAX Utility\EbpD4Fax.dll - ok

19:45:34.0957 1180 [ 8815A00387ADE03CD685405E7ADB2552 ] C:\Program Files\EPSON Software\FAX Utility\FULEPP.dll

19:45:34.0957 1180 C:\Program Files\EPSON Software\FAX Utility\FULEPP.dll - ok

19:45:34.0957 1180 [ 8002143CF9031F2FC92888164E22DBEB ] C:\Program Files\EPSON Software\FAX Utility\Resource\FULEPPRes.dll

19:45:34.0957 1180 C:\Program Files\EPSON Software\FAX Utility\Resource\FULEPPRes.dll - ok

19:45:34.0957 1180 [ 2031DCC0083A134AF9451CD1402FFCE3 ] C:\Program Files\EPSON Software\Event Manager\LcMgr.dll

19:45:34.0957 1180 C:\Program Files\EPSON Software\Event Manager\LcMgr.dll - ok

19:45:34.0957 1180 [ 0385325946BF0B630EDF2CC6AD71C2BE ] C:\Program Files\EPSON Software\FAX Utility\Library\FUPRBDEV.dll

19:45:34.0957 1180 C:\Program Files\EPSON Software\FAX Utility\Library\FUPRBDEV.dll - ok

19:45:34.0972 1180 [ 9AB16E665D109F2B72A13B3C3EBA4860 ] C:\Program Files\EPSON Software\FAX Utility\FUFAXLDB.dll

19:45:34.0972 1180 C:\Program Files\EPSON Software\FAX Utility\FUFAXLDB.dll - ok

19:45:34.0972 1180 [ 3CAEAE7608F1BD7BA873A3B02895B106 ] C:\WINDOWS\system32\sti.dll

19:45:34.0972 1180 C:\WINDOWS\system32\sti.dll - ok

19:45:34.0972 1180 [ D995CBBC28A615659A8A0CE6A9C9856D ] C:\Program Files\EPSON Software\FAX Utility\FUFAXCFG.dll

19:45:34.0972 1180 C:\Program Files\EPSON Software\FAX Utility\FUFAXCFG.dll - ok

19:45:34.0988 1180 [ 1207A51D603E98758013EFCB3E7FA742 ] C:\Program Files\EPSON Software\FAX Utility\Library\ENCM.dll

19:45:34.0988 1180 C:\Program Files\EPSON Software\FAX Utility\Library\ENCM.dll - ok

19:45:34.0988 1180 [ 51A34398C23DD48AA9614C2C7BFE222A ] C:\Program Files\EPSON Software\Event Manager\ScanEngine30.dll

19:45:34.0988 1180 C:\Program Files\EPSON Software\Event Manager\ScanEngine30.dll - ok

19:45:34.0988 1180 [ 18BC58E7F9C49C2979642118B64A16EC ] C:\Program Files\EPSON Software\FAX Utility\FUFAXCSR.dll

19:45:34.0988 1180 C:\Program Files\EPSON Software\FAX Utility\FUFAXCSR.dll - ok

19:45:35.0004 1180 [ 1A1CEF512F488D45BB624C148E53356D ] C:\Program Files\EPSON Software\Event Manager\ScnMgr10.dll

19:45:35.0004 1180 C:\Program Files\EPSON Software\Event Manager\ScnMgr10.dll - ok

19:45:35.0004 1180 [ 151140A582EEC45AA6E63CFC8D19325E ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TLMWIUE.DLL

19:45:35.0004 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TLMWIUE.DLL - ok

19:45:35.0004 1180 [ 930C61F63FB900CEE15D4EEB98BD5238 ] C:\Program Files\EPSON Software\Event Manager\ScnCom10.dll

19:45:35.0004 1180 C:\Program Files\EPSON Software\Event Manager\ScnCom10.dll - ok

19:45:35.0019 1180 [ 903E85BA90D0A9D32368B200634B2B67 ] C:\Program Files\EPSON Software\Event Manager\ScnEps25.dll

19:45:35.0019 1180 C:\Program Files\EPSON Software\Event Manager\ScnEps25.dll - ok

19:45:35.0019 1180 [ 9076AB590F112D7230694B570498B410 ] C:\Program Files\EPSON Software\FAX Utility\FUIMGCDC.dll

19:45:35.0019 1180 C:\Program Files\EPSON Software\FAX Utility\FUIMGCDC.dll - ok

19:45:35.0019 1180 [ DBD3553B34E3328FDF2E05E41BDACDB3 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TASRIUE.DLL

19:45:35.0019 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TASRIUE.DLL - ok

19:45:35.0035 1180 [ D3AF5CFA390814ACA3965B34CA2DDC5B ] C:\Program Files\EPSON Software\FAX Utility\Library\ENUTIL.dll

19:45:35.0035 1180 C:\Program Files\EPSON Software\FAX Utility\Library\ENUTIL.dll - ok

19:45:35.0035 1180 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll

19:45:35.0035 1180 C:\WINDOWS\system32\msctf.dll - ok

19:45:35.0035 1180 [ D84A012B13F74064EB606D2F406CE2C3 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbuchannel.dll

19:45:35.0035 1180 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbuchannel.dll - ok

19:45:35.0035 1180 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll

19:45:35.0035 1180 C:\WINDOWS\system32\msutb.dll - ok

19:45:35.0051 1180 [ E79A397561EDED918DAF43563CD28372 ] C:\Program Files\EPSON Software\FAX Utility\Library\ENNW.dll

19:45:35.0051 1180 C:\Program Files\EPSON Software\FAX Utility\Library\ENNW.dll - ok

19:45:35.0051 1180 [ FC2741A70B84D7E7BA5F51A352669EE8 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\stlport_r50.dll

19:45:35.0051 1180 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\stlport_r50.dll - ok

19:45:35.0051 1180 [ F282D4EDD85D53E20D902CC92190C5F5 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

19:45:35.0051 1180 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok

19:45:35.0066 1180 [ 63E0B16CEBB27CAAD1D2970AF77934E0 ] C:\WINDOWS\system32\TWAIN_32.DLL

19:45:35.0066 1180 C:\WINDOWS\system32\TWAIN_32.DLL - ok

19:45:35.0066 1180 [ B846321446376F84C1065AAFF1D7BDB2 ] C:\Program Files\EPSON Software\FAX Utility\FUADRFIL.dll

19:45:35.0066 1180 C:\Program Files\EPSON Software\FAX Utility\FUADRFIL.dll - ok

19:45:35.0066 1180 [ 73CACA2878DE3E0B87B1D45941E500CB ] C:\WINDOWS\system32\msvcrt20.dll

19:45:35.0066 1180 C:\WINDOWS\system32\msvcrt20.dll - ok

19:45:35.0082 1180 [ 8F3F0F217D23012008A8AB15FCABDA2B ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TASOIUE.DLL

19:45:35.0082 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TASOIUE.DLL - ok

19:45:35.0082 1180 [ E01A6CF39DF4929633302E9B47C71968 ] C:\Program Files\EPSON Software\FAX Utility\FUSTMMSG.dll

19:45:35.0082 1180 C:\Program Files\EPSON Software\FAX Utility\FUSTMMSG.dll - ok

19:45:35.0082 1180 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll

19:45:35.0082 1180 C:\WINDOWS\ime\sptip.dll - ok

19:45:35.0097 1180 [ 51671692DB820B747811F71506A90D26 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWCUtil.dll

19:45:35.0097 1180 C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWCUtil.dll - ok

19:45:35.0097 1180 [ 803E0619BCC2996C6DE695B13877B899 ] C:\Program Files\EPSON Software\FAX Utility\FUVERDLG.dll

19:45:35.0097 1180 C:\Program Files\EPSON Software\FAX Utility\FUVERDLG.dll - ok

19:45:35.0097 1180 [ AF58E8CC1DAB877BFF3328108777D4B3 ] C:\Program Files\EPSON Software\FAX Utility\Library\FUDEVCOM.dll

19:45:35.0097 1180 C:\Program Files\EPSON Software\FAX Utility\Library\FUDEVCOM.dll - ok

19:45:35.0113 1180 [ A9A8FED9CCEE587A956879F35394562C ] C:\Program Files\EPSON Software\FAX Utility\Library\FUSNMPUT.dll

19:45:35.0113 1180 C:\Program Files\EPSON Software\FAX Utility\Library\FUSNMPUT.dll - ok

19:45:35.0113 1180 [ 9BD5DA763B25D2B1B68316A73B204634 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBSendError20.dll

19:45:35.0113 1180 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBSendError20.dll - ok

19:45:35.0113 1180 [ 681B807E53BDADA337735C28C0E48A1B ] C:\WINDOWS\system32\ntvdm.exe

19:45:35.0113 1180 C:\WINDOWS\system32\ntvdm.exe - ok

19:45:35.0113 1180 [ 971559CD4D3FB291320A8EE2AABE3876 ] C:\Program Files\EPSON Software\FAX Utility\FUUSBHLP.dll

19:45:35.0113 1180 C:\Program Files\EPSON Software\FAX Utility\FUUSBHLP.dll - ok

19:45:35.0129 1180 [ 5D3B3BA5050EED0C75013DD9804335B9 ] C:\Program Files\EPSON Software\FAX Utility\Resource\FUFAXCFGRes.dll

19:45:35.0129 1180 C:\Program Files\EPSON Software\FAX Utility\Resource\FUFAXCFGRes.dll - ok

19:45:35.0129 1180 [ F5DD097058C147CDE4C5AA476B2F3F2C ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll

19:45:35.0129 1180 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll - ok

19:45:35.0129 1180 [ C30D3CD8CB1FB74E814F00382ECBDCAF ] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TLGRIUE.DLL

19:45:35.0129 1180 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TLGRIUE.DLL - ok

19:45:35.0144 1180 [ 9F0DD3CB715986BA9811F6E98CF08EF4 ] C:\Program Files\EPSON Software\FAX Utility\Resource\FUPRBDEVRes.dll

19:45:35.0144 1180 C:\Program Files\EPSON Software\FAX Utility\Resource\FUPRBDEVRes.dll - ok

19:45:35.0144 1180 [ 58449F4059F8A63EAD53BDA2B545C45E ] C:\WINDOWS\assembly\GAC_32\QBWCCommon\2.0.0.139__82cc56431f1a971d\QBWCCommon.dll

19:45:35.0144 1180 C:\WINDOWS\assembly\GAC_32\QBWCCommon\2.0.0.139__82cc56431f1a971d\QBWCCommon.dll - ok

19:45:35.0144 1180 [ E544B0BB96398852238DA57E27089424 ] C:\Program Files\EPSON Software\FAX Utility\Library\FUPRNSYS.dll

19:45:35.0144 1180 C:\Program Files\EPSON Software\FAX Utility\Library\FUPRNSYS.dll - ok

19:45:35.0160 1180 [ 5DD9F33B754196CFB8CE8773ACC609EF ] C:\Program Files\EPSON Software\FAX Utility\fufaxtif.dll

19:45:35.0160 1180 C:\Program Files\EPSON Software\FAX Utility\fufaxtif.dll - ok

19:45:35.0160 1180 [ A77F650FE3C5AC3B5D26DBD86D7E18E0 ] C:\WINDOWS\system32\InetClnt.dll

19:45:35.0160 1180 C:\WINDOWS\system32\InetClnt.dll - ok

19:45:35.0160 1180 [ C2967AFE6C98472D0F782DFCFED3B0ED ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll

19:45:35.0160 1180 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll - ok

19:45:35.0176 1180 [ 0302B9F7322651E8E21FE0326A7CA37B ] C:\Program Files\EPSON Software\FAX Utility\Resource\FUFAXSTM.dll

19:45:35.0176 1180 C:\Program Files\EPSON Software\FAX Utility\Resource\FUFAXSTM.dll - ok

19:45:35.0176 1180 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys

19:45:35.0176 1180 C:\WINDOWS\system32\drivers\http.sys - ok

19:45:35.0176 1180 [ 5963633010616B25503EE126F55E8DE4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll

19:45:35.0176 1180 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll - ok

19:45:35.0191 1180 ============================================================

19:45:35.0191 1180 Scan finished

19:45:35.0191 1180 ============================================================

19:45:35.0191 0768 Detected object count: 1

19:45:35.0191 0768 Actual detected object count: 1

19:45:48.0016 0768 \Device\Harddisk0\DR0\# - copied to quarantine

19:45:48.0016 0768 \Device\Harddisk0\DR0 - copied to quarantine

19:45:48.0094 0768 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

19:45:48.0109 0768 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

19:45:48.0109 0768 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

19:45:48.0312 0768 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

19:45:48.0312 0768 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

19:45:48.0312 0768 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

19:45:48.0312 0768 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

19:45:48.0312 0768 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

19:45:48.0328 0768 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

19:45:48.0328 0768 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

19:45:48.0344 0768 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

19:45:48.0344 0768 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

19:45:48.0359 0768 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

19:45:48.0359 0768 \Device\Harddisk0\DR0 - ok

19:45:53.0920 0768 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

19:46:03.0761 3604 Deinitialize success

Link to post
Share on other sites

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-03 20:16:55

-----------------------------

20:16:55.227 OS Version: Windows 5.1.2600 Service Pack 3

20:16:55.227 Number of processors: 2 586 0x4303

20:16:55.227 ComputerName: PRESTON-103484B UserName: Preston

20:16:55.477 Initialize success

20:17:25.348 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12

20:17:25.348 Disk 0 Vendor: WDC_WD1500ADFD-00NLR1 20.07P20 Size: 143088MB BusType: 3

20:17:25.363 Disk 0 MBR read successfully

20:17:25.363 Disk 0 MBR scan

20:17:25.363 Disk 0 Windows XP default MBR code

20:17:25.363 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143078 MB offset 63

20:17:25.363 Disk 0 scanning sectors +293025600

20:17:25.410 Disk 0 scanning C:\WINDOWS\system32\drivers

20:17:28.894 Service scanning

20:17:36.409 Modules scanning

20:17:46.469 Disk 0 trace - called modules:

20:17:46.485 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

20:17:46.485 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad844c0]

20:17:46.501 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\00000090[0x8ad87198]

20:17:46.501 5 ACPI.sys[b7f51620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-12[0x8ad47d98]

20:17:46.501 Scan finished successfully

23:39:13.586 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Preston\Desktop\MBR.dat"

23:39:13.586 The log file has been saved successfully to "C:\Documents and Settings\Preston\Desktop\aswMBR.txt"

Link to post
Share on other sites

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-03 23:43:57

-----------------------------

23:43:57.893 OS Version: Windows 5.1.2600 Service Pack 3

23:43:57.893 Number of processors: 2 586 0x4303

23:43:57.893 ComputerName: PRESTON-103484B UserName: Preston

23:43:58.112 Initialize success

23:52:18.711 AVAST engine defs: 13020301

23:52:42.633 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12

23:52:42.633 Disk 0 Vendor: WDC_WD1500ADFD-00NLR1 20.07P20 Size: 143088MB BusType: 3

23:52:42.648 Disk 0 MBR read successfully

23:52:42.648 Disk 0 MBR scan

23:52:42.680 Disk 0 Windows XP default MBR code

23:52:42.680 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143078 MB offset 63

23:52:42.680 Disk 0 scanning sectors +293025600

23:52:42.727 Disk 0 scanning C:\WINDOWS\system32\drivers

23:52:49.008 Service scanning

23:53:01.304 Modules scanning

23:53:09.148 Disk 0 trace - called modules:

23:53:09.164 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

23:53:09.164 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad844c0]

23:53:09.164 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\00000090[0x8ad87198]

23:53:09.164 5 ACPI.sys[b7f51620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-12[0x8ad47d98]

23:53:09.585 AVAST engine scan C:\WINDOWS

23:53:15.648 AVAST engine scan C:\WINDOWS\system32

23:55:40.379 AVAST engine scan C:\WINDOWS\system32\drivers

23:55:51.785 AVAST engine scan C:\Documents and Settings\Preston

23:56:19.066 File: C:\Documents and Settings\Preston\Application Data\Sun\Java\Deployment\cache\6.0\44\5e3eecec-278565a2 **INFECTED** Win32:Trojan-gen

23:59:31.187 AVAST engine scan C:\Documents and Settings\All Users

00:13:57.030 Scan finished successfully

00:15:11.419 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Preston\Desktop\MBR.dat"

00:15:11.435 The log file has been saved successfully to "C:\Documents and Settings\Preston\De

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

ComboFix 13-02-03.03 - Preston 02/04/2013 6:59.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1355 [GMT -6:00]

Running from: c:\documents and settings\Preston\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Preston\Desktop\cfscript.exe

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Preston\Local Settings\Application Data\assembly\tmp

.

.

((((((((((((((((((((((((( Files Created from 2013-01-04 to 2013-02-04 )))))))))))))))))))))))))))))))

.

.

2013-02-04 12:48 . 2013-02-04 12:48 -------- d--h--w- c:\windows\PIF

2013-02-04 01:45 . 2013-02-04 01:45 -------- d-----w- C:\TDSSKiller_Quarantine

2013-01-28 20:00 . 2013-01-28 20:00 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\WinRAR SFX

2013-01-28 20:00 . 2013-01-28 20:00 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\WebCheckChannelAgent

2013-01-28 20:00 . 2013-01-29 18:21 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\kvenZz7qZyWVto

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-22 01:51 . 2012-04-14 02:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-22 01:51 . 2011-09-02 01:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 22:49 . 2011-08-30 13:37 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2007-02-13 09:43 . 2007-02-13 09:43 35302248 -c--a-w- c:\program files\5.05.25.00_ntune_winxp_international.exe

2004-08-04 12:00 . 2010-09-24 06:26 221184 -c--a-w- c:\program files\opera\program\plugins\wmpns.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-08-08 16:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIIUE.EXE" [2012-02-27 249440]

"EPLTarget\P0000000000000001"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIIUE.EXE" [2012-02-27 249440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]

"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-11-9 1154848]

QuickBooks Web Connector.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2009-2-9 300328]

SolidWorks Background Downloader.lnk - c:\program files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2010-11-2 1826600]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk

backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk

backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-12-12 13:30 132392 -c--a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2006-08-17 17:32 17920 -c--a-w- c:\windows\CTHELPER.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

2006-12-12 15:46 20480 -c--a-w- c:\windows\system32\Ctxfihlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2006-11-12 10:48 157592 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]

2004-09-03 08:58 65536 -c----w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]

2004-06-15 01:54 200704 -c--a-w- c:\program files\Gigabyte\ET5\GUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]

2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2008-08-08 16:27 1083176 -c--a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]

2006-03-08 13:56 278528 -c----w- c:\program files\Creative\MediaSource5\MtdAcqu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-12-02 20:29 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-11-06 13:25 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-10-16 18:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-01-22 23:22 81920 -c--a-w- c:\program files\NVIDIA Corporation\nTune\ntunecmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-10-16 18:04 110696 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]

2005-06-17 00:25 49152 ----a-w- c:\program files\Creative\Shared Files\Module Loader\dllml.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2008-08-08 16:28 2049320 -c--a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-11-23 06:27 1242448 ----a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SolidWorks Licensing Service"=3 (0x3)

"NeroRegInCDSrv"=2 (0x2)

"Nero BackItUp Scheduler 3"=2 (0x2)

"MSSQLServerADHelper"=3 (0x3)

"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)

"LightScribeService"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"gupdate"=2 (0x2)

"WZCSVC"=2 (0x2)

"UPS"=3 (0x3)

"TrkWks"=2 (0x2)

"TermService"=3 (0x3)

"TapiSrv"=3 (0x3)

"SoundMovieServer"=3 (0x3)

"mnmsrvc"=3 (0x3)

"LiveUpdate"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"ISSVC"=2 (0x2)

"nTuneService"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/20/2011 12:18 AM 239168]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 12:54 PM 116608]

R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2/2/2011 2:08 PM 18656]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 6:35 AM 819600]

R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [5/10/2012 2:00 PM 539744]

R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [1/2/2013 7:44 AM 122000]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/16/2012 9:30 PM 398184]

R2 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;c:\program files\SolidWorks\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [9/8/2010 12:03 AM 89864]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 2:04 PM 447832]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/30/2011 7:37 AM 21104]

R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 2:04 PM 543064]

R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 2:04 PM 190312]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 2:05 PM 21864]

R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 2:04 PM 14680]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 2:04 PM 203608]

R3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [8/9/2007 1:35 AM 506496]

R3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [3/28/2008 5:19 PM 3768]

S0 AmdAcpi;AmdAcpi Bus Filter Driver; [x]

S0 sqcfvcsa;sqcfvcsa;c:\windows\system32\drivers\vpss.sys --> c:\windows\system32\drivers\vpss.sys [?]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/30/2011 7:37 AM 682344]

S3 amdtools;AMD Special Tools Driver; [x]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks\swScheduler\DTSCoordinatorService.exe [10/5/2010 7:07 AM 87336]

S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2/13/2007 3:51 AM 96256]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S3 hitmanpro36;HitmanPro 3.6 Support Driver;\??\c:\windows\system32\drivers\hitmanpro36.sys --> c:\windows\system32\drivers\hitmanpro36.sys [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]

S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 10:28 AM 53032]

S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/28/2008 5:19 PM 184320]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/13/2007 11:20 PM 691696]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 17440766

*NewlyCreated* - 26086026

*NewlyCreated* - ASWMBR

*Deregistered* - 17440766

*Deregistered* - 26086026

*Deregistered* - aswMBR

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 08:28]

.

2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 08:28]

.

2013-02-03 c:\windows\Tasks\User_Feed_Synchronization-{561DDAE7-884D-4921-9C0C-F2EA28E4F39D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

TCP: DhcpNameServer = 69.49.208.10 69.7.80.10

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} - hxxps://www.wm-mobile.ubs.com/md/plugin/excel_mobil/excel.cab

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-26086026.sys

SafeBoot-43442093.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-04 07:05

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,53,44,36,19,1a,25,48,91,4b,b8,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,53,44,36,19,1a,25,48,91,4b,b8,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2088)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\program files\Nero\Nero8\InCD\NBHShx.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\Nero\Nero8\InCD\NBHStr.dll

c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL

c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll

c:\windows\system32\ieframe.dll

c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2013-02-04 07:07:38

ComboFix-quarantined-files.txt 2013-02-04 13:07

ComboFix2.txt 2013-02-02 02:21

ComboFix3.txt 2012-09-17 04:58

.

Pre-Run: 18,646,159,360 bytes free

Post-Run: 18,791,198,720 bytes free

.

- - End Of File - - 1583F74E3281B1593AE6340C07D14A0A

Link to post
Share on other sites

  • Staff

Hello

I would like you to run this new tool and see if it finds anything.

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • •Internet access
    •Windows Update
    •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

Gringo

Link to post
Share on other sites

I can't open windows firewall. It says it cannot start the SharedAccess service. I can't tell if windows update is working or not, but everything else seems to be working ok. There is still a suspicious svchost.exe process running, but I can't tell if it has any affect or not. Thank you again!

Link to post
Share on other sites

  • Staff

Hello

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Gringo

Link to post
Share on other sites

Farbar Service Scanner Version: 30-01-2013

Ran by Preston (administrator) on 05-02-2013 at 00:55:47

Running from "C:\Documents and Settings\Preston\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.

netman Service is not running. Checking service configuration:

The start type of netman service is OK.

The ImagePath of netman service is OK.

The ServiceDll of netman service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

Srservice Service is not running. Checking service configuration:

The start type of Srservice service is OK.

The ImagePath of Srservice service is OK.

The ServiceDll of Srservice service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

cryptsvc Service is not running. Checking service configuration:

The start type of cryptsvc service is OK.

The ImagePath of cryptsvc service is OK.

The ServiceDll of cryptsvc: "%SystemRoot%\System32\cryptsvc.dll".

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll

[2007-02-13 01:06] - [2008-04-13 18:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe

[2004-08-04 06:00] - [2009-02-06 05:11] - 0110592 ____N (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

Extra List:

=======

Bridge(11) BridgeMP(10) Gpc(3) IPSec(5) NetBT(6) NVTCP(8) PSched(7) Tcpip(4)

0x0B00000005000000010000000200000003000000040000000800000056000000070000000A0000000B00000006000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

Farbar Service Scanner Version: 30-01-2013

Ran by Preston (administrator) on 05-02-2013 at 23:35:44

Running from "C:\Documents and Settings\Preston\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll

[2007-02-13 01:06] - [2008-04-13 18:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe

[2004-08-04 06:00] - [2009-02-06 05:11] - 0110592 ____N (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

Extra List:

=======

Bridge(11) BridgeMP(10) Gpc(3) IPSec(5) NetBT(6) NVTCP(8) PSched(7) Tcpip(4)

0x0B00000005000000010000000200000003000000040000000800000056000000070000000A0000000B00000006000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.