Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virus,malware [Closed]


  • This topic is locked This topic is locked

#1
jokernrose

jokernrose

    Member

  • Member
  • PipPip
  • 44 posts
Hi I so hope someone can help me. I am up to my neck with this stupid computer. I have a Toshiba satellite laptop that I have just gotten from a friend. I have been trying for two days to get all the malware off and viruses off. I have scanned with Malwarebytes about 10 times and everytime I get a new list of things that are bad. I have tried removing them and yet they still come back. The story goes like this. When I got the computer it was infected with the S.M.A.R.T repair virus and I found a website that told me how to get rid of it.Long story short I still have problems with the stupid thing. And this morning I had an fbi money scam warning on my screen. Please help me before I throw this thing through a window..I have done the otl and here is the report for it. Thanks in advance for any help you can give me...

OTL logfile created on: 8/29/2012 9:42:45 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\rosa\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

734.42 Mb Total Physical Memory | 380.05 Mb Available Physical Memory | 51.75% Memory free
1.76 Gb Paging File | 1.47 Gb Available in Paging File | 83.65% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 27.09 Gb Free Space | 72.73% Space Free | Partition Type: NTFS

Computer Name: ROLAPTOP | User Name: rosa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/29 21:41:55 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rosa\Desktop\OTL.exe
PRC - [2012/08/28 21:11:30 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2010/01/22 11:35:08 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Iasex.dll -- (Ias)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/28 21:11:30 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2012/07/14 15:32:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/17 08:20:45 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/10/29 01:34:40 | 000,644,096 | RH-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/03/12 11:07:28 | 000,507,264 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2004/08/03 17:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/21 17:53:20 | 000,626,204 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/02/24 12:08:52 | 000,400,384 | -H-- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{DAC9C9B1-3E59-4316-9487-FD55666D003B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2012/06/28 23:52:29 | 000,004,115 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: moove.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://traf4.murfree...sCamControl.cab (CamImage Class)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42818C14-7BFC-4E1F-A082-CD207B492F44}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\rosa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\rosa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/21 17:04:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\Shell - "" = AutoRun
O33 - MountPoints2\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: diskinst - (C:\WINDOWS\system32\cscrhare.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 21:41:55 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rosa\Desktop\OTL.exe
[2012/08/29 13:47:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/08/29 09:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rosa\Application Data\Malwarebytes
[2012/08/28 22:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rosa\Desktop\RK_Quarantine
[2012/08/28 21:59:35 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\rosa\Desktop\unhide.exe
[2012/08/28 21:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/08/28 21:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/08/28 21:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/08/28 18:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 18:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/28 18:56:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/28 18:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/17 08:20:45 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/08/17 08:20:45 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/08/17 08:20:45 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/15 01:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/29 21:54:39 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{65147D32-580F-4E20-96AB-C2104FAC955B}.job
[2012/08/29 21:41:55 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rosa\Desktop\OTL.exe
[2012/08/29 21:40:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/29 21:25:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/29 21:25:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/29 21:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/29 21:13:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/29 18:58:28 | 000,000,412 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2012/08/28 22:53:08 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/08/28 22:28:27 | 001,367,552 | ---- | M] () -- C:\Documents and Settings\rosa\Desktop\RogueKiller.exe
[2012/08/28 21:59:39 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\rosa\Desktop\unhide.exe
[2012/08/28 21:11:30 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/08/28 18:58:28 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-B0L9L.exe
[2012/08/28 18:58:28 | 000,010,550 | ---- | M] () -- C:\WINDOWS\is-B0L9L.msg
[2012/08/28 18:58:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/28 18:58:28 | 000,000,446 | ---- | M] () -- C:\WINDOWS\is-B0L9L.lst
[2012/08/28 18:38:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-H0yIjGVn7YrJysr
[2012/08/28 18:24:00 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/17 08:20:45 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/08/17 08:20:45 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/08/17 08:20:45 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/03 07:10:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/29 18:58:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2012/08/28 22:28:20 | 001,367,552 | ---- | C] () -- C:\Documents and Settings\rosa\Desktop\RogueKiller.exe
[2012/08/28 21:11:30 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/08/28 18:58:28 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-B0L9L.exe
[2012/08/28 18:58:28 | 000,010,550 | ---- | C] () -- C:\WINDOWS\is-B0L9L.msg
[2012/08/28 18:58:28 | 000,000,446 | ---- | C] () -- C:\WINDOWS\is-B0L9L.lst
[2012/08/28 18:56:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 03:23:55 | 000,294,018 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2012/06/19 01:45:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-H0yIjGVn7YrJysr
[2012/06/19 01:45:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-H0yIjGVn7YrJys
[2012/06/19 01:45:07 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\H0yIjGVn7YrJys
[2012/01/09 23:06:13 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/12/29 23:30:39 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/29 23:27:32 | 000,091,072 | ---- | C] () -- C:\WINDOWS\System32\RoseCo2.dll
[2010/01/22 16:20:30 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\rosa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello jokernrose and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Iasex.dll -- (Ias)
    O33 - MountPoints2\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\Shell - "" = AutoRun
    O33 - MountPoints2\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O36 - AppCertDlls: diskinst - (C:\WINDOWS\system32\cscrhare.dll) - File not found
    [2012/08/28 18:38:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-H0yIjGVn7YrJysr
    [2012/08/28 18:58:28 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-B0L9L.exe
    [2012/08/28 18:58:28 | 000,010,550 | ---- | M] () -- C:\WINDOWS\is-B0L9L.msg
    [2012/08/28 18:58:28 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-B0L9L.exe
    [2012/08/28 18:58:28 | 000,010,550 | ---- | C] () -- C:\WINDOWS\is-B0L9L.msg
    [2012/08/28 18:58:28 | 000,000,446 | ---- | C] () -- C:\WINDOWS\is-B0L9L.lst
    [2012/06/19 01:45:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-H0yIjGVn7YrJysr
    [2012/06/19 01:45:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-H0yIjGVn7YrJys
    [2012/06/19 01:45:07 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\H0yIjGVn7YrJys
    [2012/07/16 03:23:55 | 000,294,018 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply



Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
jokernrose

jokernrose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Thank you for your prompt reply. I ran the OTL then the combofix but I did not get anything from it. I got a warning saying not to run it in compatability mode so not sure what happened with that. Here is my log from the OTL..

========== OTL ==========
Service Ias stopped successfully!
Service Ias deleted successfully!
File C:\WINDOWS\system32\Iasex.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5bb3538-ad8e-11df-b23a-00023fdcb309}\ not found.
File E:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\diskinst deleted successfully.
C:\Documents and Settings\All Users\Application Data\-H0yIjGVn7YrJysr moved successfully.
C:\WINDOWS\is-B0L9L.exe moved successfully.
C:\WINDOWS\is-B0L9L.msg moved successfully.
File C:\WINDOWS\is-B0L9L.exe not found.
File C:\WINDOWS\is-B0L9L.msg not found.
C:\WINDOWS\is-B0L9L.lst moved successfully.
File C:\Documents and Settings\All Users\Application Data\-H0yIjGVn7YrJysr not found.
C:\Documents and Settings\All Users\Application Data\-H0yIjGVn7YrJys moved successfully.
C:\Documents and Settings\All Users\Application Data\H0yIjGVn7YrJys moved successfully.
C:\WINDOWS\system32\shimg.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\rosa\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\rosa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.59.1 log created on 08302012_110339
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Leave Combofix for now. Let's do TDSSKiller scan.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#5
jokernrose

jokernrose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Ok here is the log file from TDSSKiller

16:08:02.0984 2492 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:08:03.0765 2492 ============================================================
16:08:03.0781 2492 Current date / time: 2012/08/30 16:08:03.0765
16:08:03.0781 2492 SystemInfo:
16:08:03.0781 2492
16:08:03.0781 2492 OS Version: 5.1.2600 ServicePack: 2.0
16:08:03.0781 2492 Product type: Workstation
16:08:03.0781 2492 ComputerName: ROLAPTOP
16:08:03.0781 2492 UserName: rosa
16:08:03.0781 2492 Windows directory: C:\WINDOWS
16:08:03.0781 2492 System windows directory: C:\WINDOWS
16:08:03.0781 2492 Processor architecture: Intel x86
16:08:03.0781 2492 Number of processors: 1
16:08:03.0781 2492 Page size: 0x1000
16:08:03.0781 2492 Boot type: Normal boot
16:08:03.0781 2492 ============================================================
16:08:05.0859 2492 BG loaded
16:08:06.0218 2492 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:08:06.0234 2492 ============================================================
16:08:06.0234 2492 \Device\Harddisk0\DR0:
16:08:06.0234 2492 MBR partitions:
16:08:06.0234 2492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
16:08:06.0234 2492 ============================================================
16:08:06.0375 2492 C: <-> \Device\Harddisk0\DR0\Partition1
16:08:06.0375 2492 ============================================================
16:08:06.0375 2492 Initialize success
16:08:06.0375 2492 ============================================================
16:09:19.0937 2828 ============================================================
16:09:19.0937 2828 Scan started
16:09:19.0937 2828 Mode: Manual; SigCheck; TDLFS;
16:09:19.0937 2828 ============================================================
16:09:20.0343 2828 ================ Scan services =============================
16:09:20.0453 2828 Abiosdsk - ok
16:09:20.0484 2828 abp480n5 - ok
16:09:20.0562 2828 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:09:23.0328 2828 ACPI - ok
16:09:23.0453 2828 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:09:23.0703 2828 ACPIEC - ok
16:09:23.0812 2828 [ 5E1A953C6472E7BB644892A4D0DF5E72 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:09:23.0828 2828 AdobeFlashPlayerUpdateSvc - ok
16:09:23.0859 2828 adpu160m - ok
16:09:23.0937 2828 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:09:24.0171 2828 aec - ok
16:09:24.0265 2828 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:09:24.0343 2828 AFD - ok
16:09:24.0359 2828 Aha154x - ok
16:09:24.0390 2828 aic78u2 - ok
16:09:24.0406 2828 aic78xx - ok
16:09:24.0515 2828 [ BA88534A3CEB6161E7432438B9EA4F54 ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
16:09:24.0718 2828 ALCXSENS - ok
16:09:24.0843 2828 [ 5FF6F7E58C798F1474C0BBFFC23CB78D ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:09:25.0046 2828 ALCXWDM - ok
16:09:25.0140 2828 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:09:25.0328 2828 Alerter - ok
16:09:25.0421 2828 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
16:09:25.0546 2828 ALG - ok
16:09:25.0562 2828 AliIde - ok
16:09:25.0593 2828 amsint - ok
16:09:25.0734 2828 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:09:25.0750 2828 Apple Mobile Device - ok
16:09:25.0781 2828 AppMgmt - ok
16:09:25.0859 2828 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:09:26.0078 2828 Arp1394 - ok
16:09:26.0093 2828 asc - ok
16:09:26.0125 2828 asc3350p - ok
16:09:26.0140 2828 asc3550 - ok
16:09:26.0187 2828 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:09:26.0578 2828 AsyncMac - ok
16:09:26.0765 2828 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:09:26.0984 2828 atapi - ok
16:09:26.0984 2828 Atdisk - ok
16:09:27.0046 2828 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:09:27.0281 2828 Atmarpc - ok
16:09:27.0343 2828 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:09:27.0562 2828 AudioSrv - ok
16:09:27.0640 2828 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:09:27.0843 2828 audstub - ok
16:09:27.0937 2828 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:09:28.0656 2828 Beep - ok
16:09:28.0890 2828 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:09:28.0906 2828 Bonjour Service - ok
16:09:28.0968 2828 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
16:09:29.0531 2828 Browser - ok
16:09:29.0593 2828 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:09:29.0796 2828 cbidf2k - ok
16:09:29.0812 2828 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:09:30.0015 2828 CCDECODE - ok
16:09:30.0031 2828 cd20xrnt - ok
16:09:30.0109 2828 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:09:30.0390 2828 Cdaudio - ok
16:09:30.0437 2828 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:09:30.0671 2828 Cdfs - ok
16:09:30.0812 2828 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:09:31.0046 2828 Cdrom - ok
16:09:31.0062 2828 Changer - ok
16:09:31.0125 2828 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:09:31.0328 2828 CiSvc - ok
16:09:31.0406 2828 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:09:31.0609 2828 ClipSrv - ok
16:09:31.0656 2828 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:09:31.0875 2828 CmBatt - ok
16:09:31.0890 2828 CmdIde - ok
16:09:31.0984 2828 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:09:32.0187 2828 Compbatt - ok
16:09:32.0187 2828 COMSysApp - ok
16:09:32.0203 2828 Cpqarray - ok
16:09:32.0312 2828 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:09:32.0500 2828 CryptSvc - ok
16:09:32.0500 2828 dac2w2k - ok
16:09:32.0515 2828 dac960nt - ok
16:09:32.0640 2828 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:09:32.0781 2828 DcomLaunch - ok
16:09:32.0843 2828 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:09:33.0062 2828 Dhcp - ok
16:09:33.0125 2828 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:09:33.0328 2828 Disk - ok
16:09:33.0625 2828 dmadmin - ok
16:09:33.0765 2828 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:09:34.0031 2828 dmboot - ok
16:09:34.0218 2828 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:09:34.0421 2828 dmio - ok
16:09:34.0484 2828 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:09:34.0734 2828 dmload - ok
16:09:34.0796 2828 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
16:09:35.0015 2828 dmserver - ok
16:09:35.0093 2828 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:09:35.0328 2828 DMusic - ok
16:09:35.0406 2828 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:09:35.0625 2828 Dnscache - ok
16:09:35.0656 2828 dpti2o - ok
16:09:35.0796 2828 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:09:35.0953 2828 drmkaud - ok
16:09:36.0109 2828 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:09:36.0328 2828 ERSvc - ok
16:09:36.0406 2828 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe
16:09:36.0484 2828 Eventlog - ok
16:09:36.0531 2828 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll
16:09:36.0562 2828 EventSystem - ok
16:09:36.0640 2828 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:09:36.0843 2828 Fastfat - ok
16:09:36.0890 2828 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:09:37.0140 2828 FastUserSwitchingCompatibility - ok
16:09:37.0203 2828 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:09:37.0421 2828 Fdc - ok
16:09:37.0468 2828 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:09:37.0703 2828 Fips - ok
16:09:37.0843 2828 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:09:38.0062 2828 Flpydisk - ok
16:09:38.0140 2828 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:09:38.0328 2828 FltMgr - ok
16:09:38.0343 2828 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:09:38.0578 2828 Fs_Rec - ok
16:09:38.0593 2828 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:09:38.0875 2828 Ftdisk - ok
16:09:38.0984 2828 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:09:38.0984 2828 GEARAspiWDM - ok
16:09:39.0062 2828 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:09:39.0281 2828 Gpc - ok
16:09:39.0468 2828 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:09:39.0484 2828 gupdate - ok
16:09:39.0515 2828 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:09:39.0531 2828 gupdatem - ok
16:09:39.0609 2828 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:09:39.0609 2828 gusvc - ok
16:09:39.0765 2828 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:09:39.0984 2828 helpsvc - ok
16:09:40.0000 2828 HidServ - ok
16:09:40.0078 2828 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:09:40.0296 2828 HidUsb - ok
16:09:40.0375 2828 [ 54D9E71DD3F6DF476B99543F88650EDF ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
16:09:40.0390 2828 HitmanProScheduler - ok
16:09:40.0406 2828 hpn - ok
16:09:40.0484 2828 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:09:40.0546 2828 HTTP - ok
16:09:40.0609 2828 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:09:40.0812 2828 HTTPFilter - ok
16:09:40.0828 2828 i2omgmt - ok
16:09:40.0859 2828 i2omp - ok
16:09:40.0984 2828 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:09:41.0171 2828 i8042prt - ok
16:09:41.0250 2828 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:09:41.0453 2828 Imapi - ok
16:09:41.0578 2828 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:09:41.0796 2828 ImapiService - ok
16:09:41.0828 2828 ini910u - ok
16:09:41.0953 2828 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:09:42.0156 2828 IntelIde - ok
16:09:42.0265 2828 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:09:42.0500 2828 intelppm - ok
16:09:42.0562 2828 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:09:42.0750 2828 Ip6Fw - ok
16:09:42.0781 2828 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:09:43.0015 2828 IpFilterDriver - ok
16:09:43.0031 2828 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:09:43.0265 2828 IpInIp - ok
16:09:43.0359 2828 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:09:43.0546 2828 IpNat - ok
16:09:43.0750 2828 [ 8F610078437A459948480407F4DB91EA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:09:43.0765 2828 iPod Service - ok
16:09:43.0843 2828 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:09:44.0031 2828 IPSec - ok
16:09:44.0156 2828 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:09:44.0281 2828 IRENUM - ok
16:09:44.0328 2828 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:09:44.0562 2828 isapnp - ok
16:09:44.0718 2828 [ 77AC10DB097DFD0CD3071465B644D0AB ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:09:44.0734 2828 JavaQuickStarterService - ok
16:09:44.0796 2828 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:09:44.0984 2828 Kbdclass - ok
16:09:45.0046 2828 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:09:45.0234 2828 kmixer - ok
16:09:45.0359 2828 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:09:45.0468 2828 KSecDD - ok
16:09:45.0515 2828 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:09:45.0734 2828 lanmanserver - ok
16:09:45.0796 2828 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:09:45.0828 2828 lanmanworkstation - ok
16:09:45.0843 2828 lbrtfdc - ok
16:09:45.0921 2828 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:09:46.0156 2828 LmHosts - ok
16:09:46.0265 2828 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:09:46.0453 2828 Messenger - ok
16:09:46.0546 2828 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:09:46.0765 2828 mnmdd - ok
16:09:46.0906 2828 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:09:47.0093 2828 mnmsrvc - ok
16:09:47.0140 2828 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:09:47.0343 2828 Modem - ok
16:09:47.0453 2828 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:09:47.0640 2828 Mouclass - ok
16:09:47.0765 2828 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:09:48.0000 2828 mouhid - ok
16:09:48.0062 2828 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:09:48.0265 2828 MountMgr - ok
16:09:48.0281 2828 mraid35x - ok
16:09:48.0343 2828 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:09:48.0531 2828 MRxDAV - ok
16:09:48.0656 2828 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:09:48.0906 2828 MRxSmb - ok
16:09:48.0953 2828 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:09:49.0171 2828 MSDTC - ok
16:09:49.0234 2828 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:09:49.0468 2828 Msfs - ok
16:09:49.0484 2828 MSIServer - ok
16:09:49.0546 2828 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:09:49.0734 2828 MSKSSRV - ok
16:09:49.0750 2828 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:09:49.0968 2828 MSPCLOCK - ok
16:09:50.0000 2828 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:09:50.0218 2828 MSPQM - ok
16:09:50.0328 2828 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:09:50.0546 2828 mssmbios - ok
16:09:50.0625 2828 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:09:50.0843 2828 MSTEE - ok
16:09:50.0890 2828 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:09:51.0156 2828 Mup - ok
16:09:51.0203 2828 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:09:51.0390 2828 NABTSFEC - ok
16:09:51.0531 2828 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:09:51.0734 2828 NDIS - ok
16:09:51.0843 2828 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:09:52.0062 2828 NdisIP - ok
16:09:52.0125 2828 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:09:52.0328 2828 NdisTapi - ok
16:09:52.0437 2828 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:09:52.0625 2828 Ndisuio - ok
16:09:52.0703 2828 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:09:52.0921 2828 NdisWan - ok
16:09:53.0000 2828 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:09:53.0234 2828 NDProxy - ok
16:09:53.0312 2828 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:09:53.0500 2828 NetBIOS - ok
16:09:53.0609 2828 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:09:53.0828 2828 NetBT - ok
16:09:53.0875 2828 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
16:09:54.0062 2828 NetDDE - ok
16:09:54.0078 2828 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:09:54.0281 2828 NetDDEdsdm - ok
16:09:54.0406 2828 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:09:54.0609 2828 Netlogon - ok
16:09:54.0703 2828 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
16:09:54.0953 2828 Netman - ok
16:09:55.0015 2828 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:09:55.0218 2828 NIC1394 - ok
16:09:55.0328 2828 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
16:09:55.0390 2828 Nla - ok
16:09:55.0453 2828 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\NPF.sys
16:09:55.0500 2828 NPF - ok
16:09:55.0531 2828 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:09:55.0734 2828 Npfs - ok
16:09:55.0828 2828 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:09:56.0093 2828 Ntfs - ok
16:09:56.0187 2828 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:09:56.0359 2828 NtLmSsp - ok
16:09:56.0421 2828 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:09:56.0671 2828 NtmsSvc - ok
16:09:56.0750 2828 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:09:56.0984 2828 Null - ok
16:09:57.0109 2828 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:09:57.0328 2828 NwlnkFlt - ok
16:09:57.0343 2828 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:09:57.0562 2828 NwlnkFwd - ok
16:09:57.0671 2828 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:09:57.0859 2828 ohci1394 - ok
16:09:57.0984 2828 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:09:58.0187 2828 Parport - ok
16:09:58.0281 2828 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:09:58.0484 2828 PartMgr - ok
16:09:58.0593 2828 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:09:58.0796 2828 ParVdm - ok
16:09:58.0843 2828 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:09:59.0046 2828 PCI - ok
16:09:59.0062 2828 PCIDump - ok
16:09:59.0093 2828 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:09:59.0343 2828 PCIIde - ok
16:09:59.0468 2828 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:09:59.0640 2828 Pcmcia - ok
16:09:59.0656 2828 PDCOMP - ok
16:09:59.0671 2828 PDFRAME - ok
16:09:59.0703 2828 PDRELI - ok
16:09:59.0734 2828 PDRFRAME - ok
16:09:59.0765 2828 perc2 - ok
16:09:59.0796 2828 perc2hib - ok
16:09:59.0968 2828 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe
16:10:00.0062 2828 PlugPlay - ok
16:10:00.0078 2828 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:10:00.0281 2828 PolicyAgent - ok
16:10:00.0375 2828 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:10:00.0562 2828 PptpMiniport - ok
16:10:00.0593 2828 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:10:00.0781 2828 ProtectedStorage - ok
16:10:00.0812 2828 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:10:01.0031 2828 PSched - ok
16:10:01.0062 2828 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:10:01.0265 2828 Ptilink - ok
16:10:01.0281 2828 ql1080 - ok
16:10:01.0312 2828 Ql10wnt - ok
16:10:01.0343 2828 ql12160 - ok
16:10:01.0375 2828 ql1240 - ok
16:10:01.0406 2828 ql1280 - ok
16:10:01.0468 2828 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:10:01.0656 2828 RasAcd - ok
16:10:01.0828 2828 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:10:02.0031 2828 RasAuto - ok
16:10:02.0062 2828 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:10:02.0250 2828 Rasl2tp - ok
16:10:02.0359 2828 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:10:02.0562 2828 RasMan - ok
16:10:02.0656 2828 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:10:02.0859 2828 RasPppoe - ok
16:10:02.0875 2828 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:10:03.0125 2828 Raspti - ok
16:10:03.0171 2828 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:10:03.0359 2828 Rdbss - ok
16:10:03.0453 2828 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:10:03.0640 2828 RDPCDD - ok
16:10:03.0828 2828 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:10:04.0062 2828 RDPWD - ok
16:10:04.0187 2828 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:10:04.0406 2828 RDSessMgr - ok
16:10:04.0453 2828 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:10:04.0656 2828 redbook - ok
16:10:04.0843 2828 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:10:05.0015 2828 RemoteAccess - ok
16:10:05.0062 2828 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
16:10:05.0234 2828 RpcLocator - ok
16:10:05.0359 2828 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:10:05.0515 2828 RpcSs - ok
16:10:05.0593 2828 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:10:05.0781 2828 RSVP - ok
16:10:05.0875 2828 [ 19A0B57164830DF3C699E3CC93F68E37 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
16:10:06.0000 2828 rt2870 - ok
16:10:06.0093 2828 [ 162E0922EA31AAD7FCA6AB3C866255E9 ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys
16:10:06.0171 2828 RT80x86 ( UnsignedFile.Multi.Generic ) - warning
16:10:06.0171 2828 RT80x86 - detected UnsignedFile.Multi.Generic (1)
16:10:06.0234 2828 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:10:06.0437 2828 rtl8139 - ok
16:10:06.0531 2828 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
16:10:06.0718 2828 SamSs - ok
16:10:06.0812 2828 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:10:07.0000 2828 SCardSvr - ok
16:10:07.0156 2828 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:10:07.0375 2828 Schedule - ok
16:10:07.0468 2828 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:10:07.0578 2828 Secdrv - ok
16:10:07.0640 2828 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
16:10:07.0843 2828 seclogon - ok
16:10:07.0875 2828 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
16:10:08.0078 2828 SENS - ok
16:10:08.0140 2828 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:10:08.0359 2828 Serial - ok
16:10:08.0421 2828 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:10:08.0625 2828 Sfloppy - ok
16:10:08.0750 2828 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:10:08.0921 2828 ShellHWDetection - ok
16:10:08.0937 2828 Simbad - ok
16:10:09.0046 2828 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:10:09.0234 2828 SLIP - ok
16:10:09.0265 2828 Sparrow - ok
16:10:09.0359 2828 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:10:09.0562 2828 splitter - ok
16:10:09.0625 2828 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:10:09.0828 2828 Spooler - ok
16:10:09.0875 2828 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:10:09.0984 2828 sr - ok
16:10:10.0015 2828 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
16:10:10.0109 2828 srservice - ok
16:10:10.0187 2828 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:10:10.0296 2828 Srv - ok
16:10:10.0375 2828 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:10:10.0484 2828 SSDPSRV - ok
16:10:10.0562 2828 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:10:10.0796 2828 stisvc - ok
16:10:10.0843 2828 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:10:11.0031 2828 streamip - ok
16:10:11.0109 2828 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:10:11.0296 2828 swenum - ok
16:10:11.0421 2828 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:10:11.0609 2828 swmidi - ok
16:10:11.0640 2828 SwPrv - ok
16:10:11.0671 2828 symc810 - ok
16:10:11.0687 2828 symc8xx - ok
16:10:11.0718 2828 sym_hi - ok
16:10:11.0750 2828 sym_u3 - ok
16:10:11.0796 2828 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:10:12.0000 2828 sysaudio - ok
16:10:12.0140 2828 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:10:12.0312 2828 SysmonLog - ok
16:10:12.0453 2828 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:10:12.0640 2828 TapiSrv - ok
16:10:12.0734 2828 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:10:12.0890 2828 Tcpip - ok
16:10:12.0953 2828 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:10:13.0156 2828 TDPIPE - ok
16:10:13.0187 2828 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:10:13.0375 2828 TDTCP - ok
16:10:13.0406 2828 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:10:13.0578 2828 TermDD - ok
16:10:13.0765 2828 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
16:10:14.0000 2828 TermService - ok
16:10:14.0109 2828 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:10:14.0281 2828 Themes - ok
16:10:14.0312 2828 TosIde - ok
16:10:14.0406 2828 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:10:14.0578 2828 TrkWks - ok
16:10:14.0750 2828 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:10:14.0968 2828 Udfs - ok
16:10:14.0984 2828 ultra - ok
16:10:15.0093 2828 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:10:15.0312 2828 Update - ok
16:10:15.0437 2828 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
16:10:15.0578 2828 upnphost - ok
16:10:15.0593 2828 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
16:10:15.0796 2828 UPS - ok
16:10:15.0859 2828 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:10:16.0031 2828 usbaudio - ok
16:10:16.0093 2828 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:10:16.0281 2828 usbccgp - ok
16:10:16.0390 2828 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:10:16.0578 2828 usbehci - ok
16:10:16.0718 2828 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:10:16.0921 2828 usbhub - ok
16:10:17.0015 2828 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:10:17.0203 2828 usbscan - ok
16:10:17.0296 2828 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:10:17.0484 2828 USBSTOR - ok
16:10:17.0593 2828 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:10:17.0765 2828 usbuhci - ok
16:10:17.0828 2828 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
16:10:18.0000 2828 usbvideo - ok
16:10:18.0125 2828 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:10:18.0296 2828 VgaSave - ok
16:10:18.0328 2828 ViaIde - ok
16:10:18.0406 2828 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:10:18.0578 2828 VolSnap - ok
16:10:18.0718 2828 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
16:10:18.0906 2828 VSS - ok
16:10:18.0968 2828 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
16:10:19.0140 2828 W32Time - ok
16:10:19.0171 2828 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:10:19.0359 2828 Wanarp - ok
16:10:19.0375 2828 WDICA - ok
16:10:19.0484 2828 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:10:19.0718 2828 wdmaud - ok
16:10:19.0765 2828 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:10:19.0968 2828 WebClient - ok
16:10:20.0140 2828 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:10:20.0343 2828 winmgmt - ok
16:10:20.0500 2828 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:10:20.0609 2828 WmdmPmSN - ok
16:10:20.0812 2828 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:10:20.0984 2828 WmiApSrv - ok
16:10:21.0171 2828 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:10:21.0234 2828 WMPNetworkSvc - ok
16:10:21.0343 2828 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:10:21.0531 2828 WS2IFSL - ok
16:10:21.0578 2828 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:10:21.0796 2828 wscsvc - ok
16:10:21.0843 2828 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:10:22.0031 2828 WSTCODEC - ok
16:10:22.0093 2828 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:10:22.0296 2828 wuauserv - ok
16:10:22.0390 2828 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:10:22.0468 2828 WudfPf - ok
16:10:22.0484 2828 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:10:22.0546 2828 WudfRd - ok
16:10:22.0578 2828 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:10:22.0609 2828 WudfSvc - ok
16:10:22.0687 2828 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:10:22.0921 2828 WZCSVC - ok
16:10:22.0968 2828 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:10:23.0140 2828 xmlprov - ok
16:10:23.0250 2828 ================ Scan global ===============================
16:10:23.0312 2828 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
16:10:23.0328 2828 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
16:10:23.0359 2828 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
16:10:23.0406 2828 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
16:10:23.0406 2828 [Global] - ok
16:10:23.0406 2828 ================ Scan MBR ==================================
16:10:23.0437 2828 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:10:23.0781 2828 \Device\Harddisk0\DR0 - ok
16:10:23.0796 2828 ================ Scan VBR ==================================
16:10:23.0812 2828 [ 86083E93EC1DF5B1074F527E8FA9BE41 ] \Device\Harddisk0\DR0\Partition1
16:10:23.0812 2828 \Device\Harddisk0\DR0\Partition1 - ok
16:10:23.0828 2828 ================ Scan active images ========================
16:10:23.0843 2828 [ 279FB78702454DFF2BB445F238C048D2 ] C:\WINDOWS\system32\drivers\intelppm.sys
16:10:23.0843 2828 C:\WINDOWS\system32\drivers\intelppm.sys - ok
16:10:23.0875 2828 [ 2034CA78F9C6E787B4B76D81AC888351 ] C:\WINDOWS\system32\drivers\usbport.sys
16:10:23.0875 2828 C:\WINDOWS\system32\drivers\usbport.sys - ok
16:10:23.0906 2828 [ F8FD1400092E23C8F2F31406EF06167B ] C:\WINDOWS\system32\drivers\usbuhci.sys
16:10:23.0906 2828 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
16:10:23.0937 2828 [ 15E993BA2F6946B2BFBBFCD30398621E ] C:\WINDOWS\system32\drivers\usbehci.sys
16:10:23.0937 2828 C:\WINDOWS\system32\drivers\usbehci.sys - ok
16:10:23.0953 2828 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] C:\WINDOWS\system32\drivers\nic1394.sys
16:10:23.0953 2828 C:\WINDOWS\system32\drivers\nic1394.sys - ok
16:10:23.0984 2828 [ D507C1400284176573224903819FFDA3 ] C:\WINDOWS\system32\drivers\RTL8139.sys
16:10:23.0984 2828 C:\WINDOWS\system32\drivers\RTL8139.sys - ok
16:10:24.0031 2828 [ 4266BE808F85826AEDF3C64C1E240203 ] C:\WINDOWS\system32\drivers\CmBatt.sys
16:10:24.0031 2828 C:\WINDOWS\system32\drivers\CmBatt.sys - ok
16:10:24.0046 2828 [ 5502B58EEF7486EE6F93F3F164DCB808 ] C:\WINDOWS\system32\drivers\i8042prt.sys
16:10:24.0046 2828 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
16:10:24.0078 2828 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] C:\WINDOWS\system32\drivers\kbdclass.sys
16:10:24.0078 2828 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
16:10:24.0109 2828 [ AF9C19B3100FE010496B1A27181FBF72 ] C:\WINDOWS\system32\drivers\cdrom.sys
16:10:24.0109 2828 C:\WINDOWS\system32\drivers\cdrom.sys - ok
16:10:24.0140 2828 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] C:\WINDOWS\system32\drivers\imapi.sys
16:10:24.0140 2828 C:\WINDOWS\system32\drivers\imapi.sys - ok
16:10:24.0171 2828 [ B9540E258F952650DE8DEC68719A5C97 ] C:\WINDOWS\system32\drivers\ks.sys
16:10:24.0171 2828 C:\WINDOWS\system32\drivers\ks.sys - ok
16:10:24.0187 2828 [ 34E1F0031153E491910E12551400192C ] C:\WINDOWS\system32\drivers\mouclass.sys
16:10:24.0187 2828 C:\WINDOWS\system32\drivers\mouclass.sys - ok
16:10:24.0218 2828 [ FF86422268DE771D571E123EB7092C6A ] C:\WINDOWS\system32\drivers\drmk.sys
16:10:24.0218 2828 C:\WINDOWS\system32\drivers\drmk.sys - ok
16:10:24.0250 2828 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
16:10:24.0250 2828 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
16:10:24.0265 2828 [ B31B4588E4086D8D84ADBF9845C2402B ] C:\WINDOWS\system32\drivers\redbook.sys
16:10:24.0265 2828 C:\WINDOWS\system32\drivers\redbook.sys - ok
16:10:24.0296 2828 [ BA88534A3CEB6161E7432438B9EA4F54 ] C:\WINDOWS\system32\drivers\ALCXSENS.SYS
16:10:24.0296 2828 C:\WINDOWS\system32\drivers\ALCXSENS.SYS - ok
16:10:24.0328 2828 [ 5FF6F7E58C798F1474C0BBFFC23CB78D ] C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:10:24.0328 2828 C:\WINDOWS\system32\drivers\ALCXWDM.SYS - ok
16:10:24.0359 2828 [ 5B0F00E43A7094C0B7E433CB42C79164 ] C:\WINDOWS\system32\drivers\portcls.sys
16:10:24.0359 2828 C:\WINDOWS\system32\drivers\portcls.sys - ok
16:10:24.0375 2828 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
16:10:24.0375 2828 C:\WINDOWS\system32\drivers\audstub.sys - ok
16:10:24.0406 2828 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] C:\WINDOWS\system32\drivers\ndistapi.sys
16:10:24.0406 2828 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
16:10:24.0437 2828 [ 0B90E255A9490166AB368CD55A529893 ] C:\WINDOWS\system32\drivers\ndiswan.sys
16:10:24.0437 2828 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
16:10:24.0468 2828 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] C:\WINDOWS\system32\drivers\rasl2tp.sys
16:10:24.0468 2828 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
16:10:24.0500 2828 [ 7306EEED8895454CBED4669BE9F79FAA ] C:\WINDOWS\system32\drivers\raspppoe.sys
16:10:24.0500 2828 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
16:10:24.0515 2828 [ C0F1D4A21DE5A415DF8170616703DEBF ] C:\WINDOWS\system32\drivers\msgpc.sys
16:10:24.0515 2828 C:\WINDOWS\system32\drivers\msgpc.sys - ok
16:10:24.0546 2828 [ 48671F327553DCF1D27F6197F622A668 ] C:\WINDOWS\system32\drivers\psched.sys
16:10:24.0546 2828 C:\WINDOWS\system32\drivers\psched.sys - ok
16:10:24.0562 2828 [ 1C5CC65AAC0783C344F16353E60B72AC ] C:\WINDOWS\system32\drivers\raspptp.sys
16:10:24.0562 2828 C:\WINDOWS\system32\drivers\raspptp.sys - ok
16:10:24.0593 2828 [ 6891B74AB9A016064E82A419388D0601 ] C:\WINDOWS\system32\drivers\tdi.sys
16:10:24.0593 2828 C:\WINDOWS\system32\drivers\tdi.sys - ok
16:10:24.0625 2828 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
16:10:24.0625 2828 C:\WINDOWS\system32\drivers\ptilink.sys - ok
16:10:24.0656 2828 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
16:10:24.0656 2828 C:\WINDOWS\system32\drivers\raspti.sys - ok
16:10:24.0687 2828 [ A540A99C281D933F3D69D55E48727F47 ] C:\WINDOWS\system32\drivers\termdd.sys
16:10:24.0687 2828 C:\WINDOWS\system32\drivers\termdd.sys - ok
16:10:24.0718 2828 [ 03C1BAE4766E2450219D20B993D6E046 ] C:\WINDOWS\system32\drivers\swenum.sys
16:10:24.0718 2828 C:\WINDOWS\system32\drivers\swenum.sys - ok
16:10:24.0750 2828 [ 469541F8BFD2B32659D5D463A6714BCE ] C:\WINDOWS\system32\drivers\mssmbios.sys
16:10:24.0750 2828 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
16:10:24.0765 2828 [ AFF2E5045961BBC0A602BB6F95EB1345 ] C:\WINDOWS\system32\drivers\update.sys
16:10:24.0765 2828 C:\WINDOWS\system32\drivers\update.sys - ok
16:10:24.0796 2828 [ 59FC3FB44D2669BC144FD87826BB571F ] C:\WINDOWS\system32\drivers\ndproxy.sys
16:10:24.0796 2828 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
16:10:24.0828 2828 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
16:10:24.0828 2828 C:\WINDOWS\system32\drivers\usbd.sys - ok
16:10:24.0843 2828 [ C72F40947F92CEA56A8FB532EDF025F1 ] C:\WINDOWS\system32\drivers\usbhub.sys
16:10:24.0859 2828 C:\WINDOWS\system32\drivers\usbhub.sys - ok
16:10:24.0875 2828 [ CED2E8396A8838E59D8FD529C680E02C ] C:\WINDOWS\system32\drivers\fdc.sys
16:10:24.0875 2828 C:\WINDOWS\system32\drivers\fdc.sys - ok
16:10:24.0906 2828 [ 0DD1DE43115B93F4D85E889D7A86F548 ] C:\WINDOWS\system32\drivers\flpydisk.sys
16:10:24.0906 2828 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
16:10:24.0937 2828 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] C:\WINDOWS\system32\drivers\sfloppy.sys
16:10:24.0937 2828 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
16:10:24.0968 2828 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
16:10:24.0968 2828 C:\WINDOWS\system32\drivers\beep.sys - ok
16:10:25.0000 2828 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
16:10:25.0000 2828 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
16:10:25.0015 2828 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
16:10:25.0015 2828 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
16:10:25.0046 2828 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
16:10:25.0046 2828 C:\WINDOWS\system32\drivers\null.sys - ok
16:10:25.0062 2828 [ D5A9D123F5ED7C9965A481BD20CF66D8 ] C:\WINDOWS\system32\drivers\videoprt.sys
16:10:25.0062 2828 C:\WINDOWS\system32\drivers\videoprt.sys - ok
16:10:25.0093 2828 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
16:10:25.0093 2828 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
16:10:25.0125 2828 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] C:\WINDOWS\system32\drivers\vga.sys
16:10:25.0125 2828 C:\WINDOWS\system32\drivers\vga.sys - ok
16:10:25.0156 2828 [ 561B3A4333CA2DBDBA28B5B956822519 ] C:\WINDOWS\system32\drivers\msfs.sys
16:10:25.0156 2828 C:\WINDOWS\system32\drivers\msfs.sys - ok
16:10:25.0187 2828 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
16:10:25.0187 2828 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
16:10:25.0218 2828 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] C:\WINDOWS\system32\drivers\npfs.sys
16:10:25.0218 2828 C:\WINDOWS\system32\drivers\npfs.sys - ok
16:10:25.0250 2828 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
16:10:25.0250 2828 C:\WINDOWS\system32\drivers\rasacd.sys - ok
16:10:25.0265 2828 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] C:\WINDOWS\system32\drivers\ipsec.sys
16:10:25.0265 2828 C:\WINDOWS\system32\drivers\ipsec.sys - ok
16:10:25.0281 2828 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] C:\WINDOWS\system32\drivers\tcpip.sys
16:10:25.0281 2828 C:\WINDOWS\system32\drivers\tcpip.sys - ok
16:10:25.0312 2828 [ 0C80E410CD2F47134407EE7DD19CC86B ] C:\WINDOWS\system32\drivers\netbt.sys
16:10:25.0312 2828 C:\WINDOWS\system32\drivers\netbt.sys - ok
16:10:25.0343 2828 [ 984EF0B9788ABF89974CFED4BFBAACBC ] C:\WINDOWS\system32\drivers\wanarp.sys
16:10:25.0343 2828 C:\WINDOWS\system32\drivers\wanarp.sys - ok
16:10:25.0375 2828 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] C:\WINDOWS\system32\drivers\arp1394.sys
16:10:25.0375 2828 C:\WINDOWS\system32\drivers\arp1394.sys - ok
16:10:25.0406 2828 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
16:10:25.0406 2828 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
16:10:25.0437 2828 [ 55E6E1C51B6D30E54335750955453702 ] C:\WINDOWS\system32\drivers\afd.sys
16:10:25.0437 2828 C:\WINDOWS\system32\drivers\afd.sys - ok
16:10:25.0453 2828 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] C:\WINDOWS\system32\drivers\netbios.sys
16:10:25.0453 2828 C:\WINDOWS\system32\drivers\netbios.sys - ok
16:10:25.0484 2828 [ 29D66245ADBA878FFF574CD66ABD2884 ] C:\WINDOWS\system32\drivers\rdbss.sys
16:10:25.0484 2828 C:\WINDOWS\system32\drivers\rdbss.sys - ok
16:10:25.0515 2828 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
16:10:25.0515 2828 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
16:10:25.0531 2828 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] C:\WINDOWS\system32\drivers\fips.sys
16:10:25.0531 2828 C:\WINDOWS\system32\drivers\fips.sys - ok
16:10:25.0562 2828 [ BD7FB0957C716F1A60333AEE04DE2178 ] C:\WINDOWS\system32\smss.exe
16:10:25.0562 2828 C:\WINDOWS\system32\smss.exe - ok
16:10:25.0593 2828 [ C06986B55981B355090DD34DE809E4BB ] C:\WINDOWS\system32\ntdll.dll
16:10:25.0593 2828 C:\WINDOWS\system32\ntdll.dll - ok
16:10:25.0625 2828 [ B3415B9D6026F65E43089ABED096C38C ] C:\WINDOWS\system32\autochk.exe
16:10:25.0625 2828 C:\WINDOWS\system32\autochk.exe - ok
16:10:25.0640 2828 [ 30A609E00BD1D4FFC49D6B5A432BE7F2 ] C:\WINDOWS\system32\sfcfiles.dll
16:10:25.0640 2828 C:\WINDOWS\system32\sfcfiles.dll - ok
16:10:25.0671 2828 [ CD7D5152DF32B47F4E36F710B35AAE02 ] C:\WINDOWS\system32\drivers\cdfs.sys
16:10:25.0671 2828 C:\WINDOWS\system32\drivers\cdfs.sys - ok
16:10:25.0703 2828 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] C:\WINDOWS\system32\drivers\atapi.sys
16:10:25.0703 2828 C:\WINDOWS\system32\drivers\atapi.sys - ok
16:10:25.0734 2828 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
16:10:25.0734 2828 C:\WINDOWS\system32\drivers\wmilib.sys - ok
16:10:25.0765 2828 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
16:10:25.0765 2828 C:\WINDOWS\system32\drivers\dxapi.sys - ok
16:10:25.0781 2828 [ C9BF2F12C4E6C12F8A85FBA4B6BC6208 ] C:\WINDOWS\system32\watchdog.sys
16:10:25.0781 2828 C:\WINDOWS\system32\watchdog.sys - ok
16:10:25.0812 2828 [ 7190A8EBD16D56C78864E49C9BB5FE7D ] C:\WINDOWS\system32\win32k.sys
16:10:25.0812 2828 C:\WINDOWS\system32\win32k.sys - ok
16:10:25.0843 2828 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
16:10:25.0843 2828 C:\WINDOWS\system32\basesrv.dll - ok
16:10:25.0859 2828 [ EFD2862F003538B9A5B4C015F8FDB1B3 ] C:\WINDOWS\system32\csrsrv.dll
16:10:25.0859 2828 C:\WINDOWS\system32\csrsrv.dll - ok
16:10:25.0890 2828 [ F12B178B1678D778CFD3FF1FC38C71FB ] C:\WINDOWS\system32\csrss.exe
16:10:25.0890 2828 C:\WINDOWS\system32\csrss.exe - ok
16:10:25.0921 2828 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
16:10:25.0921 2828 C:\WINDOWS\system32\winsrv.dll - ok
16:10:25.0953 2828 [ C72661F8552ACE7C5C85E16A3CF505C4 ] C:\WINDOWS\system32\user32.dll
16:10:25.0953 2828 C:\WINDOWS\system32\user32.dll - ok
16:10:25.0984 2828 [ B6ACAED7588295129791E0E6A2B0FADE ] C:\WINDOWS\system32\kernel32.dll
16:10:25.0984 2828 C:\WINDOWS\system32\kernel32.dll - ok
16:10:26.0015 2828 [ 0C07B16769E579F78C541773D0A2E7E0 ] C:\WINDOWS\system32\gdi32.dll
16:10:26.0015 2828 C:\WINDOWS\system32\gdi32.dll - ok
16:10:26.0031 2828 [ D3DAC8432110AAD0B02A58B4459AB835 ] C:\WINDOWS\system32\drivers\dxg.sys
16:10:26.0031 2828 C:\WINDOWS\system32\drivers\dxg.sys - ok
16:10:26.0046 2828 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
16:10:26.0046 2828 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
16:10:26.0078 2828 [ D3C80B28E4F74E0BDD888A8798B29268 ] C:\WINDOWS\system32\framebuf.dll
16:10:26.0078 2828 C:\WINDOWS\system32\framebuf.dll - ok
16:10:26.0109 2828 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
16:10:26.0109 2828 C:\WINDOWS\system32\vga.dll - ok
16:10:26.0140 2828 [ 1FB5E4AD68B9091148D2A28CF6831D77 ] C:\WINDOWS\system32\vga256.dll
16:10:26.0140 2828 C:\WINDOWS\system32\vga256.dll - ok
16:10:26.0171 2828 [ D5A9D4E5DFD788A5F427DEC60A278FBD ] C:\WINDOWS\system32\vga64k.dll
16:10:26.0171 2828 C:\WINDOWS\system32\vga64k.dll - ok
16:10:26.0203 2828 [ 01C3346C241652F43AED8E2149881BFE ] C:\WINDOWS\system32\winlogon.exe
16:10:26.0203 2828 C:\WINDOWS\system32\winlogon.exe - ok
16:10:26.0234 2828 [ 1081C185AED0660B2B5F173C3E023B23 ] C:\WINDOWS\system32\advapi32.dll
16:10:26.0234 2828 C:\WINDOWS\system32\advapi32.dll - ok
16:10:26.0250 2828 [ 461B6E2F04112E659280314B7A414F30 ] C:\WINDOWS\system32\rpcrt4.dll
16:10:26.0250 2828 C:\WINDOWS\system32\rpcrt4.dll - ok
16:10:26.0265 2828 [ 174F3D2CA3C9E53643772A67C36BE5AF ] C:\WINDOWS\system32\secur32.dll
16:10:26.0265 2828 C:\WINDOWS\system32\secur32.dll - ok
16:10:26.0296 2828 [ A3930A43856BD52772BA475648D6DB5B ] C:\WINDOWS\system32\authz.dll
16:10:26.0296 2828 C:\WINDOWS\system32\authz.dll - ok
16:10:26.0328 2828 [ B0FEFA816D61EC66AA765DDF534EAB5E ] C:\WINDOWS\system32\msvcrt.dll
16:10:26.0328 2828 C:\WINDOWS\system32\msvcrt.dll - ok
16:10:26.0359 2828 [ EFC958396A7A7EF7E6D4A52B97512E18 ] C:\WINDOWS\system32\crypt32.dll
16:10:26.0359 2828 C:\WINDOWS\system32\crypt32.dll - ok
16:10:26.0390 2828 [ DDE959EFC7CD79D1AC4BDA320A959DC0 ] C:\WINDOWS\system32\msasn1.dll
16:10:26.0390 2828 C:\WINDOWS\system32\msasn1.dll - ok
16:10:26.0421 2828 [ 458AB591E8CF240CC105A23671F2C3D6 ] C:\WINDOWS\system32\nddeapi.dll
16:10:26.0421 2828 C:\WINDOWS\system32\nddeapi.dll - ok
16:10:26.0437 2828 [ 0A457307006530FD03A797F572A067FA ] C:\WINDOWS\system32\netapi32.dll
16:10:26.0437 2828 C:\WINDOWS\system32\netapi32.dll - ok
16:10:26.0468 2828 [ FE4F71711CF5C17ADE5E506348132D24 ] C:\WINDOWS\system32\profmap.dll
16:10:26.0468 2828 C:\WINDOWS\system32\profmap.dll - ok
16:10:26.0500 2828 [ 2B9B56A89A8A42E917511972A6DB36E3 ] C:\WINDOWS\system32\userenv.dll
16:10:26.0500 2828 C:\WINDOWS\system32\userenv.dll - ok
16:10:26.0515 2828 [ 96E48C7EB9089D1DBF6F85CA11B264DF ] C:\WINDOWS\system32\psapi.dll
16:10:26.0515 2828 C:\WINDOWS\system32\psapi.dll - ok
16:10:26.0546 2828 [ 899ED710FDC37EB7D0115C2932C2B1EB ] C:\WINDOWS\system32\regapi.dll
16:10:26.0546 2828 C:\WINDOWS\system32\regapi.dll - ok
16:10:26.0578 2828 [ 7808313CBC634EE08346D5DDFEF1CC5F ] C:\WINDOWS\system32\setupapi.dll
16:10:26.0578 2828 C:\WINDOWS\system32\setupapi.dll - ok
16:10:26.0609 2828 [ D38408967BE738D0C1B47005BCE8CEEB ] C:\WINDOWS\system32\version.dll
16:10:26.0609 2828 C:\WINDOWS\system32\version.dll - ok
16:10:26.0625 2828 [ 7BC4BA4C33ADF3EF5CD370D99BC60B04 ] C:\WINDOWS\system32\winsta.dll
16:10:26.0625 2828 C:\WINDOWS\system32\winsta.dll - ok
16:10:26.0656 2828 [ 5AFCE94E8286B2F57A04DA37F01BF21A ] C:\WINDOWS\system32\imagehlp.dll
16:10:26.0656 2828 C:\WINDOWS\system32\imagehlp.dll - ok
16:10:26.0687 2828 [ 1955BD9737BE6F4B72AD7A4859B4E300 ] C:\WINDOWS\system32\wintrust.dll
16:10:26.0687 2828 C:\WINDOWS\system32\wintrust.dll - ok
16:10:26.0718 2828 [ 87CA7CE6469577F059297B9D6556D66D ] C:\WINDOWS\system32\imm32.dll
16:10:26.0718 2828 C:\WINDOWS\system32\imm32.dll - ok
16:10:26.0750 2828 [ 9BEACB911CA61E5881102188AB7FB431 ] C:\WINDOWS\system32\ws2help.dll
16:10:26.0750 2828 C:\WINDOWS\system32\ws2help.dll - ok
16:10:26.0765 2828 [ 2ED0B7F12A60F90092081C50FA0EC2B2 ] C:\WINDOWS\system32\ws2_32.dll
16:10:26.0765 2828 C:\WINDOWS\system32\ws2_32.dll - ok
16:10:26.0796 2828 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
16:10:26.0796 2828 C:\WINDOWS\system32\kbdus.dll - ok
16:10:26.0828 2828 [ A29AF639AA180CC68C59242A10E1D3B1 ] C:\WINDOWS\system32\msgina.dll
16:10:26.0828 2828 C:\WINDOWS\system32\msgina.dll - ok
16:10:26.0843 2828 [ 56B6333DDA2576803F99F0EA373D0A7B ] C:\WINDOWS\system32\shell32.dll
16:10:26.0843 2828 C:\WINDOWS\system32\shell32.dll - ok
16:10:26.0875 2828 [ 7C972C7F0E3CE48503E1E9FBE9890009 ] C:\WINDOWS\system32\shlwapi.dll
16:10:26.0875 2828 C:\WINDOWS\system32\shlwapi.dll - ok
16:10:26.0906 2828 [ A77DFB85FAEE49D66C74DA6024EBC69B ] C:\WINDOWS\system32\comctl32.dll
16:10:26.0906 2828 C:\WINDOWS\system32\comctl32.dll - ok
16:10:26.0937 2828 [ F79D7D98CD764499ECCBAAF3F800D349 ] C:\WINDOWS\system32\odbc32.dll
16:10:26.0937 2828 C:\WINDOWS\system32\odbc32.dll - ok
16:10:26.0968 2828 [ 1EDB1BB89D021955E6F7265911175B8D ] C:\WINDOWS\system32\comdlg32.dll
16:10:26.0968 2828 C:\WINDOWS\system32\comdlg32.dll - ok
16:10:27.0000 2828 [ BCDF5F4BAE714231ECC916A1EF724627 ] C:\WINDOWS\system32\sxs.dll
16:10:27.0000 2828 C:\WINDOWS\system32\sxs.dll - ok
16:10:27.0015 2828 [ 5AF68A5E44734A082442668E9C787743 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
16:10:27.0015 2828 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll - ok
16:10:27.0031 2828 [ C237FB08F52F27823C4E4E6705ECD196 ] C:\WINDOWS\system32\odbcint.dll
16:10:27.0031 2828 C:\WINDOWS\system32\odbcint.dll - ok
16:10:27.0062 2828 [ 4FE9D9FA62D020E35E0AC6D1AEEB96F0 ] C:\WINDOWS\system32\ole32.dll
16:10:27.0062 2828 C:\WINDOWS\system32\ole32.dll - ok
16:10:27.0093 2828 [ E8A12A12EA9088B4327D49EDCA3ADD3E ] C:\WINDOWS\system32\sfc.dll
16:10:27.0093 2828 C:\WINDOWS\system32\sfc.dll - ok
16:10:27.0125 2828 [ 9858CC4D73A4CCF2F852FAE07C11A0B5 ] C:\WINDOWS\system32\sfc_os.dll
16:10:27.0125 2828 C:\WINDOWS\system32\sfc_os.dll - ok
16:10:27.0156 2828 [ E7518DC542D3EBDCB80EDD98462C7821 ] C:\WINDOWS\system32\shsvcs.dll
16:10:27.0156 2828 C:\WINDOWS\system32\shsvcs.dll - ok
16:10:27.0187 2828 [ ECA24AB73FCFFA754D4070CDB03529E3 ] C:\WINDOWS\system32\apphelp.dll
16:10:27.0187 2828 C:\WINDOWS\system32\apphelp.dll - ok
16:10:27.0218 2828 [ 84885F9B82F4D55C6146EBF6065D75D2 ] C:\WINDOWS\system32\lsass.exe
16:10:27.0218 2828 C:\WINDOWS\system32\lsass.exe - ok
16:10:27.0234 2828 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
16:10:27.0234 2828 C:\WINDOWS\system32\services.exe - ok
16:10:27.0265 2828 [ 39F3B6CC2932E103D72C4564F8A680AC ] C:\WINDOWS\system32\lsasrv.dll
16:10:27.0265 2828 C:\WINDOWS\system32\lsasrv.dll - ok
16:10:27.0281 2828 [ DA201A0A309B96381FD674D0FAB5DA86 ] C:\WINDOWS\system32\ncobjapi.dll
16:10:27.0281 2828 C:\WINDOWS\system32\ncobjapi.dll - ok
16:10:27.0312 2828 [ 1F57EB5B92B2AC7F9D71A77D184D8C13 ] C:\WINDOWS\system32\msvcp60.dll
16:10:27.0312 2828 C:\WINDOWS\system32\msvcp60.dll - ok
16:10:27.0343 2828 [ 9A42C1F3154545A4D32E5043038B01FA ] C:\WINDOWS\system32\scesrv.dll
16:10:27.0343 2828 C:\WINDOWS\system32\scesrv.dll - ok
16:10:27.0375 2828 [ 2CFE80AA3428C09E6DE67FAC50DA65CF ] C:\WINDOWS\system32\mpr.dll
16:10:27.0375 2828 C:\WINDOWS\system32\mpr.dll - ok
16:10:27.0406 2828 [ 6201BACF384292A5FE94CE73364AE53A ] C:\WINDOWS\system32\ntdsapi.dll
16:10:27.0406 2828 C:\WINDOWS\system32\ntdsapi.dll - ok
16:10:27.0421 2828 [ 176497D0E7AE618860552A4B5635B206 ] C:\WINDOWS\system32\dnsapi.dll
16:10:27.0421 2828 C:\WINDOWS\system32\dnsapi.dll - ok
16:10:27.0453 2828 [ B43A92C15AE97C6E609C88129CFEE53B ] C:\WINDOWS\system32\umpnpmgr.dll
16:10:27.0453 2828 C:\WINDOWS\system32\umpnpmgr.dll - ok
16:10:27.0484 2828 [ 10F36FA092D7A309A0647FCDC764AE6C ] C:\WINDOWS\system32\wldap32.dll
16:10:27.0484 2828 C:\WINDOWS\system32\wldap32.dll - ok
16:10:27.0515 2828 [ 43DA983415EA533F9E667FDB415F4655 ] C:\WINDOWS\system32\shimeng.dll
16:10:27.0515 2828 C:\WINDOWS\system32\shimeng.dll - ok
16:10:27.0531 2828 [ FB537F29A827D78F756154CF397A113F ] C:\WINDOWS\AppPatch\AcGenral.dll
16:10:27.0531 2828 C:\WINDOWS\AppPatch\AcGenral.dll - ok
16:10:27.0562 2828 [ EBE12F403FDE45E7312E7BF764BFB6C6 ] C:\WINDOWS\system32\samlib.dll
16:10:27.0562 2828 C:\WINDOWS\system32\samlib.dll - ok
16:10:27.0593 2828 [ E15154E7FDA8A580A8F74C7CC16B1FFE ] C:\WINDOWS\system32\samsrv.dll
16:10:27.0593 2828 C:\WINDOWS\system32\samsrv.dll - ok
16:10:27.0609 2828 [ EF5B64A9CD71ED27E837165C08DA4CC1 ] C:\WINDOWS\system32\cryptdll.dll
16:10:27.0609 2828 C:\WINDOWS\system32\cryptdll.dll - ok
16:10:27.0640 2828 [ 90FDAA22F38D9E911F91FA3B8A1F7E5D ] C:\WINDOWS\system32\winmm.dll
16:10:27.0640 2828 C:\WINDOWS\system32\winmm.dll - ok
16:10:27.0671 2828 [ B3742DEE858B243E77C73D2B8F7C8223 ] C:\WINDOWS\system32\oleaut32.dll
16:10:27.0671 2828 C:\WINDOWS\system32\oleaut32.dll - ok
16:10:27.0703 2828 [ 975D12353B1D525C0F3444C447FB3B9A ] C:\WINDOWS\system32\msacm32.dll
16:10:27.0703 2828 C:\WINDOWS\system32\msacm32.dll - ok
16:10:27.0734 2828 [ 2CDE496666A975A2CE8F969F3042C8DB ] C:\WINDOWS\system32\uxtheme.dll
16:10:27.0734 2828 C:\WINDOWS\system32\uxtheme.dll - ok
16:10:27.0765 2828 [ E484F006380A89A52CCC7828ECE5DCA0 ] C:\WINDOWS\system32\msapsspc.dll
16:10:27.0765 2828 C:\WINDOWS\system32\msapsspc.dll - ok
16:10:27.0781 2828 [ 146D198E3AD9D4B69C9EB0AEA6EF333B ] C:\WINDOWS\system32\msvcrt40.dll
16:10:27.0781 2828 C:\WINDOWS\system32\msvcrt40.dll - ok
16:10:27.0796 2828 [ 7B47C36B4F0170B8EF4F3B4EFD371F67 ] C:\WINDOWS\system32\schannel.dll
16:10:27.0796 2828 C:\WINDOWS\system32\schannel.dll - ok
16:10:27.0828 2828 [ 7F2310210256C0AC04A82285DEBC0F51 ] C:\WINDOWS\system32\digest.dll
16:10:27.0828 2828 C:\WINDOWS\system32\digest.dll - ok
16:10:27.0859 2828 [ BB1367FECA810F06B1AEA06D610B1E4F ] C:\WINDOWS\system32\msnsspc.dll
16:10:27.0859 2828 C:\WINDOWS\system32\msnsspc.dll - ok
16:10:27.0890 2828 [ D87041EAA67ECA4394F6D5D09C0C2885 ] C:\WINDOWS\system32\MSCTFIME.IME
16:10:27.0890 2828 C:\WINDOWS\system32\MSCTFIME.IME - ok
16:10:27.0921 2828 [ 6BEC17053284E847CF1FBB8C9A181E1E ] C:\WINDOWS\system32\msprivs.dll
16:10:27.0921 2828 C:\WINDOWS\system32\msprivs.dll - ok
16:10:27.0953 2828 [ C0FE34F85B6D29368133587B1D6FA039 ] C:\WINDOWS\system32\kerberos.dll
16:10:27.0953 2828 C:\WINDOWS\system32\kerberos.dll - ok
16:10:27.0984 2828 [ 42A1912DBDF8BCC087A1CAE008DB060C ] C:\WINDOWS\system32\iphlpapi.dll
16:10:27.0984 2828 C:\WINDOWS\system32\iphlpapi.dll - ok
16:10:28.0000 2828 [ 4E49D244C178505FEB090E37989D4045 ] C:\WINDOWS\system32\msv1_0.dll
16:10:28.0000 2828 C:\WINDOWS\system32\msv1_0.dll - ok
16:10:28.0015 2828 [ 96353FCECBA774BB8DA74A1C6507015A ] C:\WINDOWS\system32\netlogon.dll
16:10:28.0015 2828 C:\WINDOWS\system32\netlogon.dll - ok
16:10:28.0046 2828 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] C:\WINDOWS\system32\w32time.dll
16:10:28.0046 2828 C:\WINDOWS\system32\w32time.dll - ok
16:10:28.0078 2828 [ 26ACBD865F8CFF730F1791C4D0854352 ] C:\WINDOWS\system32\rsaenh.dll
16:10:28.0078 2828 C:\WINDOWS\system32\rsaenh.dll - ok
16:10:28.0109 2828 [ DBB2E47723A164B178836668A6CA4C1B ] C:\WINDOWS\system32\wdigest.dll
16:10:28.0109 2828 C:\WINDOWS\system32\wdigest.dll - ok
16:10:28.0140 2828 [ 7BCB23FA39CE266AF4347A6BEAB60F8C ] C:\WINDOWS\system32\winscard.dll
16:10:28.0140 2828 C:\WINDOWS\system32\winscard.dll - ok
16:10:28.0171 2828 [ 67F2D109AB373FECEB819F420DB11F03 ] C:\WINDOWS\system32\wtsapi32.dll
16:10:28.0171 2828 C:\WINDOWS\system32\wtsapi32.dll - ok
16:10:28.0187 2828 [ 0F78E27F563F2AAF74B91A49E2ABF19A ] C:\WINDOWS\system32\scecli.dll
16:10:28.0187 2828 C:\WINDOWS\system32\scecli.dll - ok
16:10:28.0218 2828 [ 8F078AE4ED187AAABC0A305146DE6716 ] C:\WINDOWS\system32\svchost.exe
16:10:28.0218 2828 C:\WINDOWS\system32\svchost.exe - ok
16:10:28.0250 2828 [ DAA91B358E685FC6CCA9ACA72BE6FE85 ] C:\WINDOWS\system32\ntmarta.dll
16:10:28.0250 2828 C:\WINDOWS\system32\ntmarta.dll - ok
16:10:28.0265 2828 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] C:\WINDOWS\system32\rpcss.dll
16:10:28.0265 2828 C:\WINDOWS\system32\rpcss.dll - ok
16:10:28.0296 2828 [ 1320AEA7057A26A671D9548CC7BEBDA5 ] C:\WINDOWS\system32\xpsp2res.dll
16:10:28.0296 2828 C:\WINDOWS\system32\xpsp2res.dll - ok
16:10:28.0328 2828 [ 82B24CB70E5944E6E34662205A2A5B78 ] C:\WINDOWS\system32\eventlog.dll
16:10:28.0328 2828 C:\WINDOWS\system32\eventlog.dll - ok
16:10:28.0359 2828 [ 097722F235A1FB698BF9234E01B52637 ] C:\WINDOWS\system32\mswsock.dll
16:10:28.0359 2828 C:\WINDOWS\system32\mswsock.dll - ok
16:10:28.0375 2828 [ 765B30C776A1780B46B479FE614F707C ] C:\WINDOWS\system32\hnetcfg.dll
16:10:28.0375 2828 C:\WINDOWS\system32\hnetcfg.dll - ok
16:10:28.0406 2828 [ E19A4040E79BE0AACA971117378F7F2B ] C:\Program Files\Bonjour\mdnsNSP.dll
16:10:28.0406 2828 C:\Program Files\Bonjour\mdnsNSP.dll - ok
16:10:28.0437 2828 [ 2C8FDB176F22629EA5342DB474FAC391 ] C:\WINDOWS\system32\winrnr.dll
16:10:28.0437 2828 C:\WINDOWS\system32\winrnr.dll - ok
16:10:28.0468 2828 [ A7F95A53EE055115DF03588997A47D4D ] C:\WINDOWS\system32\wshtcpip.dll
16:10:28.0468 2828 C:\WINDOWS\system32\wshtcpip.dll - ok
16:10:28.0500 2828 [ 4CAEC028C1E21C75E17877D4522D3DB4 ] C:\WINDOWS\system32\rasadhlp.dll
16:10:28.0500 2828 C:\WINDOWS\system32\rasadhlp.dll - ok
16:10:28.0515 2828 [ 54D9E71DD3F6DF476B99543F88650EDF ] C:\Program Files\HitmanPro\hmpsched.exe
16:10:28.0515 2828 C:\Program Files\HitmanPro\hmpsched.exe - ok
16:10:28.0546 2828 [ 34D6CD56409DA9A7ED573E1C90A308BF ] C:\WINDOWS\system32\drivers\ndisuio.sys
16:10:28.0546 2828 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
16:10:28.0562 2828 [ CB6CA3E5261D65F6F809EED23BF167AA ] C:\WINDOWS\system32\dhcpcsvc.dll
16:10:28.0562 2828 C:\WINDOWS\system32\dhcpcsvc.dll - ok
16:10:28.0593 2828 [ 587729679B4FE04CE06A5C61D6C56DCD ] C:\WINDOWS\system32\cscdll.dll
16:10:28.0593 2828 C:\WINDOWS\system32\cscdll.dll - ok
16:10:28.0625 2828 [ 7DB59FFF2AF32C27EB2276424FA5EDDB ] C:\WINDOWS\system32\logonui.exe
16:10:28.0625 2828 C:\WINDOWS\system32\logonui.exe - ok
16:10:28.0656 2828 [ 7379DE06FD196E396A00AA97B990C00D ] C:\WINDOWS\system32\dnsrslvr.dll
16:10:28.0656 2828 C:\WINDOWS\system32\dnsrslvr.dll - ok
16:10:28.0687 2828 [ A599E5E366C1408E48AA5D37882D4E3E ] C:\WINDOWS\system32\wlnotify.dll
16:10:28.0687 2828 C:\WINDOWS\system32\wlnotify.dll - ok
16:10:28.0718 2828 [ 777EB29D0135D81AD9828A2B05443496 ] C:\WINDOWS\system32\winspool.drv
16:10:28.0718 2828 C:\WINDOWS\system32\winspool.drv - ok
16:10:28.0750 2828 [ ED7E847905DD2797565B4B695E92F42B ] C:\WINDOWS\system32\duser.dll
16:10:28.0750 2828 C:\WINDOWS\system32\duser.dll - ok
16:10:28.0765 2828 [ B3EFF6D938C572E90A07B3D87A3C7657 ] C:\WINDOWS\system32\lmhsvc.dll
16:10:28.0765 2828 C:\WINDOWS\system32\lmhsvc.dll - ok
16:10:28.0781 2828 [ 5A91E6FEAB9F901302FA7FF768C0120F ] C:\WINDOWS\system32\wzcsvc.dll
16:10:28.0781 2828 C:\WINDOWS\system32\wzcsvc.dll - ok
16:10:28.0812 2828 [ B5331F2B6F37C66C29C847F3B94FF900 ] C:\WINDOWS\system32\msimg32.dll
16:10:28.0812 2828 C:\WINDOWS\system32\msimg32.dll - ok
16:10:28.0843 2828 [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
16:10:28.0843 2828 C:\WINDOWS\system32\oleacc.dll - ok
16:10:28.0875 2828 [ 2030FA027E7C3E0A145649C03171457B ] C:\WINDOWS\system32\rtutils.dll
16:10:28.0875 2828 C:\WINDOWS\system32\rtutils.dll - ok
16:10:28.0906 2828 [ E682696D7F982494A8CFC80C5B59D422 ] C:\WINDOWS\system32\wmi.dll
16:10:28.0906 2828 C:\WINDOWS\system32\wmi.dll - ok
16:10:28.0937 2828 [ A57B8ACD54AFBE482042C285C2767EBF ] C:\WINDOWS\system32\esent.dll
16:10:28.0937 2828 C:\WINDOWS\system32\esent.dll - ok
16:10:28.0953 2828 [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll
16:10:28.0953 2828 C:\WINDOWS\system32\atl.dll - ok
16:10:28.0984 2828 [ E26F50A92EE564F21C30501AA6173676 ] C:\WINDOWS\system32\clbcatq.dll
16:10:28.0984 2828 C:\WINDOWS\system32\clbcatq.dll - ok
16:10:29.0015 2828 [ 6728270CB7DBB776ED086F5AC4C82310 ] C:\WINDOWS\system32\comres.dll
16:10:29.0015 2828 C:\WINDOWS\system32\comres.dll - ok
16:10:29.0031 2828 [ 1D3A8A40F8045100A3E35C5F9BC6C5DE ] C:\WINDOWS\system32\shgina.dll
16:10:29.0031 2828 C:\WINDOWS\system32\shgina.dll - ok
16:10:29.0062 2828 [ 5414CCF382E4FCC6819ABA84F5BFEFD4 ] C:\WINDOWS\system32\rastls.dll
16:10:29.0062 2828 C:\WINDOWS\system32\rastls.dll - ok
16:10:29.0093 2828 [ 4AC302BF714DC163E685D0A187A36D0F ] C:\WINDOWS\system32\cryptui.dll
16:10:29.0093 2828 C:\WINDOWS\system32\cryptui.dll - ok
16:10:29.0125 2828 [ 2D9C7B010409372C34F725DA5CCED083 ] C:\WINDOWS\system32\wininet.dll
16:10:29.0125 2828 C:\WINDOWS\system32\wininet.dll - ok
16:10:29.0140 2828 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
16:10:29.0140 2828 C:\WINDOWS\system32\normaliz.dll - ok
16:10:29.0171 2828 [ E3AB3442249C4861C9D591F95330731F ] C:\WINDOWS\system32\urlmon.dll
16:10:29.0171 2828 C:\WINDOWS\system32\urlmon.dll - ok
16:10:29.0203 2828 [ 7FBE659ECDC2E61BDA3AA930C1532516 ] C:\WINDOWS\system32\iertutil.dll
16:10:29.0203 2828 C:\WINDOWS\system32\iertutil.dll - ok
16:10:29.0234 2828 [ 875D770F477E0AE0088BE1810D537B23 ] C:\WINDOWS\system32\activeds.dll
16:10:29.0234 2828 C:\WINDOWS\system32\activeds.dll - ok
16:10:29.0265 2828 [ 9F78F329B1858E845087B923B4DBA0F3 ] C:\WINDOWS\system32\mprapi.dll
16:10:29.0265 2828 C:\WINDOWS\system32\mprapi.dll - ok
16:10:29.0281 2828 [ 12A581CA44E53B09D24C5B94F252C78D ] C:\WINDOWS\system32\adsldpc.dll
16:10:29.0281 2828 C:\WINDOWS\system32\adsldpc.dll - ok
16:10:29.0312 2828 [ CD1F7ED9842138BEADF9ECBF37818BEF ] C:\WINDOWS\system32\rasapi32.dll
16:10:29.0312 2828 C:\WINDOWS\system32\rasapi32.dll - ok
16:10:29.0343 2828 [ 30E244A707E6CE0A4B099CD6384EC6CA ] C:\WINDOWS\system32\rasman.dll
16:10:29.0343 2828 C:\WINDOWS\system32\rasman.dll - ok
16:10:29.0359 2828 [ 6307A1B82F6CA87D7E0CDF49E6E7BC00 ] C:\WINDOWS\system32\tapi32.dll
16:10:29.0359 2828 C:\WINDOWS\system32\tapi32.dll - ok
16:10:29.0390 2828 [ A0BC687A49542C40EB60B7308F454E8A ] C:\WINDOWS\system32\riched20.dll
16:10:29.0390 2828 C:\WINDOWS\system32\riched20.dll - ok
16:10:29.0421 2828 [ 51230212AE7F8159A90F06A7EA30DD8A ] C:\WINDOWS\system32\cscui.dll
16:10:29.0421 2828 C:\WINDOWS\system32\cscui.dll - ok
16:10:29.0453 2828 [ 0B8EB60C983666C3F09AB770EDFD2F96 ] C:\WINDOWS\system32\raschap.dll
16:10:29.0453 2828 C:\WINDOWS\system32\raschap.dll - ok
16:10:29.0484 2828 [ 92360854316611F6CC471612213C3D92 ] C:\WINDOWS\system32\schedsvc.dll
16:10:29.0484 2828 C:\WINDOWS\system32\schedsvc.dll - ok
16:10:29.0515 2828 [ 1B5F6923ABB450692E9FE0672C897AED ] C:\WINDOWS\system32\powrprof.dll
16:10:29.0515 2828 C:\WINDOWS\system32\powrprof.dll - ok
16:10:29.0531 2828 [ 2D7ADA0265BECAB304C1DB95248E8610 ] C:\WINDOWS\system32\dpcdll.dll
16:10:29.0531 2828 C:\WINDOWS\system32\dpcdll.dll - ok
16:10:29.0546 2828 [ DAB9E6C7105D2EF49876FE92C524F565 ] C:\WINDOWS\system32\netman.dll
16:10:29.0546 2828 C:\WINDOWS\system32\netman.dll - ok
16:10:29.0578 2828 [ 29BFBB8D010FAAF08C0AE2F63068D4EA ] C:\Program Files\HitmanPro\HitmanPro.exe
16:10:29.0578 2828 C:\Program Files\HitmanPro\HitmanPro.exe - ok
16:10:29.0609 2828 [ BF52A4D4EB4CFB3109667E429B93E21A ] C:\WINDOWS\system32\netshell.dll
16:10:29.0609 2828 C:\WINDOWS\system32\netshell.dll - ok
16:10:29.0640 2828 [ 39B1FFB03C2296323832ACBAE50D2AFF ] C:\WINDOWS\system32\userinit.exe
16:10:29.0640 2828 C:\WINDOWS\system32\userinit.exe - ok
16:10:29.0671 2828 [ A0732187050030AE399B241436565E64 ] C:\WINDOWS\explorer.exe
16:10:29.0671 2828 C:\WINDOWS\explorer.exe - ok
16:10:29.0703 2828 [ B99FF349BF53BD91FBDDCD6B1EDE8980 ] C:\WINDOWS\system32\browseui.dll
16:10:29.0703 2828 C:\WINDOWS\system32\browseui.dll - ok
16:10:29.0734 2828 [ 1ECB753D7CEEC8F5A94C9781CA64EC44 ] C:\WINDOWS\system32\credui.dll
16:10:29.0734 2828 C:\WINDOWS\system32\credui.dll - ok
16:10:29.0750 2828 [ 9A9BBC71D0EBCD400A33ABCD5F0AB39C ] C:\WINDOWS\system32\wzcsapi.dll
16:10:29.0750 2828 C:\WINDOWS\system32\wzcsapi.dll - ok
16:10:29.0765 2828 [ 249817F51C84D283E96E6B2580D21FFD ] C:\WINDOWS\system32\msidle.dll
16:10:29.0765 2828 C:\WINDOWS\system32\msidle.dll - ok
16:10:29.0796 2828 [ 7435B108B935E42EA92CA94F59C8E717 ] C:\WINDOWS\system32\spoolsv.exe
16:10:29.0796 2828 C:\WINDOWS\system32\spoolsv.exe - ok
16:10:29.0828 2828 [ DB66DB626E4882EBEF55F136F12C1829 ] C:\WINDOWS\system32\audiosrv.dll
16:10:29.0828 2828 C:\WINDOWS\system32\audiosrv.dll - ok
16:10:29.0859 2828 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] C:\WINDOWS\system32\wkssvc.dll
16:10:29.0859 2828 C:\WINDOWS\system32\wkssvc.dll - ok
16:10:29.0890 2828 [ 559B2D22A1EE947A7EAED530C7FF9320 ] C:\WINDOWS\system32\shdocvw.dll
16:10:29.0890 2828 C:\WINDOWS\system32\shdocvw.dll - ok
16:10:29.0921 2828 [ E931B4DD87DFACE46468FD506FDCD262 ] C:\WINDOWS\system32\desk.cpl
16:10:29.0921 2828 C:\WINDOWS\system32\desk.cpl - ok
16:10:29.0937 2828 [ E6796D51CED309E46D29C0B787735615 ] C:\WINDOWS\system32\themeui.dll
16:10:29.0937 2828 C:\WINDOWS\system32\themeui.dll - ok
16:10:29.0968 2828 [ 13510490BEA0997DB625DAA0178CBFCA ] C:\WINDOWS\system32\actxprxy.dll
16:10:29.0968 2828 C:\WINDOWS\system32\actxprxy.dll - ok
16:10:30.0000 2828 [ 2797F33EBF50466020C430EE4F037933 ] C:\WINDOWS\system32\drivers\wdmaud.sys
16:10:30.0000 2828 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
16:10:30.0015 2828 [ D6A8DC8C374EEA24744F2D4E87CA0E7E ] C:\WINDOWS\system32\wdmaud.drv
16:10:30.0015 2828 C:\WINDOWS\system32\wdmaud.drv - ok
16:10:30.0046 2828 [ EEB024F2C81F0D55936FB825D21A91D6 ] C:\WINDOWS\system32\cmd.exe
16:10:30.0046 2828 C:\WINDOWS\system32\cmd.exe - ok
16:10:30.0078 2828 [ 4939E99C1B61017E37A006EEC2E7632D ] C:\WINDOWS\system32\ieframe.dll
16:10:30.0078 2828 C:\WINDOWS\system32\ieframe.dll - ok
16:10:30.0109 2828 [ 650AD082D46BAC0E64C9C0E0928492FD ] C:\WINDOWS\system32\drivers\sysaudio.sys
16:10:30.0109 2828 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
16:10:30.0125 2828 [ 8E186B8F23295D1E42C573B82B80D548 ] C:\WINDOWS\system32\drivers\splitter.sys
16:10:30.0125 2828 C:\WINDOWS\system32\drivers\splitter.sys - ok
16:10:30.0156 2828 [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
16:10:30.0156 2828 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
16:10:30.0187 2828 [ 841F385C6CFAF66B58FBD898722BB4F0 ] C:\WINDOWS\system32\drivers\aec.sys
16:10:30.0187 2828 C:\WINDOWS\system32\drivers\aec.sys - ok
16:10:30.0218 2828 [ 39C5FCF8AA3B83D79A0E853ECB38BF25 ] C:\Program Files\Google\Update\1.3.21.115\goopdate.dll
16:10:30.0218 2828 C:\Program Files\Google\Update\1.3.21.115\goopdate.dll - ok
16:10:30.0250 2828 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] C:\WINDOWS\system32\drivers\swmidi.sys
16:10:30.0250 2828 C:\WINDOWS\system32\drivers\swmidi.sys - ok
16:10:30.0265 2828 [ A6F881284AC1150E37D9AE47FF601267 ] C:\WINDOWS\system32\drivers\DMusic.sys
16:10:30.0265 2828 C:\WINDOWS\system32\drivers\DMusic.sys - ok
16:10:30.0296 2828 [ D93CAD07C5683DB066B0B2D2D3790EAD ] C:\WINDOWS\system32\drivers\kmixer.sys
16:10:30.0296 2828 C:\WINDOWS\system32\drivers\kmixer.sys - ok
16:10:30.0312 2828 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] C:\WINDOWS\system32\drivers\drmkaud.sys
16:10:30.0312 2828 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
16:10:30.0343 2828 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
16:10:30.0343 2828 C:\WINDOWS\system32\msacm32.drv - ok
16:10:30.0375 2828 [ 3B4702155BB2AE9DC00C06A68834BDFA ] C:\WINDOWS\system32\midimap.dll
16:10:30.0375 2828 C:\WINDOWS\system32\midimap.dll - ok
16:10:30.0406 2828 [ 1CBC000ECD2DE2E6FD2B19BC9AABCC52 ] C:\WINDOWS\system32\msi.dll
16:10:30.0406 2828 C:\WINDOWS\system32\msi.dll - ok
16:10:30.0437 2828 [ 6479A184873F7CA797FF0375D711E9A6 ] C:\WINDOWS\system32\dbghelp.dll
16:10:30.0437 2828 C:\WINDOWS\system32\dbghelp.dll - ok
16:10:30.0468 2828 [ 93F29E6964BAEF31E53D203992B0AFD4 ] C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
16:10:30.0468 2828 C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe - ok
16:10:30.0500 2828 [ DAD1CEF1B77539B4EF734A1041CF95ED ] C:\WINDOWS\system32\mstask.dll
16:10:30.0500 2828 C:\WINDOWS\system32\mstask.dll - ok
16:10:30.0515 2828 [ 46EDCC8F2DB2F322C24F48785CB46366 ] C:\WINDOWS\system32\drivers\mrxdav.sys
16:10:30.0515 2828 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
16:10:30.0531 2828 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] C:\WINDOWS\system32\webclnt.dll
16:10:30.0531 2828 C:\WINDOWS\system32\webclnt.dll - ok
16:10:30.0562 2828 [ 29744EB4CE659DFE3B4122DEB45BC478 ] C:\WINDOWS\system32\drivers\parport.sys
16:10:30.0562 2828 C:\WINDOWS\system32\drivers\parport.sys - ok
16:10:30.0593 2828 [ CD9404D115A00D249F70A371B46D5A26 ] C:\WINDOWS\system32\drivers\serial.sys
16:10:30.0593 2828 C:\WINDOWS\system32\drivers\serial.sys - ok
16:10:30.0625 2828 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:10:30.0625 2828 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
16:10:30.0656 2828 [ 53AF9F2B2CE4B6EFF41C70417359D010 ] C:\WINDOWS\system32\wsock32.dll
16:10:30.0656 2828 C:\WINDOWS\system32\wsock32.dll - ok
16:10:30.0687 2828 [ 5AB58C337AC65837FE404462AD6265AB ] C:\Program Files\Bonjour\mDNSResponder.exe
16:10:30.0687 2828 C:\Program Files\Bonjour\mDNSResponder.exe - ok
16:10:30.0703 2828 [ 10654F9DDCEA9C46CFB77554231BE73B ] C:\WINDOWS\system32\cryptsvc.dll
16:10:30.0703 2828 C:\WINDOWS\system32\cryptsvc.dll - ok
16:10:30.0734 2828 [ AD44C5BC21213F394F6AFCB55CC39293 ] C:\WINDOWS\system32\certcli.dll
16:10:30.0734 2828 C:\WINDOWS\system32\certcli.dll - ok
16:10:30.0765 2828 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] C:\WINDOWS\system32\ersvc.dll
16:10:30.0765 2828 C:\WINDOWS\system32\ersvc.dll - ok
16:10:30.0781 2828 [ 60D1A6342238378BFB7545C81EE3606C ] C:\WINDOWS\system32\es.dll
16:10:30.0781 2828 C:\WINDOWS\system32\es.dll - ok
16:10:30.0812 2828 [ 77AC10DB097DFD0CD3071465B644D0AB ] C:\Program Files\Java\jre6\bin\jqs.exe
16:10:30.0812 2828 C:\Program Files\Java\jre6\bin\jqs.exe - ok
16:10:30.0843 2828 [ 8827911A8C37E40C027CBFC88E69D967 ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
16:10:30.0843 2828 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
16:10:30.0875 2828 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
16:10:30.0875 2828 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
16:10:30.0890 2828 [ DB963459BEA73867E50BC92D3A3F61BC ] C:\WINDOWS\system32\pdh.dll
16:10:30.0890 2828 C:\WINDOWS\system32\pdh.dll - ok
16:10:30.0921 2828 [ 7AA15CCBE1DD20339200659AF99D588F ] C:\WINDOWS\system32\odbcbcp.dll
16:10:30.0921 2828 C:\WINDOWS\system32\odbcbcp.dll - ok
16:10:30.0953 2828 [ D1E299962B5956005113EC4AB1E0D9B7 ] C:\WINDOWS\system32\ipsecsvc.dll
16:10:30.0953 2828 C:\WINDOWS\system32\ipsecsvc.dll - ok
16:10:30.0984 2828 [ 93D32468D34E000CB3407947D1D6E22A ] C:\WINDOWS\system32\srvsvc.dll
16:10:30.0984 2828 C:\WINDOWS\system32\srvsvc.dll - ok
16:10:31.0015 2828 [ FC77C63C47AE2D0D8B05DA6EC1785C0F ] C:\WINDOWS\system32\perfos.dll
16:10:31.0015 2828 C:\WINDOWS\system32\perfos.dll - ok
16:10:31.0031 2828 [ BA868A32EB6EB8EBD2FF0D8679801DEF ] C:\WINDOWS\system32\perfdisk.dll
16:10:31.0031 2828 C:\WINDOWS\system32\perfdisk.dll - ok
16:10:31.0062 2828 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
16:10:31.0062 2828 C:\WINDOWS\system32\netmsg.dll - ok
16:10:31.0078 2828 [ AD6B1A69B0CCCF27A792F4C00740D24D ] C:\DOCUME~1\rosa\LOCALS~1\Temp\D88F615F-3D71-45FB-880E-16DAA17BDB7F.exe
16:10:31.0078 2828 C:\DOCUME~1\rosa\LOCALS~1\Temp\D88F615F-3D71-45FB-880E-16DAA17BDB7F.exe - ok
16:10:31.0109 2828 [ E7E39B9152E6C27E5F608574EA6C5A52 ] C:\WINDOWS\system32\oakley.dll
16:10:31.0109 2828 C:\WINDOWS\system32\oakley.dll - ok
16:10:31.0140 2828 [ 306B30A036DB25FCB76B507FEDE07D58 ] C:\WINDOWS\system32\pstorsvc.dll
16:10:31.0140 2828 C:\WINDOWS\system32\pstorsvc.dll - ok
16:10:31.0171 2828 [ 2B2F31E3F2CE3723C1B0F3700C8BE28B ] C:\WINDOWS\system32\winipsec.dll
16:10:31.0171 2828 C:\WINDOWS\system32\winipsec.dll - ok
16:10:31.0203 2828 [ 4D3CCDF22D2B4BAE229BA73B81D13E26 ] C:\WINDOWS\system32\psbase.dll
16:10:31.0203 2828 C:\WINDOWS\system32\psbase.dll - ok
16:10:31.0234 2828 [ 7A4F147CC6B133F905F6E65E2F8669FB ] C:\WINDOWS\system32\drivers\srv.sys
16:10:31.0234 2828 C:\WINDOWS\system32\drivers\srv.sys - ok
16:10:31.0265 2828 [ B1E0CE09895376871746F36DC5773B4F ] C:\WINDOWS\system32\seclogon.dll
16:10:31.0265 2828 C:\WINDOWS\system32\seclogon.dll - ok
16:10:31.0281 2828 [ 8EEEF4C038A3FF7E56D47D9C0B912EAC ] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
16:10:31.0281 2828 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - ok
16:10:31.0296 2828 [ 47C1DE0A890613FFCFF1D67648EEDF90 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:10:31.0296 2828 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
16:10:31.0328 2828 [ E0D6538B62C79FCBF0B27F95FAF3208B ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
16:10:31.0328 2828 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
16:10:31.0359 2828 [ 29BE51557A3E686B297BE273EB17CA67 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
16:10:31.0359 2828 C:\Program Files\Common Files\Real\Update_OB\realsched.exe - ok
16:10:31.0390 2828 [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
16:10:31.0390 2828 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
16:10:31.0421 2828 [ 0E284B5BB0CDD631461CE7E91DCEE3E2 ] C:\Program Files\iTunes\iTunesHelper.exe
16:10:31.0421 2828 C:\Program Files\iTunes\iTunesHelper.exe - ok
16:10:31.0453 2828 [ B53343FE60A33EE765C2476D50D27B26 ] C:\Program Files\Messenger\msmsgs.exe
16:10:31.0453 2828 C:\Program Files\Messenger\msmsgs.exe - ok
16:10:31.0468 2828 [ CC065D46387E4A7E6FF99D7BB5C1769D ] C:\Program Files\QuickTime\QTTask.exe
16:10:31.0468 2828 C:\Program Files\QuickTime\QTTask.exe - ok
16:10:31.0500 2828 [ 24232996A38C0B0CF151C2140AE29FC8 ] C:\WINDOWS\system32\ctfmon.exe
16:10:31.0500 2828 C:\WINDOWS\system32\ctfmon.exe - ok
16:10:31.0531 2828 [ 13922EB54890C77005268882629A31FE ] C:\WINDOWS\system32\dumprep.exe
16:10:31.0531 2828 C:\WINDOWS\system32\dumprep.exe - ok
16:10:31.0546 2828 [ CACD2C63A79268D131EA37E85524CC44 ] C:\WINDOWS\system32\dssenh.dll
16:10:31.0546 2828 C:\WINDOWS\system32\dssenh.dll - ok
16:10:31.0578 2828 [ DFD9870CF39C791D86C4C209DA9FA919 ] C:\WINDOWS\system32\sens.dll
16:10:31.0578 2828 C:\WINDOWS\system32\sens.dll - ok
16:10:31.0609 2828 [ 2B6D3630EB32B562E6763370CE35D730 ] C:\WINDOWS\system32\MSCTF.dll
16:10:31.0609 2828 C:\WINDOWS\system32\MSCTF.dll - ok
16:10:31.0640 2828 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] C:\WINDOWS\system32\wiaservc.dll
16:10:31.0640 2828 C:\WINDOWS\system32\wiaservc.dll - ok
16:10:31.0656 2828 [ BE56D0547E24644DEEB19397521B1EAA ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\gtn.dll
16:10:31.0656 2828 C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\gtn.dll - ok
16:10:31.0687 2828 [ F0AF09B4781F4935FDB49AFA87C90FA9 ] C:\WINDOWS\system32\faultrep.dll
16:10:31.0687 2828 C:\WINDOWS\system32\faultrep.dll - ok
16:10:31.0718 2828 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
16:10:31.0718 2828 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
16:10:31.0750 2828 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] C:\WINDOWS\system32\srsvc.dll
16:10:31.0750 2828 C:\WINDOWS\system32\srsvc.dll - ok
16:10:31.0781 2828 [ FF1962C80AC24FAACD173D6975F8E160 ] C:\Program Files\iTunes\iTunesHelper.dll
16:10:31.0781 2828 C:\Program Files\iTunes\iTunesHelper.dll - ok
16:10:31.0796 2828 [ EF9F69074FF0A48DD30FEF5A33518D86 ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
16:10:31.0796 2828 C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll - ok
16:10:31.0828 2828 [ 87B85BC1E1F6E0228876204A20A9C24C ] C:\WINDOWS\system32\spoolss.dll
16:10:31.0828 2828 C:\WINDOWS\system32\spoolss.dll - ok
16:10:31.0859 2828 [ 13D72740963CBA12D9FF76A7F218BCD8 ] C:\WINDOWS\system32\wuauserv.dll
16:10:31.0859 2828 C:\WINDOWS\system32\wuauserv.dll - ok
16:10:31.0875 2828 [ 3B27D402CCF9CAEE064FABC52D225E18 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
16:10:31.0875 2828 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
16:10:31.0906 2828 [ C2BBD044C741EA4292016C36F718D2E4 ] C:\WINDOWS\system32\linkinfo.dll
16:10:31.0906 2828 C:\WINDOWS\system32\linkinfo.dll - ok
16:10:31.0937 2828 [ 9EEA0CA999A33C9D2EABE82E4C624CC3 ] C:\WINDOWS\system32\msutb.dll
16:10:31.0937 2828 C:\WINDOWS\system32\msutb.dll - ok
16:10:31.0968 2828 [ 385E9AEC6E100DBEBEE5BD1F27A55E1D ] C:\WINDOWS\system32\ntshrui.dll
16:10:31.0968 2828 C:\WINDOWS\system32\ntshrui.dll - ok
16:10:32.0000 2828 [ 0FCB11B39AF688035E1CDE754684EE5C ] C:\WINDOWS\system32\cfgmgr32.dll
16:10:32.0000 2828 C:\WINDOWS\system32\cfgmgr32.dll - ok
16:10:32.0031 2828 [ 4ED87C9C1F9EA9FC68C2E22C3A2DB286 ] C:\WINDOWS\system32\mscms.dll
16:10:32.0031 2828 C:\WINDOWS\system32\mscms.dll - ok
16:10:32.0046 2828 [ F399242A80C4066FD155EFA4CF96658E ] C:\WINDOWS\system32\wbem\wmisvc.dll
16:10:32.0046 2828 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
16:10:32.0062 2828 [ 79DABB124D00ADF19852AE879C201890 ] C:\WINDOWS\system32\vssapi.dll
16:10:32.0062 2828 C:\WINDOWS\system32\vssapi.dll - ok
16:10:32.0093 2828 [ 4038EE8AC13C15A067536D292A93D697 ] C:\WINDOWS\ime\SPTIP.dll
16:10:32.0093 2828 C:\WINDOWS\ime\SPTIP.dll - ok
16:10:32.0125 2828 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
16:10:32.0125 2828 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
16:10:32.0156 2828 [ DCE3C277C4C9ADBC11850DBC4AD131B3 ] C:\WINDOWS\system32\winhttp.dll
16:10:32.0156 2828 C:\WINDOWS\system32\winhttp.dll - ok
16:10:32.0187 2828 [ EB7C34F14E0EA4D28C968661C7C8EAA6 ] C:\RECYCLER\S-1-5-21-2025429265-813497703-682003330-1004\$7f26874bb060fc7d5ce1a1c1f36877e1\n
16:10:32.0187 2828 C:\RECYCLER\S-1-5-21-2025429265-813497703-682003330-1004\$7f26874bb060fc7d5ce1a1c1f36877e1\n - ok
16:10:32.0218 2828 [ 9CD4C33E2115E4EFF7836ADA562847D6 ] C:\WINDOWS\system32\oledlg.dll
16:10:32.0218 2828 C:\WINDOWS\system32\oledlg.dll - ok
16:10:32.0234 2828 [ 4721AB485E0C29CD1617A5F296B9CC47 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
16:10:32.0250 2828 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll - ok
16:10:32.0265 2828 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
16:10:32.0265 2828 C:\WINDOWS\system32\webcheck.dll - ok
16:10:32.0281 2828 [ 15530639789C990827E594344EACC465 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
16:10:32.0281 2828 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
16:10:32.0312 2828 [ 6298277B73C77FA99106B271A7525163 ] C:\WINDOWS\system32\wuaueng.dll
16:10:32.0312 2828 C:\WINDOWS\system32\wuaueng.dll - ok
16:10:32.0343 2828 [ 6BBE66838BEA8285C1289FE896F169FD ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
16:10:32.0343 2828 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
16:10:32.0375 2828 [ 0346DA24DE3C85909717D5997510A31F ] C:\WINDOWS\system32\mlang.dll
16:10:32.0375 2828 C:\WINDOWS\system32\mlang.dll - ok
16:10:32.0406 2828 [ 08F0190AE201EC331B4CA3B0FA2D2CCE ] C:\WINDOWS\system32\cabinet.dll
16:10:32.0406 2828 C:\WINDOWS\system32\cabinet.dll - ok
16:10:32.0437 2828 [ F4D138B6BB58E2BDE80A558D4F1112B1 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
16:10:32.0437 2828 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
16:10:32.0453 2828 [ 297101A925ECFFDCDF7F6341FFBB6C1A ] C:\WINDOWS\system32\stobject.dll
16:10:32.0453 2828 C:\WINDOWS\system32\stobject.dll - ok
16:10:32.0484 2828 [ 633C197292B4051D986903827DE561A3 ] C:\WINDOWS\system32\mspatcha.dll
16:10:32.0484 2828 C:\WINDOWS\system32\mspatcha.dll - ok
16:10:32.0515 2828 [ EDD916D97C229ED9F3EA037DE9352635 ] C:\WINDOWS\system32\xpob2res.dll
16:10:32.0515 2828 C:\WINDOWS\system32\xpob2res.dll - ok
16:10:32.0531 2828 [ 563BAE2309C6C1EF61A6CDD8F21F9FAF ] C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
16:10:32.0531 2828 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll - ok
16:10:32.0562 2828 [ 4E6EEEA8EB9302D604603D4758C05E75 ] C:\WINDOWS\system32\batmeter.dll
16:10:32.0562 2828 C:\WINDOWS\system32\batmeter.dll - ok
16:10:32.0593 2828 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
16:10:32.0593 2828 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
16:10:32.0625 2828 [ DD6D5ABAD9B8C13CEDA4752370BA982C ] C:\WINDOWS\system32\mydocs.dll
16:10:32.0625 2828 C:\WINDOWS\system32\mydocs.dll - ok
16:10:32.0640 2828 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] C:\WINDOWS\system32\trkwks.dll
16:10:32.0640 2828 C:\WINDOWS\system32\trkwks.dll - ok
16:10:32.0671 2828 [ 6E205319848B8AF2A0DA52B8D63DB91E ] C:\WINDOWS\system32\sensapi.dll
16:10:32.0671 2828 C:\WINDOWS\system32\sensapi.dll - ok
16:10:32.0703 2828 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] C:\WINDOWS\system32\browser.dll
16:10:32.0703 2828 C:\WINDOWS\system32\browser.dll - ok
16:10:32.0734 2828 [ DA0B4D1E84826143FFC16296B42EB323 ] C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
16:10:32.0734 2828 C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll - ok
16:10:32.0765 2828 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
16:10:32.0765 2828 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
16:10:32.0781 2828 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
16:10:32.0781 2828 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
16:10:32.0812 2828 [ 4D59DAA66C60858CDF4F67A900F42D4A ] C:\WINDOWS\system32\wscsvc.dll
16:10:32.0812 2828 C:\WINDOWS\system32\wscsvc.dll - ok
16:10:32.0828 2828 [ 2CE8929A1E1C912A55AA38A5AF175278 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
16:10:32.0828 2828 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll - ok
16:10:32.0859 2828 [ 851547797C2A7F8A04841644C471A567 ] C:\WINDOWS\system32\wbem\wbemprox.dll
16:10:32.0859 2828 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
16:10:32.0890 2828 [ 4E39C36213E95FB971A61A247BDE2F61 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
16:10:32.0890 2828 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
16:10:32.0921 2828 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\55279136.sys
16:10:32.0921 2828 C:\WINDOWS\system32\drivers\55279136.sys - ok
16:10:32.0953 2828 [ 1D326842006C4BE77ECD848CF89F01AB ] C:\WINDOWS\system32\wups.dll
16:10:32.0953 2828 C:\WINDOWS\system32\wups.dll - ok
16:10:32.0984 2828 [ 9EBBE7DFF454E9EF99651F3640AF49FB ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
16:10:32.0984 2828 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
16:10:33.0015 2828 [ 652603D2A664D9BFC1D5EB0A9FAEA016 ] C:\WINDOWS\system32\comsvcs.dll
16:10:33.0015 2828 C:\WINDOWS\system32\comsvcs.dll - ok
16:10:33.0031 2828 [ 6C63DC384A15E2AFD4A860031EF40267 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
16:10:33.0031 2828 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
16:10:33.0046 2828 [ 99F43B9B76C88ACEAD42FE84744F8C87 ] C:\WINDOWS\system32\mtxclu.dll
16:10:33.0046 2828 C:\WINDOWS\system32\mtxclu.dll - ok
16:10:33.0078 2828 [ 01A04FB59E76697C9171B6327274D371 ] C:\WINDOWS\system32\colbact.dll
16:10:33.0078 2828 C:\WINDOWS\system32\colbact.dll - ok
16:10:33.0109 2828 [ 98C1FF6676E02D43DA208802286A6EE7 ] C:\WINDOWS\system32\clusapi.dll
16:10:33.0109 2828 C:\WINDOWS\system32\clusapi.dll - ok
16:10:33.0140 2828 [ 2738C8A33FF07DD3C99C7C8F0A85DA72 ] C:\WINDOWS\system32\resutils.dll
16:10:33.0140 2828 C:\WINDOWS\system32\resutils.dll - ok
16:10:33.0171 2828 [ 36360B625D7290BBA2CD03AD4975E1BC ] C:\WINDOWS\system32\wbem\wbemcore.dll
16:10:33.0171 2828 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
16:10:33.0203 2828 [ 2A075EAADE6DF41DBCCC71456E7AA18E ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
16:10:33.0203 2828 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
16:10:33.0218 2828 [ 811345B0227D9E2B39FB2BABD67082EF ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
16:10:33.0218 2828 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
16:10:33.0250 2828 [ DE578E4E6844954823FC7688625F00C8 ] C:\WINDOWS\system32\wbem\esscli.dll
16:10:33.0250 2828 C:\WINDOWS\system32\wbem\esscli.dll - ok
16:10:33.0281 2828 [ 950DF6295D3C6B5F2D508DCB1B275B87 ] C:\WINDOWS\system32\wbem\fastprox.dll
16:10:33.0281 2828 C:\WINDOWS\system32\wbem\fastprox.dll - ok
16:10:33.0296 2828 [ 5BD1234E11B39C63BBA87022AF6D43C2 ] C:\WINDOWS\system32\wups2.dll
16:10:33.0296 2828 C:\WINDOWS\system32\wups2.dll - ok
16:10:33.0328 2828 [ 7D676AC8CC19341117C77C261647BA07 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
16:10:33.0328 2828 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
16:10:33.0359 2828 [ 0A1161DB4FCCF7821736C70D70A0F5A3 ] C:\WINDOWS\system32\wbem\wmiutils.dll
16:10:33.0359 2828 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
16:10:33.0390 2828 [ EB7C34F14E0EA4D28C968661C7C8EAA6 ] C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\n
16:10:33.0390 2828 C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\n - ok
16:10:33.0406 2828 [ 2E632F071817AD3758C386571CBD9858 ] C:\WINDOWS\system32\localspl.dll
16:10:33.0421 2828 C:\WINDOWS\system32\localspl.dll - ok
16:10:33.0437 2828 [ 7105749E78925FDFFD078DD54A8C2B70 ] C:\WINDOWS\system32\cnbjmon.dll
16:10:33.0437 2828 C:\WINDOWS\system32\cnbjmon.dll - ok
16:10:33.0468 2828 [ 5A2299AC53BBAE19BF8D03922DF47B4E ] C:\Program Files\QuickTime\QTSystem\QuickTime.qts
16:10:33.0468 2828 C:\Program Files\QuickTime\QTSystem\QuickTime.qts - ok
16:10:33.0500 2828 [ C44BC10BA73575C91FF50CDAF4D8E370 ] C:\WINDOWS\system32\pjlmon.dll
16:10:33.0500 2828 C:\WINDOWS\system32\pjlmon.dll - ok
16:10:33.0531 2828 [ A3F853629F7F2537157EA6EA9857EA56 ] C:\WINDOWS\system32\tcpmon.dll
16:10:33.0531 2828 C:\WINDOWS\system32\tcpmon.dll - ok
16:10:33.0546 2828 [ 242D07D7FC72AD897944BFF932D57C3C ] C:\WINDOWS\system32\usbmon.dll
16:10:33.0546 2828 C:\WINDOWS\system32\usbmon.dll - ok
16:10:33.0578 2828 [ 196A3816D8EA839746A215F5F336DD34 ] C:\Program Files\QuickTime\QTSystem\QTCF.dll
16:10:33.0578 2828 C:\Program Files\QuickTime\QTSystem\QTCF.dll - ok
16:10:33.0609 2828 [ A1C10F87248529173F39F4B4734DF14B ] C:\WINDOWS\system32\win32spl.dll
16:10:33.0609 2828 C:\WINDOWS\system32\win32spl.dll - ok
16:10:33.0625 2828 [ 55E148C01296696588EAFA425782C3E8 ] C:\WINDOWS\system32\dsound.dll
16:10:33.0625 2828 C:\WINDOWS\system32\dsound.dll - ok
16:10:33.0656 2828 [ 84A5644AE4731202A4A02E6342D29BA6 ] C:\WINDOWS\system32\netrap.dll
16:10:33.0656 2828 C:\WINDOWS\system32\netrap.dll - ok
16:10:33.0687 2828 [ F14A6BD840E4D7CD4C0535CB3CEF2887 ] C:\WINDOWS\system32\inetpp.dll
16:10:33.0687 2828 C:\WINDOWS\system32\inetpp.dll - ok
16:10:33.0718 2828 [ 860F14524C548588B59B77B611CF6F3A ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
16:10:33.0718 2828 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
16:10:33.0750 2828 [ 18628BB3EEA95E17EDB4C79193FD9189 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
16:10:33.0750 2828 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
16:10:33.0781 2828 [ EB032CF179411874F99127B4F8737150 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
16:10:33.0781 2828 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
16:10:33.0796 2828 [ 7ED462F353B3D915A418A689FA881F96 ] C:\WINDOWS\system32\ddraw.dll
16:10:33.0796 2828 C:\WINDOWS\system32\ddraw.dll - ok
16:10:33.0812 2828 [ D0933C7B9763098B16E6BB0B823AE844 ] C:\WINDOWS\system32\dciman32.dll
16:10:33.0812 2828 C:\WINDOWS\system32\dciman32.dll - ok
16:10:33.0843 2828 [ 9A66728EFE501D855D0FFE3DE023CE32 ] C:\WINDOWS\system32\wbem\repdrvfs.dll
16:10:33.0843 2828 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
16:10:33.0875 2828 [ 80B1AA84CD23724C284AD5988F208EB3 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
16:10:33.0875 2828 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
16:10:33.0906 2828 [ BD593EA34DAE448ED19BA46706EC465B ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
16:10:33.0906 2828 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
16:10:33.0937 2828 [ 6708E1DDF12CAB2D5B5A2B66B76E0038 ] C:\WINDOWS\system32\wbem\wbemess.dll
16:10:33.0937 2828 C:\WINDOWS\system32\wbem\wbemess.dll - ok
16:10:33.0968 2828 [ 54ED1955EDB126599E3814B6E251BCA6 ] C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected]
16:10:33.0968 2828 C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] - ok
16:10:34.0000 2828 [ 62BB79160F86CD962F312C68C6239BFD ] C:\WINDOWS\system32\wuauclt.exe
16:10:34.0000 2828 C:\WINDOWS\system32\wuauclt.exe - ok
16:10:34.0015 2828 [ 009758CC06B7F55B4A4D16A66E243C24 ] C:\WINDOWS\system32\wuapi.dll
16:10:34.0015 2828 C:\WINDOWS\system32\wuapi.dll - ok
16:10:34.0046 2828 [ EE6A09BFBE1121E2A52FFE87411433C4 ] C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected]
16:10:34.0046 2828 C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] - ok
16:10:34.0062 2828 [ 8AFF0CD008DF536D4FFCB742F286AD3B ] C:\WINDOWS\assembly\GAC\Desktop.ini
16:10:34.0062 2828 C:\WINDOWS\assembly\GAC\Desktop.ini - ok
16:10:34.0093 2828 [ 7C25440617EEE6F69709AA8C915D2C32 ] C:\WINDOWS\system32\dwwin.exe
16:10:34.0093 2828 C:\WINDOWS\system32\dwwin.exe - ok
16:10:34.0125 2828 [ 6AE613FFF9F9DFEE552652662BFABE41 ] C:\WINDOWS\system32\wbem\ncprov.dll
16:10:34.0125 2828 C:\WINDOWS\system32\wbem\ncprov.dll - ok
16:10:34.0156 2828 [ 7C8F371C924DAA376217E553378275BA ] C:\WINDOWS\system32\shfolder.dll
16:10:34.0156 2828 C:\WINDOWS\system32\shfolder.dll - ok
16:10:34.0187 2828 [ EF32415C2755E66CA1B345DF68C71243 ] C:\WINDOWS\system32\1033\dwintl.dll
16:10:34.0187 2828 C:\WINDOWS\system32\1033\dwintl.dll - ok
16:10:34.0203 2828 [ B60C877D16D9C880B952FDA04ADF16E6 ] C:\WINDOWS\system32\termsrv.dll
16:10:34.0203 2828 C:\WINDOWS\system32\termsrv.dll - ok
16:10:34.0234 2828 [ D18D28CEF9FEA09359C7DE7BE3669F66 ] C:\WINDOWS\system32\wbem\wbemcons.dll
16:10:34.0234 2828 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
16:10:34.0265 2828 [ 37E7DB460A5315E4609B212C6C014527 ] C:\WINDOWS\system32\icaapi.dll
16:10:34.0265 2828 C:\WINDOWS\system32\icaapi.dll - ok
16:10:34.0296 2828 [ F5EE7CACD1784241F138A5E55B715897 ] C:\WINDOWS\system32\mstlsapi.dll
16:10:34.0296 2828 C:\WINDOWS\system32\mstlsapi.dll - ok
16:10:34.0312 2828 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] C:\WINDOWS\system32\imapi.exe
16:10:34.0312 2828 C:\WINDOWS\system32\imapi.exe - ok
16:10:34.0343 2828 [ 8F610078437A459948480407F4DB91EA ] C:\Program Files\iPod\bin\iPodService.exe
16:10:34.0343 2828 C:\Program Files\iPod\bin\iPodService.exe - ok
16:10:34.0375 2828 [ 339089D6C3FC3BC5CED8D9049C4D2101 ] C:\WINDOWS\system32\upnp.dll
16:10:34.0375 2828 C:\WINDOWS\system32\upnp.dll - ok
16:10:34.0390 2828 [ 5B8DFA748FA4845BC04445A30126F2E9 ] C:\WINDOWS\system32\ssdpapi.dll
16:10:34.0390 2828 C:\WINDOWS\system32\ssdpapi.dll - ok
16:10:34.0421 2828 [ A75E262A09A287B8CEDCF3E459C20E3F ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
16:10:34.0421 2828 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
16:10:34.0453 2828 [ 6E71F4274113197AD75262AF24FB1B09 ] C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected]
16:10:34.0453 2828 C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] - ok
16:10:34.0484 2828 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] C:\WINDOWS\system32\tapisrv.dll
16:10:34.0484 2828 C:\WINDOWS\system32\tapisrv.dll - ok
16:10:34.0515 2828 [ 11910590CD0BF2376088E03259B3D974 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
16:10:34.0515 2828 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
16:10:34.0546 2828 [ FE2EB24E6BD36B8BE3869ECE85AA72BC ] C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected]
16:10:34.0546 2828 C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] - ok
16:10:34.0562 2828 [ 9F8B0F4276F618964FD118BE4289B7CD ] C:\WINDOWS\system32\drivers\http.sys
16:10:34.0562 2828 C:\WINDOWS\system32\drivers\http.sys - ok
16:10:34.0593 2828 [ 41A3C11E3517C962C9B44893BCEC3B34 ] C:\WINDOWS\system32\rasmans.dll
16:10:34.0593 2828 C:\WINDOWS\system32\rasmans.dll - ok
16:10:34.0609 2828 [ E3AE8DC04643850D2DFD431443558B28 ] C:\WINDOWS\system32\netcfgx.dll
16:10:34.0609 2828 C:\WINDOWS\system32\netcfgx.dll - ok
16:10:34.0640 2828 [ 4B8D61792F7175BED48859CC18CE4E38 ] C:\WINDOWS\system32\ssdpsrv.dll
16:10:34.0640 2828 C:\WINDOWS\system32\ssdpsrv.dll - ok
16:10:34.0671 2828 [ 49911DD39E023BB6C45E4E436CFBD297 ] C:\WINDOWS\system32\wscntfy.exe
16:10:34.0671 2828 C:\WINDOWS\system32\wscntfy.exe - ok
16:10:34.0703 2828 [ 1D536BEBC30DD8D0D3B6FF3B0CD2D32B ] C:\WINDOWS\system32\rastapi.dll
16:10:34.0703 2828 C:\WINDOWS\system32\rastapi.dll - ok
16:10:34.0734 2828 [ 1DFD6E8DA0FE2D14A5FA12CFCFB162C1 ] C:\WINDOWS\system32\unimdm.tsp
16:10:34.0734 2828 C:\WINDOWS\system32\unimdm.tsp - ok
16:10:34.0765 2828 [ 3AB4213BF48F9062E087B909832AA8E6 ] C:\WINDOWS\system32\uniplat.dll
16:10:34.0765 2828 C:\WINDOWS\system32\uniplat.dll - ok
16:10:34.0796 2828 [ BA5D5FD3CCA6F64A429E2E0E1A1A0917 ] C:\WINDOWS\system32\rasdlg.dll
16:10:34.0796 2828 C:\WINDOWS\system32\rasdlg.dll - ok
16:10:34.0812 2828 [ 7735385C0FA821961F9A1EBA94F2AC98 ] C:\WINDOWS\system32\kmddsp.tsp
16:10:34.0812 2828 C:\WINDOWS\system32\kmddsp.tsp - ok
16:10:34.0828 2828 [ 49361F295DF887AC32CD660CA94ACAA5 ] C:\WINDOWS\system32\h323.tsp
16:10:34.0828 2828 C:\WINDOWS\system32\h323.tsp - ok
16:10:34.0859 2828 [ A4C40AF21BF9F90E08A3C1DD0DC79E0B ] C:\WINDOWS\system32\ipconf.tsp
16:10:34.0859 2828 C:\WINDOWS\system32\ipconf.tsp - ok
16:10:34.0890 2828 [ 37D7005A87F6405DEA87F50098CE03F7 ] C:\WINDOWS\system32\ndptsp.tsp
16:10:34.0890 2828 C:\WINDOWS\system32\ndptsp.tsp - ok
16:10:34.0921 2828 [ 18AFEE0EDE045B6255408D634372DC29 ] C:\WINDOWS\system32\hid.dll
16:10:34.0921 2828 C:\WINDOWS\system32\hid.dll - ok
16:10:34.0953 2828 [ 83168270F2E73A20E981B0F38A34958F ] C:\WINDOWS\system32\hidphone.tsp
16:10:34.0953 2828 C:\WINDOWS\system32\hidphone.tsp - ok
16:10:34.0984 2828 [ 04ECEC0447F79419AD25227205B8277D ] C:\WINDOWS\system32\rasppp.dll
16:10:34.0984 2828 C:\WINDOWS\system32\rasppp.dll - ok
16:10:35.0000 2828 [ C5EF2A4F6CB968B3119B43F43C64A1A6 ] C:\WINDOWS\system32\ntlsapi.dll
16:10:35.0000 2828 C:\WINDOWS\system32\ntlsapi.dll - ok
16:10:35.0031 2828 [ 524F073B1241F5D37CD70FF389B3B7FD ] C:\WINDOWS\system32\msxml3.dll
16:10:35.0031 2828 C:\WINDOWS\system32\msxml3.dll - ok
16:10:35.0046 2828 [ 0A1C56C281B7D2E9845D870E8210C021 ] C:\Program Files\Java\jre6\bin\awt.dll
16:10:35.0046 2828 C:\Program Files\Java\jre6\bin\awt.dll - ok
16:10:35.0078 2828 [ 9917933511F30120998F787826630C94 ] C:\Program Files\Java\jre6\bin\client\jvm.dll
16:10:35.0078 2828 C:\Program Files\Java\jre6\bin\client\jvm.dll - ok
16:10:35.0109 2828 [ B771A34892EC4BABD3FCD7552A5FEACA ] C:\Program Files\Java\jre6\bin\dcpr.dll
16:10:35.0109 2828 C:\Program Files\Java\jre6\bin\dcpr.dll - ok
16:10:35.0140 2828 [ F1F4D274E49D1B91C2EB8243813C1305 ] C:\Program Files\Java\jre6\bin\deploy.dll
16:10:35.0140 2828 C:\Program Files\Java\jre6\bin\deploy.dll - ok
16:10:35.0171 2828 [ 556A35EAADE75BBC0E4A89CA35C5797B ] C:\Program Files\Java\jre6\bin\fontmanager.dll
16:10:35.0171 2828 C:\Program Files\Java\jre6\bin\fontmanager.dll - ok
16:10:35.0187 2828 [ 8941CB55927AF5B05E068CB1208BB12B ] C:\Program Files\Java\jre6\bin\hpi.dll
16:10:35.0187 2828 C:\Program Files\Java\jre6\bin\hpi.dll - ok
16:10:35.0218 2828 [ 8E89F6EFF27213862E2A61E01563D45F ] C:\Program Files\Java\jre6\bin\java.dll
16:10:35.0218 2828 C:\Program Files\Java\jre6\bin\java.dll - ok
16:10:35.0250 2828 [ B427962BDB196D132AF50F6C7B78380D ] C:\Program Files\Java\jre6\bin\javaw.exe
16:10:35.0250 2828 C:\Program Files\Java\jre6\bin\javaw.exe - ok
16:10:35.0281 2828 [ 1F22B27A0F05CF973C71AAC37CFE3FE2 ] C:\Program Files\Java\jre6\bin\jp2native.dll
16:10:35.0281 2828 C:\Program Files\Java\jre6\bin\jp2native.dll - ok
16:10:35.0296 2828 [ 20D05CE7BA11921130E3D01ECD7C9425 ] C:\Program Files\Java\jre6\bin\jpeg.dll
16:10:35.0296 2828 C:\Program Files\Java\jre6\bin\jpeg.dll - ok
16:10:35.0328 2828 [ F24BA21108897C3F02A50277635A6467 ] C:\Program Files\Java\jre6\bin\net.dll
16:10:35.0328 2828 C:\Program Files\Java\jre6\bin\net.dll - ok
16:10:35.0359 2828 [ 2742C3D282BF761090CB1D63CCB295BB ] C:\Program Files\Java\jre6\bin\nio.dll
16:10:35.0359 2828 C:\Program Files\Java\jre6\bin\nio.dll - ok
16:10:35.0375 2828 [ 10198A8DFD4A4015D1180F9FD00998A1 ] C:\Program Files\Java\jre6\bin\regutils.dll
16:10:35.0375 2828 C:\Program Files\Java\jre6\bin\regutils.dll - ok
16:10:35.0406 2828 [ 8EDF4EA760BEDC0739AD9021FCD982F7 ] C:\Program Files\Java\jre6\bin\verify.dll
16:10:35.0406 2828 C:\Program Files\Java\jre6\bin\verify.dll - ok
16:10:35.0437 2828 [ DD4A71AD16A5D7FC295E05290E32CF2C ] C:\Program Files\Java\jre6\bin\zip.dll
16:10:35.0437 2828 C:\Program Files\Java\jre6\bin\zip.dll - ok
16:10:35.0468 2828 [ DA23A12845607133ACF1DB3502D4E575 ] C:\WINDOWS\system32\msisip.dll
16:10:35.0468 2828 C:\WINDOWS\system32\msisip.dll - ok
16:10:35.0500 2828 [ A42C79BF8C1921CE37DAF0C2AD708CCD ] C:\WINDOWS\system32\wshext.dll
16:10:35.0500 2828 C:\WINDOWS\system32\wshext.dll - ok
16:10:35.0531 2828 [ 4602907535FD682195DFFF9117365826 ] C:\WINDOWS\system32\mfc42.dll
16:10:35.0531 2828 C:\WINDOWS\system32\mfc42.dll - ok
16:10:35.0546 2828 [ 559D9CBFC29DEE2773B28D38851683BA ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
16:10:35.0546 2828 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
16:10:35.0562 2828 [ B60DDDD2D63CE41CB8C487FCFBB6419E ] C:\Program Files\Internet Explorer\iexplore.exe
16:10:35.0562 2828 C:\Program Files\Internet Explorer\iexplore.exe - ok
16:10:35.0593 2828 [ DBA6D25FF0EAC58101855E21B68216A9 ] C:\WINDOWS\system32\icm32.dll
16:10:35.0593 2828 C:\WINDOWS\system32\icm32.dll - ok
16:10:35.0625 2828 [ 47EECE68857817F39C8C6F33A7E5E76C ] C:\WINDOWS\system32\drivers\hitmanpro36.sys
16:10:35.0625 2828 C:\WINDOWS\system32\drivers\hitmanpro36.sys - ok
16:10:35.0656 2828 [ 60106B27FCCE3E71EC8C8C757CC243E4 ] C:\WINDOWS\system32\srclient.dll
16:10:35.0656 2828 C:\WINDOWS\system32\srclient.dll - ok
16:10:35.0687 2828 [ 05CB782F2C7024AA92B1722A926BBD3A ] C:\WINDOWS\system32\wbem\framedyn.dll
16:10:35.0687 2828 C:\WINDOWS\system32\wbem\framedyn.dll - ok
16:10:35.0718 2828 [ C39CD25443CCCDD121BF1F807564DCFA ] C:\WINDOWS\system32\drprov.dll
16:10:35.0718 2828 C:\WINDOWS\system32\drprov.dll - ok
16:10:35.0750 2828 [ BB0EE0C172E3D626263299EF1832FD40 ] C:\Program Files\Internet Explorer\xpshims.dll
16:10:35.0750 2828 C:\Program Files\Internet Explorer\xpshims.dll - ok
16:10:35.0781 2828 [ 6539CED6E5AB5684AA09E6B0ABBF4124 ] C:\WINDOWS\system32\ntlanman.dll
16:10:35.0781 2828 C:\WINDOWS\system32\ntlanman.dll - ok
16:10:35.0796 2828 [ 01520B46830C8178E1B2C05A4F3F6C16 ] C:\WINDOWS\system32\netui0.dll
16:10:35.0796 2828 C:\WINDOWS\system32\netui0.dll - ok
16:10:35.0812 2828 [ 88B918E7FB3B09595DD8A0FD09A35B8F ] C:\WINDOWS\system32\netui1.dll
16:10:35.0812 2828 C:\WINDOWS\system32\netui1.dll - ok
16:10:35.0843 2828 [ 11734790410900D2CD6B7839020E4DD9 ] C:\WINDOWS\system32\ieui.dll
16:10:35.0843 2828 C:\WINDOWS\system32\ieui.dll - ok
16:10:35.0875 2828 [ D3AD4F21DD60B4B9BFEB415564A6C308 ] C:\WINDOWS\system32\MSIMTF.dll
16:10:35.0875 2828 C:\WINDOWS\system32\MSIMTF.dll - ok
16:10:35.0906 2828 [ 716A078B2FC6CC0BB3030B2559EC143F ] C:\WINDOWS\system32\davclnt.dll
16:10:35.0906 2828 C:\WINDOWS\system32\davclnt.dll - ok
16:10:35.0937 2828 [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll
16:10:35.0937 2828 C:\WINDOWS\system32\xmllite.dll - ok
16:10:35.0968 2828 [ AD7125BC367BDC060729984EC2E5377A ] C:\Program Files\Internet Explorer\ieproxy.dll
16:10:35.0968 2828 C:\Program Files\Internet Explorer\ieproxy.dll - ok
16:10:35.0984 2828 [ 897493762A427D94B66A30EE6AB35966 ] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
16:10:35.0984 2828 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - ok
16:10:36.0015 2828 [ 36830340A9637937B7D640F5BB5084EB ] C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
16:10:36.0015 2828 C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - ok
16:10:36.0046 2828 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\WINDOWS\system32\msvcp71.dll
16:10:36.0046 2828 C:\WINDOWS\system32\msvcp71.dll - ok
16:10:36.0062 2828 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\msvcr71.dll
16:10:36.0062 2828 C:\WINDOWS\system32\msvcr71.dll - ok
16:10:36.0093 2828 [ 883EF2DD3C9F68691CE02DAAC7267D41 ] C:\Program Files\Java\jre6\bin\jp2ssv.dll
16:10:36.0093 2828 C:\Program Files\Java\jre6\bin\jp2ssv.dll - ok
16:10:36.0125 2828 [ C7B7A88CC7D7ABA5C395145BF92F46F7 ] C:\WINDOWS\system32\mshtml.dll
16:10:36.0125 2828 C:\WINDOWS\system32\mshtml.dll - ok
16:10:36.0156 2828 [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
16:10:36.0156 2828 C:\WINDOWS\system32\msls31.dll - ok
16:10:36.0171 2828 [ FD60844F7DC0CF7C7AFA70B7EC6D0A7E ] C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
16:10:36.0171 2828 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - ok
16:10:36.0203 2828 [ 2EB58F9DCD6AB320B46744A4EA48B2D2 ] C:\WINDOWS\system32\usp10.dll
16:10:36.0203 2828 C:\WINDOWS\system32\usp10.dll - ok
16:10:36.0234 2828 [ F36F69E5A823D57F0D3F86C2EF680FD8 ] C:\WINDOWS\system32\jscript.dll
16:10:36.0234 2828 C:\WINDOWS\system32\jscript.dll - ok
16:10:36.0265 2828 [ 39860787F4E6DE9A35AB1E74330CC788 ] C:\WINDOWS\system32\iepeers.dll
16:10:36.0265 2828 C:\WINDOWS\system32\iepeers.dll - ok
16:10:36.0296 2828 [ 42B928FC8518D793BF7A5EAFC57B1D8B ] C:\WINDOWS\system32\imgutil.dll
16:10:36.0296 2828 C:\WINDOWS\system32\imgutil.dll - ok
16:10:36.0312 2828 [ E5FA1B044DAC5F6F600A1742D73F6936 ] C:\WINDOWS\system32\pngfilt.dll
16:10:36.0312 2828 C:\WINDOWS\system32\pngfilt.dll - ok
16:10:36.0343 2828 [ 5E1A0476E009A1930A524DFF4CA13982 ] C:\WINDOWS\system32\dxtrans.dll
16:10:36.0343 2828 C:\WINDOWS\system32\dxtrans.dll - ok
16:10:36.0375 2828 [ AD805DA7015D155EF9899F73A1C27753 ] C:\WINDOWS\system32\ddrawex.dll
16:10:36.0375 2828 C:\WINDOWS\system32\ddrawex.dll - ok
16:10:36.0390 2828 [ 42B0E894E8F96578D3C005122B0F5E27 ] C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_265.ocx
16:10:36.0390 2828 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_265.ocx - ok
16:10:36.0421 2828 [ 31FA172657E941E7CB15C5CCFE36A03E ] C:\WINDOWS\system32\wbem\wmiprvse.exe
16:10:36.0421 2828 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
16:10:36.0453 2828 [ B83DAB6BA597E8079854632909A96DC2 ] C:\WINDOWS\system32\wbem\cimwin32.dll
16:10:36.0453 2828 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
16:10:36.0484 2828 [ A624930228B698CF5B89F91CAF23A908 ] C:\WINDOWS\system32\security.dll
16:10:36.0484 2828 C:\WINDOWS\system32\security.dll - ok
16:10:36.0515 2828 [ 057D53F1490598D41D9D4DEE9A92B0B1 ] C:\WINDOWS\system32\dxtmsft.dll
16:10:36.0515 2828 C:\WINDOWS\system32\dxtmsft.dll - ok
16:10:36.0546 2828 [ F7832740E40E29E32ECB4D410EB34C91 ] C:\WINDOWS\system32\wbem\wmipcima.dll
16:10:36.0546 2828 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
16:10:36.0562 2828 [ A942038C472CDF1C1EAAE7E8300B9319 ] C:\WINDOWS\system32\vbscript.dll
16:10:36.0562 2828 C:\WINDOWS\system32\vbscript.dll - ok
16:10:36.0578 2828 [ AD6B1A69B0CCCF27A792F4C00740D24D ] C:\Documents and Settings\rosa\Desktop\tdsskiller.exe
16:10:36.0578 2828 C:\Documents and Settings\rosa\Desktop\tdsskiller.exe - ok
16:10:36.0609 2828 [ 39AA47A1ACBB6A92BF875B535EEAF911 ] C:\WINDOWS\system32\wucltui.dll
16:10:36.0609 2828 C:\WINDOWS\system32\wucltui.dll - ok
16:10:36.0640 2828 [ 37BF196917FA0C591BAFCD7949524FF3 ] C:\WINDOWS\system32\wuaucpl.cpl
16:10:36.0640 2828 C:\WINDOWS\system32\wuaucpl.cpl - ok
16:10:36.0671 2828 [ 5E6339CE905AB989795E8005D447A59F ] C:\WINDOWS\system32\mucltui.dll
16:10:36.0671 2828 C:\WINDOWS\system32\mucltui.dll - ok
16:10:36.0703 2828 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\70230603.sys
16:10:36.0703 2828 C:\WINDOWS\system32\drivers\70230603.sys - ok
16:10:36.0734 2828 [ 8E19878192348E8BD426A389C942808E ] C:\WINDOWS\system32\d3dim700.dll
16:10:36.0734 2828 C:\WINDOWS\system32\d3dim700.dll - ok
16:10:36.0765 2828 [ 8FED1E0A491D4990853D23F21C59C730 ] C:\WINDOWS\system32\advpack.dll
16:10:36.0765 2828 C:\WINDOWS\system32\advpack.dll - ok
16:10:36.0781 2828 [ CAD4AA32E7ECA00C23CC39C0EB833F9D ] C:\WINDOWS\system32\cryptnet.dll
16:10:36.0781 2828 C:\WINDOWS\system32\cryptnet.dll - ok
16:10:36.0796 2828 ============================================================
16:10:36.0796 2828 Scan finished
16:10:36.0796 2828 ============================================================
16:10:36.0953 2820 Detected object count: 1
16:10:36.0953 2820 Actual detected object count: 1
16:11:54.0281 2820 RT80x86 ( UnsignedFile.Multi.Generic ) - skipped by user
16:11:54.0281 2820 RT80x86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Problems?

This scan could take a while to finish (4h - 6h) so please be patient.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#7
jokernrose

jokernrose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
The computer does seem to be doing a little better. So far no more FBI warnings or S.M.A.R.T repair warnings. So far only problem I see now is every program in my start button is empty. I ran the Kapersky as you said and here is the log from it.

Status: Disinfected (events: 14)
8/31/2012 10:02:35 AM Disinfected Trojan program Exploit.Java.CVE-2012-0507.kx
C:\Documents and Settings\rosa\Application Data\Sun\Java\Deployment\cache\6.0\21\2317cfd5-4d919ff0 High
8/31/2012 10:02:43 AM Disinfected Trojan program Exploit.Java.CVE-2011-3544.ka
C:\Documents and Settings\rosa\Application Data\Sun\Java\Deployment\cache\6.0\24\6a1c35d8-4ce6e9c2 High
8/31/2012 10:02:43 AM Disinfected Trojan program Exploit.Java.CVE-2011-3544.ka
C:\Documents and Settings\rosa\Application Data\Sun\Java\Deployment\cache\6.0\24\6a1c35d8-4ce6e9c2/Inc.class High
8/31/2012 10:02:35 AM Disinfected Trojan program Exploit.Java.CVE-2012-0507.kx
C:\Documents and Settings\rosa\Application Data\Sun\Java\Deployment\cache\6.0\21\2317cfd5-4d919ff0/r_ea/r_ec.class High
8/31/2012 10:02:41 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg
C:\Documents and Settings\rosa\Application Data\Sun\Java\Deployment\cache\6.0\28\26d395dc-784a9848 High
8/31/2012 10:02:41 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cf
C:\Documents and Settings\rosa\Application Data\Sun\Java\Deployment\cache\6.0\28\26d395dc-784a9848/bpac/a.class High
8/31/2012 10:02:43 AM Disinfected Trojan program Exploit.Java.CVE-2011-3544.ka
C:\Documents and Settings\rosa\Application Data\Sun\Java\Deployment\cache\6.0\24\6a1c35d8-4ce6e9c2/m.class High
8/31/2012 10:02:41 AM Disinfected Trojan program Trojan.Java.Agent.am
C:\Documents and Settings\rosa\Application Data\Sun\Java\Deployment\cache\6.0\28\26d395dc-784a9848/bpac/b.class High
8/31/2012 10:02:41 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg
C:\Documents and Settings\rosa\Application Data\Sun\Java\Deployment\cache\6.0\28\26d395dc-784a9848/bpac/KAVS.class High
8/31/2012 10:02:43 AM Disinfected Trojan program Exploit.Java.CVE-2011-3544.ka
C:\Documents and Settings\rosa\Application Data\Sun\Java\Deployment\cache\6.0\24\6a1c35d8-4ce6e9c2/n.class High
8/31/2012 10:29:25 AM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cc
C:\Documents and Settings\rosa\Local Settings\Temp\jar_cache247379568224013767.tmp High
8/31/2012 10:29:25 AM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cc
C:\Documents and Settings\rosa\Local Settings\Temp\jar_cache247379568224013767.tmp/wvfef.class High
8/31/2012 10:29:24 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.rt
C:\Documents and Settings\rosa\Local Settings\Temp\jar_cache5480280743945967165.tmp High
8/31/2012 10:29:24 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.rt
C:\Documents and Settings\rosa\Local Settings\Temp\jar_cache5480280743945967165.tmp/hay.class High
Status: Deleted (events: 31)
8/31/2012 10:30:10 AM Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.ngn
C:\Documents and Settings\rosa\Local Settings\Temp\aumoulkdpjyk.exe High
8/31/2012 10:58:29 AM Deleted Trojan program Backdoor.Win32.ZAccess.mbt
C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] High
8/31/2012 11:53:10 AM Deleted Trojan program HEUR:Trojan.Win32.Generic
C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\n High
8/31/2012 11:53:10 AM Deleted Trojan program HEUR:Trojan.Win32.Generic
C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\n High
8/31/2012 10:59:56 AM Deleted Trojan program Trojan-Dropper.Win32.Miner.i
C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] High
8/31/2012 10:59:27 AM Deleted Trojan program Backdoor.Win32.ZAccess.mbs
C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] High
8/31/2012 11:01:27 AM Deleted Trojan program Trojan.Win32.Small.bmsk
C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] High
8/31/2012 11:03:44 AM Deleted Trojan program Trojan.Win32.Jorik.Downloader.bsh
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP382\A0314515.exe High
8/31/2012 11:05:10 AM Deleted Trojan program Trojan-FakeAV.Win32.SmartFixer.abj
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP382\A0312516.exe High
8/31/2012 11:06:01 AM Deleted Trojan program Trojan-Spy.Win32.Zbot.ebih
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP389\A0318808.exe High
8/31/2012 11:06:45 AM Deleted Trojan program Trojan.Win32.Jorik.Downloader.caw
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP389\A0319909.exe High
8/31/2012 11:09:39 AM Deleted Trojan program Trojan-FakeAV.Win32.SmartFixer.abj
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP390\A0320391.exe High
8/31/2012 11:11:07 AM Deleted Trojan program Trojan-Spy.Win32.Agent.cczo
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP398\A0336462.dll High
8/31/2012 11:12:14 AM Deleted Trojan program Trojan-Spy.Win32.Delf.aebj
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP398\A0336465.exe High
8/31/2012 11:12:23 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP399\A0337512.ini High
8/31/2012 11:12:32 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP399\A0338509.ini High
8/31/2012 11:12:42 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP399\A0339509.ini High
8/31/2012 11:12:49 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP399\A0339516.ini High
8/31/2012 11:12:57 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP399\A0339526.ini High
8/31/2012 11:13:34 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP399\A0339533.ini High
8/31/2012 11:13:43 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP399\A0339540.ini High
8/31/2012 11:13:53 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP399\A0339552.ini High
8/31/2012 11:14:03 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP399\A0340549.ini High
8/31/2012 11:14:14 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP399\A0340557.ini High
8/31/2012 11:15:30 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP400\A0341557.ini High
8/31/2012 11:15:38 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP400\A0341562.ini High
8/31/2012 11:15:51 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP400\A0341568.ini High
8/31/2012 11:53:10 AM Deleted Trojan program Backdoor.Win32.ZAccess.ydb C:\WINDOWS\assembly\GAC\Desktop.ini High
8/31/2012 11:46:57 AM Deleted Trojan program Backdoor.Win32.ZAccess.mbt
c:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] High
8/31/2012 11:47:10 AM Deleted Trojan program Backdoor.Win32.ZAccess.mbs
c:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] High
8/31/2012 11:47:32 AM Deleted Trojan program Trojan.Win32.Small.bmsk
c:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] High
Status: Quarantined (events: 9)
8/31/2012 11:53:10 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic
C:\RECYCLER\S-1-5-21-2025429265-813497703-682003330-1004\$7f26874bb060fc7d5ce1a1c1f36877e1\n High
8/31/2012 11:53:10 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic
C:\RECYCLER\S-1-5-21-2025429265-813497703-682003330-1004\$7f26874bb060fc7d5ce1a1c1f36877e1\n High
8/31/2012 11:05:52 AM Quarantined unknown threat UDS:DangerousObject.Multi.Generic
C:\RECYCLER\S-1-5-18\$7f26874bb060fc7d5ce1a1c1f36877e1\U\[email protected] High
8/31/2012 11:06:23 AM Quarantined unknown threat UDS:DangerousObject.Multi.Generic
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP383\A0315516.com High
8/31/2012 11:06:38 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP389\A0318900.exe High
8/31/2012 11:07:42 AM Quarantined unknown threat UDS:DangerousObject.Multi.Generic
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP389\A0318730.com High
8/31/2012 11:07:52 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP390\A0319922.dll High
8/31/2012 11:08:39 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP390\A0319941.exe High
8/31/2012 11:12:15 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic
C:\System Volume Information\_restore{DF79C16E-47E9-4E5F-AFC4-522F09CFAAD9}\RP398\A0336493.exe High
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice to hear that. Let's try to run UnHide to get your start menu back.

Download Unhide.exe from here to your desktop and run ti. It should unhide all your files.

Let me know results...
  • 0

#9
jokernrose

jokernrose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I ran the program like you said and I still have no files in my start program. I assume that is all you can do so I will just see what I can do with it. Thank you so much for your help!!
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jokernrose,

If you don't need my help anymore I'll remove my tools. Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

Advertisements


#11
jokernrose

jokernrose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Is there anything else I can do to get my start button programs back??
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I notice that you have SP2 installed on your machine too. This update is way to old. We need to upgrade your system and install latest updates if you want to keep it safe in future. We will do this after we restore your shortcuts.

We can try to find them and restore manually. Here is the first set of steps:

Step 1

  • Download

    Attached File  restore.zip   899bytes   21 downloads to your desktop
  • UnZIP it and double click restore.vbs to run it
  • When you see Enter folder name box write temprestore and press OK button
  • Wait until program finishes and it will create Report.txt
  • Post Report.txt here for me.

Step 2

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %AllUsersProfile%\Start Menu\*.* /s
    %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\*.* /s
    %AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.* /s
    

  • Click button named None first
  • Now click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

Step 3

Please don't forget to include these items in your reply:

  • Report.txt log
  • New OTL log
It would be helpful if you could post each log in separate post
  • 0

#13
jokernrose

jokernrose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Ok here is the report for restore you had me download...

C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeUpdateCheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\PDFPrevHndlrShim.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdaterInstallMgr.exe
C:\Program Files\Common Files\Apple\Apple Application Support\defaults.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Apple Application Support\plutil.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileBackup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileSync.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.IE.client.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.Outlook.client.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.Safari.client.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.WindowsContacts.client.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.WindowsMail.client.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\com.google.ContactSync.client.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\Mingler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncDiagnostics.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\syncli.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncPlanObserver.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUIHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\upgradedb.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\Formatter.bundle\Contents\Windows\Formatter.exe
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver2.exe
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
C:\Program Files\Common Files\Java\Java Update\jaucheck.exe
C:\Program Files\Common Files\Java\Java Update\jaureg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe
C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google SketchUp 8\BsSndRpt.exe
C:\Program Files\Google\Google SketchUp 8\SketchUp.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_B6E98F0202354167.exe
C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarUser_32_7D73B54DC1C7B74A.exe
C:\Program Files\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe
C:\Program Files\Google\Google Toolbar\Component\SearchWithGoogleUpdate_58D2CE9AED09BDF3.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleUpdateBroker.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleUpdateSetup.exe
C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115\GoogleUpdateSetup.exe
C:\Program Files\Google\Update\Download\{F3A97DD3-D98D-4D74-A6B8-244C27CED619}\GoogleUpdateSetup.exe
C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.4.3203.136\GoogleToolbarInstaller_updater_signed.exe
C:\Program Files\HitmanPro\HitmanPro.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe
C:\Program Files\Internet Explorer\ExtExport.exe
C:\Program Files\Internet Explorer\iedw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunesPhotoProcessor.exe
C:\Program Files\Java\jre6\bin\java-rmi.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Java\jre6\bin\javacpl.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Java\jre6\bin\jbroker.exe
C:\Program Files\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jqsnotify.exe
C:\Program Files\Java\jre6\bin\keytool.exe
C:\Program Files\Java\jre6\bin\kinit.exe
C:\Program Files\Java\jre6\bin\klist.exe
C:\Program Files\Java\jre6\bin\ktab.exe
C:\Program Files\Java\jre6\bin\orbd.exe
C:\Program Files\Java\jre6\bin\pack200.exe
C:\Program Files\Java\jre6\bin\policytool.exe
C:\Program Files\Java\jre6\bin\rmid.exe
C:\Program Files\Java\jre6\bin\rmiregistry.exe
C:\Program Files\Java\jre6\bin\servertool.exe
C:\Program Files\Java\jre6\bin\ssvagent.exe
C:\Program Files\Java\jre6\bin\tnameserv.exe
C:\Program Files\Java\jre6\bin\unpack200.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbampt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-killer.exe
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Silverlight\sllauncher.exe
C:\Program Files\Microsoft Silverlight\5.1.10411.0\agcp.exe
C:\Program Files\Microsoft Silverlight\5.1.10411.0\coregen.exe
C:\Program Files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
C:\Program Files\Movie Maker\moviemk.exe
C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
C:\Program Files\MSN Gaming Zone\Windows\zClientm.exe
C:\Program Files\NetMeeting\cb32.exe
C:\Program Files\NetMeeting\conf.exe
C:\Program Files\NetMeeting\wb32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Outlook Express\oemig50.exe
C:\Program Files\Outlook Express\setup50.exe
C:\Program Files\Outlook Express\wab.exe
C:\Program Files\Outlook Express\wabmig.exe
C:\Program Files\Paint Shop Pro 6\Anim.exe
C:\Program Files\Paint Shop Pro 6\JImp16.Exe
C:\Program Files\Paint Shop Pro 6\JUnreg.exe
C:\Program Files\Paint Shop Pro 6\Psp.exe
C:\Program Files\Paint Shop Pro 6\TubeConverter.exe
C:\Program Files\Paint Shop Pro 6\Unwise.exe
C:\Program Files\QuickTime\PictureViewer.exe
C:\Program Files\QuickTime\QTInfo.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\QuickTime\QTSystem\ExportController.exe
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe
C:\Program Files\Real\RealPlayer\fixrjb.exe
C:\Program Files\Real\RealPlayer\realjbox.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Real\RealPlayer\RecordingManager.exe
C:\Program Files\Real\RealPlayer\rphelperapp.exe
C:\Program Files\Real\RealPlayer\converter\convert.exe
C:\Program Files\Real\RealPlayer\converter\RealConverter.exe
C:\Program Files\Real\RealPlayer\converter\Update\r1puninst.exe
C:\Program Files\Real\RealPlayer\Setup\setup.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Windows Media Player\migrate.exe
C:\Program Files\Windows Media Player\mplayer2.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\Program Files\Windows Media Player\wmdbexport.exe
C:\Program Files\Windows Media Player\wmlaunch.exe
C:\Program Files\Windows Media Player\wmpenc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpshare.exe
C:\Program Files\Windows Media Player\wmsetsdk.exe
C:\Program Files\Windows NT\dialer.exe
C:\Program Files\Windows NT\hypertrm.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows NT\Pinball\PINBALL.EXE
  • 0

#14
jokernrose

jokernrose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
And here is the txt from OTL

OTL logfile created on: 9/4/2012 9:14:32 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\rosa\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

734.42 Mb Total Physical Memory | 510.89 Mb Available Physical Memory | 69.56% Memory free
1.76 Gb Paging File | 1.63 Gb Available in Paging File | 92.61% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 25.99 Gb Free Space | 69.76% Space Free | Partition Type: NTFS

Computer Name: ROLAPTOP | User Name: rosa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< %AllUsersProfile%\Start Menu\*.* /s >
[2012/07/14 21:05:32 | 000,000,089 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini
[2012/07/14 21:05:32 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Scanner and Camera Wizard.lnk
[2012/08/28 21:11:30 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro\HitmanPro.lnk
[2012/08/28 21:11:30 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.6.lnk
[2012/08/28 18:58:28 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk
[2012/08/28 18:58:28 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk
[2012/08/28 18:58:28 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
[2012/08/28 18:58:28 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
[2012/08/28 22:53:08 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\About QuickTime.lnk
[2012/08/28 22:53:08 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\PictureViewer.lnk
[2012/08/28 22:53:08 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\QuickTime Player.lnk
[2012/08/28 22:53:08 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk

< %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\*.* /s >
[2010/01/21 17:11:56 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\rosa\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.* /s >

< End of report >
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
One way is to reinstall applications.

Second way is to copy and past shortcuts manually. You have all shortcuts now in temprestore folder that you created by running restore.vbs.

For example, to restore Google SketchUp 8 shortcut you must:
Copy \temprestore\Google SketchUp 8\SketchUp.lnk shortcut to C:\Documents and Settings\rosa\Start Menu\Programs\Google SketchUp 8\ folder

You can also drag and drop shortcuts from temprestore folder directly into Start Menu in appropriate folder inside Start Menu. Just drag shortcut and navigate with it to appropriate folder inside Start Menu then drop it on that folder.

After that you will see shortcut in Start menu.

You can do that for all missing shortcuts otherwise you must reinstall them. Please report progress to me.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP