Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google won't load [Solved]

Started by Lukka09 , Jan 13 2013 02:29 PM

  • This topic is locked This topic is locked

#16
gringo_pr
Posted 14 January 2013 - 09:37 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Lukka09


There is no need to PM (it will not help to get a reply faster) and it makes it look like you are very impatient


I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

Advertisements

#17
Lukka09
Posted 14 January 2013 - 10:03 AM

Lukka09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
When i doubleclick combofix and the click run nothing happens .

I disabled antivirus and closed all programs,but nothing.
  • 0

#18
gringo_pr
Posted 14 January 2013 - 10:32 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#19
Lukka09
Posted 14 January 2013 - 11:01 AM

Lukka09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I managed after all to run combofix.

These are the results :




ComboFix 13-01-14.01 - Administrator 01/14/2013 17:35:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1361 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFixx.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Microsoft\~DFK1184cfa2.tmp
c:\documents and settings\Administrator\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Administrator\Application Data\Microsoft\bass.dll
c:\documents and settings\Administrator\Application Data\Microsoft\engine_vx.dll
c:\documents and settings\Administrator\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Administrator\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Administrator\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Administrator\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Administrator\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{F639E2A2-FE6B-4527-B8BE-C1C423B81844}\PostBuild.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-10 23:01 . 2012-11-22 21:02 175864 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
2013-01-10 23:01 . 2012-11-22 21:02 261880 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
2013-01-10 23:01 . 2013-01-10 23:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apowersoft
2013-01-10 23:01 . 2012-11-22 21:02 421624 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
2013-01-10 23:00 . 2013-01-10 23:00 -------- d-----w- c:\program files\Apowersoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 22:20 . 2012-07-18 07:02 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-03 287288]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-02-18 506424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Roger Wilco\\roger.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\TorrentStream\\engine\\tsengine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\Streaming-Video-Recorder.exe"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\StreamingVideoRecorder.exe"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\ApowersoftSrv.dll"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\ApowersoftDump.dll"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15440:TCP"= 15440:TCP:BitComet 15440 TCP
"15440:UDP"= 15440:UDP:BitComet 15440 UDP
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3/9/2012 3:35 PM 242240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [11/10/2011 12:49 AM 1677072]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [3/23/2012 11:31 AM 31920]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/13/2009 7:45 PM 113536]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/13/2009 6:35 PM 209464]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [11/15/2011 12:52 PM 73216]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [3/14/2011 4:27 PM 271712]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S2 Telenor Internet. RunOuc;Telenor Internet. OUC;c:\program files\Telenor Internet\UpdateDog\ouc.exe [11/15/2011 12:52 PM 239968]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [11/15/2011 12:52 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [11/15/2011 12:52 PM 235392]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [6/24/2012 3:20 PM 135584]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 1:49 PM 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-790525478-261478967-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-03-23 10:33]
.
2013-01-14 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-790525478-261478967-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-03-23 10:31]
.
2013-01-14 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-790525478-261478967-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-03-23 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EE8A4DD6-BACA-4945-B441-540906D6D850}: NameServer = 93.188.163.182,93.188.166.182
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qc889uv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&biw=1366&bih=578&btnG=Google+Search
FF - ExtSQL: 2012-12-13 01:15; jid1-m7xzZLMj29zzjA@jetpack; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qc889uv.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
FF - ExtSQL: 2013-01-14 16:13; [email protected]; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qc889uv.default\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-14 17:47
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS543232L9A300 rev.FB4OC40J -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A13DECC]<<
c:\docume~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x879e0879; SUB DWORD [EBP-0x4], 0x879e0135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x8A325AB8]
3 CLASSPNP[0xBA0E905B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\0000007b[0x8A2FD3B8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> [0x8A2F2940]
[0x8A268360] -> IRP_MJ_CREATE -> 0x8A13DECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskHitachi_HTS543232L9A300_________________FB4OC40J#393039303730424634433630454c47465638434a#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A13DAF1
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
Completion time: 2013-01-14 17:52:59
ComboFix-quarantined-files.txt 2013-01-14 16:52
.
Pre-Run: 15,977,263,104 bytes free
Post-Run: 19,212,804,096 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect



.
- - End Of File - - 8E50D83A1E9A23E62A4F53BAD74DBE34
  • 0

#20
gringo_pr
Posted 14 January 2013 - 11:09 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
go ahead and run TDSSKiller and aswMBR for me please



gringo
  • 0

#21
Lukka09
Posted 14 January 2013 - 11:12 AM

Lukka09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Ok.
  • 0

#22
Lukka09
Posted 14 January 2013 - 11:46 AM

Lukka09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I ran tds killer.

Here are the results:

18:15:25.0578 1944 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:15:25.0843 1944 ============================================================
18:15:25.0843 1944 Current date / time: 2013/01/14 18:15:25.0843
18:15:25.0843 1944 SystemInfo:
18:15:25.0843 1944
18:15:25.0843 1944 OS Version: 5.1.2600 ServicePack: 2.0
18:15:25.0843 1944 Product type: Workstation
18:15:25.0843 1944 ComputerName: XP
18:15:25.0843 1944 UserName: Administrator
18:15:25.0843 1944 Windows directory: C:\WINDOWS
18:15:25.0843 1944 System windows directory: C:\WINDOWS
18:15:25.0843 1944 Processor architecture: Intel x86
18:15:25.0843 1944 Number of processors: 2
18:15:25.0843 1944 Page size: 0x1000
18:15:25.0843 1944 Boot type: Normal boot
18:15:25.0843 1944 ============================================================
18:15:27.0406 1944 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:15:27.0406 1944 ============================================================
18:15:27.0406 1944 \Device\Harddisk0\DR0:
18:15:27.0406 1944 MBR partitions:
18:15:27.0406 1944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
18:15:27.0421 1944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x12F32B8F
18:15:27.0421 1944 ============================================================
18:15:27.0468 1944 C: <-> \Device\Harddisk0\DR0\Partition1
18:15:27.0500 1944 D: <-> \Device\Harddisk0\DR0\Partition2
18:15:27.0500 1944 ============================================================
18:15:27.0500 1944 Initialize success
18:15:27.0500 1944 ============================================================
18:18:28.0203 3012 Deinitialize success
  • 0

#23
Lukka09
Posted 14 January 2013 - 11:46 AM

Lukka09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
18:28:22.0015 2216 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:28:24.0046 2216 ============================================================
18:28:24.0046 2216 Current date / time: 2013/01/14 18:28:24.0046
18:28:24.0046 2216 SystemInfo:
18:28:24.0046 2216
18:28:24.0046 2216 OS Version: 5.1.2600 ServicePack: 2.0
18:28:24.0046 2216 Product type: Workstation
18:28:24.0046 2216 ComputerName: XP
18:28:24.0046 2216 UserName: Administrator
18:28:24.0046 2216 Windows directory: C:\WINDOWS
18:28:24.0046 2216 System windows directory: C:\WINDOWS
18:28:24.0046 2216 Processor architecture: Intel x86
18:28:24.0046 2216 Number of processors: 2
18:28:24.0046 2216 Page size: 0x1000
18:28:24.0046 2216 Boot type: Normal boot
18:28:24.0046 2216 ============================================================
18:28:28.0140 2216 BG loaded
18:28:30.0906 2216 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:28:30.0906 2216 ============================================================
18:28:30.0906 2216 \Device\Harddisk0\DR0:
18:28:31.0234 2216 MBR partitions:
18:28:31.0234 2216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
18:28:31.0578 2216 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x12F32B8F
18:28:31.0578 2216 ============================================================
18:28:33.0937 2216 C: <-> \Device\Harddisk0\DR0\Partition1
18:28:36.0359 2216 D: <-> \Device\Harddisk0\DR0\Partition2
18:28:36.0390 2216 ============================================================
18:28:36.0390 2216 Initialize success
18:28:36.0390 2216 ============================================================
18:29:22.0859 3700 ============================================================
18:29:22.0859 3700 Scan started
18:29:22.0859 3700 Mode: Manual; SigCheck; TDLFS;
18:29:22.0859 3700 ============================================================
18:29:23.0093 3700 ================ Scan system memory ========================
18:29:23.0093 3700 System memory - ok
18:29:23.0093 3700 ================ Scan services =============================
18:29:23.0218 3700 Abiosdsk - ok
18:29:23.0218 3700 abp480n5 - ok
18:29:23.0265 3700 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:29:24.0468 3700 ACPI - ok
18:29:24.0500 3700 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:29:24.0718 3700 ACPIEC - ok
18:29:24.0718 3700 adpu160m - ok
18:29:24.0796 3700 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:29:24.0984 3700 aec - ok
18:29:25.0078 3700 [ 9277C31F1B10EA626C5EA06C5E73B04D ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
18:29:25.0109 3700 AESTAud - ok
18:29:25.0156 3700 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:29:25.0296 3700 AFD - ok
18:29:25.0390 3700 [ 8ED60797908FD394EEE0D6949F493224 ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
18:29:25.0421 3700 AgereModemAudio - ok
18:29:25.0468 3700 [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:29:25.0562 3700 AgereSoftModem - ok
18:29:25.0578 3700 Aha154x - ok
18:29:25.0578 3700 aic78u2 - ok
18:29:25.0593 3700 aic78xx - ok
18:29:25.0625 3700 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:29:25.0812 3700 Alerter - ok
18:29:25.0875 3700 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
18:29:25.0953 3700 ALG - ok
18:29:25.0968 3700 AliIde - ok
18:29:25.0968 3700 amsint - ok
18:29:26.0000 3700 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:29:26.0093 3700 AppMgmt - ok
18:29:26.0109 3700 asc - ok
18:29:26.0109 3700 asc3350p - ok
18:29:26.0125 3700 asc3550 - ok
18:29:26.0187 3700 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:29:26.0203 3700 aspnet_state - ok
18:29:26.0218 3700 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:29:26.0406 3700 AsyncMac - ok
18:29:26.0437 3700 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:29:26.0640 3700 atapi - ok
18:29:26.0656 3700 Atdisk - ok
18:29:26.0671 3700 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:29:26.0843 3700 Atmarpc - ok
18:29:26.0875 3700 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:29:26.0953 3700 AudioSrv - ok
18:29:26.0968 3700 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:29:27.0046 3700 audstub - ok
18:29:27.0078 3700 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:29:27.0156 3700 Beep - ok
18:29:27.0187 3700 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
18:29:27.0343 3700 BITS - ok
18:29:27.0359 3700 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
18:29:27.0500 3700 Browser - ok
18:29:27.0593 3700 [ 4B43DFE1C1FBB305A1DC5504EF9BB34E ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
18:29:27.0671 3700 btaudio - ok
18:29:27.0687 3700 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
18:29:27.0703 3700 BTDriver - ok
18:29:27.0734 3700 [ ED0BD05BE3C494A8FEC0674880D5BC4D ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
18:29:27.0765 3700 BTKRNL - ok
18:29:27.0875 3700 [ 59C3BF4E879D4ACA8268F9CE9926E6EC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
18:29:27.0890 3700 btwdins - ok
18:29:27.0906 3700 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
18:29:27.0921 3700 BTWDNDIS - ok
18:29:27.0921 3700 [ 6B622612FE21B59FAEE2CA4385959778 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
18:29:27.0937 3700 BTWUSB - ok
18:29:28.0000 3700 catchme - ok
18:29:28.0031 3700 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:29:28.0234 3700 cbidf2k - ok
18:29:28.0281 3700 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:29:28.0421 3700 CCDECODE - ok
18:29:28.0421 3700 cd20xrnt - ok
18:29:28.0437 3700 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:29:28.0578 3700 Cdaudio - ok
18:29:28.0609 3700 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:29:28.0734 3700 Cdfs - ok
18:29:28.0765 3700 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:29:28.0953 3700 Cdrom - ok
18:29:28.0953 3700 Changer - ok
18:29:28.0968 3700 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:29:29.0046 3700 CiSvc - ok
18:29:29.0062 3700 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:29:29.0140 3700 ClipSrv - ok
18:29:29.0171 3700 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:29.0171 3700 clr_optimization_v2.0.50727_32 - ok
18:29:29.0203 3700 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:29:29.0281 3700 CmBatt - ok
18:29:29.0296 3700 CmdIde - ok
18:29:29.0328 3700 [ F2B6E950ED768CC8D980F6D27273B741 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:29:29.0343 3700 Com4QLBEx - ok
18:29:29.0359 3700 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:29:29.0437 3700 Compbatt - ok
18:29:29.0437 3700 COMSysApp - ok
18:29:29.0453 3700 Cpqarray - ok
18:29:29.0468 3700 cpuz135 - ok
18:29:29.0500 3700 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:29:29.0609 3700 CryptSvc - ok
18:29:29.0609 3700 dac2w2k - ok
18:29:29.0625 3700 dac960nt - ok
18:29:29.0640 3700 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:29:29.0765 3700 DcomLaunch - ok
18:29:29.0781 3700 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:29:29.0875 3700 Dhcp - ok
18:29:29.0890 3700 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:29:30.0000 3700 Disk - ok
18:29:30.0000 3700 dmadmin - ok
18:29:30.0046 3700 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:29:30.0218 3700 dmboot - ok
18:29:30.0234 3700 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:29:30.0375 3700 dmio - ok
18:29:30.0390 3700 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:29:30.0531 3700 dmload - ok
18:29:30.0578 3700 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
18:29:30.0703 3700 dmserver - ok
18:29:30.0734 3700 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:29:30.0859 3700 DMusic - ok
18:29:30.0875 3700 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:29:31.0000 3700 Dnscache - ok
18:29:31.0015 3700 dpti2o - ok
18:29:31.0031 3700 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:29:31.0171 3700 drmkaud - ok
18:29:31.0203 3700 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
18:29:31.0218 3700 dtsoftbus01 - ok
18:29:31.0234 3700 [ 7A25AD652A3003B8854E873A3324E672 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
18:29:31.0250 3700 eamon - ok
18:29:31.0265 3700 [ C7C17BC80B7264322207ABC31F20EA84 ] easdrv C:\WINDOWS\system32\DRIVERS\easdrv.sys
18:29:31.0265 3700 easdrv - ok
18:29:31.0281 3700 [ 5171CE57B3A004E30CA2B4062C053085 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
18:29:31.0296 3700 EhttpSrv - ok
18:29:31.0312 3700 [ D5D4124827086BA54F6BFE75CE330531 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
18:29:31.0328 3700 ekrn - ok
18:29:31.0359 3700 [ 74051DA749E5E89A14DDAB5BA4A03A7F ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
18:29:31.0375 3700 epfwtdir - ok
18:29:31.0406 3700 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:29:31.0546 3700 ERSvc - ok
18:29:31.0578 3700 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
18:29:31.0734 3700 Eventlog - ok
18:29:31.0765 3700 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
18:29:31.0968 3700 EventSystem - ok
18:29:32.0000 3700 [ FB54F67974D13D73BE3E2F1DF042D295 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
18:29:32.0031 3700 ewusbnet - ok
18:29:32.0062 3700 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
18:29:32.0093 3700 ew_hwusbdev - ok
18:29:32.0125 3700 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:29:32.0203 3700 Fastfat - ok
18:29:32.0218 3700 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:29:32.0296 3700 FastUserSwitchingCompatibility - ok
18:29:32.0328 3700 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:29:32.0406 3700 Fdc - ok
18:29:32.0437 3700 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:29:32.0531 3700 Fips - ok
18:29:32.0546 3700 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:29:32.0687 3700 Flpydisk - ok
18:29:32.0718 3700 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:29:32.0843 3700 FltMgr - ok
18:29:32.0859 3700 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:29:33.0000 3700 Fs_Rec - ok
18:29:33.0000 3700 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:29:33.0125 3700 Ftdisk - ok
18:29:33.0171 3700 [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
18:29:33.0187 3700 Futuremark SystemInfo Service - ok
18:29:33.0218 3700 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:29:33.0343 3700 Gpc - ok
18:29:33.0421 3700 [ 41ECC0A28FFEFF16837A2574B86EF8BC ] GS In-Game Service C:\Program Files\GameTracker\GSInGameService.exe
18:29:33.0562 3700 GS In-Game Service - ok
18:29:33.0578 3700 [ 407E41DDB2BFECE109132AEC296E0D98 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
18:29:33.0625 3700 HBtnKey - ok
18:29:33.0656 3700 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:29:33.0687 3700 HDAudBus - ok
18:29:33.0750 3700 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:29:33.0921 3700 helpsvc - ok
18:29:33.0937 3700 HidServ - ok
18:29:33.0968 3700 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:29:34.0171 3700 HidUsb - ok
18:29:34.0187 3700 hpn - ok
18:29:34.0312 3700 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
18:29:34.0359 3700 HpqKbFiltr - ok
18:29:34.0406 3700 [ 111F2E783FF94FB55D42B8CF7114B4A3 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18:29:34.0421 3700 hpqwmiex - ok
18:29:34.0453 3700 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:29:34.0671 3700 HTTP - ok
18:29:34.0765 3700 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:29:34.0843 3700 HTTPFilter - ok
18:29:34.0875 3700 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
18:29:35.0000 3700 huawei_enumerator - ok
18:29:35.0031 3700 [ F547F862B8907F1BCBD9B72A72A6449E ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
18:29:35.0062 3700 hwdatacard - ok
18:29:35.0140 3700 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
18:29:35.0156 3700 HWDeviceService.exe - ok
18:29:35.0156 3700 hwusbdev - ok
18:29:35.0156 3700 i2omgmt - ok
18:29:35.0171 3700 i2omp - ok
18:29:35.0203 3700 [ A20FA569316D5445D513332F13679E3B ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:29:35.0203 3700 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: A20FA569316D5445D513332F13679E3B, Fake md5: 5502B58EEF7486EE6F93F3F164DCB808
18:29:35.0203 3700 i8042prt ( Rootkit.Win32.TDSS.tdl3 ) - infected
18:29:35.0203 3700 i8042prt - detected Rootkit.Win32.TDSS.tdl3 (0)
18:29:35.0421 3700 [ 3B743262B6456167888D15F1121B3BF7 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:29:35.0718 3700 ialm - ok
18:29:35.0765 3700 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:29:35.0953 3700 Imapi - ok
18:29:35.0984 3700 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:29:36.0187 3700 ImapiService - ok
18:29:36.0203 3700 ini910u - ok
18:29:36.0218 3700 IntelIde - ok
18:29:36.0250 3700 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:29:36.0453 3700 intelppm - ok
18:29:36.0468 3700 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:29:36.0656 3700 Ip6Fw - ok
18:29:36.0671 3700 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:29:36.0750 3700 IpFilterDriver - ok
18:29:36.0750 3700 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:29:36.0828 3700 IpInIp - ok
18:29:36.0859 3700 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:29:36.0937 3700 IpNat - ok
18:29:36.0953 3700 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:29:37.0031 3700 IPSec - ok
18:29:37.0062 3700 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:29:37.0109 3700 IRENUM - ok
18:29:37.0125 3700 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:29:37.0218 3700 isapnp - ok
18:29:37.0265 3700 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:29:37.0265 3700 JavaQuickStarterService - ok
18:29:37.0312 3700 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:29:37.0421 3700 Kbdclass - ok
18:29:37.0421 3700 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:29:37.0515 3700 kbdhid - ok
18:29:37.0546 3700 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:29:37.0656 3700 kmixer - ok
18:29:37.0687 3700 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:29:37.0781 3700 KSecDD - ok
18:29:37.0812 3700 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:29:37.0953 3700 lanmanserver - ok
18:29:37.0968 3700 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:29:38.0093 3700 lanmanworkstation - ok
18:29:38.0093 3700 lbrtfdc - ok
18:29:38.0156 3700 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:29:38.0296 3700 LmHosts - ok
18:29:38.0343 3700 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:29:38.0359 3700 McComponentHostService - ok
18:29:38.0375 3700 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:29:38.0500 3700 Messenger - ok
18:29:38.0546 3700 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:29:38.0562 3700 Microsoft Office Groove Audit Service - ok
18:29:38.0593 3700 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:29:38.0765 3700 mnmdd - ok
18:29:38.0859 3700 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:29:39.0000 3700 mnmsrvc - ok
18:29:39.0031 3700 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:29:39.0171 3700 Modem - ok
18:29:39.0171 3700 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:29:39.0296 3700 Mouclass - ok
18:29:39.0328 3700 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:29:39.0406 3700 mouhid - ok
18:29:39.0437 3700 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:29:39.0500 3700 MountMgr - ok
18:29:39.0562 3700 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:29:39.0718 3700 MozillaMaintenance - ok
18:29:39.0718 3700 mraid35x - ok
18:29:39.0734 3700 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:29:39.0812 3700 MRxDAV - ok
18:29:39.0859 3700 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:29:39.0984 3700 MRxSmb - ok
18:29:40.0031 3700 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:29:40.0156 3700 MSDTC - ok
18:29:40.0171 3700 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:29:40.0375 3700 Msfs - ok
18:29:40.0375 3700 MSIServer - ok
18:29:40.0390 3700 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:29:40.0531 3700 MSKSSRV - ok
18:29:40.0562 3700 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:29:40.0687 3700 MSPCLOCK - ok
18:29:40.0687 3700 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:29:40.0828 3700 MSPQM - ok
18:29:40.0859 3700 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:29:40.0984 3700 mssmbios - ok
18:29:41.0015 3700 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:29:41.0171 3700 MSTEE - ok
18:29:41.0265 3700 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:29:41.0390 3700 Mup - ok
18:29:41.0421 3700 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:29:41.0546 3700 NABTSFEC - ok
18:29:41.0656 3700 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:29:41.0703 3700 NBService - ok
18:29:41.0734 3700 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:29:41.0859 3700 NDIS - ok
18:29:41.0953 3700 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:29:42.0093 3700 NdisIP - ok
18:29:42.0140 3700 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:29:42.0312 3700 NdisTapi - ok
18:29:42.0359 3700 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:29:42.0546 3700 Ndisuio - ok
18:29:42.0656 3700 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:29:42.0843 3700 NdisWan - ok
18:29:42.0859 3700 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:29:43.0015 3700 NDProxy - ok
18:29:43.0031 3700 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:29:43.0171 3700 NetBIOS - ok
18:29:43.0250 3700 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:29:43.0375 3700 NetBT - ok
18:29:43.0421 3700 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
18:29:43.0546 3700 NetDDE - ok
18:29:43.0546 3700 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:29:43.0671 3700 NetDDEdsdm - ok
18:29:43.0750 3700 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:29:43.0937 3700 Netlogon - ok
18:29:43.0984 3700 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
18:29:44.0171 3700 Netman - ok
18:29:44.0390 3700 [ CCDB8DB66ACD3C0A6C8E171B79F60AC4 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
18:29:44.0578 3700 NETw5x32 - ok
18:29:44.0609 3700 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
18:29:44.0796 3700 Nla - ok
18:29:44.0875 3700 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:29:44.0906 3700 NMIndexingService - ok
18:29:44.0921 3700 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:29:45.0093 3700 Npfs - ok
18:29:45.0156 3700 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:29:45.0359 3700 Ntfs - ok
18:29:45.0375 3700 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:29:45.0500 3700 NtLmSsp - ok
18:29:45.0546 3700 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:29:45.0671 3700 NtmsSvc - ok
18:29:45.0687 3700 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:29:45.0828 3700 Null - ok
18:29:45.0859 3700 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:29:45.0984 3700 NwlnkFlt - ok
18:29:46.0015 3700 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:29:46.0140 3700 NwlnkFwd - ok
18:29:46.0218 3700 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:29:46.0250 3700 odserv - ok
18:29:46.0265 3700 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:46.0281 3700 ose - ok
18:29:46.0296 3700 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:29:46.0484 3700 Parport - ok
18:29:46.0546 3700 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:29:46.0718 3700 PartMgr - ok
18:29:46.0750 3700 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:29:46.0937 3700 ParVdm - ok
18:29:46.0953 3700 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:29:47.0140 3700 PCI - ok
18:29:47.0156 3700 PCIDump - ok
18:29:47.0156 3700 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:29:47.0406 3700 PCIIde - ok
18:29:47.0437 3700 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:29:47.0625 3700 Pcmcia - ok
18:29:47.0640 3700 PDCOMP - ok
18:29:47.0640 3700 PDFRAME - ok
18:29:47.0656 3700 PDRELI - ok
18:29:47.0671 3700 PDRFRAME - ok
18:29:47.0671 3700 perc2 - ok
18:29:47.0687 3700 perc2hib - ok
18:29:47.0750 3700 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
18:29:47.0937 3700 PlugPlay - ok
18:29:47.0968 3700 [ 1713D9DE407313138118D501B0E3C05B ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
18:29:47.0984 3700 PnkBstrA - ok
18:29:48.0015 3700 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:29:48.0187 3700 PolicyAgent - ok
18:29:48.0234 3700 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:29:48.0421 3700 PptpMiniport - ok
18:29:48.0437 3700 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:29:48.0609 3700 ProtectedStorage - ok
18:29:48.0625 3700 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:29:48.0703 3700 PSched - ok
18:29:48.0718 3700 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:29:48.0781 3700 Ptilink - ok
18:29:48.0812 3700 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:29:48.0828 3700 PxHelp20 - ok
18:29:48.0828 3700 ql1080 - ok
18:29:48.0828 3700 Ql10wnt - ok
18:29:48.0828 3700 ql12160 - ok
18:29:48.0843 3700 ql1240 - ok
18:29:48.0843 3700 ql1280 - ok
18:29:48.0859 3700 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:29:49.0046 3700 RasAcd - ok
18:29:49.0078 3700 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:29:49.0296 3700 RasAuto - ok
18:29:49.0312 3700 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:29:49.0437 3700 Rasl2tp - ok
18:29:49.0453 3700 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:29:49.0578 3700 RasMan - ok
18:29:49.0578 3700 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:29:49.0734 3700 RasPppoe - ok
18:29:49.0734 3700 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:29:49.0906 3700 Raspti - ok
18:29:49.0937 3700 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:29:50.0062 3700 Rdbss - ok
18:29:50.0062 3700 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:29:50.0187 3700 RDPCDD - ok
18:29:50.0234 3700 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:29:50.0359 3700 rdpdr - ok
18:29:50.0375 3700 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:29:50.0515 3700 RDPWD - ok
18:29:50.0531 3700 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:29:50.0609 3700 RDSessMgr - ok
18:29:50.0671 3700 [ F38405956C690AF82CF913FD66E658A1 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
18:29:50.0671 3700 RealNetworks Downloader Resolver Service - ok
18:29:50.0703 3700 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:29:50.0781 3700 redbook - ok
18:29:50.0812 3700 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:29:50.0890 3700 RemoteAccess - ok
18:29:50.0921 3700 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:29:51.0000 3700 RemoteRegistry - ok
18:29:51.0031 3700 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
18:29:51.0125 3700 RpcLocator - ok
18:29:51.0140 3700 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:29:51.0250 3700 RpcSs - ok
18:29:51.0281 3700 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:29:51.0375 3700 RSVP - ok
18:29:51.0406 3700 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
18:29:51.0484 3700 SamSs - ok
18:29:51.0515 3700 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:29:51.0640 3700 SCardSvr - ok
18:29:51.0750 3700 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:29:51.0875 3700 Schedule - ok
18:29:51.0890 3700 [ BB6FBEBEBBD14429021F2851A60D8546 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:29:51.0906 3700 Secdrv ( UnsignedFile.Multi.Generic ) - warning
18:29:51.0906 3700 Secdrv - detected UnsignedFile.Multi.Generic (1)
18:29:51.0921 3700 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
18:29:52.0046 3700 seclogon - ok
18:29:52.0140 3700 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
18:29:52.0312 3700 SENS - ok
18:29:52.0328 3700 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:29:52.0500 3700 Serial - ok
18:29:52.0531 3700 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:29:52.0703 3700 Sfloppy - ok
18:29:52.0734 3700 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:29:52.0921 3700 SharedAccess - ok
18:29:52.0953 3700 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:29:53.0125 3700 ShellHWDetection - ok
18:29:53.0125 3700 Simbad - ok
18:29:53.0171 3700 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:29:53.0187 3700 SkypeUpdate - ok
18:29:53.0203 3700 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:29:53.0343 3700 SLIP - ok
18:29:53.0343 3700 SNP2UVC - ok
18:29:53.0359 3700 Sparrow - ok
18:29:53.0390 3700 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:29:53.0515 3700 splitter - ok
18:29:53.0531 3700 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:29:53.0656 3700 Spooler - ok
18:29:53.0703 3700 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:29:53.0781 3700 sr - ok
18:29:53.0796 3700 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
18:29:53.0890 3700 srservice - ok
18:29:53.0906 3700 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:29:54.0109 3700 Srv - ok
18:29:54.0140 3700 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:29:54.0218 3700 SSDPSRV - ok
18:29:54.0375 3700 [ DC3489F1EF71AD75B34740D0E6979187 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
18:29:54.0734 3700 STHDA - ok
18:29:54.0781 3700 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:29:54.0984 3700 stisvc - ok
18:29:55.0031 3700 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:29:55.0187 3700 streamip - ok
18:29:55.0234 3700 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:29:55.0406 3700 swenum - ok
18:29:55.0421 3700 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:29:55.0578 3700 swmidi - ok
18:29:55.0578 3700 SwPrv - ok
18:29:55.0578 3700 symc810 - ok
18:29:55.0593 3700 symc8xx - ok
18:29:55.0593 3700 sym_hi - ok
18:29:55.0593 3700 sym_u3 - ok
18:29:55.0640 3700 [ 5C3E900F41426A372DE60675AFC8AA07 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:29:55.0656 3700 SynTP - ok
18:29:55.0656 3700 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:29:55.0750 3700 sysaudio - ok
18:29:55.0765 3700 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:29:55.0843 3700 SysmonLog - ok
18:29:55.0859 3700 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:29:55.0953 3700 TapiSrv - ok
18:29:55.0968 3700 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:29:56.0046 3700 Tcpip - ok
18:29:56.0062 3700 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:29:56.0156 3700 TDPIPE - ok
18:29:56.0171 3700 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:29:56.0312 3700 TDTCP - ok
18:29:56.0359 3700 [ 60AC73EB57682F361E07AE26A62DFD6A ] Telenor Internet. RunOuc C:\Program Files\Telenor Internet\UpdateDog\ouc.exe
18:29:56.0375 3700 Telenor Internet. RunOuc - ok
18:29:56.0406 3700 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:29:56.0515 3700 TermDD - ok
18:29:56.0546 3700 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
18:29:56.0718 3700 TermService - ok
18:29:56.0750 3700 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:29:56.0921 3700 Themes - ok
18:29:56.0968 3700 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:29:57.0062 3700 TlntSvr - ok
18:29:57.0078 3700 TosIde - ok
18:29:57.0093 3700 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:29:57.0265 3700 TrkWks - ok
18:29:57.0328 3700 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:29:57.0453 3700 Udfs - ok
18:29:57.0453 3700 ultra - ok
18:29:57.0468 3700 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:29:57.0593 3700 Update - ok
18:29:57.0609 3700 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
18:29:57.0671 3700 upnphost - ok
18:29:57.0671 3700 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
18:29:57.0812 3700 UPS - ok
18:29:57.0843 3700 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:29:57.0953 3700 usbccgp - ok
18:29:57.0968 3700 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:29:58.0093 3700 usbehci - ok
18:29:58.0109 3700 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:29:58.0218 3700 usbhub - ok
18:29:58.0265 3700 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:29:58.0390 3700 usbscan - ok
18:29:58.0421 3700 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:29:58.0531 3700 USBSTOR - ok
18:29:58.0625 3700 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:29:58.0734 3700 usbuhci - ok
18:29:58.0828 3700 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
18:29:59.0000 3700 usbvideo - ok
18:29:59.0015 3700 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:29:59.0203 3700 VgaSave - ok
18:29:59.0203 3700 ViaIde - ok
18:29:59.0218 3700 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:29:59.0406 3700 VolSnap - ok
18:29:59.0453 3700 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
18:29:59.0562 3700 VSS - ok
18:29:59.0609 3700 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
18:29:59.0781 3700 W32Time - ok
18:29:59.0828 3700 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:30:00.0000 3700 Wanarp - ok
18:30:00.0046 3700 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:30:00.0093 3700 Wdf01000 - ok
18:30:00.0093 3700 WDICA - ok
18:30:00.0125 3700 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:30:00.0312 3700 wdmaud - ok
18:30:00.0328 3700 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:30:00.0515 3700 WebClient - ok
18:30:00.0578 3700 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:30:00.0640 3700 winmgmt - ok
18:30:00.0687 3700 [ BDCB1149152BEB87154D42AEAF148C90 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:30:00.0718 3700 WmdmPmSN - ok
18:30:00.0765 3700 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
18:30:00.0859 3700 Wmi - ok
18:30:00.0875 3700 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:30:00.0953 3700 WmiAcpi - ok
18:30:00.0984 3700 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:30:01.0093 3700 WmiApSrv - ok
18:30:01.0187 3700 [ 0C1D6294D4794C6C2B38E983AAC9C10F ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:30:01.0250 3700 WMPNetworkSvc - ok
18:30:01.0296 3700 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:30:01.0468 3700 WS2IFSL - ok
18:30:01.0531 3700 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:30:01.0718 3700 wscsvc - ok
18:30:01.0734 3700 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:30:01.0921 3700 WSTCODEC - ok
18:30:02.0031 3700 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:30:02.0234 3700 wuauserv - ok
18:30:02.0328 3700 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:30:02.0515 3700 WZCSVC - ok
18:30:02.0546 3700 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:30:02.0687 3700 xmlprov - ok
18:30:02.0718 3700 [ CBFB4178EF3304F27B6A8554B09E5910 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:30:02.0796 3700 yukonwxp - ok
18:30:02.0812 3700 ================ Scan global ===============================
18:30:02.0843 3700 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
18:30:02.0843 3700 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
18:30:02.0859 3700 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
18:30:02.0875 3700 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
18:30:02.0875 3700 [Global] - ok
18:30:02.0890 3700 ================ Scan MBR ==================================
18:30:02.0906 3700 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:30:03.0234 3700 \Device\Harddisk0\DR0 - ok
18:30:03.0234 3700 ================ Scan VBR ==================================
18:30:03.0234 3700 [ 9592C71469F7A25907DBAAA5881413ED ] \Device\Harddisk0\DR0\Partition1
18:30:03.0234 3700 \Device\Harddisk0\DR0\Partition1 - ok
18:30:03.0250 3700 [ AEABFAC127F3AA23D77F9E366DD15198 ] \Device\Harddisk0\DR0\Partition2
18:30:03.0250 3700 \Device\Harddisk0\DR0\Partition2 - ok
18:30:03.0250 3700 ================ Scan active images ========================
18:30:03.0250 3700 [ 279FB78702454DFF2BB445F238C048D2 ] C:\WINDOWS\system32\drivers\intelppm.sys
18:30:03.0250 3700 C:\WINDOWS\system32\drivers\intelppm.sys - ok
18:30:03.0265 3700 [ D5A9D123F5ED7C9965A481BD20CF66D8 ] C:\WINDOWS\system32\drivers\videoprt.sys
18:30:03.0265 3700 C:\WINDOWS\system32\drivers\videoprt.sys - ok
18:30:03.0265 3700 [ 3B743262B6456167888D15F1121B3BF7 ] C:\WINDOWS\system32\drivers\igxpmp32.sys
18:30:03.0265 3700 C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
18:30:03.0265 3700 [ 2034CA78F9C6E787B4B76D81AC888351 ] C:\WINDOWS\system32\drivers\usbport.sys
18:30:03.0265 3700 C:\WINDOWS\system32\drivers\usbport.sys - ok
18:30:03.0281 3700 [ F8FD1400092E23C8F2F31406EF06167B ] C:\WINDOWS\system32\drivers\usbuhci.sys
18:30:03.0281 3700 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
18:30:03.0281 3700 [ 3FCC124B6E08EE0E9351F717DD136939 ] C:\WINDOWS\system32\drivers\Hdaudbus.sys
18:30:03.0281 3700 C:\WINDOWS\system32\drivers\Hdaudbus.sys - ok
18:30:03.0296 3700 [ 15E993BA2F6946B2BFBBFCD30398621E ] C:\WINDOWS\system32\drivers\usbehci.sys
18:30:03.0296 3700 C:\WINDOWS\system32\drivers\usbehci.sys - ok
18:30:03.0296 3700 [ CCDB8DB66ACD3C0A6C8E171B79F60AC4 ] C:\WINDOWS\system32\drivers\NETw5x32.sys
18:30:03.0296 3700 C:\WINDOWS\system32\drivers\NETw5x32.sys - ok
18:30:03.0312 3700 [ CBFB4178EF3304F27B6A8554B09E5910 ] C:\WINDOWS\system32\drivers\yk51x86.sys
18:30:03.0312 3700 C:\WINDOWS\system32\drivers\yk51x86.sys - ok
18:30:03.0312 3700 [ A20FA569316D5445D513332F13679E3B ] C:\WINDOWS\system32\drivers\i8042prt.sys
18:30:03.0312 3700 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
18:30:03.0328 3700 [ 35956140E686D53BF676CF0C778880FC ] C:\WINDOWS\system32\drivers\HpqKbFiltr.sys
18:30:03.0328 3700 C:\WINDOWS\system32\drivers\HpqKbFiltr.sys - ok
18:30:03.0328 3700 [ 6AA8BB224B30A20A5D07A2734568D6D7 ] C:\WINDOWS\system32\drivers\wdfldr.sys
18:30:03.0328 3700 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
18:30:03.0343 3700 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] C:\WINDOWS\system32\drivers\wdf01000.sys
18:30:03.0343 3700 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
18:30:03.0343 3700 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] C:\WINDOWS\system32\drivers\kbdclass.sys
18:30:03.0343 3700 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
18:30:03.0343 3700 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
18:30:03.0343 3700 C:\WINDOWS\system32\drivers\usbd.sys - ok
18:30:03.0359 3700 [ 34E1F0031153E491910E12551400192C ] C:\WINDOWS\system32\drivers\mouclass.sys
18:30:03.0359 3700 C:\WINDOWS\system32\drivers\mouclass.sys - ok
18:30:03.0359 3700 [ 5C3E900F41426A372DE60675AFC8AA07 ] C:\WINDOWS\system32\drivers\SynTP.sys
18:30:03.0359 3700 C:\WINDOWS\system32\drivers\SynTP.sys - ok
18:30:03.0375 3700 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] C:\WINDOWS\system32\drivers\imapi.sys
18:30:03.0375 3700 C:\WINDOWS\system32\drivers\imapi.sys - ok
18:30:03.0375 3700 [ AF9C19B3100FE010496B1A27181FBF72 ] C:\WINDOWS\system32\drivers\cdrom.sys
18:30:03.0375 3700 C:\WINDOWS\system32\drivers\cdrom.sys - ok
18:30:03.0375 3700 [ B9540E258F952650DE8DEC68719A5C97 ] C:\WINDOWS\system32\drivers\ks.sys
18:30:03.0375 3700 C:\WINDOWS\system32\drivers\ks.sys - ok
18:30:03.0390 3700 [ 4266BE808F85826AEDF3C64C1E240203 ] C:\WINDOWS\system32\drivers\CmBatt.sys
18:30:03.0390 3700 C:\WINDOWS\system32\drivers\CmBatt.sys - ok
18:30:03.0390 3700 [ 407E41DDB2BFECE109132AEC296E0D98 ] C:\WINDOWS\system32\drivers\CPQBttn.sys
18:30:03.0390 3700 C:\WINDOWS\system32\drivers\CPQBttn.sys - ok
18:30:03.0406 3700 [ 378055AB8DDA86228683C697C4E11685 ] C:\WINDOWS\system32\drivers\hidclass.sys
18:30:03.0406 3700 C:\WINDOWS\system32\drivers\hidclass.sys - ok
18:30:03.0406 3700 [ 5FFF41CD5108E9051D255C37825AF697 ] C:\WINDOWS\system32\drivers\hidparse.sys
18:30:03.0406 3700 C:\WINDOWS\system32\drivers\hidparse.sys - ok
18:30:03.0421 3700 [ B31B4588E4086D8D84ADBF9845C2402B ] C:\WINDOWS\system32\drivers\redbook.sys
18:30:03.0421 3700 C:\WINDOWS\system32\drivers\redbook.sys - ok
18:30:03.0421 3700 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
18:30:03.0421 3700 C:\WINDOWS\system32\drivers\audstub.sys - ok
18:30:03.0437 3700 [ ED0BD05BE3C494A8FEC0674880D5BC4D ] C:\WINDOWS\system32\drivers\btkrnl.sys
18:30:03.0437 3700 C:\WINDOWS\system32\drivers\btkrnl.sys - ok
18:30:03.0437 3700 [ AE2C8544E747C20062DB27456EA2D67A ] C:\WINDOWS\system32\drivers\wmiacpi.sys
18:30:03.0437 3700 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
18:30:03.0453 3700 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] C:\WINDOWS\system32\drivers\ndistapi.sys
18:30:03.0453 3700 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
18:30:03.0453 3700 [ 0B90E255A9490166AB368CD55A529893 ] C:\WINDOWS\system32\drivers\ndiswan.sys
18:30:03.0453 3700 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
18:30:03.0453 3700 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] C:\WINDOWS\system32\drivers\rasl2tp.sys
18:30:03.0453 3700 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
18:30:03.0468 3700 [ 7306EEED8895454CBED4669BE9F79FAA ] C:\WINDOWS\system32\drivers\raspppoe.sys
18:30:03.0468 3700 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
18:30:03.0468 3700 [ 6891B74AB9A016064E82A419388D0601 ] C:\WINDOWS\system32\drivers\tdi.sys
18:30:03.0468 3700 C:\WINDOWS\system32\drivers\tdi.sys - ok
18:30:03.0484 3700 [ C0F1D4A21DE5A415DF8170616703DEBF ] C:\WINDOWS\system32\drivers\msgpc.sys
18:30:03.0484 3700 C:\WINDOWS\system32\drivers\msgpc.sys - ok
18:30:03.0484 3700 [ 48671F327553DCF1D27F6197F622A668 ] C:\WINDOWS\system32\drivers\psched.sys
18:30:03.0484 3700 C:\WINDOWS\system32\drivers\psched.sys - ok
18:30:03.0500 3700 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
18:30:03.0500 3700 C:\WINDOWS\system32\drivers\ptilink.sys - ok
18:30:03.0500 3700 [ 1C5CC65AAC0783C344F16353E60B72AC ] C:\WINDOWS\system32\drivers\raspptp.sys
18:30:03.0500 3700 C:\WINDOWS\system32\drivers\raspptp.sys - ok
18:30:03.0515 3700 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
18:30:03.0515 3700 C:\WINDOWS\system32\drivers\raspti.sys - ok
18:30:03.0515 3700 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] C:\WINDOWS\system32\drivers\rdpdr.sys
18:30:03.0515 3700 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
18:30:03.0515 3700 [ A540A99C281D933F3D69D55E48727F47 ] C:\WINDOWS\system32\drivers\termdd.sys
18:30:03.0515 3700 C:\WINDOWS\system32\drivers\termdd.sys - ok
18:30:03.0531 3700 [ 03C1BAE4766E2450219D20B993D6E046 ] C:\WINDOWS\system32\drivers\swenum.sys
18:30:03.0531 3700 C:\WINDOWS\system32\drivers\swenum.sys - ok
18:30:03.0531 3700 [ AFF2E5045961BBC0A602BB6F95EB1345 ] C:\WINDOWS\system32\drivers\update.sys
18:30:03.0531 3700 C:\WINDOWS\system32\drivers\update.sys - ok
18:30:03.0546 3700 [ 687AF6BB383885FF6A64071B189A7F3E ] C:\WINDOWS\system32\drivers\dtsoftbus01.sys
18:30:03.0546 3700 C:\WINDOWS\system32\drivers\dtsoftbus01.sys - ok
18:30:03.0546 3700 [ 469541F8BFD2B32659D5D463A6714BCE ] C:\WINDOWS\system32\drivers\mssmbios.sys
18:30:03.0546 3700 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
18:30:03.0562 3700 [ F44461E66F1B7DD267957FE9BAA63ED0 ] C:\WINDOWS\system32\drivers\ew_jubusenum.sys
18:30:03.0562 3700 C:\WINDOWS\system32\drivers\ew_jubusenum.sys - ok
18:30:03.0562 3700 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] C:\WINDOWS\system32\drivers\btport.sys
18:30:03.0562 3700 C:\WINDOWS\system32\drivers\btport.sys - ok
18:30:03.0578 3700 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] C:\WINDOWS\system32\drivers\kbdhid.sys
18:30:03.0578 3700 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
18:30:03.0578 3700 [ 59FC3FB44D2669BC144FD87826BB571F ] C:\WINDOWS\system32\drivers\ndproxy.sys
18:30:03.0578 3700 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
18:30:03.0578 3700 [ C72F40947F92CEA56A8FB532EDF025F1 ] C:\WINDOWS\system32\drivers\usbhub.sys
18:30:03.0578 3700 C:\WINDOWS\system32\drivers\usbhub.sys - ok
18:30:03.0593 3700 [ FF86422268DE771D571E123EB7092C6A ] C:\WINDOWS\system32\drivers\drmk.sys
18:30:03.0593 3700 C:\WINDOWS\system32\drivers\drmk.sys - ok
18:30:03.0593 3700 [ BC6B2BC69C1E009443E8B1FE2DB96101 ] C:\WINDOWS\system32\drivers\portcls.sys
18:30:03.0593 3700 C:\WINDOWS\system32\drivers\portcls.sys - ok
18:30:03.0609 3700 [ DC3489F1EF71AD75B34740D0E6979187 ] C:\WINDOWS\system32\drivers\sthda.sys
18:30:03.0609 3700 C:\WINDOWS\system32\drivers\sthda.sys - ok
18:30:03.0609 3700 [ 9277C31F1B10EA626C5EA06C5E73B04D ] C:\WINDOWS\system32\drivers\AESTAud.sys
18:30:03.0609 3700 C:\WINDOWS\system32\drivers\AESTAud.sys - ok
18:30:03.0609 3700 [ 38325C6AA8EAE011897D61CE48EC6435 ] C:\WINDOWS\system32\drivers\AGRSM.sys
18:30:03.0609 3700 C:\WINDOWS\system32\drivers\AGRSM.sys - ok
18:30:03.0625 3700 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] C:\WINDOWS\system32\drivers\modem.sys
18:30:03.0625 3700 C:\WINDOWS\system32\drivers\modem.sys - ok
18:30:03.0625 3700 [ CED2E8396A8838E59D8FD529C680E02C ] C:\WINDOWS\system32\drivers\fdc.sys
18:30:03.0625 3700 C:\WINDOWS\system32\drivers\fdc.sys - ok
18:30:03.0640 3700 [ 0DD1DE43115B93F4D85E889D7A86F548 ] C:\WINDOWS\system32\drivers\flpydisk.sys
18:30:03.0640 3700 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
18:30:03.0640 3700 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
18:30:03.0640 3700 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
18:30:03.0656 3700 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] C:\WINDOWS\system32\drivers\sfloppy.sys
18:30:03.0656 3700 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
18:30:03.0656 3700 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
18:30:03.0656 3700 C:\WINDOWS\system32\drivers\beep.sys - ok
18:30:03.0671 3700 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
18:30:03.0671 3700 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
18:30:03.0671 3700 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
18:30:03.0671 3700 C:\WINDOWS\system32\drivers\null.sys - ok
18:30:03.0671 3700 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] C:\WINDOWS\system32\drivers\vga.sys
18:30:03.0671 3700 C:\WINDOWS\system32\drivers\vga.sys - ok
18:30:03.0687 3700 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
18:30:03.0687 3700 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
18:30:03.0687 3700 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
18:30:03.0687 3700 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
18:30:03.0703 3700 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] C:\WINDOWS\system32\drivers\ipsec.sys
18:30:03.0703 3700 C:\WINDOWS\system32\drivers\ipsec.sys - ok
18:30:03.0703 3700 [ 561B3A4333CA2DBDBA28B5B956822519 ] C:\WINDOWS\system32\drivers\msfs.sys
18:30:03.0703 3700 C:\WINDOWS\system32\drivers\msfs.sys - ok
18:30:03.0718 3700 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] C:\WINDOWS\system32\drivers\npfs.sys
18:30:03.0718 3700 C:\WINDOWS\system32\drivers\npfs.sys - ok
18:30:03.0718 3700 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
18:30:03.0718 3700 C:\WINDOWS\system32\drivers\rasacd.sys - ok
18:30:03.0734 3700 [ 9F4B36614A0FC234525BA224957DE55C ] C:\WINDOWS\system32\drivers\tcpip.sys
18:30:03.0734 3700 C:\WINDOWS\system32\drivers\tcpip.sys - ok
18:30:03.0734 3700 [ 0C80E410CD2F47134407EE7DD19CC86B ] C:\WINDOWS\system32\drivers\netbt.sys
18:30:03.0734 3700 C:\WINDOWS\system32\drivers\netbt.sys - ok
18:30:03.0734 3700 [ B5A8E215AC29D24D60B4D1250EF05ACE ] C:\WINDOWS\system32\drivers\ipnat.sys
18:30:03.0734 3700 C:\WINDOWS\system32\drivers\ipnat.sys - ok
18:30:03.0750 3700 [ 984EF0B9788ABF89974CFED4BFBAACBC ] C:\WINDOWS\system32\drivers\wanarp.sys
18:30:03.0750 3700 C:\WINDOWS\system32\drivers\wanarp.sys - ok
18:30:03.0750 3700 [ 74051DA749E5E89A14DDAB5BA4A03A7F ] C:\WINDOWS\system32\drivers\epfwtdir.sys
18:30:03.0750 3700 C:\WINDOWS\system32\drivers\epfwtdir.sys - ok
18:30:03.0750 3700 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:30:03.0750 3700 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
18:30:03.0750 3700 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] C:\WINDOWS\system32\drivers\afd.sys
18:30:03.0750 3700 C:\WINDOWS\system32\drivers\afd.sys - ok
18:30:03.0765 3700 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] C:\WINDOWS\system32\drivers\netbios.sys
18:30:03.0765 3700 C:\WINDOWS\system32\drivers\netbios.sys - ok
18:30:03.0765 3700 [ 29D66245ADBA878FFF574CD66ABD2884 ] C:\WINDOWS\system32\drivers\rdbss.sys
18:30:03.0765 3700 C:\WINDOWS\system32\drivers\rdbss.sys - ok
18:30:03.0765 3700 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
18:30:03.0765 3700 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
18:30:03.0765 3700 [ C7C17BC80B7264322207ABC31F20EA84 ] C:\WINDOWS\system32\drivers\easdrv.sys
18:30:03.0765 3700 C:\WINDOWS\system32\drivers\easdrv.sys - ok
18:30:03.0765 3700 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] C:\WINDOWS\system32\drivers\fips.sys
18:30:03.0765 3700 C:\WINDOWS\system32\drivers\fips.sys - ok
18:30:03.0781 3700 [ BD7FB0957C716F1A60333AEE04DE2178 ] C:\WINDOWS\system32\smss.exe
18:30:03.0781 3700 C:\WINDOWS\system32\smss.exe - ok
18:30:03.0781 3700 [ BB5CBFFC096497506167BCE1D9690EF2 ] C:\WINDOWS\system32\ntdll.dll
18:30:03.0781 3700 C:\WINDOWS\system32\ntdll.dll - ok
18:30:03.0781 3700 [ B3415B9D6026F65E43089ABED096C38C ] C:\WINDOWS\system32\autochk.exe
18:30:03.0781 3700 C:\WINDOWS\system32\autochk.exe - ok
18:30:03.0781 3700 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] C:\WINDOWS\system32\drivers\usbccgp.sys
18:30:03.0781 3700 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
18:30:03.0796 3700 [ 8968FF3973A883C49E8B564200F565B9 ] C:\WINDOWS\system32\drivers\usbvideo.sys
18:30:03.0796 3700 C:\WINDOWS\system32\drivers\usbvideo.sys - ok
18:30:03.0796 3700 [ 1DE6783B918F540149AA69943BDFEBA8 ] C:\WINDOWS\system32\drivers\hidusb.sys
18:30:03.0796 3700 C:\WINDOWS\system32\drivers\hidusb.sys - ok
18:30:03.0796 3700 [ 30A609E00BD1D4FFC49D6B5A432BE7F2 ] C:\WINDOWS\system32\sfcfiles.dll
18:30:03.0796 3700 C:\WINDOWS\system32\sfcfiles.dll - ok
18:30:03.0796 3700 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
18:30:03.0796 3700 C:\WINDOWS\system32\drivers\mouhid.sys - ok
18:30:03.0796 3700 [ CD7D5152DF32B47F4E36F710B35AAE02 ] C:\WINDOWS\system32\drivers\cdfs.sys
18:30:03.0796 3700 C:\WINDOWS\system32\drivers\cdfs.sys - ok
18:30:03.0812 3700 [ C9BF2F12C4E6C12F8A85FBA4B6BC6208 ] C:\WINDOWS\system32\watchdog.sys
18:30:03.0812 3700 C:\WINDOWS\system32\watchdog.sys - ok
18:30:03.0812 3700 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
18:30:03.0812 3700 C:\WINDOWS\system32\drivers\dxapi.sys - ok
18:30:03.0812 3700 [ B74C69A810949E7A54DC688CAE662206 ] C:\WINDOWS\system32\win32k.sys
18:30:03.0812 3700 C:\WINDOWS\system32\win32k.sys - ok
18:30:03.0812 3700 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
18:30:03.0812 3700 C:\WINDOWS\system32\basesrv.dll - ok
18:30:03.0812 3700 [ D06EAA8B23BC1F671B11D18CFEA65115 ] C:\WINDOWS\system32\csrsrv.dll
18:30:03.0812 3700 C:\WINDOWS\system32\csrsrv.dll - ok
18:30:03.0828 3700 [ F12B178B1678D778CFD3FF1FC38C71FB ] C:\WINDOWS\system32\csrss.exe
18:30:03.0828 3700 C:\WINDOWS\system32\csrss.exe - ok
18:30:03.0828 3700 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
18:30:03.0828 3700 C:\WINDOWS\system32\winsrv.dll - ok
18:30:03.0828 3700 [ C72661F8552ACE7C5C85E16A3CF505C4 ] C:\WINDOWS\system32\user32.dll
18:30:03.0828 3700 C:\WINDOWS\system32\user32.dll - ok
18:30:03.0828 3700 [ 888190E31455FAD793312F8D087146EB ] C:\WINDOWS\system32\kernel32.dll
18:30:03.0828 3700 C:\WINDOWS\system32\kernel32.dll - ok
18:30:03.0843 3700 [ F5AEE133BF44521852819C2202D82453 ] C:\WINDOWS\system32\gdi32.dll
18:30:03.0843 3700 C:\WINDOWS\system32\gdi32.dll - ok
18:30:03.0843 3700 [ D3DAC8432110AAD0B02A58B4459AB835 ] C:\WINDOWS\system32\drivers\dxg.sys
18:30:03.0843 3700 C:\WINDOWS\system32\drivers\dxg.sys - ok
18:30:03.0843 3700 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
18:30:03.0843 3700 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
18:30:03.0843 3700 [ A7874AA4CC4DABA4040D0F8CC80E283D ] C:\WINDOWS\system32\igxpgd32.dll
18:30:03.0843 3700 C:\WINDOWS\system32\igxpgd32.dll - ok
18:30:03.0843 3700 [ A3EEE5EF565B1148B266CF4B395B0E0D ] C:\WINDOWS\system32\igxprd32.dll
18:30:03.0843 3700 C:\WINDOWS\system32\igxprd32.dll - ok
18:30:03.0843 3700 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
18:30:03.0859 3700 C:\WINDOWS\system32\vga.dll - ok
18:30:03.0859 3700 [ 9779777FCF1DFFB7AA66236F4EDDAEAD ] C:\WINDOWS\system32\igxpdv32.dll
18:30:03.0859 3700 C:\WINDOWS\system32\igxpdv32.dll - ok
18:30:03.0859 3700 [ 95FCC0AAA64E9C03E306508ED25137DE ] C:\WINDOWS\system32\igxpdx32.dll
18:30:03.0859 3700 C:\WINDOWS\system32\igxpdx32.dll - ok
18:30:03.0859 3700 [ 01C3346C241652F43AED8E2149881BFE ] C:\WINDOWS\system32\winlogon.exe
18:30:03.0859 3700 C:\WINDOWS\system32\winlogon.exe - ok
18:30:03.0859 3700 [ 1AFF244CA134956C54474F4E2433E4CE ] C:\WINDOWS\system32\advapi32.dll
18:30:03.0859 3700 C:\WINDOWS\system32\advapi32.dll - ok
18:30:03.0875 3700 [ 857AE842E5779194595C1AA6428690A2 ] C:\WINDOWS\system32\rpcrt4.dll
18:30:03.0875 3700 C:\WINDOWS\system32\rpcrt4.dll - ok
18:30:03.0875 3700 [ A3930A43856BD52772BA475648D6DB5B ] C:\WINDOWS\system32\authz.dll
18:30:03.0875 3700 C:\WINDOWS\system32\authz.dll - ok
18:30:03.0875 3700 [ B0FEFA816D61EC66AA765DDF534EAB5E ] C:\WINDOWS\system32\msvcrt.dll
18:30:03.0875 3700 C:\WINDOWS\system32\msvcrt.dll - ok
18:30:03.0875 3700 [ EFC958396A7A7EF7E6D4A52B97512E18 ] C:\WINDOWS\system32\crypt32.dll
18:30:03.0875 3700 C:\WINDOWS\system32\crypt32.dll - ok
18:30:03.0875 3700 [ 3CD1CE106CA2A9B4CC626D7DF03FBD6F ] C:\WINDOWS\system32\msasn1.dll
18:30:03.0875 3700 C:\WINDOWS\system32\msasn1.dll - ok
18:30:03.0890 3700 [ 458AB591E8CF240CC105A23671F2C3D6 ] C:\WINDOWS\system32\nddeapi.dll
18:30:03.0890 3700 C:\WINDOWS\system32\nddeapi.dll - ok
18:30:03.0890 3700 [ FE4F71711CF5C17ADE5E506348132D24 ] C:\WINDOWS\system32\profmap.dll
18:30:03.0890 3700 C:\WINDOWS\system32\profmap.dll - ok
18:30:03.0890 3700 [ CD3879812B56F0F7AEB38A3CBC79C81E ] C:\WINDOWS\system32\netapi32.dll
18:30:03.0890 3700 C:\WINDOWS\system32\netapi32.dll - ok
18:30:03.0890 3700 [ 2B9B56A89A8A42E917511972A6DB36E3 ] C:\WINDOWS\system32\userenv.dll
18:30:03.0890 3700 C:\WINDOWS\system32\userenv.dll - ok
18:30:03.0890 3700 [ 96E48C7EB9089D1DBF6F85CA11B264DF ] C:\WINDOWS\system32\psapi.dll
18:30:03.0890 3700 C:\WINDOWS\system32\psapi.dll - ok
18:30:03.0906 3700 [ 899ED710FDC37EB7D0115C2932C2B1EB ] C:\WINDOWS\system32\regapi.dll
18:30:03.0906 3700 C:\WINDOWS\system32\regapi.dll - ok
18:30:03.0906 3700 [ 81459CB8E975003AD28B8ABB8DFA8329 ] C:\WINDOWS\system32\secur32.dll
18:30:03.0906 3700 C:\WINDOWS\system32\secur32.dll - ok
18:30:03.0906 3700 [ 7808313CBC634EE08346D5DDFEF1CC5F ] C:\WINDOWS\system32\setupapi.dll
18:30:03.0906 3700 C:\WINDOWS\system32\setupapi.dll - ok
18:30:03.0906 3700 [ D38408967BE738D0C1B47005BCE8CEEB ] C:\WINDOWS\system32\version.dll
18:30:03.0906 3700 C:\WINDOWS\system32\version.dll - ok
18:30:03.0921 3700 [ 7BC4BA4C33ADF3EF5CD370D99BC60B04 ] C:\WINDOWS\system32\winsta.dll
18:30:03.0921 3700 C:\WINDOWS\system32\winsta.dll - ok
18:30:03.0921 3700 [ 5AFCE94E8286B2F57A04DA37F01BF21A ] C:\WINDOWS\system32\imagehlp.dll
18:30:03.0921 3700 C:\WINDOWS\system32\imagehlp.dll - ok
18:30:03.0921 3700 [ B015A20C60D2A751777A9C8207A7BA82 ] C:\WINDOWS\system32\wintrust.dll
18:30:03.0921 3700 C:\WINDOWS\system32\wintrust.dll - ok
18:30:03.0921 3700 [ 87CA7CE6469577F059297B9D6556D66D ] C:\WINDOWS\system32\imm32.dll
18:30:03.0921 3700 C:\WINDOWS\system32\imm32.dll - ok
18:30:03.0921 3700 [ 9BEACB911CA61E5881102188AB7FB431 ] C:\WINDOWS\system32\ws2help.dll
18:30:03.0921 3700 C:\WINDOWS\system32\ws2help.dll - ok
18:30:03.0937 3700 [ 2ED0B7F12A60F90092081C50FA0EC2B2 ] C:\WINDOWS\system32\ws2_32.dll
18:30:03.0937 3700 C:\WINDOWS\system32\ws2_32.dll - ok
18:30:03.0937 3700 [ 4FE9D9FA62D020E35E0AC6D1AEEB96F0 ] C:\WINDOWS\system32\ole32.dll
18:30:03.0937 3700 C:\WINDOWS\system32\ole32.dll - ok
18:30:03.0937 3700 [ FED30AFC65931E390B3C90DC63E29E42 ] C:\WINDOWS\system32\wininet.dll
18:30:03.0937 3700 C:\WINDOWS\system32\wininet.dll - ok
18:30:03.0937 3700 [ 3A7CAF09DECFD090C0C75828B1A7B401 ] C:\WINDOWS\system32\shlwapi.dll
18:30:03.0937 3700 C:\WINDOWS\system32\shlwapi.dll - ok
18:30:03.0937 3700 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
18:30:03.0937 3700 C:\WINDOWS\system32\normaliz.dll - ok
18:30:03.0953 3700 [ C9F48C6A6963BAB7D1B5D025212D8F36 ] C:\WINDOWS\system32\iertutil.dll
18:30:03.0953 3700 C:\WINDOWS\system32\iertutil.dll - ok
18:30:03.0953 3700 [ BCDF5F4BAE714231ECC916A1EF724627 ] C:\WINDOWS\system32\sxs.dll
18:30:03.0953 3700 C:\WINDOWS\system32\sxs.dll - ok
18:30:03.0953 3700 [ 5AF68A5E44734A082442668E9C787743 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
18:30:03.0953 3700 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll - ok
18:30:03.0953 3700 [ D5988A5048E4DC7175BCA9F29FC144AE ] C:\WINDOWS\system32\shell32.dll
18:30:03.0953 3700 C:\WINDOWS\system32\shell32.dll - ok
18:30:03.0968 3700 [ A77DFB85FAEE49D66C74DA6024EBC69B ] C:\WINDOWS\system32\comctl32.dll
18:30:03.0968 3700 C:\WINDOWS\system32\comctl32.dll - ok
18:30:03.0968 3700 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
18:30:03.0968 3700 C:\WINDOWS\system32\kbdus.dll - ok
18:30:03.0968 3700 [ 552221E92D6BF55F8358B927F00696C3 ] C:\WINDOWS\system32\kbdycl.dll
18:30:03.0968 3700 C:\WINDOWS\system32\kbdycl.dll - ok
18:30:03.0968 3700 [ A29AF639AA180CC68C59242A10E1D3B1 ] C:\WINDOWS\system32\msgina.dll
18:30:03.0968 3700 C:\WINDOWS\system32\msgina.dll - ok
18:30:03.0968 3700 [ F79D7D98CD764499ECCBAAF3F800D349 ] C:\WINDOWS\system32\odbc32.dll
18:30:03.0968 3700 C:\WINDOWS\system32\odbc32.dll - ok
18:30:03.0984 3700 [ 1EDB1BB89D021955E6F7265911175B8D ] C:\WINDOWS\system32\comdlg32.dll
18:30:03.0984 3700 C:\WINDOWS\system32\comdlg32.dll - ok
18:30:03.0984 3700 [ C237FB08F52F27823C4E4E6705ECD196 ] C:\WINDOWS\system32\odbcint.dll
18:30:03.0984 3700 C:\WINDOWS\system32\odbcint.dll - ok
18:30:03.0984 3700 [ E8A12A12EA9088B4327D49EDCA3ADD3E ] C:\WINDOWS\system32\sfc.dll
18:30:03.0984 3700 C:\WINDOWS\system32\sfc.dll - ok
18:30:03.0984 3700 [ E7518DC542D3EBDCB80EDD98462C7821 ] C:\WINDOWS\system32\shsvcs.dll
18:30:03.0984 3700 C:\WINDOWS\system32\shsvcs.dll - ok
18:30:03.0984 3700 [ 9858CC4D73A4CCF2F852FAE07C11A0B5 ] C:\WINDOWS\system32\sfc_os.dll
18:30:03.0984 3700 C:\WINDOWS\system32\sfc_os.dll - ok
18:30:04.0000 3700 [ ECA24AB73FCFFA754D4070CDB03529E3 ] C:\WINDOWS\system32\apphelp.dll
18:30:04.0000 3700 C:\WINDOWS\system32\apphelp.dll - ok
18:30:04.0000 3700 [ 84885F9B82F4D55C6146EBF6065D75D2 ] C:\WINDOWS\system32\lsass.exe
18:30:04.0000 3700 C:\WINDOWS\system32\lsass.exe - ok
18:30:04.0000 3700 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
18:30:04.0000 3700 C:\WINDOWS\system32\services.exe - ok
18:30:04.0000 3700 [ 9A42C1F3154545A4D32E5043038B01FA ] C:\WINDOWS\system32\scesrv.dll
18:30:04.0000 3700 C:\WINDOWS\system32\scesrv.dll - ok
18:30:04.0015 3700 [ 3BC20B8CF096F7D19B0236E934866098 ] C:\WINDOWS\system32\lsasrv.dll
18:30:04.0015 3700 C:\WINDOWS\system32\lsasrv.dll - ok
18:30:04.0015 3700 [ B43A92C15AE97C6E609C88129CFEE53B ] C:\WINDOWS\system32\umpnpmgr.dll
18:30:04.0015 3700 C:\WINDOWS\system32\umpnpmgr.dll - ok
18:30:04.0015 3700 [ DA201A0A309B96381FD674D0FAB5DA86 ] C:\WINDOWS\system32\ncobjapi.dll
18:30:04.0015 3700 C:\WINDOWS\system32\ncobjapi.dll - ok
18:30:04.0015 3700 [ 1F57EB5B92B2AC7F9D71A77D184D8C13 ] C:\WINDOWS\system32\msvcp60.dll
18:30:04.0015 3700 C:\WINDOWS\system32\msvcp60.dll - ok
18:30:04.0015 3700 [ E15154E7FDA8A580A8F74C7CC16B1FFE ] C:\WINDOWS\system32\samsrv.dll
18:30:04.0015 3700 C:\WINDOWS\system32\samsrv.dll - ok
18:30:04.0031 3700 [ 43DA983415EA533F9E667FDB415F4655 ] C:\WINDOWS\system32\shimeng.dll
18:30:04.0031 3700 C:\WINDOWS\system32\shimeng.dll - ok
18:30:04.0031 3700 [ FB537F29A827D78F756154CF397A113F ] C:\WINDOWS\AppPatch\AcGenral.dll
18:30:04.0031 3700 C:\WINDOWS\AppPatch\AcGenral.dll - ok
18:30:04.0031 3700 [ EF5B64A9CD71ED27E837165C08DA4CC1 ] C:\WINDOWS\system32\cryptdll.dll
18:30:04.0031 3700 C:\WINDOWS\system32\cryptdll.dll - ok
18:30:04.0031 3700 [ C76735BFB7214907B4590DD35AE64A79 ] C:\WINDOWS\system32\dnsapi.dll
18:30:04.0031 3700 C:\WINDOWS\system32\dnsapi.dll - ok
18:30:04.0031 3700 [ EBE12F403FDE45E7312E7BF764BFB6C6 ] C:\WINDOWS\system32\samlib.dll
18:30:04.0031 3700 C:\WINDOWS\system32\samlib.dll - ok
18:30:04.0046 3700 [ 2CFE80AA3428C09E6DE67FAC50DA65CF ] C:\WINDOWS\system32\mpr.dll
18:30:04.0046 3700 C:\WINDOWS\system32\mpr.dll - ok
18:30:04.0046 3700 [ 6201BACF384292A5FE94CE73364AE53A ] C:\WINDOWS\system32\ntdsapi.dll
18:30:04.0046 3700 C:\WINDOWS\system32\ntdsapi.dll - ok
18:30:04.0046 3700 [ 10F36FA092D7A309A0647FCDC764AE6C ] C:\WINDOWS\system32\wldap32.dll
18:30:04.0046 3700 C:\WINDOWS\system32\wldap32.dll - ok
18:30:04.0046 3700 [ B3742DEE858B243E77C73D2B8F7C8223 ] C:\WINDOWS\system32\oleaut32.dll
18:30:04.0046 3700 C:\WINDOWS\system32\oleaut32.dll - ok
18:30:04.0062 3700 [ 90FDAA22F38D9E911F91FA3B8A1F7E5D ] C:\WINDOWS\system32\winmm.dll
18:30:04.0062 3700 C:\WINDOWS\system32\winmm.dll - ok
18:30:04.0062 3700 [ 975D12353B1D525C0F3444C447FB3B9A ] C:\WINDOWS\system32\msacm32.dll
18:30:04.0062 3700 C:\WINDOWS\system32\msacm32.dll - ok
18:30:04.0062 3700 [ 2CDE496666A975A2CE8F969F3042C8DB ] C:\WINDOWS\system32\uxtheme.dll
18:30:04.0062 3700 C:\WINDOWS\system32\uxtheme.dll - ok
18:30:04.0062 3700 [ 29632E787DCFC0085A555C681EB82693 ] C:\WINDOWS\system32\schannel.dll
18:30:04.0062 3700 C:\WINDOWS\system32\schannel.dll - ok
18:30:04.0062 3700 [ D87041EAA67ECA4394F6D5D09C0C2885 ] C:\WINDOWS\system32\MSCTFIME.IME
18:30:04.0062 3700 C:\WINDOWS\system32\MSCTFIME.IME - ok
18:30:04.0078 3700 [ 6BEC17053284E847CF1FBB8C9A181E1E ] C:\WINDOWS\system32\msprivs.dll
18:30:04.0078 3700 C:\WINDOWS\system32\msprivs.dll - ok
18:30:04.0078 3700 [ 940813D4CA9193D6C1A0BA10E0ED9B4E ] C:\WINDOWS\system32\kerberos.dll
18:30:04.0078 3700 C:\WINDOWS\system32\kerberos.dll - ok
18:30:04.0078 3700 [ 77C41F9146450C89534704A75836CE56 ] C:\WINDOWS\system32\msv1_0.dll
18:30:04.0078 3700 C:\WINDOWS\system32\msv1_0.dll - ok
18:30:04.0078 3700 [ 42A1912DBDF8BCC087A1CAE008DB060C ] C:\WINDOWS\system32\iphlpapi.dll
18:30:04.0078 3700 C:\WINDOWS\system32\iphlpapi.dll - ok
18:30:04.0078 3700 [ 96353FCECBA774BB8DA74A1C6507015A ] C:\WINDOWS\system32\netlogon.dll
18:30:04.0078 3700 C:\WINDOWS\system32\netlogon.dll - ok
18:30:04.0093 3700 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] C:\WINDOWS\system32\w32time.dll
18:30:04.0093 3700 C:\WINDOWS\system32\w32time.dll - ok
18:30:04.0093 3700 [ A8B82C5D30B7AB937E164AB349478FBA ] C:\WINDOWS\system32\wdigest.dll
18:30:04.0093 3700 C:\WINDOWS\system32\wdigest.dll - ok
18:30:04.0093 3700 [ 26ACBD865F8CFF730F1791C4D0854352 ] C:\WINDOWS\system32\rsaenh.dll
18:30:04.0093 3700 C:\WINDOWS\system32\rsaenh.dll - ok
18:30:04.0093 3700 [ 7BCB23FA39CE266AF4347A6BEAB60F8C ] C:\WINDOWS\system32\winscard.dll
18:30:04.0093 3700 C:\WINDOWS\system32\winscard.dll - ok
18:30:04.0093 3700 [ 67F2D109AB373FECEB819F420DB11F03 ] C:\WINDOWS\system32\wtsapi32.dll
18:30:04.0093 3700 C:\WINDOWS\system32\wtsapi32.dll - ok
18:30:04.0109 3700 [ 0F78E27F563F2AAF74B91A49E2ABF19A ] C:\WINDOWS\system32\scecli.dll
18:30:04.0109 3700 C:\WINDOWS\system32\scecli.dll - ok
18:30:04.0109 3700 [ 8F078AE4ED187AAABC0A305146DE6716 ] C:\WINDOWS\system32\svchost.exe
18:30:04.0109 3700 C:\WINDOWS\system32\svchost.exe - ok
18:30:04.0109 3700 [ DAA91B358E685FC6CCA9ACA72BE6FE85 ] C:\WINDOWS\system32\ntmarta.dll
18:30:04.0109 3700 C:\WINDOWS\system32\ntmarta.dll - ok
18:30:04.0109 3700 [ 5C83A4408604F737717AB96371201680 ] C:\WINDOWS\system32\rpcss.dll
18:30:04.0109 3700 C:\WINDOWS\system32\rpcss.dll - ok
18:30:04.0109 3700 [ 1320AEA7057A26A671D9548CC7BEBDA5 ] C:\WINDOWS\system32\xpsp2res.dll
18:30:04.0125 3700 C:\WINDOWS\system32\xpsp2res.dll - ok
18:30:04.0125 3700 [ 82B24CB70E5944E6E34662205A2A5B78 ] C:\WINDOWS\system32\eventlog.dll
18:30:04.0125 3700 C:\WINDOWS\system32\eventlog.dll - ok
18:30:04.0125 3700 [ 4E74AF063C3271FBEA20DD940CFD1184 ] C:\WINDOWS\system32\mswsock.dll
18:30:04.0125 3700 C:\WINDOWS\system32\mswsock.dll - ok
18:30:04.0125 3700 [ 765B30C776A1780B46B479FE614F707C ] C:\WINDOWS\system32\hnetcfg.dll
18:30:04.0125 3700 C:\WINDOWS\system32\hnetcfg.dll - ok
18:30:04.0125 3700 [ A7F95A53EE055115DF03588997A47D4D ] C:\WINDOWS\system32\wshtcpip.dll
18:30:04.0125 3700 C:\WINDOWS\system32\wshtcpip.dll - ok
18:30:04.0140 3700 [ 2C8FDB176F22629EA5342DB474FAC391 ] C:\WINDOWS\system32\winrnr.dll
18:30:04.0140 3700 C:\WINDOWS\system32\winrnr.dll - ok
18:30:04.0140 3700 [ 4CAEC028C1E21C75E17877D4522D3DB4 ] C:\WINDOWS\system32\rasadhlp.dll
18:30:04.0140 3700 C:\WINDOWS\system32\rasadhlp.dll - ok
18:30:04.0140 3700 [ 7DB59FFF2AF32C27EB2276424FA5EDDB ] C:\WINDOWS\system32\logonui.exe
18:30:04.0140 3700 C:\WINDOWS\system32\logonui.exe - ok
18:30:04.0140 3700 [ ED7E847905DD2797565B4B695E92F42B ] C:\WINDOWS\system32\duser.dll
18:30:04.0140 3700 C:\WINDOWS\system32\duser.dll - ok
18:30:04.0140 3700 [ B5331F2B6F37C66C29C847F3B94FF900 ] C:\WINDOWS\system32\msimg32.dll
18:30:04.0140 3700 C:\WINDOWS\system32\msimg32.dll - ok
18:30:04.0156 3700 [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
18:30:04.0156 3700 C:\WINDOWS\system32\oleacc.dll - ok
18:30:04.0156 3700 [ 34D6CD56409DA9A7ED573E1C90A308BF ] C:\WINDOWS\system32\drivers\ndisuio.sys
18:30:04.0156 3700 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
18:30:04.0156 3700 [ CB6CA3E5261D65F6F809EED23BF167AA ] C:\WINDOWS\system32\dhcpcsvc.dll
18:30:04.0156 3700 C:\WINDOWS\system32\dhcpcsvc.dll - ok
18:30:04.0156 3700 [ E26F50A92EE564F21C30501AA6173676 ] C:\WINDOWS\system32\clbcatq.dll
18:30:04.0156 3700 C:\WINDOWS\system32\clbcatq.dll - ok
18:30:04.0156 3700 [ 587729679B4FE04CE06A5C61D6C56DCD ] C:\WINDOWS\system32\cscdll.dll
18:30:04.0156 3700 C:\WINDOWS\system32\cscdll.dll - ok
18:30:04.0171 3700 [ A599E5E366C1408E48AA5D37882D4E3E ] C:\WINDOWS\system32\wlnotify.dll
18:30:04.0171 3700 C:\WINDOWS\system32\wlnotify.dll - ok
18:30:04.0171 3700 [ 777EB29D0135D81AD9828A2B05443496 ] C:\WINDOWS\system32\winspool.drv
18:30:04.0171 3700 C:\WINDOWS\system32\winspool.drv - ok
18:30:04.0171 3700 [ 6728270CB7DBB776ED086F5AC4C82310 ] C:\WINDOWS\system32\comres.dll
18:30:04.0171 3700 C:\WINDOWS\system32\comres.dll - ok
18:30:04.0171 3700 [ 1D3A8A40F8045100A3E35C5F9BC6C5DE ] C:\WINDOWS\system32\shgina.dll
18:30:04.0171 3700 C:\WINDOWS\system32\shgina.dll - ok
18:30:04.0187 3700 [ 7379DE06FD196E396A00AA97B990C00D ] C:\WINDOWS\system32\dnsrslvr.dll
18:30:04.0187 3700 C:\WINDOWS\system32\dnsrslvr.dll - ok
18:30:04.0187 3700 [ B3EFF6D938C572E90A07B3D87A3C7657 ] C:\WINDOWS\system32\lmhsvc.dll
18:30:04.0187 3700 C:\WINDOWS\system32\lmhsvc.dll - ok
18:30:04.0187 3700 [ 5A91E6FEAB9F901302FA7FF768C0120F ] C:\WINDOWS\system32\wzcsvc.dll
18:30:04.0187 3700 C:\WINDOWS\system32\wzcsvc.dll - ok
18:30:04.0187 3700 [ 2030FA027E7C3E0A145649C03171457B ] C:\WINDOWS\system32\rtutils.dll
18:30:04.0187 3700 C:\WINDOWS\system32\rtutils.dll - ok
18:30:04.0187 3700 [ A57B8ACD54AFBE482042C285C2767EBF ] C:\WINDOWS\system32\esent.dll
18:30:04.0187 3700 C:\WINDOWS\system32\esent.dll - ok
18:30:04.0203 3700 [ E682696D7F982494A8CFC80C5B59D422 ] C:\WINDOWS\system32\wmi.dll
18:30:04.0203 3700 C:\WINDOWS\system32\wmi.dll - ok
18:30:04.0203 3700 [ 2D40EDB9BF811590DAD7406DEC67B926 ] C:\WINDOWS\system32\atl.dll
18:30:04.0203 3700 C:\WINDOWS\system32\atl.dll - ok
18:30:04.0203 3700 [ ADEAC063A3757E8FBC242BB4414D632B ] C:\WINDOWS\system32\rastls.dll
18:30:04.0203 3700 C:\WINDOWS\system32\rastls.dll - ok
18:30:04.0203 3700 [ 4AC302BF714DC163E685D0A187A36D0F ] C:\WINDOWS\system32\cryptui.dll
18:30:04.0203 3700 C:\WINDOWS\system32\cryptui.dll - ok
18:30:04.0203 3700 [ 875D770F477E0AE0088BE1810D537B23 ] C:\WINDOWS\system32\activeds.dll
18:30:04.0203 3700 C:\WINDOWS\system32\activeds.dll - ok
18:30:04.0218 3700 [ 9F78F329B1858E845087B923B4DBA0F3 ] C:\WINDOWS\system32\mprapi.dll
18:30:04.0218 3700 C:\WINDOWS\system32\mprapi.dll - ok
18:30:04.0218 3700 [ 12A581CA44E53B09D24C5B94F252C78D ] C:\WINDOWS\system32\adsldpc.dll
18:30:04.0218 3700 C:\WINDOWS\system32\adsldpc.dll - ok
18:30:04.0218 3700 [ CD1F7ED9842138BEADF9ECBF37818BEF ] C:\WINDOWS\system32\rasapi32.dll
18:30:04.0218 3700 C:\WINDOWS\system32\rasapi32.dll - ok
18:30:04.0218 3700 [ 30E244A707E6CE0A4B099CD6384EC6CA ] C:\WINDOWS\system32\rasman.dll
18:30:04.0218 3700 C:\WINDOWS\system32\rasman.dll - ok
18:30:04.0234 3700 [ 6307A1B82F6CA87D7E0CDF49E6E7BC00 ] C:\WINDOWS\system32\tapi32.dll
18:30:04.0234 3700 C:\WINDOWS\system32\tapi32.dll - ok
18:30:04.0234 3700 [ A0BC687A49542C40EB60B7308F454E8A ] C:\WINDOWS\system32\riched20.dll
18:30:04.0234 3700 C:\WINDOWS\system32\riched20.dll - ok
18:30:04.0234 3700 [ 0346DA24DE3C85909717D5997510A31F ] C:\WINDOWS\system32\mlang.dll
18:30:04.0234 3700 C:\WINDOWS\system32\mlang.dll - ok
18:30:04.0234 3700 [ 1B0F0FC350C77B62A4B927810E53B2BF ] C:\WINDOWS\system32\raschap.dll
18:30:04.0234 3700 C:\WINDOWS\system32\raschap.dll - ok
18:30:04.0234 3700 [ 59E9857ABC6C62AF55EB29FA68354805 ] C:\WINDOWS\system32\xmlprovi.dll
18:30:04.0234 3700 C:\WINDOWS\system32\xmlprovi.dll - ok
18:30:04.0250 3700 [ 9A9BBC71D0EBCD400A33ABCD5F0AB39C ] C:\WINDOWS\system32\wzcsapi.dll
18:30:04.0250 3700 C:\WINDOWS\system32\wzcsapi.dll - ok
18:30:04.0250 3700 [ 92360854316611F6CC471612213C3D92 ] C:\WINDOWS\system32\schedsvc.dll
18:30:04.0250 3700 C:\WINDOWS\system32\schedsvc.dll - ok
18:30:04.0250 3700 [ 249817F51C84D283E96E6B2580D21FFD ] C:\WINDOWS\system32\msidle.dll
18:30:04.0250 3700 C:\WINDOWS\system32\msidle.dll - ok
18:30:04.0250 3700 [ 7435B108B935E42EA92CA94F59C8E717 ] C:\WINDOWS\system32\spoolsv.exe
18:30:04.0250 3700 C:\WINDOWS\system32\spoolsv.exe - ok
18:30:04.0265 3700 [ DB66DB626E4882EBEF55F136F12C1829 ] C:\WINDOWS\system32\audiosrv.dll
18:30:04.0265 3700 C:\WINDOWS\system32\audiosrv.dll - ok
18:30:04.0265 3700 [ 2C0A7B2AE9C26F2C163627679B42783C ] C:\WINDOWS\system32\wkssvc.dll
18:30:04.0265 3700 C:\WINDOWS\system32\wkssvc.dll - ok
18:30:04.0265 3700 [ 51230212AE7F8159A90F06A7EA30DD8A ] C:\WINDOWS\system32\cscui.dll
18:30:04.0265 3700 C:\WINDOWS\system32\cscui.dll - ok
18:30:04.0265 3700 [ 1B5F6923ABB450692E9FE0672C897AED ] C:\WINDOWS\system32\powrprof.dll
18:30:04.0265 3700 C:\WINDOWS\system32\powrprof.dll - ok
18:30:04.0281 3700 [ D6A8DC8C374EEA24744F2D4E87CA0E7E ] C:\WINDOWS\system32\wdmaud.drv
18:30:04.0281 3700 C:\WINDOWS\system32\wdmaud.drv - ok
18:30:04.0281 3700 [ F7FC12EDD4F0C19490D37AF9570C50F8 ] C:\WINDOWS\system32\dpcdll.dll
18:30:04.0281 3700 C:\WINDOWS\system32\dpcdll.dll - ok
18:30:04.0281 3700 [ 650AD082D46BAC0E64C9C0E0928492FD ] C:\WINDOWS\system32\drivers\sysaudio.sys
18:30:04.0281 3700 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
18:30:04.0281 3700 [ 2797F33EBF50466020C430EE4F037933 ] C:\WINDOWS\system32\drivers\wdmaud.sys
18:30:04.0281 3700 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
18:30:04.0281 3700 [ 8E186B8F23295D1E42C573B82B80D548 ] C:\WINDOWS\system32\drivers\splitter.sys
18:30:04.0281 3700 C:\WINDOWS\system32\drivers\splitter.sys - ok
18:30:04.0296 3700 [ 841F385C6CFAF66B58FBD898722BB4F0 ] C:\WINDOWS\system32\drivers\aec.sys
18:30:04.0296 3700 C:\WINDOWS\system32\drivers\aec.sys - ok
18:30:04.0296 3700 [ 41985A89C51EDFB62AB4E13B0A130885 ] C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
18:30:04.0296 3700 C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe - ok
18:30:04.0296 3700 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] C:\WINDOWS\system32\drivers\swmidi.sys
18:30:04.0296 3700 C:\WINDOWS\system32\drivers\swmidi.sys - ok
18:30:04.0296 3700 [ 39B1FFB03C2296323832ACBAE50D2AFF ] C:\WINDOWS\system32\userinit.exe
18:30:04.0296 3700 C:\WINDOWS\system32\userinit.exe - ok
18:30:04.0296 3700 [ A6F881284AC1150E37D9AE47FF601267 ] C:\WINDOWS\system32\drivers\DMusic.sys
18:30:04.0296 3700 C:\WINDOWS\system32\drivers\DMusic.sys - ok
18:30:04.0312 3700 [ D93CAD07C5683DB066B0B2D2D3790EAD ] C:\WINDOWS\system32\drivers\kmixer.sys
18:30:04.0312 3700 C:\WINDOWS\system32\drivers\kmixer.sys - ok
18:30:04.0312 3700 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] C:\WINDOWS\system32\drivers\drmkaud.sys
18:30:04.0312 3700 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
18:30:04.0312 3700 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
18:30:04.0312 3700 C:\WINDOWS\system32\msacm32.drv - ok
18:30:04.0312 3700 [ 3B4702155BB2AE9DC00C06A68834BDFA ] C:\WINDOWS\system32\midimap.dll
18:30:04.0312 3700 C:\WINDOWS\system32\midimap.dll - ok
18:30:04.0328 3700 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\WINDOWS\system32\msvcr100.dll
18:30:04.0328 3700 C:\WINDOWS\system32\msvcr100.dll - ok
18:30:04.0328 3700 [ BC83108B18756547013ED443B8CDB31B ] C:\WINDOWS\system32\msvcp100.dll
18:30:04.0328 3700 C:\WINDOWS\system32\msvcp100.dll - ok
18:30:04.0328 3700 [ A0732187050030AE399B241436565E64 ] C:\WINDOWS\explorer.exe
18:30:04.0328 3700 C:\WINDOWS\explorer.exe - ok
18:30:04.0328 3700 [ E4247FE49BA0C3C3EEB740955F8FE748 ] C:\Program Files\RealNetworks\RealDownloader\Common\hxmedpltfm.dll
18:30:04.0328 3700 C:\Program Files\RealNetworks\RealDownloader\Common\hxmedpltfm.dll - ok
18:30:04.0343 3700 [ E91EBA5C6642962A03437326760C031F ] C:\Program Files\RealNetworks\RealDownloader\RCAPlugins\upgrade.dll
18:30:04.0343 3700 C:\Program Files\RealNetworks\RealDownloader\RCAPlugins\upgrade.dll - ok
18:30:04.0343 3700 [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\system32\msi.dll
18:30:04.0343 3700 C:\WINDOWS\system32\msi.dll - ok
18:30:04.0343 3700 [ B99FF349BF53BD91FBDDCD6B1EDE8980 ] C:\WINDOWS\system32\browseui.dll
18:30:04.0343 3700 C:\WINDOWS\system32\browseui.dll - ok
18:30:04.0343 3700 [ B60C03B66ED6DB016478822F7980471C ] C:\Program Files\RealNetworks\RealDownloader\RCAPlugins\rpsharedcomponents.dll
18:30:04.0343 3700 C:\Program Files\RealNetworks\RealDownloader\RCAPlugins\rpsharedcomponents.dll - ok
18:30:04.0343 3700 [ 559B2D22A1EE947A7EAED530C7FF9320 ] C:\WINDOWS\system32\shdocvw.dll
18:30:04.0343 3700 C:\WINDOWS\system32\shdocvw.dll - ok
18:30:04.0359 3700 [ 78BDC89C5D9E206209BEC5A5A73F91F7 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
18:30:04.0359 3700 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll - ok
18:30:04.0359 3700 [ 786DD1892B553EFE5A004AC39775C851 ] C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
18:30:04.0359 3700 C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL - ok
18:30:04.0359 3700 [ 6814B25C2B339B9F509063FECA36601A ] C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.dll
18:30:04.0359 3700 C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.dll - ok
18:30:04.0359 3700 [ 1C4D0F52B4238B9388F2A28DD0903588 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
18:30:04.0359 3700 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll - ok
18:30:04.0375 3700 [ EBFC4D631D9DA54CAA2DEB6808E196AD ] C:\PROGRA~1\MICROS~2\Office12\GrooveNew.dll
18:30:04.0375 3700 C:\PROGRA~1\MICROS~2\Office12\GrooveNew.dll - ok
18:30:04.0375 3700 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
18:30:04.0375 3700 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll - ok
18:30:04.0375 3700 [ E931B4DD87DFACE46468FD506FDCD262 ] C:\WINDOWS\system32\desk.cpl
18:30:04.0375 3700 C:\WINDOWS\system32\desk.cpl - ok
18:30:04.0375 3700 [ E6796D51CED309E46D29C0B787735615 ] C:\WINDOWS\system32\themeui.dll
18:30:04.0375 3700 C:\WINDOWS\system32\themeui.dll - ok
18:30:04.0390 3700 [ 13510490BEA0997DB625DAA0178CBFCA ] C:\WINDOWS\system32\actxprxy.dll
18:30:04.0390 3700 C:\WINDOWS\system32\actxprxy.dll - ok
18:30:04.0390 3700 [ BD25E3537B54C1BFF40335992B3686FD ] C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
18:30:04.0390 3700 C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL - ok
18:30:04.0390 3700 [ A92E56268D85F2CD3D1F652A115D3F11 ] C:\WINDOWS\system32\urlmon.dll
18:30:04.0390 3700 C:\WINDOWS\system32\urlmon.dll - ok
18:30:04.0390 3700 [ 6C043A37D47D92CD9C0AFEFFB89F96AF ] C:\WINDOWS\system32\msxml3.dll
18:30:04.0390 3700 C:\WINDOWS\system32\msxml3.dll - ok
18:30:04.0406 3700 [ EA82A55F22654FBEDCBD82D2D4305B45 ] C:\WINDOWS\system32\winhttp.dll
18:30:04.0406 3700 C:\WINDOWS\system32\winhttp.dll - ok
18:30:04.0406 3700 [ EEB024F2C81F0D55936FB825D21A91D6 ] C:\WINDOWS\system32\cmd.exe
18:30:04.0406 3700 C:\WINDOWS\system32\cmd.exe - ok
18:30:04.0406 3700 [ 1B8783A1D8BEC0FC0AE75EB12346B539 ] C:\WINDOWS\system32\ieframe.dll
18:30:04.0406 3700 C:\WINDOWS\system32\ieframe.dll - ok
18:30:04.0406 3700 [ 46EDCC8F2DB2F322C24F48785CB46366 ] C:\WINDOWS\system32\drivers\mrxdav.sys
18:30:04.0406 3700 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
18:30:04.0421 3700 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] C:\WINDOWS\system32\webclnt.dll
18:30:04.0421 3700 C:\WINDOWS\system32\webclnt.dll - ok
18:30:04.0421 3700 [ 29744EB4CE659DFE3B4122DEB45BC478 ] C:\WINDOWS\system32\drivers\parport.sys
18:30:04.0421 3700 C:\WINDOWS\system32\drivers\parport.sys - ok
18:30:04.0421 3700 [ CD9404D115A00D249F70A371B46D5A26 ] C:\WINDOWS\system32\drivers\serial.sys
18:30:04.0421 3700 C:\WINDOWS\system32\drivers\serial.sys - ok
18:30:04.0421 3700 [ 8ED60797908FD394EEE0D6949F493224 ] C:\WINDOWS\system32\agrsmsvc.exe
18:30:04.0421 3700 C:\WINDOWS\system32\agrsmsvc.exe - ok
18:30:04.0421 3700 [ CAD4AA32E7ECA00C23CC39C0EB833F9D ] C:\WINDOWS\system32\cryptnet.dll
18:30:04.0421 3700 C:\WINDOWS\system32\cryptnet.dll - ok
18:30:04.0437 3700 [ 6E205319848B8AF2A0DA52B8D63DB91E ] C:\WINDOWS\system32\sensapi.dll
18:30:04.0437 3700 C:\WINDOWS\system32\sensapi.dll - ok
18:30:04.0437 3700 [ 08F0190AE201EC331B4CA3B0FA2D2CCE ] C:\WINDOWS\system32\cabinet.dll
18:30:04.0437 3700 C:\WINDOWS\system32\cabinet.dll - ok
18:30:04.0437 3700 [ 7A25AD652A3003B8854E873A3324E672 ] C:\WINDOWS\system32\drivers\eamon.sys
18:30:04.0437 3700 C:\WINDOWS\system32\drivers\eamon.sys - ok
18:30:04.0437 3700 [ D5D4124827086BA54F6BFE75CE330531 ] C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
18:30:04.0437 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - ok
18:30:04.0453 3700 [ AD44C5BC21213F394F6AFCB55CC39293 ] C:\WINDOWS\system32\certcli.dll
18:30:04.0453 3700 C:\WINDOWS\system32\certcli.dll - ok
18:30:04.0453 3700 [ 10654F9DDCEA9C46CFB77554231BE73B ] C:\WINDOWS\system32\cryptsvc.dll
18:30:04.0453 3700 C:\WINDOWS\system32\cryptsvc.dll - ok
18:30:04.0453 3700 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] C:\WINDOWS\system32\dmserver.dll
18:30:04.0453 3700 C:\WINDOWS\system32\dmserver.dll - ok
18:30:04.0453 3700 [ E1F3AB2CC3521E68F242FB4D60C52AE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
18:30:04.0453 3700 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll - ok
18:30:04.0468 3700 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] C:\WINDOWS\system32\ersvc.dll
18:30:04.0468 3700 C:\WINDOWS\system32\ersvc.dll - ok
18:30:04.0468 3700 [ 41ECC0A28FFEFF16837A2574B86EF8BC ] C:\Program Files\GameTracker\GSInGameService.exe
18:30:04.0468 3700 C:\Program Files\GameTracker\GSInGameService.exe - ok
18:30:04.0468 3700 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] C:\WINDOWS\system32\es.dll
18:30:04.0468 3700 C:\WINDOWS\system32\es.dll - ok
18:30:04.0468 3700 [ 4D03CA609E68F4C90CF66515218017F8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
18:30:04.0468 3700 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll - ok
18:30:04.0484 3700 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
18:30:04.0484 3700 C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe - ok
18:30:04.0484 3700 [ 8827911A8C37E40C027CBFC88E69D967 ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
18:30:04.0484 3700 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
18:30:04.0484 3700 [ 0A5709543986843D37A92290B7838340 ] C:\Program Files\Java\jre6\bin\jqs.exe
18:30:04.0484 3700 C:\Program Files\Java\jre6\bin\jqs.exe - ok
18:30:04.0484 3700 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
18:30:04.0484 3700 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
18:30:04.0500 3700 [ 5F74A7A9AFBF875B719CABFEFC3FE3E8 ] C:\WINDOWS\system32\pdh.dll
18:30:04.0500 3700 C:\WINDOWS\system32\pdh.dll - ok
18:30:04.0500 3700 [ 7AA15CCBE1DD20339200659AF99D588F ] C:\WINDOWS\system32\odbcbcp.dll
18:30:04.0500 3700 C:\WINDOWS\system32\odbcbcp.dll - ok
18:30:04.0500 3700 [ 93D32468D34E000CB3407947D1D6E22A ] C:\WINDOWS\system32\srvsvc.dll
18:30:04.0500 3700 C:\WINDOWS\system32\srvsvc.dll - ok
18:30:04.0500 3700 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
18:30:04.0500 3700 C:\WINDOWS\system32\netmsg.dll - ok
18:30:04.0515 3700 [ 1713D9DE407313138118D501B0E3C05B ] C:\WINDOWS\system32\PnkBstrA.exe
18:30:04.0515 3700 C:\WINDOWS\system32\PnkBstrA.exe - ok
18:30:04.0515 3700 [ FC77C63C47AE2D0D8B05DA6EC1785C0F ] C:\WINDOWS\system32\perfos.dll
18:30:04.0515 3700 C:\WINDOWS\system32\perfos.dll - ok
18:30:04.0515 3700 [ BA868A32EB6EB8EBD2FF0D8679801DEF ] C:\WINDOWS\system32\perfdisk.dll
18:30:04.0515 3700 C:\WINDOWS\system32\perfdisk.dll - ok
18:30:04.0515 3700 [ DAB9E6C7105D2EF49876FE92C524F565 ] C:\WINDOWS\system32\netman.dll
18:30:04.0515 3700 C:\WINDOWS\system32\netman.dll - ok
18:30:04.0531 3700 [ BF52A4D4EB4CFB3109667E429B93E21A ] C:\WINDOWS\system32\netshell.dll
18:30:04.0531 3700 C:\WINDOWS\system32\netshell.dll - ok
18:30:04.0531 3700 [ 1ECB753D7CEEC8F5A94C9781CA64EC44 ] C:\WINDOWS\system32\credui.dll
18:30:04.0531 3700 C:\WINDOWS\system32\credui.dll - ok
18:30:04.0531 3700 [ 20B7E396720353E4117D64D9DCB926CA ] C:\WINDOWS\system32\drivers\srv.sys
18:30:04.0531 3700 C:\WINDOWS\system32\drivers\srv.sys - ok
18:30:04.0531 3700 [ 53AF9F2B2CE4B6EFF41C70417359D010 ] C:\WINDOWS\system32\wsock32.dll
18:30:04.0531 3700 C:\WINDOWS\system32\wsock32.dll - ok
18:30:04.0546 3700 [ D1E299962B5956005113EC4AB1E0D9B7 ] C:\WINDOWS\system32\ipsecsvc.dll
18:30:04.0546 3700 C:\WINDOWS\system32\ipsecsvc.dll - ok
18:30:04.0546 3700 [ A76128BE63EEA6A3AF521A0576D3EBF7 ] C:\WINDOWS\system32\oakley.dll
18:30:04.0546 3700 C:\WINDOWS\system32\oakley.dll - ok
18:30:04.0546 3700 [ F38405956C690AF82CF913FD66E658A1 ] C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
18:30:04.0546 3700 C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe - ok
18:30:04.0546 3700 [ 2B2F31E3F2CE3723C1B0F3700C8BE28B ] C:\WINDOWS\system32\winipsec.dll
18:30:04.0546 3700 C:\WINDOWS\system32\winipsec.dll - ok
18:30:04.0546 3700 [ 306B30A036DB25FCB76B507FEDE07D58 ] C:\WINDOWS\system32\pstorsvc.dll
18:30:04.0546 3700 C:\WINDOWS\system32\pstorsvc.dll - ok
18:30:04.0562 3700 [ 4D3CCDF22D2B4BAE229BA73B81D13E26 ] C:\WINDOWS\system32\psbase.dll
18:30:04.0562 3700 C:\WINDOWS\system32\psbase.dll - ok
18:30:04.0562 3700 [ CACD2C63A79268D131EA37E85524CC44 ] C:\WINDOWS\system32\dssenh.dll
18:30:04.0562 3700 C:\WINDOWS\system32\dssenh.dll - ok
18:30:04.0562 3700 [ BB6FBEBEBBD14429021F2851A60D8546 ] C:\WINDOWS\system32\drivers\secdrv.sys
18:30:04.0562 3700 C:\WINDOWS\system32\drivers\secdrv.sys - ok
18:30:04.0562 3700 [ 3151427DB7D87107D1C5BE58FAC53960 ] C:\WINDOWS\system32\regsvc.dll
18:30:04.0562 3700 C:\WINDOWS\system32\regsvc.dll - ok
18:30:04.0578 3700 [ B1E0CE09895376871746F36DC5773B4F ] C:\WINDOWS\system32\seclogon.dll
18:30:04.0578 3700 C:\WINDOWS\system32\seclogon.dll - ok
18:30:04.0578 3700 [ DFD9870CF39C791D86C4C209DA9FA919 ] C:\WINDOWS\system32\sens.dll
18:30:04.0578 3700 C:\WINDOWS\system32\sens.dll - ok
18:30:04.0578 3700 [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files\Skype\Updater\Updater.exe
18:30:04.0578 3700 C:\Program Files\Skype\Updater\Updater.exe - ok
18:30:04.0578 3700 [ 10D6B0450E146BD625C2356EAA80C363 ] C:\Program Files\GameTracker\GSHookHelper.dll
18:30:04.0578 3700 C:\Program Files\GameTracker\GSHookHelper.dll - ok
18:30:04.0593 3700 [ C354183F2F9187513718E3505BD32727 ] C:\Program Files\Java\jre6\bin\awt.dll
18:30:04.0593 3700 C:\Program Files\Java\jre6\bin\awt.dll - ok
18:30:04.0593 3700 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] C:\WINDOWS\system32\srsvc.dll
18:30:04.0593 3700 C:\WINDOWS\system32\srsvc.dll - ok
18:30:04.0593 3700 [ BD3C0ABD9EE3562A49F458D9FB491C6D ] C:\Program Files\Java\jre6\bin\client\jvm.dll
18:30:04.0593 3700 C:\Program Files\Java\jre6\bin\client\jvm.dll - ok
18:30:04.0593 3700 [ 3959A4C6DD8FF8B50602C482A22DBD5A ] C:\Program Files\Java\jre6\bin\dcpr.dll
18:30:04.0593 3700 C:\Program Files\Java\jre6\bin\dcpr.dll - ok
18:30:04.0609 3700 [ C42C71D8376DE670A5054F47F9150653 ] C:\Program Files\Java\jre6\bin\deploy.dll
18:30:04.0609 3700 C:\Program Files\Java\jre6\bin\deploy.dll - ok
18:30:04.0609 3700 [ 52991F4748C6FDAA4BFCB83BBB1C250A ] C:\Program Files\Java\jre6\bin\fontmanager.dll
18:30:04.0609 3700 C:\Program Files\Java\jre6\bin\fontmanager.dll - ok
18:30:04.0609 3700 [ 60AC73EB57682F361E07AE26A62DFD6A ] C:\Program Files\Telenor Internet\UpdateDog\ouc.exe
18:30:04.0609 3700 C:\Program Files\Telenor Internet\UpdateDog\ouc.exe - ok
18:30:04.0609 3700 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] C:\WINDOWS\system32\tapisrv.dll
18:30:04.0609 3700 C:\WINDOWS\system32\tapisrv.dll - ok
18:30:04.0625 3700 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] C:\WINDOWS\system32\wiaservc.dll
18:30:04.0625 3700 C:\WINDOWS\system32\wiaservc.dll - ok
18:30:04.0625 3700 [ 54405A2FAC6A9A494C055F92EA3D72FF ] C:\Program Files\Java\jre6\bin\hpi.dll
18:30:04.0625 3700 C:\Program Files\Java\jre6\bin\hpi.dll - ok
18:30:04.0625 3700 [ EFBBE3005DFBC4B740804B2DE2118B17 ] C:\Program Files\Java\jre6\bin\java.dll
18:30:04.0625 3700 C:\Program Files\Java\jre6\bin\java.dll - ok
18:30:04.0625 3700 [ 554E6CE596BBA78D581560A4F00B8333 ] C:\Program Files\Java\jre6\bin\javaw.exe
18:30:04.0625 3700 C:\Program Files\Java\jre6\bin\javaw.exe - ok
18:30:04.0625 3700 [ 8EC78028DA1AA8432EC50953A36182C6 ] C:\Program Files\Java\jre6\bin\jp2native.dll
18:30:04.0625 3700 C:\Program Files\Java\jre6\bin\jp2native.dll - ok
18:30:04.0640 3700 [ 0FCB11B39AF688035E1CDE754684EE5C ] C:\WINDOWS\system32\cfgmgr32.dll
18:30:04.0640 3700 C:\WINDOWS\system32\cfgmgr32.dll - ok
18:30:04.0640 3700 [ E8A45791EF55E93137EFCC0EEAE2B938 ] C:\WINDOWS\system32\mscms.dll
18:30:04.0640 3700 C:\WINDOWS\system32\mscms.dll - ok
18:30:04.0640 3700 [ D529CF9C5947F35D93B22658178C0197 ] C:\Program Files\Java\jre6\bin\jpeg.dll
18:30:04.0640 3700 C:\Program Files\Java\jre6\bin\jpeg.dll - ok
18:30:04.0640 3700 [ DBDA60D92E774B4ACB3B1CD71F909426 ] C:\Program Files\Telenor Internet\UpdateDog\mingwm10.dll
18:30:04.0640 3700 C:\Program Files\Telenor Internet\UpdateDog\mingwm10.dll - ok
18:30:04.0656 3700 [ C4B4409F186DA70FCF2BCC60D5F05489 ] C:\Program Files\Telenor Internet\UpdateDog\libgcc_s_dw2-1.dll
18:30:04.0656 3700 C:\Program Files\Telenor Internet\UpdateDog\libgcc_s_dw2-1.dll - ok
18:30:04.0656 3700 [ FB398D88FF38A97E069E9DFB44D84FC6 ] C:\Program Files\Telenor Internet\UpdateDog\QtCore4.dll
18:30:04.0656 3700 C:\Program Files\Telenor Internet\UpdateDog\QtCore4.dll - ok
18:30:04.0656 3700 [ 59B5902DE78621E7ED90C89579024974 ] C:\Program Files\Java\jre6\bin\net.dll
18:30:04.0656 3700 C:\Program Files\Java\jre6\bin\net.dll - ok
18:30:04.0656 3700 [ A58BC88BD84D6D2325CA2475F94AFA37 ] C:\Program Files\Telenor Internet\UpdateDog\QtNetwork4.dll
18:30:04.0656 3700 C:\Program Files\Telenor Internet\UpdateDog\QtNetwork4.dll - ok
18:30:04.0671 3700 [ 7BECD62D950174417987353869FFD1F8 ] C:\Program Files\Java\jre6\bin\nio.dll
18:30:04.0671 3700 C:\Program Files\Java\jre6\bin\nio.dll - ok
18:30:04.0671 3700 [ D9DC1EE68466A3023D094694F37B5DC8 ] C:\Program Files\Java\jre6\bin\regutils.dll
18:30:04.0671 3700 C:\Program Files\Java\jre6\bin\regutils.dll - ok
18:30:04.0671 3700 [ 39DD0C97932CDFDCF006569E1A942728 ] C:\WINDOWS\system32\wiavusd.dll
18:30:04.0671 3700 C:\WINDOWS\system32\wiavusd.dll - ok
18:30:04.0671 3700 [ 7C8F371C924DAA376217E553378275BA ] C:\WINDOWS\system32\shfolder.dll
18:30:04.0671 3700 C:\WINDOWS\system32\shfolder.dll - ok
18:30:04.0687 3700 [ 78E824973A67192DD52A720083B0318D ] C:\Program Files\Java\jre6\bin\verify.dll
18:30:04.0687 3700 C:\Program Files\Java\jre6\bin\verify.dll - ok
18:30:04.0687 3700 [ B63B4053B8F025D290326A49784F0BA9 ] C:\Program Files\Java\jre6\bin\zip.dll
18:30:04.0687 3700 C:\Program Files\Java\jre6\bin\zip.dll - ok
18:30:04.0687 3700 [ 60AC73EB57682F361E07AE26A62DFD6A ] C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\ouc.exe
18:30:04.0687 3700 C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\ouc.exe - ok
18:30:04.0687 3700 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] C:\WINDOWS\system32\trkwks.dll
18:30:04.0687 3700 C:\WINDOWS\system32\trkwks.dll - ok
18:30:04.0703 3700 [ B8401A8BBFA8A75E713D3D465AAA54A8 ] C:\WINDOWS\system32\wuaueng.dll
18:30:04.0703 3700 C:\WINDOWS\system32\wuaueng.dll - ok
18:30:04.0703 3700 [ 13D72740963CBA12D9FF76A7F218BCD8 ] C:\WINDOWS\system32\wuauserv.dll
18:30:04.0703 3700 C:\WINDOWS\system32\wuauserv.dll - ok
18:30:04.0703 3700 [ CA4224E30A58EA61E8C69F345BEDF95D ] C:\WINDOWS\system32\advpack.dll
18:30:04.0703 3700 C:\WINDOWS\system32\advpack.dll - ok
18:30:04.0703 3700 [ 633C197292B4051D986903827DE561A3 ] C:\WINDOWS\system32\mspatcha.dll
18:30:04.0703 3700 C:\WINDOWS\system32\mspatcha.dll - ok
18:30:04.0718 3700 [ F399242A80C4066FD155EFA4CF96658E ] C:\WINDOWS\system32\wbem\wmisvc.dll
18:30:04.0718 3700 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
18:30:04.0718 3700 [ 79DABB124D00ADF19852AE879C201890 ] C:\WINDOWS\system32\vssapi.dll
18:30:04.0718 3700 C:\WINDOWS\system32\vssapi.dll - ok
18:30:04.0718 3700 [ 41A3C11E3517C962C9B44893BCEC3B34 ] C:\WINDOWS\system32\rasmans.dll
18:30:04.0718 3700 C:\WINDOWS\system32\rasmans.dll - ok
18:30:04.0718 3700 [ E3AE8DC04643850D2DFD431443558B28 ] C:\WINDOWS\system32\netcfgx.dll
18:30:04.0718 3700 C:\WINDOWS\system32\netcfgx.dll - ok
18:30:04.0734 3700 [ DBDA60D92E774B4ACB3B1CD71F909426 ] C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\mingwm10.dll
18:30:04.0734 3700 C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\mingwm10.dll - ok
18:30:04.0734 3700 [ C4B4409F186DA70FCF2BCC60D5F05489 ] C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\libgcc_s_dw2-1.dll
18:30:04.0734 3700 C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\libgcc_s_dw2-1.dll - ok
18:30:04.0734 3700 [ FB398D88FF38A97E069E9DFB44D84FC6 ] C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\QtCore4.dll
18:30:04.0734 3700 C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\QtCore4.dll - ok
18:30:04.0734 3700 [ 98C1FF6676E02D43DA208802286A6EE7 ] C:\WINDOWS\system32\clusapi.dll
18:30:04.0734 3700 C:\WINDOWS\system32\clusapi.dll - ok
18:30:04.0750 3700 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] C:\WINDOWS\system32\browser.dll
18:30:04.0750 3700 C:\WINDOWS\system32\browser.dll - ok
18:30:04.0750 3700 [ 36CC8C01B5E50163037BEF56CB96DEFF ] C:\WINDOWS\system32\ipnathlp.dll
18:30:04.0750 3700 C:\WINDOWS\system32\ipnathlp.dll - ok
18:30:04.0750 3700 [ A58BC88BD84D6D2325CA2475F94AFA37 ] C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\QtNetwork4.dll
18:30:04.0750 3700 C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\QtNetwork4.dll - ok
18:30:04.0750 3700 [ 4D59DAA66C60858CDF4F67A900F42D4A ] C:\WINDOWS\system32\wscsvc.dll
18:30:04.0750 3700 C:\WINDOWS\system32\wscsvc.dll - ok
18:30:04.0765 3700 [ 851547797C2A7F8A04841644C471A567 ] C:\WINDOWS\system32\wbem\wbemprox.dll
18:30:04.0765 3700 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
18:30:04.0765 3700 [ 4E39C36213E95FB971A61A247BDE2F61 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
18:30:04.0765 3700 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
18:30:04.0765 3700 [ 652603D2A664D9BFC1D5EB0A9FAEA016 ] C:\WINDOWS\system32\comsvcs.dll
18:30:04.0765 3700 C:\WINDOWS\system32\comsvcs.dll - ok
18:30:04.0765 3700 [ 5CBD40C1A866FEDF82951DF3868948F4 ] C:\WINDOWS\system32\mtxclu.dll
18:30:04.0765 3700 C:\WINDOWS\system32\mtxclu.dll - ok
18:30:04.0781 3700 [ 201E12371ECD2BA04AB78B2AD5575C9E ] C:\WINDOWS\system32\colbact.dll
18:30:04.0781 3700 C:\WINDOWS\system32\colbact.dll - ok
18:30:04.0781 3700 [ 2738C8A33FF07DD3C99C7C8F0A85DA72 ] C:\WINDOWS\system32\resutils.dll
18:30:04.0781 3700 C:\WINDOWS\system32\resutils.dll - ok
18:30:04.0781 3700 [ 36360B625D7290BBA2CD03AD4975E1BC ] C:\WINDOWS\system32\wbem\wbemcore.dll
18:30:04.0781 3700 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
18:30:04.0781 3700 [ DE578E4E6844954823FC7688625F00C8 ] C:\WINDOWS\system32\wbem\esscli.dll
18:30:04.0781 3700 C:\WINDOWS\system32\wbem\esscli.dll - ok
18:30:04.0796 3700 [ C28500101BC66FDABD830F8DE51A59A0 ] C:\WINDOWS\system32\wbem\fastprox.dll
18:30:04.0796 3700 C:\WINDOWS\system32\wbem\fastprox.dll - ok
18:30:04.0796 3700 [ 1D536BEBC30DD8D0D3B6FF3B0CD2D32B ] C:\WINDOWS\system32\rastapi.dll
18:30:04.0796 3700 C:\WINDOWS\system32\rastapi.dll - ok
18:30:04.0796 3700 [ 7D676AC8CC19341117C77C261647BA07 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
18:30:04.0796 3700 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
18:30:04.0796 3700 [ 1DFD6E8DA0FE2D14A5FA12CFCFB162C1 ] C:\WINDOWS\system32\unimdm.tsp
18:30:04.0796 3700 C:\WINDOWS\system32\unimdm.tsp - ok
18:30:04.0812 3700 [ 3AB4213BF48F9062E087B909832AA8E6 ] C:\WINDOWS\system32\uniplat.dll
18:30:04.0812 3700 C:\WINDOWS\system32\uniplat.dll - ok
18:30:04.0812 3700 [ 0A1161DB4FCCF7821736C70D70A0F5A3 ] C:\WINDOWS\system32\wbem\wmiutils.dll
18:30:04.0812 3700 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
18:30:04.0812 3700 [ 9A66728EFE501D855D0FFE3DE023CE32 ] C:\WINDOWS\system32\wbem\repdrvfs.dll
18:30:04.0812 3700 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
18:30:04.0812 3700 [ 2BAE241D2322221EE1E5E1AEBE84B215 ] C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\QueryStrategy.dll
18:30:04.0812 3700 C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\QueryStrategy.dll - ok
18:30:04.0812 3700 [ 31C6C1938413D13EB37AEAB83939BF49 ] C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\QtXml4.dll
18:30:04.0812 3700 C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\QtXml4.dll - ok
18:30:04.0828 3700 [ 4126D27CECE4471E00E425411F7306B5 ] C:\WINDOWS\system32\wuauclt.exe
18:30:04.0828 3700 C:\WINDOWS\system32\wuauclt.exe - ok
18:30:04.0828 3700 [ 2DBFBD419C332E4361E35528E611B0A0 ] C:\WINDOWS\system32\unimdmat.dll
18:30:04.0828 3700 C:\WINDOWS\system32\unimdmat.dll - ok
18:30:04.0828 3700 [ 5EB4B3A7F2F736DF61206982A8A1F694 ] C:\WINDOWS\system32\modemui.dll
18:30:04.0828 3700 C:\WINDOWS\system32\modemui.dll - ok
18:30:04.0828 3700 [ 1F080CCC567D222A2DCB7CC285C6A7AD ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
18:30:04.0828 3700 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
18:30:04.0843 3700 [ 6708E1DDF12CAB2D5B5A2B66B76E0038 ] C:\WINDOWS\system32\wbem\wbemess.dll
18:30:04.0843 3700 C:\WINDOWS\system32\wbem\wbemess.dll - ok
18:30:04.0843 3700 [ 7735385C0FA821961F9A1EBA94F2AC98 ] C:\WINDOWS\system32\kmddsp.tsp
18:30:04.0843 3700 C:\WINDOWS\system32\kmddsp.tsp - ok
18:30:04.0843 3700 [ 37D7005A87F6405DEA87F50098CE03F7 ] C:\WINDOWS\system32\ndptsp.tsp
18:30:04.0843 3700 C:\WINDOWS\system32\ndptsp.tsp - ok
18:30:04.0843 3700 [ A4C40AF21BF9F90E08A3C1DD0DC79E0B ] C:\WINDOWS\system32\ipconf.tsp
18:30:04.0843 3700 C:\WINDOWS\system32\ipconf.tsp - ok
18:30:04.0859 3700 [ 49361F295DF887AC32CD660CA94ACAA5 ] C:\WINDOWS\system32\h323.tsp
18:30:04.0859 3700 C:\WINDOWS\system32\h323.tsp - ok
18:30:04.0859 3700 [ 83168270F2E73A20E981B0F38A34958F ] C:\WINDOWS\system32\hidphone.tsp
18:30:04.0859 3700 C:\WINDOWS\system32\hidphone.tsp - ok
18:30:04.0859 3700 [ 18AFEE0EDE045B6255408D634372DC29 ] C:\WINDOWS\system32\hid.dll
18:30:04.0859 3700 C:\WINDOWS\system32\hid.dll - ok
18:30:04.0859 3700 [ 04ECEC0447F79419AD25227205B8277D ] C:\WINDOWS\system32\rasppp.dll
18:30:04.0859 3700 C:\WINDOWS\system32\rasppp.dll - ok
18:30:04.0875 3700 [ 454AFC473106D220062142F62E25B571 ] C:\WINDOWS\system32\wuaucpl.cpl
18:30:04.0875 3700 C:\WINDOWS\system32\wuaucpl.cpl - ok
18:30:04.0875 3700 [ C5EF2A4F6CB968B3119B43F43C64A1A6 ] C:\WINDOWS\system32\ntlsapi.dll
18:30:04.0875 3700 C:\WINDOWS\system32\ntlsapi.dll - ok
18:30:04.0875 3700 [ 1A2B18F59FA3D73AF731A046DB0F781A ] C:\WINDOWS\system32\wuapi.dll
18:30:04.0875 3700 C:\WINDOWS\system32\wuapi.dll - ok
18:30:04.0875 3700 [ 6AE613FFF9F9DFEE552652662BFABE41 ] C:\WINDOWS\system32\wbem\ncprov.dll
18:30:04.0875 3700 C:\WINDOWS\system32\wbem\ncprov.dll - ok
18:30:04.0875 3700 [ 59C3BF4E879D4ACA8268F9CE9926E6EC ] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
18:30:04.0875 3700 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe - ok
18:30:04.0890 3700 [ D18D28CEF9FEA09359C7DE7BE3669F66 ] C:\WINDOWS\system32\wbem\wbemcons.dll
18:30:04.0890 3700 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
18:30:04.0890 3700 [ F4BFB897EF3D76F18D1461BE048AF7A1 ] C:\WINDOWS\system32\wups.dll
18:30:04.0890 3700 C:\WINDOWS\system32\wups.dll - ok
18:30:04.0890 3700 [ 748C898B132D37187AACE7C19849FC67 ] C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
18:30:04.0890 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll - ok
18:30:04.0890 3700 [ B61CF090F99137C761EE81EC07A7086B ] C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
18:30:04.0890 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll - ok
18:30:04.0906 3700 [ 7F29B4CD000376CCC226F1180BDC1826 ] C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
18:30:04.0906 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll - ok
18:30:04.0906 3700 [ BBBAB58F30F6634674856085265A4E32 ] C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
18:30:04.0906 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll - ok
18:30:04.0906 3700 [ 591C12301D2A14A7077F5B2BF774949A ] C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
18:30:04.0906 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll - ok
18:30:04.0906 3700 [ 5748F6E9A70F8D0740E82AAFFC756E7E ] C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll
18:30:04.0906 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll - ok
18:30:04.0921 3700 [ 76D9DA47CFCB8F27BA1F37816B24088A ] C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
18:30:04.0921 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll - ok
18:30:04.0921 3700 [ 77AEC6E05519D29C6BF797C042EE38AB ] C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll
18:30:04.0921 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll - ok
18:30:04.0921 3700 [ 073D3351182C00BAE9663461FFB7B489 ] C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
18:30:04.0921 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll - ok
18:30:04.0921 3700 [ B60C877D16D9C880B952FDA04ADF16E6 ] C:\WINDOWS\system32\termsrv.dll
18:30:04.0921 3700 C:\WINDOWS\system32\termsrv.dll - ok
18:30:04.0937 3700 [ 37E7DB460A5315E4609B212C6C014527 ] C:\WINDOWS\system32\icaapi.dll
18:30:04.0937 3700 C:\WINDOWS\system32\icaapi.dll - ok
18:30:04.0937 3700 [ F5EE7CACD1784241F138A5E55B715897 ] C:\WINDOWS\system32\mstlsapi.dll
18:30:04.0937 3700 C:\WINDOWS\system32\mstlsapi.dll - ok
18:30:04.0937 3700 [ F1958FBF86D5C004CF19A5951A9514B7 ] C:\WINDOWS\system32\alg.exe
18:30:04.0937 3700 C:\WINDOWS\system32\alg.exe - ok
18:30:04.0937 3700 [ 87B85BC1E1F6E0228876204A20A9C24C ] C:\WINDOWS\system32\spoolss.dll
18:30:04.0937 3700 C:\WINDOWS\system32\spoolss.dll - ok
18:30:04.0953 3700 [ 71D3D970127D939A4BB062B5040B6EBA ] C:\WINDOWS\system32\localspl.dll
18:30:04.0953 3700 C:\WINDOWS\system32\localspl.dll - ok
18:30:04.0953 3700 [ 7105749E78925FDFFD078DD54A8C2B70 ] C:\WINDOWS\system32\cnbjmon.dll
18:30:04.0953 3700 C:\WINDOWS\system32\cnbjmon.dll - ok
18:30:04.0953 3700 [ 633A6CE0CEC6132FF2F675D8E185E5D5 ] C:\WINDOWS\system32\bthcrp.dll
18:30:04.0953 3700 C:\WINDOWS\system32\bthcrp.dll - ok
18:30:04.0953 3700 [ D935EE463CD5390DBAA8066983F90BB2 ] C:\WINDOWS\system32\WidcommSdk.dll
18:30:04.0953 3700 C:\WINDOWS\system32\WidcommSdk.dll - ok
18:30:04.0968 3700 [ B9FB94A7F49445C0EDC6EB2E3A4582BD ] C:\WINDOWS\system32\wbtapi.dll
18:30:04.0968 3700 C:\WINDOWS\system32\wbtapi.dll - ok
18:30:04.0968 3700 [ 4602907535FD682195DFFF9117365826 ] C:\WINDOWS\system32\mfc42.dll
18:30:04.0968 3700 C:\WINDOWS\system32\mfc42.dll - ok
18:30:04.0968 3700 [ C44BC10BA73575C91FF50CDAF4D8E370 ] C:\WINDOWS\system32\pjlmon.dll
18:30:04.0968 3700 C:\WINDOWS\system32\pjlmon.dll - ok
18:30:04.0968 3700 [ DAD1CEF1B77539B4EF734A1041CF95ED ] C:\WINDOWS\system32\mstask.dll
18:30:04.0968 3700 C:\WINDOWS\system32\mstask.dll - ok
18:30:04.0984 3700 [ B9B3F6D8B8F1E0029C58B304632A729B ] C:\WINDOWS\system32\msonpmon.dll
18:30:04.0984 3700 C:\WINDOWS\system32\msonpmon.dll - ok
18:30:04.0984 3700 [ A3F853629F7F2537157EA6EA9857EA56 ] C:\WINDOWS\system32\tcpmon.dll
18:30:04.0984 3700 C:\WINDOWS\system32\tcpmon.dll - ok
18:30:04.0984 3700 [ 242D07D7FC72AD897944BFF932D57C3C ] C:\WINDOWS\system32\usbmon.dll
18:30:04.0984 3700 C:\WINDOWS\system32\usbmon.dll - ok
18:30:04.0984 3700 [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
18:30:04.0984 3700 C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
18:30:05.0000 3700 [ 49911DD39E023BB6C45E4E436CFBD297 ] C:\WINDOWS\system32\wscntfy.exe
18:30:05.0000 3700 C:\WINDOWS\system32\wscntfy.exe - ok
18:30:05.0000 3700 [ A1C10F87248529173F39F4B4734DF14B ] C:\WINDOWS\system32\win32spl.dll
18:30:05.0000 3700 C:\WINDOWS\system32\win32spl.dll - ok
18:30:05.0000 3700 [ 84A5644AE4731202A4A02E6342D29BA6 ] C:\WINDOWS\system32\netrap.dll
18:30:05.0000 3700 C:\WINDOWS\system32\netrap.dll - ok
18:30:05.0000 3700 [ F14A6BD840E4D7CD4C0535CB3CEF2887 ] C:\WINDOWS\system32\inetpp.dll
18:30:05.0000 3700 C:\WINDOWS\system32\inetpp.dll - ok
18:30:05.0000 3700 [ 738DA178569E63952F37C7F18A8CF393 ] C:\WINDOWS\system32\pstorec.dll
18:30:05.0000 3700 C:\WINDOWS\system32\pstorec.dll - ok
18:30:05.0015 3700 [ F0AF09B4781F4935FDB49AFA87C90FA9 ] C:\WINDOWS\system32\faultrep.dll
18:30:05.0015 3700 C:\WINDOWS\system32\faultrep.dll - ok
18:30:05.0015 3700 [ C9F5E1DE6DA983E89E714ED80C11F000 ] C:\WINDOWS\system32\drwtsn32.exe
18:30:05.0015 3700 C:\WINDOWS\system32\drwtsn32.exe - ok
18:30:05.0015 3700 [ 06848C5A1674FE6C9B7E9CA9B5B4E6E5 ] C:\WINDOWS\system32\dbgeng.dll
18:30:05.0015 3700 C:\WINDOWS\system32\dbgeng.dll - ok
18:30:05.0015 3700 [ 6479A184873F7CA797FF0375D711E9A6 ] C:\WINDOWS\system32\dbghelp.dll
18:30:05.0015 3700 C:\WINDOWS\system32\dbghelp.dll - ok
18:30:05.0015 3700 [ 5F71E0264847981412EBE7D1B422317C ] C:\WINDOWS\system32\exts.dll
18:30:05.0015 3700 C:\WINDOWS\system32\exts.dll - ok
18:30:05.0031 3700 [ 3225C2BCBCAF3F0D994DADC82112E233 ] C:\WINDOWS\system32\ntsdexts.dll
18:30:05.0031 3700 C:\WINDOWS\system32\ntsdexts.dll - ok
18:30:05.0031 3700 [ 28BD3128DD85EEBA6AEF9A15D25B2346 ] C:\WINDOWS\system32\wbem\wmiadap.exe
18:30:05.0031 3700 C:\WINDOWS\system32\wbem\wmiadap.exe - ok
18:30:05.0031 3700 [ 12015D13E67466EFA2C3B1092CD7D5A4 ] C:\WINDOWS\system32\loadperf.dll
18:30:05.0031 3700 C:\WINDOWS\system32\loadperf.dll - ok
18:30:05.0031 3700 [ 075EA6C849AB0FE416A3D6DD65C3CF41 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
18:30:05.0031 3700 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
18:30:05.0046 3700 [ F6416F767308A26E1419413B18D0ECFD ] C:\WINDOWS\system32\wbem\wmiprov.dll
18:30:05.0046 3700 C:\WINDOWS\system32\wbem\wmiprov.dll - ok
18:30:05.0046 3700 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\C2D5E817-17A0-49B7-BB68-4985487DD7D6.exe
18:30:05.0046 3700 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\C2D5E817-17A0-49B7-BB68-4985487DD7D6.exe - ok
18:30:05.0046 3700 [ 2B6D3630EB32B562E6763370CE35D730 ] C:\WINDOWS\system32\MSCTF.dll
18:30:05.0046 3700 C:\WINDOWS\system32\MSCTF.dll - ok
18:30:05.0046 3700 [ 9EEA0CA999A33C9D2EABE82E4C624CC3 ] C:\WINDOWS\system32\msutb.dll
18:30:05.0046 3700 C:\WINDOWS\system32\msutb.dll - ok
18:30:05.0046 3700 [ C2BBD044C741EA4292016C36F718D2E4 ] C:\WINDOWS\system32\linkinfo.dll
18:30:05.0046 3700 C:\WINDOWS\system32\linkinfo.dll - ok
18:30:05.0062 3700 [ 385E9AEC6E100DBEBEE5BD1F27A55E1D ] C:\WINDOWS\system32\ntshrui.dll
18:30:05.0062 3700 C:\WINDOWS\system32\ntshrui.dll - ok
18:30:05.0062 3700 [ 38D198A2DD54A67120040566A38103BA ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
18:30:05.0062 3700 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - ok
18:30:05.0062 3700 [ 96D4ECD27FEEF7F5F23A8518EEE2F591 ] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
18:30:05.0062 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - ok
18:30:05.0062 3700 [ 8112D0DACAE746290FC87B3A980FA719 ] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
18:30:05.0062 3700 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe - ok
18:30:05.0062 3700 [ 7DEFF8426E7B2EFEF67F9D94D55A67FC ] C:\Program Files\Winamp\winampa.exe
18:30:05.0062 3700 C:\Program Files\Winamp\winampa.exe - ok
18:30:05.0078 3700 [ 8FB740D758B14B1BC950CC347C21E461 ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
18:30:05.0078 3700 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - ok
18:30:05.0078 3700 [ AC04E26828895435AFA7379E27780BC7 ] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
18:30:05.0078 3700 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe - ok
18:30:05.0078 3700 [ 067410FCDC491DF989D0142724262BA9 ] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
18:30:05.0078 3700 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe - ok
18:30:05.0078 3700 [ 38E9341BAF93C9125BB338DCE840E1F8 ] C:\WINDOWS\system32\igfxpers.exe
18:30:05.0078 3700 C:\WINDOWS\system32\igfxpers.exe - ok
18:30:05.0093 3700 [ 11D1ECF3257258DF1D6D2DF424C2D92B ] C:\WINDOWS\system32\igfxtray.exe
18:30:05.0093 3700 C:\WINDOWS\system32\igfxtray.exe - ok
18:30:05.0093 3700 [ 0600CB2613BEA0C6C0987B58D56D77B9 ] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
18:30:05.0093 3700 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
18:30:05.0093 3700 [ 1ABF80D4F4941ECEE600AEC768173523 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
18:30:05.0093 3700 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
18:30:05.0093 3700 [ A64B2C3C698F2362FAD8D9357C9AAE83 ] C:\WINDOWS\system32\AESTFltr.exe
18:30:05.0093 3700 C:\WINDOWS\system32\AESTFltr.exe - ok
18:30:05.0093 3700 [ 651335DF54C9D07DAEE5D34A976EB401 ] C:\WINDOWS\system32\hkcmd.exe
18:30:05.0093 3700 C:\WINDOWS\system32\hkcmd.exe - ok
18:30:05.0109 3700 [ C99248B969A799B771F484CD68BCB96E ] C:\WINDOWS\system32\mscoree.dll
18:30:05.0109 3700 C:\WINDOWS\system32\mscoree.dll - ok
18:30:05.0109 3700 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:30:05.0109 3700 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
18:30:05.0109 3700 [ 98A078F838A70F84E1BD490D7C7675F4 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
18:30:05.0109 3700 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
18:30:05.0109 3700 [ 86F0D0B3A07C142C81DAB47E8495A822 ] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
18:30:05.0109 3700 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe - ok
18:30:05.0109 3700 [ 3225369E73FC336C7C7824EA53B26AD5 ] C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL
18:30:05.0109 3700 C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL - ok
18:30:05.0125 3700 [ 317C54DCAB9EE29CD4B9F55D197A90D1 ] C:\WINDOWS\system32\msisip.dll
18:30:05.0125 3700 C:\WINDOWS\system32\msisip.dll - ok
18:30:05.0125 3700 [ ADCFBA92C21CCC3F3D0AB7AFE576A3B1 ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
18:30:05.0125 3700 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
18:30:05.0125 3700 [ A42C79BF8C1921CE37DAF0C2AD708CCD ] C:\WINDOWS\system32\wshext.dll
18:30:05.0125 3700 C:\WINDOWS\system32\wshext.dll - ok
18:30:05.0125 3700 [ 4C9793CCB8D6734667A6F1AC050E8C1F ] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
18:30:05.0125 3700 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - ok
18:30:05.0125 3700 [ 89F7C30A91E5581BDF14C62AB46A2B2D ] C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
18:30:05.0125 3700 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - ok
18:30:05.0140 3700 [ 7855F74EEA78EDACACDEE92AB32A3C71 ] C:\Program Files\Winamp\nscrt.dll
18:30:05.0140 3700 C:\Program Files\Winamp\nscrt.dll - ok
18:30:05.0140 3700 [ 2B7F2DC5741BB18F7F5EC7558DA68197 ] C:\Program Files\LimeWire\LimeWire.exe
18:30:05.0140 3700 C:\Program Files\LimeWire\LimeWire.exe - ok
18:30:05.0140 3700 [ D91AFB6D2A0DA7539B74FB5838775D94 ] C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
18:30:05.0140 3700 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - ok
18:30:05.0140 3700 [ 4EFDB673E25288626795E01BA0A0A134 ] C:\WINDOWS\system32\hccutils.dll
18:30:05.0140 3700 C:\WINDOWS\system32\hccutils.dll - ok
18:30:05.0156 3700 [ 27DC0F903C1556C28ED444372E811092 ] C:\WINDOWS\system32\igfxsrvc.exe
18:30:05.0156 3700 C:\WINDOWS\system32\igfxsrvc.exe - ok
18:30:05.0156 3700 [ 535203DEA5820F3B5F3FAACE0D51252C ] C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll
18:30:05.0156 3700 C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll - ok
18:30:05.0156 3700 [ CCC2E312486AE6B80970211DA472268B ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
18:30:05.0156 3700 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll - ok
18:30:05.0156 3700 [ 9090454E6772F7CFBCE240BF4DC5F7E8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
18:30:05.0156 3700 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll - ok
18:30:05.0156 3700 [ 1F34681C9142A14074DE8D652D4DCA61 ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
18:30:05.0156 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll - ok
18:30:05.0171 3700 [ F85D7108339843CAA94ABB7DE8D41C9D ] C:\WINDOWS\system32\regedt32.exe
18:30:05.0171 3700 C:\WINDOWS\system32\regedt32.exe - ok
18:30:05.0171 3700 [ BD502632EC4614DFEBD897975BA7B651 ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
18:30:05.0171 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll - ok
18:30:05.0171 3700 [ F27256356AD8EAAF63EFD8143E5AF14C ] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll
18:30:05.0171 3700 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll - ok
18:30:05.0171 3700 [ 268DFF9F4482F1EE30F9FFABC77AFF4E ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
18:30:05.0171 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll - ok
18:30:05.0171 3700 [ 778F84F111C21BAF767CB72AA6934026 ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
18:30:05.0171 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll - ok
18:30:05.0187 3700 [ 9B6099CB59A9BEBDD518F1BA295EBC19 ] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\FnKyACTN.dll
18:30:05.0187 3700 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\FnKyACTN.dll - ok
18:30:05.0187 3700 [ CA7098EF64BC885530DEAEA533D662A1 ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
18:30:05.0187 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll - ok
18:30:05.0187 3700 [ E0B1E342631450BFD1E5860919A9F78C ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
18:30:05.0187 3700 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll - ok
18:30:05.0187 3700 [ 67BF0C8BDA19A0E61BF2DE5B499049E4 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18:30:05.0187 3700 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
18:30:05.0203 3700 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Common Files\Ahead\Lib\msvcp71.dll
18:30:05.0203 3700 C:\Program Files\Common Files\Ahead\Lib\msvcp71.dll - ok
18:30:05.0203 3700 [ 0F897576E05A0450D0776CEFD93DD3AF ] C:\WINDOWS\system32\SynCOM.dll
18:30:05.0203 3700 C:\WINDOWS\system32\SynCOM.dll - ok
18:30:05.0203 3700 [ 98C80F5AE14EBE0F5AA5E8C56E3F86CE ] C:\WINDOWS\system32\SynTPAPI.dll
18:30:05.0203 3700 C:\WINDOWS\system32\SynTPAPI.dll - ok
18:30:05.0203 3700 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Common Files\Ahead\Lib\msvcr71.dll
18:30:05.0203 3700 C:\Program Files\Common Files\Ahead\Lib\msvcr71.dll - ok
18:30:05.0203 3700 [ D3BC53216811710E24046C80C3907785 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
18:30:05.0203 3700 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll - ok
18:30:05.0218 3700 [ 54D3D6904ACE021D2B761FB8248BDBAE ] C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll
18:30:05.0218 3700 C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll - ok
18:30:05.0218 3700 [ 37F32201D0DF9BE7C00A05D004938043 ] C:\WINDOWS\system32\webcheck.dll
18:30:05.0218 3700 C:\WINDOWS\system32\webcheck.dll - ok
18:30:05.0218 3700 [ A328A46D87BB92CE4D8A4528E9D84787 ] C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:30:05.0218 3700 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe - ok
18:30:05.0218 3700 [ 297101A925ECFFDCDF7F6341FFBB6C1A ] C:\WINDOWS\system32\stobject.dll
18:30:05.0218 3700 C:\WINDOWS\system32\stobject.dll - ok
18:30:05.0218 3700 [ 4E6EEEA8EB9302D604603D4758C05E75 ] C:\WINDOWS\system32\batmeter.dll
18:30:05.0218 3700 C:\WINDOWS\system32\batmeter.dll - ok
18:30:05.0234 3700 [ 9BA50416B769387C619C3EC6BF3CBB85 ] C:\WINDOWS\system32\WPDShServiceObj.dll
18:30:05.0234 3700 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
18:30:05.0234 3700 [ ABFE190D9BB189A8FD22FC0B8B292307 ] C:\WINDOWS\system32\BTNCopy.dll
18:30:05.0234 3700 C:\WINDOWS\system32\BTNCopy.dll - ok
18:30:05.0234 3700 [ DD6D5ABAD9B8C13CEDA4752370BA982C ] C:\WINDOWS\system32\mydocs.dll
18:30:05.0234 3700 C:\WINDOWS\system32\mydocs.dll - ok
18:30:05.0234 3700 [ 36BF42CA5AE8BF8D1E1BC00ED5068ABB ] C:\WINDOWS\system32\PortableDeviceTypes.dll
18:30:05.0234 3700 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
18:30:05.0250 3700 [ 1F8C6BBEBECBED21E002F45C18D523E9 ] C:\WINDOWS\system32\PortableDeviceApi.dll
18:30:05.0250 3700 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
18:30:05.0250 3700 [ 41CD6C9E96655DAA7714237660418461 ] C:\WINDOWS\system32\btosif.dll
18:30:05.0250 3700 C:\WINDOWS\system32\btosif.dll - ok
18:30:05.0250 3700 [ FC3CE94E6976A11B1D1F0EE54FDB2670 ] C:\WINDOWS\system32\btwhidcs.dll
18:30:05.0250 3700 C:\WINDOWS\system32\btwhidcs.dll - ok
18:30:05.0250 3700 [ A25FEC93D2BE8B04DA5DDC02B5B1E9B5 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
18:30:05.0250 3700 C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll - ok
18:30:05.0250 3700 [ F282D4EDD85D53E20D902CC92190C5F5 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
18:30:05.0250 3700 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
18:30:05.0265 3700 [ F0A3A5D63D611AA34DDC3F9873E21981 ] C:\WINDOWS\system32\btrez.dll
18:30:05.0265 3700 C:\WINDOWS\system32\btrez.dll - ok
18:30:05.0265 3700 [ 84218EE8C5F0C89C2D9A0D43EACBFB11 ] C:\WINDOWS\system32\btwicons.dll
18:30:05.0265 3700 C:\WINDOWS\system32\btwicons.dll - ok
18:30:05.0265 3700 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\39371021.sys
18:30:05.0265 3700 C:\WINDOWS\system32\drivers\39371021.sys - ok
18:30:05.0265 3700 [ 0B0401191543195C6AFEEA398AD2EE6B ] C:\Program Files\Microsoft Office\Office12\1033\ONINTL.DLL
18:30:05.0265 3700 C:\Program Files\Microsoft Office\Office12\1033\ONINTL.DLL - ok
18:30:05.0281 3700 [ D862DE4653704207E803E5598DAB2D66 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll
18:30:05.0281 3700 C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll - ok
18:30:05.0281 3700 [ 989CAEAA4ADA032D649395A3311FF98B ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18:30:05.0281 3700 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
18:30:05.0281 3700 [ 8E3F0A47E11328BFB5DB6B632E25C6DC ] C:\WINDOWS\system32\igfxsrvc.dll
18:30:05.0281 3700 C:\WINDOWS\system32\igfxsrvc.dll - ok
18:30:05.0281 3700 [ 860FAD57B4668A9F5F350A9D5444AE89 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
18:30:05.0281 3700 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
18:30:05.0281 3700 [ 382EECFF55E63E24CC3EE74DFFDF1A11 ] C:\WINDOWS\system32\igfxdev.dll
18:30:05.0281 3700 C:\WINDOWS\system32\igfxdev.dll - ok
18:30:05.0296 3700 [ 9B37A57DE41A5FABCE6B2619287A7413 ] C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
18:30:05.0296 3700 C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll - ok
18:30:05.0296 3700 [ DFAF4D403BC67165F7CA055C1C2134EC ] C:\WINDOWS\system32\BtMmHook.dll
18:30:05.0296 3700 C:\WINDOWS\system32\BtMmHook.dll - ok
18:30:05.0296 3700 [ 71763E960DE81E29891CC8081411C6D7 ] C:\WINDOWS\system32\igfxrenu.lrc
18:30:05.0296 3700 C:\WINDOWS\system32\igfxrenu.lrc - ok
18:30:05.0296 3700 [ D234CE89C6BF195B4C7EA2A883C228DF ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
18:30:05.0296 3700 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll - ok
18:30:05.0296 3700 [ D2C72F9EB31E8EED887AF36457616E80 ] C:\WINDOWS\system32\igfxress.dll
18:30:05.0296 3700 C:\WINDOWS\system32\igfxress.dll - ok
18:30:05.0312 3700 [ 339089D6C3FC3BC5CED8D9049C4D2101 ] C:\WINDOWS\system32\upnp.dll
18:30:05.0312 3700 C:\WINDOWS\system32\upnp.dll - ok
18:30:05.0312 3700 [ 783AFC80383C176B22DBF8333343992D ] C:\WINDOWS\regedit.exe
18:30:05.0312 3700 C:\WINDOWS\regedit.exe - ok
18:30:05.0312 3700 [ 5B8DFA748FA4845BC04445A30126F2E9 ] C:\WINDOWS\system32\ssdpapi.dll
18:30:05.0312 3700 C:\WINDOWS\system32\ssdpapi.dll - ok
18:30:05.0312 3700 [ 49130B95291F0269689AF46A461DB034 ] C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll
18:30:05.0312 3700 C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll - ok
18:30:05.0328 3700 [ FFBD5650348D4F9E0AA8E72938DC6478 ] C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
18:30:05.0328 3700 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe - ok
18:30:05.0328 3700 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] C:\WINDOWS\system32\imapi.exe
18:30:05.0328 3700 C:\WINDOWS\system32\imapi.exe - ok
18:30:05.0328 3700 [ BA5D5FD3CCA6F64A429E2E0E1A1A0917 ] C:\WINDOWS\system32\rasdlg.dll
18:30:05.0328 3700 C:\WINDOWS\system32\rasdlg.dll - ok
18:30:05.0328 3700 [ E5365E044825C61D1627E930AC7B8BD6 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
18:30:05.0328 3700 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll - ok
18:30:05.0328 3700 [ 657C1698CA70B074F918E33FDBDF6484 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
18:30:05.0328 3700 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll - ok
18:30:05.0343 3700 [ B8E87E8DA00838B208801B57B86AC5E4 ] C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll
18:30:05.0343 3700 C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll - ok
18:30:05.0343 3700 [ 012466C12C92A2C63C0D998ABD6E94E9 ] C:\WINDOWS\system32\aclui.dll
18:30:05.0343 3700 C:\WINDOWS\system32\aclui.dll - ok
18:30:05.0343 3700 [ 111F2E783FF94FB55D42B8CF7114B4A3 ] C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
18:30:05.0343 3700 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe - ok
18:30:05.0343 3700 [ 0C01B2C22322C48D8ADAE3B9D467E924 ] C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll
18:30:05.0343 3700 C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll - ok
18:30:05.0343 3700 [ 1A30A21872CA5BDD17158E6E2D9EB385 ] C:\WINDOWS\system32\ulib.dll
18:30:05.0343 3700 C:\WINDOWS\system32\ulib.dll - ok
18:30:05.0359 3700 [ 421B260404162F1F00A9618C3F42315B ] C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll
18:30:05.0359 3700 C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll - ok
18:30:05.0359 3700 [ 37461F2C3F212CF508A20FDC729ABDE5 ] C:\WINDOWS\system32\clb.dll
18:30:05.0359 3700 C:\WINDOWS\system32\clb.dll - ok
18:30:05.0359 3700 [ 0366D598F2C36B7C08B848B2BD5E11D3 ] C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll
18:30:05.0359 3700 C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll - ok
18:30:05.0359 3700 [ 65261A7F650F4C7E56D874FD4A5F2BDA ] C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll
18:30:05.0359 3700 C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll - ok
18:30:05.0375 3700 [ 2C69EC7E5A311334D10DD95F338FCCEA ] C:\WINDOWS\system32\qmgr.dll
18:30:05.0375 3700 C:\WINDOWS\system32\qmgr.dll - ok
18:30:05.0375 3700 [ C19B522A9AE0BBC3293397F3055E80A1 ] C:\WINDOWS\system32\drivers\http.sys
18:30:05.0375 3700 C:\WINDOWS\system32\drivers\http.sys - ok
18:30:05.0375 3700 [ ED9F4B38227B793DA5F1F404E6651065 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
18:30:05.0375 3700 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll - ok
18:30:05.0375 3700 [ 4B8D61792F7175BED48859CC18CE4E38 ] C:\WINDOWS\system32\ssdpsrv.dll
18:30:05.0375 3700 C:\WINDOWS\system32\ssdpsrv.dll - ok
18:30:05.0375 3700 [ CECE94ED468164DA945726FD9AD8EB6E ] C:\WINDOWS\system32\wbem\mofd.dll
18:30:05.0375 3700 C:\WINDOWS\system32\wbem\mofd.dll - ok
18:30:05.0390 3700 [ 037438A305F1EFF51AF788C32EFF4360 ] C:\WINDOWS\system32\qmgrprxy.dll
18:30:05.0390 3700 C:\WINDOWS\system32\qmgrprxy.dll - ok
18:30:05.0390 3700 [ F2B6E950ED768CC8D980F6D27273B741 ] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:30:05.0390 3700 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe - ok
18:30:05.0390 3700 [ FA93BC3B3867980B4021E6894F39BD42 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
18:30:05.0390 3700 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll - ok
18:30:05.0390 3700 [ 9D87C3D81AFD68547E85EA55F5249EB7 ] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\BezlACTN.dll
18:30:05.0390 3700 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\BezlACTN.dll - ok
18:30:05.0390 3700 [ F125DAB9C4EBE6473FC1ACA8A30B98D9 ] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe
18:30:05.0390 3700 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe - ok
18:30:05.0406 3700 [ E864FB46F90C8B8A851D149F30F75298 ] C:\Program Files\Java\jre6\bin\splashscreen.dll
18:30:05.0406 3700 C:\Program Files\Java\jre6\bin\splashscreen.dll - ok
18:30:05.0406 3700 [ 219AF0F9A54EBEEB3E7E20025D801034 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18:30:05.0406 3700 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
18:30:05.0406 3700 [ D1CBC555BF1D316B16FE0FAF31DC6971 ] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\EN\HPWAMain.resources.dll
18:30:05.0406 3700 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\EN\HPWAMain.resources.dll - ok
18:30:05.0406 3700 [ 9CD4C33E2115E4EFF7836ADA562847D6 ] C:\WINDOWS\system32\oledlg.dll
18:30:05.0406 3700 C:\WINDOWS\system32\oledlg.dll - ok
18:30:05.0421 3700 [ EBAADBBFB6C455E54EB6A0E47267D33C ] C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
18:30:05.0421 3700 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - ok
18:30:05.0421 3700 [ 67279BA3BB580FF840E145D6128AAF50 ] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\S3Disply.dll
18:30:05.0421 3700 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\S3Disply.dll - ok
18:30:05.0421 3700 [ 826733847F85D08B1CD5D3B63F459B3D ] C:\Program Files\LimeWire\lib\SystemUtilities.dll
18:30:05.0421 3700 C:\Program Files\LimeWire\lib\SystemUtilities.dll - ok
18:30:05.0421 3700 [ EE7EF4ACB853904D3240440406A38287 ] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\Interop.HPQWMIEXLib.dll
18:30:05.0421 3700 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\Interop.HPQWMIEXLib.dll - ok
18:30:05.0421 3700 [ 97165BC95B8690A51521EF2AA5B61F0E ] C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll
18:30:05.0421 3700 C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll - ok
18:30:05.0437 3700 [ 0E5A34785508CD555ED1BB15D3715579 ] C:\WINDOWS\system32\query.dll
18:30:05.0437 3700 C:\WINDOWS\system32\query.dll - ok
18:30:05.0437 3700 [ D2AD3EA6351F6B4102D15CEBB091F11C ] C:\Documents and Settings\Administrator\Local Settings\Temp\jna2705348546179294721.tmp
18:30:05.0437 3700 C:\Documents and Settings\Administrator\Local Settings\Temp\jna2705348546179294721.tmp - ok
18:30:05.0437 3700 [ D2AE56CEAFD824CA022164A79FCB2F5C ] C:\Program Files\Java\jre6\bin\java.exe
18:30:05.0437 3700 C:\Program Files\Java\jre6\bin\java.exe - ok
18:30:05.0437 3700 [ 363A7929BF3E0DA91E9FFACCF336777E ] C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll
18:30:05.0437 3700 C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll - ok
18:30:05.0437 3700 [ 94BB4635AE6CA64356B2D0E60EFD6038 ] C:\Program Files\Common Files\Ahead\Lib\NeroIPP.dll
18:30:05.0437 3700 C:\Program Files\Common Files\Ahead\Lib\NeroIPP.dll - ok
18:30:05.0453 3700 [ A63E5D51FBDB18AFA2EC67CADCB062FD ] C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll
18:30:05.0453 3700 C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll - ok
18:30:05.0453 3700 [ F58D7AC4BB3C3EABCEE37BFA7074B6F8 ] C:\WINDOWS\system32\iprop.dll
18:30:05.0453 3700 C:\WINDOWS\system32\iprop.dll - ok
18:30:05.0453 3700 [ F43D94430FD80AEE9FB522B9041EB261 ] C:\PROGRA~1\MICROS~2\Office12\OLMAPI32.DLL
18:30:05.0453 3700 C:\PROGRA~1\MICROS~2\Office12\OLMAPI32.DLL - ok
18:30:05.0453 3700 [ E8E696B963999084FF8E87C9BDDD3419 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
18:30:05.0453 3700 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL - ok
18:30:05.0468 3700 [ B286D2A7ECF5CB73C2E88C236CE2892D ] C:\PROGRA~1\MICROS~2\Office12\1033\MAPIR.DLL
18:30:05.0468 3700 C:\PROGRA~1\MICROS~2\Office12\1033\MAPIR.DLL - ok
18:30:05.0468 3700 [ C6CC76BDE13E3A2C2275BD44C590D158 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE12\RICHED20.DLL
18:30:05.0468 3700 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\RICHED20.DLL - ok
18:30:05.0468 3700 [ 7C074F58DF09569FE1167BAC7BFE0B4D ] C:\PROGRA~1\MICROS~2\Office12\CONTAB32.DLL
18:30:05.0468 3700 C:\PROGRA~1\MICROS~2\Office12\CONTAB32.DLL - ok
18:30:05.0468 3700 [ A00F1027925AEDEAC8EDEFC46133F691 ] C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll
18:30:05.0468 3700 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll - ok
18:30:05.0468 3700 [ 35A936C7C029A5B705D3FFD40518D660 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
18:30:05.0468 3700 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
18:30:05.0484 3700 [ 99FA2080E5A8F9DFEB17F315AAA2B287 ] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\Interop.HPQTOASTERLib.dll
18:30:05.0484 3700 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\Interop.HPQTOASTERLib.dll - ok
18:30:05.0484 3700 [ F28C33D2589F7B89185F3B9445641F84 ] C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
18:30:05.0484 3700 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe - ok
18:30:05.0484 3700 [ C39CD25443CCCDD121BF1F807564DCFA ] C:\WINDOWS\system32\drprov.dll
18:30:05.0484 3700 C:\WINDOWS\system32\drprov.dll - ok
18:30:05.0484 3700 [ 01520B46830C8178E1B2C05A4F3F6C16 ] C:\WINDOWS\system32\netui0.dll
18:30:05.0484 3700 C:\WINDOWS\system32\netui0.dll - ok
18:30:05.0484 3700 [ 6539CED6E5AB5684AA09E6B0ABBF4124 ] C:\WINDOWS\system32\ntlanman.dll
18:30:05.0484 3700 C:\WINDOWS\system32\ntlanman.dll - ok
18:30:05.0500 3700 [ 88B918E7FB3B09595DD8A0FD09A35B8F ] C:\WINDOWS\system32\netui1.dll
18:30:05.0500 3700 C:\WINDOWS\system32\netui1.dll - ok
18:30:05.0500 3700 [ 716A078B2FC6CC0BB3030B2559EC143F ] C:\WINDOWS\system32\davclnt.dll
18:30:05.0500 3700 C:\WINDOWS\system32\davclnt.dll - ok
18:30:05.0500 3700 ============================================================
18:30:05.0500 3700 Scan finished
18:30:05.0500 3700 ============================================================
18:30:05.0609 3680 Detected object count: 2
18:30:05.0609 3680 Actual detected object count: 2
18:34:22.0093 3680 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
18:34:22.0484 3680 Backup copy found, using it..
18:34:22.0500 3680 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
18:34:22.0500 3680 i8042prt ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
18:34:22.0500 3680 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:22.0500 3680 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:45.0812 1304 Deinitialize success
  • 0

#24
Lukka09
Posted 14 January 2013 - 11:48 AM

Lukka09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Then when comp restarted google worked.

Should i also run aswMBR anyway ?

Edited by Lukka09, 14 January 2013 - 11:52 AM.

  • 0

#25
gringo_pr
Posted 14 January 2013 - 11:56 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Yes that was part of the instructions



Gringo
  • 0

Advertisements

#26
Lukka09
Posted 14 January 2013 - 01:15 PM

Lukka09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
These are the results from aswMBR scan:




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-14 19:19:58
-----------------------------
19:19:58.093 OS Version: Windows 5.1.2600 Service Pack 2
19:19:58.093 Number of processors: 2 586 0xF0D
19:19:58.093 ComputerName: XP UserName:
19:19:58.906 Initialize success
19:33:22.484 AVAST engine defs: 13011401
19:34:36.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
19:34:36.406 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40J Size: 305245MB BusType: 3
19:34:36.421 Disk 0 MBR read successfully
19:34:36.421 Disk 0 MBR scan
19:34:36.468 Disk 0 Windows XP default MBR code
19:34:36.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
19:34:36.468 Disk 0 Partition - 00 0F Extended LBA 155237 MB offset 307194930
19:34:36.515 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 155237 MB offset 307194993
19:34:36.531 Disk 0 scanning sectors +625121280
19:34:36.703 Disk 0 scanning C:\WINDOWS\system32\drivers
19:34:57.343 Service scanning
19:35:32.218 Modules scanning
19:35:43.578 Disk 0 trace - called modules:
19:35:43.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:35:43.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3f6ab8]
19:35:43.625 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\0000007d[0x8a3341a0]
19:35:43.625 5 ACPI.sys[b9f51620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a373d98]
19:35:44.687 AVAST engine scan C:\WINDOWS
19:35:56.015 AVAST engine scan C:\WINDOWS\system32
19:41:00.609 AVAST engine scan C:\WINDOWS\system32\drivers
19:41:26.781 AVAST engine scan C:\Documents and Settings\Administrator
19:59:12.171 AVAST engine scan C:\Documents and Settings\All Users
20:00:24.453 Scan finished successfully
20:12:36.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
20:12:36.531 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
  • 0

#27
gringo_pr
Posted 14 January 2013 - 02:30 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#28
Lukka09
Posted 16 January 2013 - 01:25 PM

Lukka09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo


Should i disable antivirus before i perform this check ?
  • 0

#29
gringo_pr
Posted 16 January 2013 - 02:20 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
yes that would be better
  • 0

#30
Lukka09
Posted 18 January 2013 - 08:31 AM

Lukka09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Here are the results from the last check:




ComboFix 13-01-14.01 - Administrator 01/18/2013 15:03:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1506 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFixx.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))
.
.
2013-01-14 17:34 . 2013-01-14 17:34 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-10 23:01 . 2012-11-22 21:02 175864 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
2013-01-10 23:01 . 2012-11-22 21:02 261880 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
2013-01-10 23:01 . 2013-01-10 23:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apowersoft
2013-01-10 23:01 . 2012-11-22 21:02 421624 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
2013-01-10 23:00 . 2013-01-10 23:00 -------- d-----w- c:\program files\Apowersoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-14 17:35 . 2004-08-03 21:14 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-06-14 22:20 . 2012-07-18 07:02 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-03 287288]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-02-18 506424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Roger Wilco\\roger.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\TorrentStream\\engine\\tsengine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\Streaming-Video-Recorder.exe"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\StreamingVideoRecorder.exe"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\ApowersoftSrv.dll"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\ApowersoftDump.dll"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15440:TCP"= 15440:TCP:BitComet 15440 TCP
"15440:UDP"= 15440:UDP:BitComet 15440 UDP
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3/9/2012 3:35 PM 242240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [11/10/2011 12:49 AM 1677072]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [3/23/2012 11:31 AM 31920]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/13/2009 7:45 PM 113536]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/13/2009 6:35 PM 209464]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [11/15/2011 12:52 PM 73216]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [3/14/2011 4:27 PM 271712]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S2 Telenor Internet. RunOuc;Telenor Internet. OUC;c:\program files\Telenor Internet\UpdateDog\ouc.exe [11/15/2011 12:52 PM 239968]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [11/15/2011 12:52 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [11/15/2011 12:52 PM 235392]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [6/24/2012 3:20 PM 135584]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 1:49 PM 227232]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-18 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-790525478-261478967-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-03-23 10:33]
.
2013-01-18 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-790525478-261478967-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-03-23 10:31]
.
2013-01-18 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-790525478-261478967-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-03-23 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EE8A4DD6-BACA-4945-B441-540906D6D850}: NameServer = 93.188.163.182,93.188.166.182
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qc889uv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&biw=1366&bih=578&btnG=Google+Search
FF - ExtSQL: 2012-12-13 01:15; jid1-m7xzZLMj29zzjA@jetpack; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qc889uv.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
FF - ExtSQL: 2013-01-14 16:13; [email protected]; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qc889uv.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-98604681.sys
SafeBoot-99688366.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-18 15:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(384)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-01-18 15:18:06
ComboFix-quarantined-files.txt 2013-01-18 14:18
ComboFix2.txt 2013-01-14 16:53
.
Pre-Run: 18,996,326,400 bytes free
Post-Run: 20,006,146,048 bytes free
.
- - End Of File - - 645AFB9D765DDFF2E5619FD5A0432039
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP