Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

10 year old son has bogged down pc looking for help [Closed]


  • This topic is locked This topic is locked

#1
MarkBowlin

MarkBowlin

    New Member

  • Member
  • Pip
  • 3 posts
Hey all my 10 year old has bogged this pc down, I am sure there is a virus or malware as it just doesn't run fast enuff and it redirects often.:


OTL logfile created on: 1/29/2013 3:31:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bowlin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 54.11% Memory free
5.39 Gb Paging File | 2.28 Gb Available in Paging File | 42.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 173.53 Gb Free Space | 74.52% Space Free | Partition Type: NTFS
Drive D: | 4.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JUNK | User Name: Bowlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/29 15:24:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bowlin\Desktop\OTL.exe
PRC - [2013/01/16 15:10:49 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/12/04 08:36:51 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/19 06:52:05 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/19 06:51:29 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/12/15 14:55:44 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/01/27 11:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/06/26 16:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/16 15:10:52 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/09 11:07:10 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/05/25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/07 22:52:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WinExtManager)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- \\.\globalroot\Device\HarddiskVolume1\DOCUME~1\Bowlin\LOCALS~1\Temp\73.tmp -- (73)
SRV - [2013/01/16 15:10:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 11:07:11 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/04 08:36:51 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/19 06:52:05 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/19 06:51:29 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/12/15 14:55:44 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F66D2799-4407-4D00-AA5E-F707B11CC1EB}\MpKsl9e462f6f.sys -- (MpKsl9e462f6f)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CAAF62F-C6F8-48F2-A664-6B212E433554}\MpKsl9a363cc5.sys -- (MpKsl9a363cc5)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB6D8FCC-5619-4AA5-8961-9508E281D820}\MpKsl5293b206.sys -- (MpKsl5293b206)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB6D8FCC-5619-4AA5-8961-9508E281D820}\MpKsl4d933ab8.sys -- (MpKsl4d933ab8)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/19 06:51:30 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/07/06 09:00:55 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2010/06/21 21:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/05/18 15:54:50 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radpms.sys -- (radpms)
DRV - [2010/01/27 11:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 11:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/06/26 16:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2008/09/24 16:32:18 | 004,818,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/18 17:54:24 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/08/01 10:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 10:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/06/16 08:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/16 09:09:38 | 000,003,604 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\BIOS Update\BIOS Update\Award\BS_Flash.sys -- (BS_Flash)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/16 01:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3268494
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000003067073f8c
IE - HKCU\..\SearchScopes\{66D5E31B-4556-C309-8E9A-C2BE01B8E9EF}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{89652592-6CD8-499A-86E6-A773DC412AAA}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...270626431141137
IE - HKCU\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{C591C325-00CC-4841-A6E0-F5D9B1F63C20}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...260111973521710
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{F874500F-8A5E-4688-971F-3665C1864BD5}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.condui...&CUI=SB_CUI&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\Premium\BflixInstaller\Crossrider\Firefox [2011/06/17 06:38:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/26 23:42:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/10 19:45:31 | 000,000,000 | ---D | M]

[2013/01/14 05:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bowlin\Application Data\Mozilla\Extensions
[2013/01/26 23:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bowlin\Application Data\Mozilla\Firefox\Profiles\8ryqy3uu.default\extensions
[2013/01/26 23:43:22 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Bowlin\Application Data\Mozilla\Firefox\Profiles\8ryqy3uu.default\searchplugins\visualbee-v1-customized-web-search.xml
[2013/01/26 23:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/10 19:45:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/16 15:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/16 15:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/16 15:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dsecr] C:\Documents and Settings\Bowlin\Application Data\dsecr.dll (Pmode)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [mpsvc] C:\Documents and Settings\Bowlin\Application Data\mpsvc.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [wrorsy] C:\Documents and Settings\Bowlin\Application Data\wrorsy.dll (Putt, Inc.)
O4 - HKCU..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: aeabdfcbbdbca = C:\Documents and Settings\Bowlin\Application Data\a657e0ab-7d0f-4c42-b166-b93609d80bca79\aeabdfcbbdbca.exe ()
O8 - Extra context menu item: &Search - http://tbedits.retro...57&n=2012071806 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1343340306149 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C28815-446E-4DA1-BFD1-4BCA4D146AE4}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/27 19:25:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/25 19:10:04 | 000,000,139 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/29 15:25:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bowlin\Desktop\OTL.exe
[2013/01/26 23:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/01/21 20:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2013/01/20 16:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\a657e0ab-7d0f-4c42-b166-b93609d80bca79
[2013/01/20 13:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bowlin\Application Data\a657e0ab-7d0f-4c42-b166-b93609d80bca79
[2013/01/20 13:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/01/20 13:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/01/20 13:00:56 | 000,624,640 | ---- | C] (Putt, Inc.) -- C:\Documents and Settings\Bowlin\Application Data\wrorsy.dll
[2013/01/20 13:00:06 | 000,162,816 | ---- | C] (Pmode) -- C:\Documents and Settings\Bowlin\Application Data\dsecr.dll
[2013/01/19 17:21:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bowlin\Recent
[2013/01/15 16:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\VisualBee_V.1
[2013/01/14 06:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/01/14 05:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/01/14 05:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/01/14 05:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bowlin\Application Data\Mozilla
[2013/01/14 05:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bowlin\Application Data\PriceGong
[2013/01/14 05:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bowlin\Local Settings\Application Data\VisualBeeExe
[2013/01/14 05:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\VisualBee
[2013/01/10 19:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/06 17:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bowlin\Local Settings\Application Data\Wajam
[2013/01/06 16:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bowlin\Start Menu\Programs\WinRAR
[2013/01/06 16:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2013/01/06 13:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bowlin\Local Settings\Application Data\Sun
[2013/01/06 13:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bowlin\Application Data\PerformerSoft
[2013/01/06 13:17:01 | 000,018,096 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2013/01/06 13:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2013/01/06 13:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\File Scout
[2011/03/11 11:13:06 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Bowlin\mqdmmdm.sys
[2011/03/11 11:13:06 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Bowlin\mqdmserd.sys
[2011/03/11 11:13:06 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Bowlin\mqdmbus.sys
[2011/03/11 11:13:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bowlin\usbsermptxp.sys
[2011/03/11 11:13:06 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bowlin\usbsermpt.sys
[2011/03/11 11:13:06 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Bowlin\mqdmmdfl.sys
[2011/03/11 11:13:06 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Bowlin\mqdmcmnt.sys
[2011/03/11 11:13:06 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Bowlin\mqdmwhnt.sys
[2011/03/11 11:13:06 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Bowlin\mqdmcr.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/29 15:33:29 | 000,006,524 | ---- | M] () -- C:\Documents and Settings\Bowlin\Local Settings\Application Data\937e912d-be46-40cc-a57b-95282820baf1.crx
[2013/01/29 15:24:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bowlin\Desktop\OTL.exe
[2013/01/29 15:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/29 00:24:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/27 13:42:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-113007714-1801674531-1004.job
[2013/01/26 23:42:34 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Bowlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/26 23:42:34 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/26 09:34:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-113007714-1801674531-1007.job
[2013/01/24 07:25:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2013/01/22 16:37:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/20 13:01:19 | 000,358,912 | ---- | M] () -- C:\Documents and Settings\Bowlin\Application Data\mpsvc.dll
[2013/01/20 13:00:57 | 000,624,640 | ---- | M] (Putt, Inc.) -- C:\Documents and Settings\Bowlin\Application Data\wrorsy.dll
[2013/01/20 13:00:06 | 000,162,816 | ---- | M] (Pmode) -- C:\Documents and Settings\Bowlin\Application Data\dsecr.dll
[2013/01/19 19:52:57 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-113007714-1801674531-1007.job
[2013/01/19 19:52:57 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-113007714-1801674531-1004.job
[2013/01/19 19:52:57 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2013/01/19 17:32:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/19 17:10:07 | 000,700,595 | ---- | M] () -- C:\lxceUNST.csv
[2013/01/19 17:08:58 | 000,000,000 | ---- | M] () -- C:\END
[2013/01/19 10:11:18 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/06 13:47:58 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/01/06 13:47:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/01/06 13:47:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/01/06 13:47:30 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Bowlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/26 23:42:34 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Bowlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/26 23:42:34 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/26 23:42:34 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/20 13:01:18 | 000,358,912 | ---- | C] () -- C:\Documents and Settings\Bowlin\Application Data\mpsvc.dll
[2013/01/20 13:00:58 | 000,006,524 | ---- | C] () -- C:\Documents and Settings\Bowlin\Local Settings\Application Data\937e912d-be46-40cc-a57b-95282820baf1.crx
[2013/01/19 17:09:28 | 000,700,595 | ---- | C] () -- C:\lxceUNST.csv
[2013/01/06 13:47:39 | 000,045,080 | ---- | C] () -- C:\WINDOWS\System32\wups2.dll
[2013/01/06 13:47:39 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/01/06 13:47:39 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/01/06 13:17:18 | 000,000,000 | ---- | C] () -- C:\END
[2012/09/05 10:38:48 | 000,128,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/01/12 11:31:51 | 000,001,398 | -HS- | C] () -- C:\Documents and Settings\Bowlin\Local Settings\Application Data\4wdu378clsvaliap8orba488gy6d4
[2012/01/12 11:31:51 | 000,001,398 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4wdu378clsvaliap8orba488gy6d4
[2012/01/12 11:31:50 | 000,275,456 | ---- | C] () -- C:\Documents and Settings\Bowlin\Local Settings\Application Data\bxs.exe
[2011/12/26 20:33:40 | 000,012,085 | ---- | C] () -- C:\Documents and Settings\Bowlin\nah_log.dat
[2011/12/26 20:32:53 | 000,016,414 | -HS- | C] () -- C:\Documents and Settings\Bowlin\Local Settings\Application Data\l2783eg20c46q7643mg52mvhrjq2e1jaoh15tc14lf1fe
[2011/12/26 20:32:53 | 000,016,414 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l2783eg20c46q7643mg52mvhrjq2e1jaoh15tc14lf1fe
[2011/12/24 11:04:10 | 000,018,062 | -HS- | C] () -- C:\Documents and Settings\Bowlin\Local Settings\Application Data\mmxjev2l3rus4sjn1tnn4l644x0w
[2011/12/24 11:04:10 | 000,018,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mmxjev2l3rus4sjn1tnn4l644x0w
[2011/10/09 20:08:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/10/07 12:17:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2011/09/11 16:39:00 | 000,019,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/06 09:00:55 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2011/06/22 08:21:33 | 000,000,037 | ---- | C] () -- C:\Program Files\Common Files\AVWC.SYS
[2011/03/11 11:13:06 | 000,045,400 | ---- | C] () -- C:\Documents and Settings\Bowlin\Copy of oem32.PNF
[2011/03/11 11:13:06 | 000,030,362 | ---- | C] () -- C:\Documents and Settings\Bowlin\Copy of oem30.PNF
[2011/03/11 11:13:06 | 000,029,856 | ---- | C] () -- C:\Documents and Settings\Bowlin\Copy of oem32.inf
[2011/03/11 11:13:06 | 000,021,940 | ---- | C] () -- C:\Documents and Settings\Bowlin\1299859986-(null)
[2011/03/11 11:13:06 | 000,013,698 | ---- | C] () -- C:\Documents and Settings\Bowlin\Copy of oem34.PNF
[2011/03/11 11:13:06 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Bowlin\MCCI_MDM.INF
[2011/03/11 11:13:06 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Bowlin\USB_MOT_BRIT.INF
[2011/03/11 11:13:06 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Bowlin\USBMOT2000.INF
[2011/03/11 11:13:06 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Bowlin\MCCI_BUS.INF
[2011/03/11 11:13:06 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Bowlin\USBMOT2000XP.INF
[2011/03/11 11:13:06 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Bowlin\USB_MOT_A1000.INF
[2011/03/11 11:13:06 | 000,005,939 | ---- | C] () -- C:\Documents and Settings\Bowlin\Copy of oem34.inf
[2011/03/11 11:13:06 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Bowlin\USB_CMCS_2000.INF
[2011/03/11 11:13:06 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Bowlin\MCCI_SDM.INF
[2010/08/18 10:05:25 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Bowlin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2013/01/20 13:00:06 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$671d1bcb46f350302a44768c4ac2b6bb\@
[2013/01/20 13:00:06 | 000,049,152 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$671d1bcb46f350302a44768c4ac2b6bb\n
[2013/01/20 13:00:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$671d1bcb46f350302a44768c4ac2b6bb\L
[2013/01/20 13:00:20 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$671d1bcb46f350302a44768c4ac2b6bb\U
[2013/01/20 13:00:20 | 000,000,928 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$671d1bcb46f350302a44768c4ac2b6bb\U\[email protected]
[2013/01/20 13:00:20 | 000,011,776 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$671d1bcb46f350302a44768c4ac2b6bb\U\[email protected]
[2013/01/20 13:00:20 | 000,021,504 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$671d1bcb46f350302a44768c4ac2b6bb\U\[email protected]
[2011/10/30 05:47:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-1935655697-113007714-1801674531-1004\$671d1bcb46f350302a44768c4ac2b6bb\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 11:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\RECYCLER\S-1-5-18\$671d1bcb46f350302a44768c4ac2b6bb\n. -- [2013/01/20 13:00:06 | 000,049,152 | -HS- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/13 19:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
[2010/12/10 10:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/09/28 11:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/10/17 17:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/03/11 11:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/30 12:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/12/29 20:19:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/05 19:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2011/02/23 21:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gNgBmEd05203
[2013/01/06 13:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2011/09/28 08:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2011/09/28 08:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/10/17 17:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/01/29 10:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/03/30 21:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/15 20:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/08/20 20:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2013/01/26 23:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/01/06 13:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/18 06:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/12 03:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2013/01/20 13:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\a657e0ab-7d0f-4c42-b166-b93609d80bca79
[2010/12/10 10:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\acccore
[2010/12/13 19:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\Activision
[2012/01/01 14:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\AVG
[2011/12/26 20:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\Awu
[2011/10/17 17:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\Babylon
[2011/10/17 18:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\BabylonToolbar
[2010/10/28 21:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\CallingID
[2011/03/30 12:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\Canneverbe Limited
[2011/12/26 22:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\EC3B0
[2012/01/27 08:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\FileZilla
[2011/09/28 15:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\FrostWire
[2010/08/13 02:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\mjusbsp
[2011/04/18 12:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\OpenOffice.org
[2013/01/06 13:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\PerformerSoft
[2013/01/19 15:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\PriceGong
[2011/12/26 22:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\Raw
[2011/06/10 04:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\Registry Mechanic
[2010/08/26 11:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\Sling Media
[2011/06/11 07:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\Uniblue
[2012/03/26 20:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\Unity
[2011/06/17 06:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\vmntemplate
[2011/10/30 05:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bowlin\Application Data\Xilisoft

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB56245$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
MarkBowlin

MarkBowlin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
ok rogue killer continues to reboot sysytem while trying to run like it finds something it dont like
but the others

Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 35
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (18.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````


and

# AdwCleaner v2.109 - Logfile created 01/29/2013 at 19:35:34
# Updated 26/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bowlin - JUNK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bowlin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Yontoo
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\GameTap Web Player
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\Bowlin\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Bowlin\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Bowlin\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\Bowlin\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Bowlin\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Bowlin\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Bowlin\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Bowlin\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\Caleb Bowlin\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Caleb Bowlin\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Caleb Bowlin\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Caleb Bowlin\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\file scout
Folder Deleted : C:\Program Files\GameTap Web Player
Folder Deleted : C:\Program Files\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\e55dd8bb43ae540
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03123BB6-A811-407E-B323-66CF0BE510B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3392CFEC-56F8-41EE-BDB4-4E301EFD2C93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D757DBFC-1494-4647-A8B3-ABD654988DD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03123BB6-A811-407E-B323-66CF0BE510B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3392CFEC-56F8-41EE-BDB4-4E301EFD2C93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D757DBFC-1494-4647-A8B3-ABD654988DD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2878731
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\e55dd8bb43ae540
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN37270626431141137&ctid=CT3268494 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Bowlin\Application Data\Mozilla\Firefox\Profiles\8ryqy3uu.default\prefs.js

C:\Documents and Settings\Bowlin\Application Data\Mozilla\Firefox\Profiles\8ryqy3uu.default\user.js ... Deleted !

Deleted : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3268494");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=2&CU[...]

File : C:\Documents and Settings\Caleb Bowlin\Application Data\Mozilla\Firefox\Profiles\bpdhrrlm.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iow2apx9.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [11847 octets] - [29/01/2013 19:35:34]

########## EOF - C:\AdwCleaner[S1].txt - [11908 octets] ##########
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#5
MarkBowlin

MarkBowlin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
21:30:51.0171 3284 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:30:51.0921 3284 ============================================================
21:30:51.0921 3284 Current date / time: 2013/01/29 21:30:51.0921
21:30:51.0921 3284 SystemInfo:
21:30:51.0921 3284
21:30:51.0921 3284 OS Version: 5.1.2600 ServicePack: 3.0
21:30:51.0921 3284 Product type: Workstation
21:30:51.0921 3284 ComputerName: JUNK
21:30:51.0921 3284 UserName: Bowlin
21:30:51.0921 3284 Windows directory: C:\WINDOWS
21:30:51.0921 3284 System windows directory: C:\WINDOWS
21:30:51.0921 3284 Processor architecture: Intel x86
21:30:51.0921 3284 Number of processors: 2
21:30:51.0921 3284 Page size: 0x1000
21:30:51.0921 3284 Boot type: Normal boot
21:30:51.0921 3284 ============================================================
21:30:53.0328 3284 BG loaded
21:30:54.0234 3284 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
21:30:54.0265 3284 ============================================================
21:30:54.0265 3284 \Device\Harddisk0\DR0:
21:30:54.0265 3284 MBR partitions:
21:30:54.0265 3284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
21:30:54.0265 3284 ============================================================
21:30:54.0468 3284 C: <-> \Device\Harddisk0\DR0\Partition1
21:30:54.0468 3284 ============================================================
21:30:54.0468 3284 Initialize success
21:30:54.0468 3284 ============================================================
21:31:06.0375 3004 ============================================================
21:31:06.0375 3004 Scan started
21:31:06.0375 3004 Mode: Manual;
21:31:06.0375 3004 ============================================================
21:31:07.0843 3004 ================ Scan system memory ========================
21:31:07.0843 3004 System memory - ok
21:31:07.0843 3004 ================ Scan services =============================
21:31:07.0937 3004 73 - ok
21:31:10.0906 3004 Abiosdsk - ok
21:31:10.0906 3004 abp480n5 - ok
21:31:11.0000 3004 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:31:11.0062 3004 ACPI - ok
21:31:11.0140 3004 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:31:11.0187 3004 ACPIEC - ok
21:31:11.0375 3004 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:31:11.0593 3004 AdobeFlashPlayerUpdateSvc - ok
21:31:11.0593 3004 adpu160m - ok
21:31:12.0031 3004 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:31:12.0687 3004 aec - ok
21:31:12.0828 3004 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:31:12.0843 3004 AFD - ok
21:31:12.0859 3004 Aha154x - ok
21:31:12.0859 3004 aic78u2 - ok
21:31:12.0875 3004 aic78xx - ok
21:31:12.0968 3004 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:31:13.0000 3004 Alerter - ok
21:31:13.0015 3004 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:31:13.0109 3004 ALG - ok
21:31:13.0125 3004 AliIde - ok
21:31:13.0187 3004 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:31:13.0187 3004 AmdK8 - ok
21:31:13.0203 3004 amsint - ok
21:31:13.0953 3004 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:31:13.0953 3004 Apple Mobile Device - ok
21:31:13.0968 3004 AppMgmt - ok
21:31:13.0968 3004 asc - ok
21:31:13.0984 3004 asc3350p - ok
21:31:13.0984 3004 asc3550 - ok
21:31:15.0359 3004 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:31:15.0531 3004 aspnet_state - ok
21:31:15.0609 3004 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:31:15.0718 3004 AsyncMac - ok
21:31:15.0843 3004 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:31:15.0890 3004 atapi - ok
21:31:15.0906 3004 Atdisk - ok
21:31:16.0000 3004 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:31:16.0046 3004 Atmarpc - ok
21:31:16.0093 3004 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:31:16.0093 3004 AudioSrv - ok
21:31:16.0140 3004 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:31:16.0156 3004 audstub - ok
21:31:16.0250 3004 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:31:16.0250 3004 Beep - ok
21:31:16.0343 3004 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:\WINDOWS\system32\drivers\BIOS.sys
21:31:16.0359 3004 BIOS - ok
21:31:16.0531 3004 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:31:16.0890 3004 BITS - ok
21:31:17.0109 3004 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:31:17.0109 3004 Bonjour Service - ok
21:31:17.0203 3004 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
21:31:17.0203 3004 Browser - ok
21:31:17.0484 3004 [ 70C5136206D2BEFB2E78C57A50136596 ] BS_Flash C:\Program Files\BIOS Update\BIOS Update\Award\BS_Flash.sys
21:31:17.0593 3004 BS_Flash - ok
21:31:17.0656 3004 [ 5EDF41E8BA27585D3B851C03AD290B51 ] BS_I2cIo C:\WINDOWS\system32\drivers\BS_I2cIo.sys
21:31:17.0656 3004 BS_I2cIo - ok
21:31:17.0656 3004 btaudio - ok
21:31:17.0671 3004 BTDriver - ok
21:31:17.0671 3004 BTWDNDIS - ok
21:31:17.0687 3004 btwhid - ok
21:31:17.0875 3004 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:31:17.0984 3004 BVRPMPR5 - ok
21:31:18.0093 3004 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:31:18.0109 3004 cbidf2k - ok
21:31:18.0203 3004 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:31:18.0296 3004 CCDECODE - ok
21:31:18.0296 3004 cd20xrnt - ok
21:31:18.0359 3004 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:31:18.0359 3004 Cdaudio - ok
21:31:18.0484 3004 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:31:18.0484 3004 Cdfs - ok
21:31:18.0578 3004 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:31:18.0578 3004 Cdrom - ok
21:31:18.0578 3004 Changer - ok
21:31:18.0625 3004 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:31:18.0656 3004 CiSvc - ok
21:31:18.0718 3004 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:31:18.0781 3004 ClipSrv - ok
21:31:19.0046 3004 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:19.0953 3004 clr_optimization_v2.0.50727_32 - ok
21:31:20.0078 3004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:31:20.0562 3004 clr_optimization_v4.0.30319_32 - ok
21:31:20.0562 3004 CmdIde - ok
21:31:20.0578 3004 COMSysApp - ok
21:31:20.0593 3004 Cpqarray - ok
21:31:20.0671 3004 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:31:20.0671 3004 CryptSvc - ok
21:31:20.0671 3004 dac2w2k - ok
21:31:20.0687 3004 dac960nt - ok
21:31:20.0875 3004 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:31:20.0875 3004 DcomLaunch - ok
21:31:20.0968 3004 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:31:20.0968 3004 Dhcp - ok
21:31:21.0109 3004 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:31:21.0187 3004 Disk - ok
21:31:21.0203 3004 dmadmin - ok
21:31:21.0437 3004 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:31:22.0015 3004 dmboot - ok
21:31:22.0093 3004 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:31:22.0203 3004 dmio - ok
21:31:22.0265 3004 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:31:22.0265 3004 dmload - ok
21:31:22.0343 3004 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:31:22.0406 3004 dmserver - ok
21:31:22.0625 3004 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:31:22.0656 3004 DMusic - ok
21:31:22.0734 3004 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:31:22.0734 3004 Dnscache - ok
21:31:22.0859 3004 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:31:22.0953 3004 Dot3svc - ok
21:31:22.0953 3004 dpti2o - ok
21:31:23.0015 3004 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:31:23.0015 3004 drmkaud - ok
21:31:23.0062 3004 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:31:23.0093 3004 EapHost - ok
21:31:23.0109 3004 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:31:23.0140 3004 ERSvc - ok
21:31:23.0218 3004 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:31:23.0359 3004 Eventlog - ok
21:31:23.0437 3004 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:31:23.0437 3004 EventSystem - ok
21:31:23.0468 3004 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:31:23.0546 3004 Fastfat - ok
21:31:23.0687 3004 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:31:23.0703 3004 FastUserSwitchingCompatibility - ok
21:31:23.0781 3004 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:31:23.0781 3004 Fdc - ok
21:31:23.0828 3004 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:31:23.0828 3004 Fips - ok
21:31:23.0921 3004 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:31:23.0921 3004 Flpydisk - ok
21:31:24.0046 3004 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:31:24.0125 3004 FltMgr - ok
21:31:24.0359 3004 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:31:24.0406 3004 FontCache3.0.0.0 - ok
21:31:24.0453 3004 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:31:24.0453 3004 Fs_Rec - ok
21:31:24.0468 3004 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:31:24.0484 3004 Ftdisk - ok
21:31:24.0593 3004 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:31:24.0593 3004 GEARAspiWDM - ok
21:31:24.0656 3004 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:31:24.0656 3004 Gpc - ok
21:31:24.0812 3004 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:31:24.0812 3004 HDAudBus - ok
21:31:25.0375 3004 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:31:25.0453 3004 helpsvc - ok
21:31:25.0531 3004 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:31:25.0531 3004 HidServ - ok
21:31:25.0625 3004 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:31:25.0625 3004 hidusb - ok
21:31:25.0750 3004 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:31:25.0765 3004 hkmsvc - ok
21:31:25.0765 3004 hpn - ok
21:31:26.0140 3004 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:31:26.0156 3004 HTTP - ok
21:31:26.0203 3004 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:31:26.0234 3004 HTTPFilter - ok
21:31:26.0250 3004 i2omgmt - ok
21:31:26.0250 3004 i2omp - ok
21:31:26.0296 3004 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:31:26.0296 3004 i8042prt - ok
21:31:27.0359 3004 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:31:28.0765 3004 idsvc - ok
21:31:28.0843 3004 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:31:28.0843 3004 Imapi - ok
21:31:28.0953 3004 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:31:28.0953 3004 ImapiService - ok
21:31:28.0953 3004 ini910u - ok
21:31:30.0406 3004 [ 3FD00A073361937B705822775255D4E0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:31:30.0437 3004 IntcAzAudAddService - ok
21:31:30.0437 3004 IntelIde - ok
21:31:30.0515 3004 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:31:30.0546 3004 Ip6Fw - ok
21:31:30.0625 3004 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:31:30.0656 3004 IpFilterDriver - ok
21:31:30.0703 3004 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:31:30.0718 3004 IpInIp - ok
21:31:30.0765 3004 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:31:30.0765 3004 IpNat - ok
21:31:31.0062 3004 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:31:31.0062 3004 iPod Service - ok
21:31:31.0078 3004 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:31:31.0078 3004 IPSec - ok
21:31:31.0109 3004 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:31:31.0140 3004 IRENUM - ok
21:31:31.0156 3004 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:31:31.0187 3004 isapnp - ok
21:31:31.0531 3004 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:31:31.0531 3004 JavaQuickStarterService - ok
21:31:31.0593 3004 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:31:31.0593 3004 Kbdclass - ok
21:31:31.0671 3004 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:31:31.0687 3004 kbdhid - ok
21:31:31.0734 3004 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:31:31.0796 3004 kmixer - ok
21:31:31.0906 3004 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:31:31.0906 3004 KSecDD - ok
21:31:31.0968 3004 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:31:31.0984 3004 LanmanServer - ok
21:31:32.0062 3004 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:31:32.0062 3004 lanmanworkstation - ok
21:31:32.0062 3004 lbrtfdc - ok
21:31:32.0234 3004 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:31:32.0328 3004 LmHosts - ok
21:31:32.0687 3004 [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
21:31:32.0687 3004 LMIGuardianSvc - ok
21:31:32.0734 3004 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
21:31:32.0734 3004 LMIInfo - ok
21:31:32.0796 3004 [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
21:31:32.0796 3004 LMIMaint - ok
21:31:32.0859 3004 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
21:31:32.0859 3004 lmimirr - ok
21:31:32.0859 3004 LMIRfsClientNP - ok
21:31:32.0875 3004 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
21:31:32.0875 3004 LMIRfsDriver - ok
21:31:33.0046 3004 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
21:31:33.0046 3004 LogMeIn - ok
21:31:33.0109 3004 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:31:33.0109 3004 MBAMProtector - ok
21:31:33.0281 3004 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:31:33.0281 3004 MBAMScheduler - ok
21:31:33.0671 3004 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:31:33.0671 3004 MBAMService - ok
21:31:33.0765 3004 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:31:33.0875 3004 Messenger - ok
21:31:33.0984 3004 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:31:33.0984 3004 mnmdd - ok
21:31:34.0062 3004 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:31:34.0109 3004 mnmsrvc - ok
21:31:34.0140 3004 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:31:34.0156 3004 Modem - ok
21:31:34.0265 3004 [ 5023875A94B0766D98A62A72BC4CB055 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
21:31:34.0281 3004 motmodem - ok
21:31:34.0312 3004 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:31:34.0312 3004 Mouclass - ok
21:31:34.0359 3004 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:31:34.0375 3004 mouhid - ok
21:31:34.0437 3004 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:31:34.0453 3004 MountMgr - ok
21:31:34.0562 3004 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:31:34.0656 3004 MozillaMaintenance - ok
21:31:34.0859 3004 MpKsl4d933ab8 - ok
21:31:34.0859 3004 MpKsl5293b206 - ok
21:31:34.0875 3004 MpKsl9a363cc5 - ok
21:31:34.0890 3004 MpKsl9e462f6f - ok
21:31:34.0906 3004 mraid35x - ok
21:31:34.0953 3004 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:31:35.0000 3004 MRxDAV - ok
21:31:35.0156 3004 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:31:35.0156 3004 MRxSmb - ok
21:31:35.0234 3004 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:31:35.0281 3004 MSDTC - ok
21:31:35.0359 3004 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:31:35.0359 3004 Msfs - ok
21:31:35.0359 3004 MSIServer - ok
21:31:35.0390 3004 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:31:35.0406 3004 MSKSSRV - ok
21:31:35.0468 3004 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:31:35.0484 3004 MSPCLOCK - ok
21:31:35.0531 3004 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:31:35.0562 3004 MSPQM - ok
21:31:35.0640 3004 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:31:35.0640 3004 mssmbios - ok
21:31:35.0718 3004 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:31:35.0765 3004 MSTEE - ok
21:31:35.0828 3004 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:31:35.0859 3004 Mup - ok
21:31:35.0890 3004 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:31:35.0921 3004 NABTSFEC - ok
21:31:36.0125 3004 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:31:36.0187 3004 napagent - ok
21:31:36.0281 3004 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:31:36.0296 3004 NDIS - ok
21:31:36.0328 3004 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:31:36.0359 3004 NdisIP - ok
21:31:36.0406 3004 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:31:36.0406 3004 NdisTapi - ok
21:31:36.0468 3004 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:31:36.0468 3004 Ndisuio - ok
21:31:36.0484 3004 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:31:36.0484 3004 NdisWan - ok
21:31:36.0546 3004 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:31:36.0546 3004 NDProxy - ok
21:31:36.0578 3004 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:31:36.0578 3004 NetBIOS - ok
21:31:36.0640 3004 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:31:36.0656 3004 NetBT - ok
21:31:36.0921 3004 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:31:36.0968 3004 NetDDE - ok
21:31:36.0968 3004 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:31:36.0968 3004 NetDDEdsdm - ok
21:31:37.0046 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:31:37.0046 3004 Netlogon - ok
21:31:37.0125 3004 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:31:37.0125 3004 Netman - ok
21:31:37.0187 3004 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:31:37.0234 3004 NetTcpPortSharing - ok
21:31:37.0281 3004 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:31:37.0281 3004 Nla - ok
21:31:37.0359 3004 [ 03BBA4DEDEFB48C510061529651B453A ] nocashio C:\WINDOWS\system32\drivers\nocashio.sys
21:31:37.0421 3004 nocashio - ok
21:31:37.0421 3004 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:31:37.0421 3004 Npfs - ok
21:31:37.0531 3004 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:31:37.0718 3004 Ntfs - ok
21:31:37.0718 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:31:37.0734 3004 NtLmSsp - ok
21:31:37.0828 3004 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:31:37.0875 3004 NtmsSvc - ok
21:31:37.0921 3004 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:31:37.0921 3004 Null - ok
21:31:40.0234 3004 [ ED9816DBAF6689542EA7D022631906A1 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:31:40.0296 3004 nv - ok
21:31:40.0437 3004 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:31:40.0453 3004 NVENETFD - ok
21:31:40.0562 3004 [ EA98BFE4931BD13D747D647C1859796E ] nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys
21:31:40.0593 3004 nvgts - ok
21:31:40.0640 3004 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:31:40.0640 3004 nvnetbus - ok
21:31:40.0718 3004 [ A2322C6207EBB0761A6C8CC9003EBACF ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
21:31:40.0734 3004 nvsvc - ok
21:31:40.0812 3004 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:31:40.0843 3004 NwlnkFlt - ok
21:31:40.0890 3004 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:31:40.0906 3004 NwlnkFwd - ok
21:31:40.0921 3004 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:31:40.0921 3004 Parport - ok
21:31:40.0984 3004 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:31:41.0062 3004 PartMgr - ok
21:31:41.0125 3004 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:31:41.0125 3004 ParVdm - ok
21:31:41.0187 3004 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:31:41.0265 3004 PCI - ok
21:31:41.0281 3004 PCIDump - ok
21:31:41.0296 3004 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:31:41.0359 3004 PCIIde - ok
21:31:41.0484 3004 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:31:41.0640 3004 Pcmcia - ok
21:31:41.0640 3004 PDCOMP - ok
21:31:41.0640 3004 PDFRAME - ok
21:31:41.0656 3004 PDRELI - ok
21:31:41.0656 3004 PDRFRAME - ok
21:31:41.0656 3004 perc2 - ok
21:31:41.0671 3004 perc2hib - ok
21:31:41.0703 3004 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:31:41.0703 3004 PlugPlay - ok
21:31:41.0734 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:31:41.0734 3004 PolicyAgent - ok
21:31:41.0781 3004 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:31:41.0781 3004 PptpMiniport - ok
21:31:41.0890 3004 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:31:41.0890 3004 Processor - ok
21:31:41.0937 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:31:41.0937 3004 ProtectedStorage - ok
21:31:42.0000 3004 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:31:42.0000 3004 PSched - ok
21:31:42.0046 3004 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:31:42.0046 3004 Ptilink - ok
21:31:42.0062 3004 ql1080 - ok
21:31:42.0062 3004 Ql10wnt - ok
21:31:42.0062 3004 ql12160 - ok
21:31:42.0078 3004 ql1240 - ok
21:31:42.0078 3004 ql1280 - ok
21:31:42.0218 3004 [ B953369C5EF43615F1BFA9CEA69FC9AA ] radpms C:\WINDOWS\system32\DRIVERS\radpms.sys
21:31:42.0218 3004 radpms - ok
21:31:42.0281 3004 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:31:42.0281 3004 RasAcd - ok
21:31:42.0375 3004 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:31:42.0468 3004 RasAuto - ok
21:31:42.0500 3004 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:31:42.0500 3004 Rasl2tp - ok
21:31:42.0625 3004 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:31:42.0625 3004 RasMan - ok
21:31:42.0640 3004 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:31:42.0656 3004 RasPppoe - ok
21:31:42.0703 3004 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:31:42.0703 3004 Raspti - ok
21:31:42.0812 3004 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:31:42.0812 3004 Rdbss - ok
21:31:42.0843 3004 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:31:42.0843 3004 RDPCDD - ok
21:31:43.0000 3004 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:31:43.0093 3004 RDPWD - ok
21:31:43.0250 3004 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:31:43.0421 3004 RDSessMgr - ok
21:31:43.0500 3004 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:31:43.0500 3004 redbook - ok
21:31:43.0640 3004 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:31:43.0718 3004 RemoteAccess - ok
21:31:43.0828 3004 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:31:43.0953 3004 RpcLocator - ok
21:31:44.0156 3004 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:31:44.0171 3004 RpcSs - ok
21:31:44.0312 3004 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:31:44.0421 3004 RSVP - ok
21:31:44.0468 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:31:44.0468 3004 SamSs - ok
21:31:44.0578 3004 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:31:44.0718 3004 SCardSvr - ok
21:31:44.0859 3004 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:31:44.0859 3004 Schedule - ok
21:31:44.0937 3004 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:31:44.0968 3004 Secdrv - ok
21:31:45.0078 3004 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:31:45.0078 3004 seclogon - ok
21:31:45.0140 3004 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:31:45.0140 3004 SENS - ok
21:31:45.0203 3004 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:31:45.0203 3004 serenum - ok
21:31:45.0250 3004 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:31:45.0250 3004 Serial - ok
21:31:45.0359 3004 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:31:45.0359 3004 Sfloppy - ok
21:31:45.0390 3004 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:31:45.0406 3004 ShellHWDetection - ok
21:31:45.0406 3004 Simbad - ok
21:31:45.0500 3004 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:31:45.0515 3004 SLIP - ok
21:31:45.0546 3004 Sparrow - ok
21:31:45.0593 3004 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:31:45.0609 3004 splitter - ok
21:31:45.0671 3004 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:31:45.0687 3004 Spooler - ok
21:31:45.0734 3004 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:31:45.0796 3004 sr - ok
21:31:45.0843 3004 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:31:45.0843 3004 srservice - ok
21:31:45.0953 3004 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:31:45.0968 3004 Srv - ok
21:31:46.0046 3004 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:31:46.0046 3004 SSDPSRV - ok
21:31:46.0046 3004 StarOpen - ok
21:31:46.0093 3004 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:31:46.0093 3004 stisvc - ok
21:31:46.0187 3004 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:31:46.0218 3004 streamip - ok
21:31:46.0250 3004 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:31:46.0250 3004 swenum - ok
21:31:46.0265 3004 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:31:46.0265 3004 swmidi - ok
21:31:46.0265 3004 SwPrv - ok
21:31:46.0281 3004 symc810 - ok
21:31:46.0281 3004 symc8xx - ok
21:31:46.0281 3004 sym_hi - ok
21:31:46.0296 3004 sym_u3 - ok
21:31:46.0312 3004 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:31:46.0312 3004 sysaudio - ok
21:31:46.0406 3004 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:31:46.0453 3004 SysmonLog - ok
21:31:46.0562 3004 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:31:46.0562 3004 TapiSrv - ok
21:31:46.0703 3004 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:31:46.0703 3004 Tcpip - ok
21:31:46.0796 3004 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:31:46.0828 3004 TDPIPE - ok
21:31:46.0906 3004 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:31:46.0921 3004 TDTCP - ok
21:31:47.0015 3004 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:31:47.0015 3004 TermDD - ok
21:31:47.0125 3004 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:31:47.0125 3004 TermService - ok
21:31:47.0203 3004 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:31:47.0203 3004 Themes - ok
21:31:47.0218 3004 TosIde - ok
21:31:47.0250 3004 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:31:47.0281 3004 TrkWks - ok
21:31:47.0390 3004 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
21:31:47.0437 3004 TrueSight - ok
21:31:47.0500 3004 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:31:47.0500 3004 Udfs - ok
21:31:47.0500 3004 ultra - ok
21:31:47.0640 3004 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:31:47.0640 3004 Update - ok
21:31:47.0718 3004 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:31:47.0750 3004 upnphost - ok
21:31:47.0796 3004 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:31:47.0796 3004 UPS - ok
21:31:47.0875 3004 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:31:47.0875 3004 USBAAPL - ok
21:31:47.0937 3004 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:31:47.0968 3004 usbaudio - ok
21:31:48.0000 3004 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:31:48.0000 3004 usbccgp - ok
21:31:48.0015 3004 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:31:48.0015 3004 usbehci - ok
21:31:48.0046 3004 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:31:48.0046 3004 usbhub - ok
21:31:48.0093 3004 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:31:48.0093 3004 usbohci - ok
21:31:48.0218 3004 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:31:48.0234 3004 usbprint - ok
21:31:48.0296 3004 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:31:48.0328 3004 usbscan - ok
21:31:48.0406 3004 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:31:48.0437 3004 USBSTOR - ok
21:31:48.0453 3004 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:31:48.0453 3004 VgaSave - ok
21:31:48.0468 3004 ViaIde - ok
21:31:48.0500 3004 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:31:48.0515 3004 VolSnap - ok
21:31:48.0671 3004 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:31:48.0718 3004 VSS - ok
21:31:49.0234 3004 [ 42870675B4D84ACD81A9DA69B83F14C5 ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys
21:31:50.0265 3004 VX3000 - ok
21:31:50.0484 3004 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:31:50.0484 3004 W32Time - ok
21:31:50.0531 3004 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:31:50.0531 3004 Wanarp - ok
21:31:50.0609 3004 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:31:50.0640 3004 WDC_SAM - ok
21:31:50.0796 3004 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:31:51.0046 3004 Wdf01000 - ok
21:31:51.0046 3004 WDICA - ok
21:31:51.0093 3004 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:31:51.0093 3004 wdmaud - ok
21:31:51.0109 3004 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:31:51.0140 3004 WebClient - ok
21:31:51.0390 3004 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:31:51.0406 3004 winmgmt - ok
21:31:51.0875 3004 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:31:52.0156 3004 WinRM - ok
21:31:52.0187 3004 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:31:52.0234 3004 WmdmPmSN - ok
21:31:52.0328 3004 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:31:52.0390 3004 WmiApSrv - ok
21:31:52.0593 3004 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:31:52.0843 3004 WPFFontCache_v0400 - ok
21:31:52.0921 3004 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:31:52.0937 3004 WS2IFSL - ok
21:31:53.0015 3004 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:31:53.0031 3004 WSTCODEC - ok
21:31:53.0078 3004 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:31:53.0109 3004 wuauserv - ok
21:31:53.0156 3004 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:31:53.0203 3004 WudfPf - ok
21:31:53.0250 3004 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:31:53.0328 3004 WudfRd - ok
21:31:53.0359 3004 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:31:53.0406 3004 WudfSvc - ok
21:31:53.0593 3004 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:31:53.0609 3004 WZCSVC - ok
21:31:53.0734 3004 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:31:53.0843 3004 xmlprov - ok
21:31:53.0921 3004 [ A640C90B007762939507C28A021BE3B3 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
21:31:53.0953 3004 xusb21 - ok
21:31:53.0968 3004 ================ Scan global ===============================
21:31:54.0031 3004 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:31:54.0187 3004 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
21:31:54.0328 3004 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
21:31:54.0406 3004 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:31:54.0406 3004 [Global] - ok
21:31:54.0406 3004 ================ Scan MBR ==================================
21:31:54.0453 3004 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:32:00.0359 3004 \Device\Harddisk0\DR0 - ok
21:32:00.0359 3004 ================ Scan VBR ==================================
21:32:00.0390 3004 [ E5AA047A0D2B279409562688D7EAF47D ] \Device\Harddisk0\DR0\Partition1
21:32:00.0468 3004 \Device\Harddisk0\DR0\Partition1 - ok
21:32:00.0468 3004 ================ Scan active images ========================
21:32:00.0484 3004 [ EFBB0956BAED786E137351B5CA272AEF ] C:\WINDOWS\system32\drivers\AmdK8.sys
21:32:00.0484 3004 C:\WINDOWS\system32\drivers\AmdK8.sys - ok
21:32:00.0484 3004 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
21:32:00.0484 3004 C:\WINDOWS\system32\drivers\fdc.sys - ok
21:32:00.0484 3004 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
21:32:00.0484 3004 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
21:32:00.0500 3004 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
21:32:00.0500 3004 C:\WINDOWS\system32\drivers\parport.sys - ok
21:32:00.0500 3004 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
21:32:00.0500 3004 C:\WINDOWS\system32\drivers\serenum.sys - ok
21:32:00.0500 3004 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
21:32:00.0500 3004 C:\WINDOWS\system32\drivers\serial.sys - ok
21:32:00.0500 3004 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
21:32:00.0500 3004 C:\WINDOWS\system32\drivers\mouclass.sys - ok
21:32:00.0515 3004 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
21:32:00.0515 3004 C:\WINDOWS\system32\drivers\usbport.sys - ok
21:32:00.0515 3004 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
21:32:00.0515 3004 C:\WINDOWS\system32\drivers\usbehci.sys - ok
21:32:00.0515 3004 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
21:32:00.0515 3004 C:\WINDOWS\system32\drivers\usbohci.sys - ok
21:32:00.0531 3004 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
21:32:00.0531 3004 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
21:32:00.0531 3004 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
21:32:00.0531 3004 C:\WINDOWS\system32\drivers\imapi.sys - ok
21:32:00.0531 3004 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
21:32:00.0531 3004 C:\WINDOWS\system32\drivers\cdrom.sys - ok
21:32:00.0546 3004 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
21:32:00.0546 3004 C:\WINDOWS\system32\drivers\ks.sys - ok
21:32:00.0546 3004 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
21:32:00.0546 3004 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
21:32:00.0546 3004 [ C5A2952901DC5E1CC33014E809296D30 ] C:\WINDOWS\system32\drivers\nvnrm.sys
21:32:00.0546 3004 C:\WINDOWS\system32\drivers\nvnrm.sys - ok
21:32:00.0562 3004 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
21:32:00.0562 3004 C:\WINDOWS\system32\drivers\redbook.sys - ok
21:32:00.0562 3004 [ B64AACEFAD2BE5BFF5353FE681253C67 ] C:\WINDOWS\system32\drivers\nvnetbus.sys
21:32:00.0562 3004 C:\WINDOWS\system32\drivers\nvnetbus.sys - ok
21:32:00.0562 3004 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
21:32:00.0562 3004 C:\WINDOWS\system32\drivers\videoprt.sys - ok
21:32:00.0578 3004 [ ED9816DBAF6689542EA7D022631906A1 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
21:32:00.0578 3004 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
21:32:00.0578 3004 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] C:\WINDOWS\system32\drivers\lmimirr.sys
21:32:00.0578 3004 C:\WINDOWS\system32\drivers\lmimirr.sys - ok
21:32:00.0578 3004 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
21:32:00.0578 3004 C:\WINDOWS\system32\drivers\audstub.sys - ok
21:32:00.0593 3004 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
21:32:00.0593 3004 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
21:32:00.0593 3004 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
21:32:00.0593 3004 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
21:32:00.0593 3004 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
21:32:00.0593 3004 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
21:32:00.0609 3004 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
21:32:00.0609 3004 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
21:32:00.0609 3004 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
21:32:00.0609 3004 C:\WINDOWS\system32\drivers\tdi.sys - ok
21:32:00.0609 3004 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
21:32:00.0609 3004 C:\WINDOWS\system32\drivers\psched.sys - ok
21:32:00.0625 3004 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
21:32:00.0625 3004 C:\WINDOWS\system32\drivers\raspptp.sys - ok
21:32:00.0625 3004 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
21:32:00.0625 3004 C:\WINDOWS\system32\drivers\msgpc.sys - ok
21:32:00.0625 3004 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
21:32:00.0625 3004 C:\WINDOWS\system32\drivers\ptilink.sys - ok
21:32:00.0640 3004 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
21:32:00.0640 3004 C:\WINDOWS\system32\drivers\raspti.sys - ok
21:32:00.0640 3004 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
21:32:00.0640 3004 C:\WINDOWS\system32\drivers\termdd.sys - ok
21:32:00.0640 3004 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
21:32:00.0640 3004 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
21:32:00.0656 3004 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
21:32:00.0656 3004 C:\WINDOWS\system32\drivers\swenum.sys - ok
21:32:00.0656 3004 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
21:32:00.0656 3004 C:\WINDOWS\system32\drivers\update.sys - ok
21:32:00.0656 3004 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
21:32:00.0656 3004 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
21:32:00.0671 3004 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
21:32:00.0671 3004 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
21:32:00.0671 3004 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
21:32:00.0671 3004 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
21:32:00.0671 3004 [ 7D275ECDA4628318912F6C945D5CF963 ] C:\WINDOWS\system32\drivers\NVENETFD.sys
21:32:00.0671 3004 C:\WINDOWS\system32\drivers\NVENETFD.sys - ok
21:32:00.0687 3004 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
21:32:00.0687 3004 C:\WINDOWS\system32\drivers\usbd.sys - ok
21:32:00.0703 3004 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
21:32:00.0703 3004 C:\WINDOWS\system32\drivers\usbhub.sys - ok
21:32:00.0703 3004 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
21:32:00.0703 3004 C:\WINDOWS\system32\drivers\drmk.sys - ok
21:32:00.0703 3004 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
21:32:00.0703 3004 C:\WINDOWS\system32\drivers\portcls.sys - ok
21:32:00.0718 3004 [ 3FD00A073361937B705822775255D4E0 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:32:00.0718 3004 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
21:32:00.0718 3004 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
21:32:00.0718 3004 C:\WINDOWS\system32\drivers\beep.sys - ok
21:32:00.0718 3004 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
21:32:00.0718 3004 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
21:32:00.0734 3004 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
21:32:00.0734 3004 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
21:32:00.0734 3004 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
21:32:00.0734 3004 C:\WINDOWS\system32\drivers\hidparse.sys - ok
21:32:00.0734 3004 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
21:32:00.0734 3004 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
21:32:00.0750 3004 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
21:32:00.0750 3004 C:\WINDOWS\system32\drivers\null.sys - ok
21:32:00.0750 3004 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
21:32:00.0750 3004 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
21:32:00.0750 3004 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
21:32:00.0750 3004 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
21:32:00.0765 3004 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
21:32:00.0765 3004 C:\WINDOWS\system32\drivers\msfs.sys - ok
21:32:00.0765 3004 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
21:32:00.0765 3004 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
21:32:00.0765 3004 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
21:32:00.0765 3004 C:\WINDOWS\system32\drivers\vga.sys - ok
21:32:00.0781 3004 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
21:32:00.0781 3004 C:\WINDOWS\system32\drivers\ipsec.sys - ok
21:32:00.0781 3004 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
21:32:00.0781 3004 C:\WINDOWS\system32\drivers\netbt.sys - ok
21:32:00.0796 3004 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
21:32:00.0796 3004 C:\WINDOWS\system32\drivers\npfs.sys - ok
21:32:00.0796 3004 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
21:32:00.0796 3004 C:\WINDOWS\system32\drivers\rasacd.sys - ok
21:32:00.0796 3004 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
21:32:00.0796 3004 C:\WINDOWS\system32\drivers\tcpip.sys - ok
21:32:00.0812 3004 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
21:32:00.0812 3004 C:\WINDOWS\system32\drivers\afd.sys - ok
21:32:00.0812 3004 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
21:32:00.0812 3004 C:\WINDOWS\system32\drivers\netbios.sys - ok
21:32:00.0812 3004 [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
21:32:00.0812 3004 C:\WINDOWS\system32\drivers\processr.sys - ok
21:32:00.0828 3004 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
21:32:00.0828 3004 C:\WINDOWS\system32\drivers\rdbss.sys - ok
21:32:00.0828 3004 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
21:32:00.0828 3004 C:\WINDOWS\system32\drivers\wanarp.sys - ok
21:32:00.0843 3004 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
21:32:00.0843 3004 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
21:32:00.0843 3004 [ BE5D50529799B9BAB6BE879EC768B6CF ] C:\WINDOWS\system32\drivers\BIOS.sys
21:32:00.0843 3004 C:\WINDOWS\system32\drivers\BIOS.sys - ok
21:32:00.0843 3004 [ 5EDF41E8BA27585D3B851C03AD290B51 ] C:\WINDOWS\system32\drivers\BS_I2cIo.sys
21:32:00.0843 3004 C:\WINDOWS\system32\drivers\BS_I2cIo.sys - ok
21:32:00.0859 3004 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
21:32:00.0859 3004 C:\WINDOWS\system32\drivers\fips.sys - ok
21:32:00.0859 3004 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
21:32:00.0859 3004 C:\WINDOWS\system32\ntdll.dll - ok
21:32:00.0859 3004 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
21:32:00.0859 3004 C:\WINDOWS\system32\smss.exe - ok
21:32:00.0875 3004 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
21:32:00.0875 3004 C:\WINDOWS\system32\autochk.exe - ok
21:32:00.0875 3004 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
21:32:00.0875 3004 C:\WINDOWS\system32\sfcfiles.dll - ok
21:32:00.0875 3004 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
21:32:00.0875 3004 C:\WINDOWS\system32\drivers\cdfs.sys - ok
21:32:00.0890 3004 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
21:32:00.0890 3004 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
21:32:00.0890 3004 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
21:32:00.0890 3004 C:\WINDOWS\system32\drivers\hidclass.sys - ok
21:32:00.0890 3004 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
21:32:00.0890 3004 C:\WINDOWS\system32\drivers\hidusb.sys - ok
21:32:00.0906 3004 [ E65E2353A5D74EA89971CB918EEEB2F6 ] C:\WINDOWS\system32\drivers\diskdump.sys
21:32:00.0906 3004 C:\WINDOWS\system32\drivers\diskdump.sys - ok
21:32:00.0921 3004 [ EA98BFE4931BD13D747D647C1859796E ] C:\WINDOWS\system32\drivers\nvgts.sys
21:32:00.0921 3004 C:\WINDOWS\system32\drivers\nvgts.sys - ok
21:32:00.0921 3004 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
21:32:00.0921 3004 C:\WINDOWS\system32\drivers\dxapi.sys - ok
21:32:00.0921 3004 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
21:32:00.0921 3004 C:\WINDOWS\system32\watchdog.sys - ok
21:32:00.0937 3004 [ A3952692FE63986981A54AEB7BCC39C8 ] C:\WINDOWS\system32\win32k.sys
21:32:00.0937 3004 C:\WINDOWS\system32\win32k.sys - ok
21:32:00.0937 3004 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:32:00.0937 3004 C:\WINDOWS\system32\basesrv.dll - ok
21:32:00.0937 3004 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
21:32:00.0937 3004 C:\WINDOWS\system32\csrsrv.dll - ok
21:32:00.0953 3004 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
21:32:00.0953 3004 C:\WINDOWS\system32\csrss.exe - ok
21:32:00.0953 3004 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
21:32:00.0953 3004 C:\WINDOWS\system32\gdi32.dll - ok
21:32:00.0953 3004 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
21:32:00.0953 3004 C:\WINDOWS\system32\winsrv.dll - ok
21:32:00.0968 3004 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
21:32:00.0968 3004 C:\WINDOWS\system32\kernel32.dll - ok
21:32:00.0968 3004 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
21:32:00.0968 3004 C:\WINDOWS\system32\user32.dll - ok
21:32:00.0984 3004 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
21:32:00.0984 3004 C:\WINDOWS\system32\drivers\dxg.sys - ok
21:32:00.0984 3004 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
21:32:00.0984 3004 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
21:32:00.0984 3004 [ B953369C5EF43615F1BFA9CEA69FC9AA ] C:\WINDOWS\system32\drivers\radpms.sys
21:32:00.0984 3004 C:\WINDOWS\system32\drivers\radpms.sys - ok
21:32:01.0000 3004 [ 2C9A151701878E18563447EB2C2B0516 ] C:\WINDOWS\system32\nv4_disp.dll
21:32:01.0000 3004 C:\WINDOWS\system32\nv4_disp.dll - ok
21:32:01.0000 3004 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
21:32:01.0000 3004 C:\WINDOWS\system32\vga.dll - ok
21:32:01.0000 3004 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
21:32:01.0000 3004 C:\WINDOWS\system32\winlogon.exe - ok
21:32:01.0015 3004 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
21:32:01.0015 3004 C:\WINDOWS\system32\advapi32.dll - ok
21:32:01.0015 3004 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
21:32:01.0015 3004 C:\WINDOWS\system32\rpcrt4.dll - ok
21:32:01.0015 3004 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
21:32:01.0015 3004 C:\WINDOWS\system32\authz.dll - ok
21:32:01.0031 3004 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
21:32:01.0031 3004 C:\WINDOWS\system32\msvcrt.dll - ok
21:32:01.0031 3004 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
21:32:01.0031 3004 C:\WINDOWS\system32\secur32.dll - ok
21:32:01.0046 3004 [ A90E118F12D355F9946DFB30A8F94609 ] C:\WINDOWS\system32\crypt32.dll
21:32:01.0046 3004 C:\WINDOWS\system32\crypt32.dll - ok
21:32:01.0046 3004 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
21:32:01.0046 3004 C:\WINDOWS\system32\msasn1.dll - ok
21:32:01.0046 3004 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
21:32:01.0046 3004 C:\WINDOWS\system32\nddeapi.dll - ok
21:32:01.0062 3004 [ 318230E845919255EF3C5D5E1E863631 ] C:\WINDOWS\system32\netapi32.dll
21:32:01.0062 3004 C:\WINDOWS\system32\netapi32.dll - ok
21:32:01.0062 3004 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
21:32:01.0062 3004 C:\WINDOWS\system32\profmap.dll - ok
21:32:01.0062 3004 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
21:32:01.0062 3004 C:\WINDOWS\system32\userenv.dll - ok
21:32:01.0078 3004 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
21:32:01.0078 3004 C:\WINDOWS\system32\psapi.dll - ok
21:32:01.0078 3004 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
21:32:01.0078 3004 C:\WINDOWS\system32\regapi.dll - ok
21:32:01.0078 3004 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
21:32:01.0078 3004 C:\WINDOWS\system32\setupapi.dll - ok
21:32:01.0093 3004 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
21:32:01.0093 3004 C:\WINDOWS\system32\version.dll - ok
21:32:01.0093 3004 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
21:32:01.0093 3004 C:\WINDOWS\system32\winsta.dll - ok
21:32:01.0093 3004 [ AEADC4FE32D6D60F36D9B9ACE5C642A2 ] C:\WINDOWS\system32\wintrust.dll
21:32:01.0093 3004 C:\WINDOWS\system32\wintrust.dll - ok
21:32:01.0109 3004 [ CA648BD638245EB83F971FF71B031BEC ] C:\WINDOWS\system32\imagehlp.dll
21:32:01.0109 3004 C:\WINDOWS\system32\imagehlp.dll - ok
21:32:01.0109 3004 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
21:32:01.0109 3004 C:\WINDOWS\system32\ws2_32.dll - ok
21:32:01.0109 3004 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
21:32:01.0109 3004 C:\WINDOWS\system32\imm32.dll - ok
21:32:01.0125 3004 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
21:32:01.0125 3004 C:\WINDOWS\system32\kbdus.dll - ok
21:32:01.0125 3004 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
21:32:01.0125 3004 C:\WINDOWS\system32\ws2help.dll - ok
21:32:01.0125 3004 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
21:32:01.0125 3004 C:\WINDOWS\system32\msgina.dll - ok
21:32:01.0140 3004 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
21:32:01.0203 3004 C:\WINDOWS\system32\comctl32.dll - ok
21:32:01.0203 3004 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
21:32:01.0203 3004 C:\WINDOWS\system32\comdlg32.dll - ok
21:32:01.0203 3004 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
21:32:01.0203 3004 C:\WINDOWS\system32\odbc32.dll - ok
21:32:01.0203 3004 [ E86423AA9AA8C382AF02B94A058DC2AA ] C:\WINDOWS\system32\shell32.dll
21:32:01.0203 3004 C:\WINDOWS\system32\shell32.dll - ok
21:32:01.0218 3004 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
21:32:01.0218 3004 C:\WINDOWS\system32\shlwapi.dll - ok
21:32:01.0218 3004 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
21:32:01.0218 3004 C:\WINDOWS\system32\sxs.dll - ok
21:32:01.0218 3004 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
21:32:01.0218 3004 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
21:32:01.0234 3004 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
21:32:01.0234 3004 C:\WINDOWS\system32\odbcint.dll - ok
21:32:01.0234 3004 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
21:32:01.0234 3004 C:\WINDOWS\system32\ole32.dll - ok
21:32:01.0250 3004 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
21:32:01.0250 3004 C:\WINDOWS\system32\sfc.dll - ok
21:32:01.0250 3004 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
21:32:01.0250 3004 C:\WINDOWS\system32\sfc_os.dll - ok
21:32:01.0250 3004 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
21:32:01.0250 3004 C:\WINDOWS\system32\shsvcs.dll - ok
21:32:01.0265 3004 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
21:32:01.0265 3004 C:\WINDOWS\system32\apphelp.dll - ok
21:32:01.0265 3004 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
21:32:01.0265 3004 C:\WINDOWS\system32\lsasrv.dll - ok
21:32:01.0265 3004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
21:32:01.0265 3004 C:\WINDOWS\system32\lsass.exe - ok
21:32:01.0281 3004 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
21:32:01.0281 3004 C:\WINDOWS\system32\msvcp60.dll - ok
21:32:01.0281 3004 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
21:32:01.0281 3004 C:\WINDOWS\system32\ncobjapi.dll - ok
21:32:01.0281 3004 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:32:01.0281 3004 C:\WINDOWS\system32\services.exe - ok
21:32:01.0296 3004 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
21:32:01.0296 3004 C:\WINDOWS\system32\dnsapi.dll - ok
21:32:01.0296 3004 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
21:32:01.0296 3004 C:\WINDOWS\system32\mpr.dll - ok
21:32:01.0296 3004 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
21:32:01.0296 3004 C:\WINDOWS\system32\ntdsapi.dll - ok
21:32:01.0312 3004 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
21:32:01.0312 3004 C:\WINDOWS\system32\scesrv.dll - ok
21:32:01.0312 3004 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
21:32:01.0312 3004 C:\WINDOWS\system32\umpnpmgr.dll - ok
21:32:01.0312 3004 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
21:32:01.0312 3004 C:\WINDOWS\system32\wldap32.dll - ok
21:32:01.0328 3004 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
21:32:01.0328 3004 C:\WINDOWS\system32\shimeng.dll - ok
21:32:01.0328 3004 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
21:32:01.0328 3004 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
21:32:01.0328 3004 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
21:32:01.0328 3004 C:\WINDOWS\system32\samlib.dll - ok
21:32:01.0343 3004 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
21:32:01.0343 3004 C:\WINDOWS\system32\cryptdll.dll - ok
21:32:01.0343 3004 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
21:32:01.0343 3004 C:\WINDOWS\system32\samsrv.dll - ok
21:32:01.0343 3004 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
21:32:01.0343 3004 C:\WINDOWS\AppPatch\AcGenral.dll - ok
21:32:01.0359 3004 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
21:32:01.0359 3004 C:\WINDOWS\system32\oleaut32.dll - ok
21:32:01.0359 3004 [ F1300D0B4C40754A01DF16F350F0EF60 ] C:\WINDOWS\system32\winmm.dll
21:32:01.0359 3004 C:\WINDOWS\system32\winmm.dll - ok
21:32:01.0359 3004 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
21:32:01.0359 3004 C:\WINDOWS\system32\msacm32.dll - ok
21:32:01.0359 3004 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
21:32:01.0359 3004 C:\WINDOWS\system32\uxtheme.dll - ok
21:32:01.0375 3004 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
21:32:01.0375 3004 C:\WINDOWS\system32\msapsspc.dll - ok
21:32:01.0375 3004 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
21:32:01.0375 3004 C:\WINDOWS\system32\digest.dll - ok
21:32:01.0375 3004 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
21:32:01.0375 3004 C:\WINDOWS\system32\msvcrt40.dll - ok
21:32:01.0390 3004 [ ABEEDD547E939AD827B2E29DEC754206 ] C:\WINDOWS\system32\schannel.dll
21:32:01.0390 3004 C:\WINDOWS\system32\schannel.dll - ok
21:32:01.0390 3004 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
21:32:01.0390 3004 C:\WINDOWS\system32\kerberos.dll - ok
21:32:01.0390 3004 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\MSCTFIME.IME
21:32:01.0390 3004 C:\WINDOWS\system32\MSCTFIME.IME - ok
21:32:01.0406 3004 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
21:32:01.0406 3004 C:\WINDOWS\system32\msnsspc.dll - ok
21:32:01.0406 3004 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
21:32:01.0406 3004 C:\WINDOWS\system32\msprivs.dll - ok
21:32:01.0406 3004 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
21:32:01.0406 3004 C:\WINDOWS\system32\atmfd.dll - ok
21:32:01.0406 3004 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
21:32:01.0406 3004 C:\WINDOWS\system32\iphlpapi.dll - ok
21:32:01.0421 3004 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
21:32:01.0421 3004 C:\WINDOWS\system32\msv1_0.dll - ok
21:32:01.0421 3004 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
21:32:01.0421 3004 C:\WINDOWS\system32\netlogon.dll - ok
21:32:01.0421 3004 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
21:32:01.0421 3004 C:\WINDOWS\system32\w32time.dll - ok
21:32:01.0437 3004 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
21:32:01.0437 3004 C:\WINDOWS\system32\rsaenh.dll - ok
21:32:01.0437 3004 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
21:32:01.0437 3004 C:\WINDOWS\system32\wdigest.dll - ok
21:32:01.0437 3004 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
21:32:01.0437 3004 C:\WINDOWS\system32\winscard.dll - ok
21:32:01.0453 3004 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
21:32:01.0453 3004 C:\WINDOWS\system32\wtsapi32.dll - ok
21:32:01.0453 3004 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
21:32:01.0453 3004 C:\WINDOWS\system32\scecli.dll - ok
21:32:01.0453 3004 [ 629CABB0421668C9D3D402A3C3D77E14 ] C:\WINDOWS\system32\drivers\mbam.sys
21:32:01.0453 3004 C:\WINDOWS\system32\drivers\mbam.sys - ok
21:32:01.0468 3004 [ A2322C6207EBB0761A6C8CC9003EBACF ] C:\WINDOWS\system32\nvsvc32.exe
21:32:01.0468 3004 C:\WINDOWS\system32\nvsvc32.exe - ok
21:32:01.0468 3004 [ 58A517026E5C8674A70B9B6650691EFE ] C:\WINDOWS\system32\nvcpl.dll
21:32:01.0468 3004 C:\WINDOWS\system32\nvcpl.dll - ok
21:32:01.0468 3004 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
21:32:01.0468 3004 C:\WINDOWS\system32\powrprof.dll - ok
21:32:01.0484 3004 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
21:32:01.0484 3004 C:\WINDOWS\system32\winspool.drv - ok
21:32:01.0484 3004 [ 6A65DA7325CF33ACAA112DC2F70B0934 ] C:\WINDOWS\system32\nvapi.dll
21:32:01.0484 3004 C:\WINDOWS\system32\nvapi.dll - ok
21:32:01.0484 3004 [ 0AD786CEEFBD6D51B7D35788D83857B9 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
21:32:01.0484 3004 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
21:32:01.0500 3004 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
21:32:01.0500 3004 C:\WINDOWS\system32\logonui.exe - ok
21:32:01.0500 3004 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
21:32:01.0500 3004 C:\WINDOWS\system32\duser.dll - ok
21:32:01.0500 3004 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
21:32:01.0500 3004 C:\WINDOWS\system32\msimg32.dll - ok
21:32:01.0515 3004 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
21:32:01.0515 3004 C:\WINDOWS\system32\oleacc.dll - ok
21:32:01.0515 3004 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
21:32:01.0515 3004 C:\WINDOWS\system32\clbcatq.dll - ok
21:32:01.0515 3004 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
21:32:01.0515 3004 C:\WINDOWS\system32\svchost.exe - ok
21:32:01.0515 3004 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
21:32:01.0515 3004 C:\WINDOWS\system32\comres.dll - ok
21:32:01.0531 3004 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
21:32:01.0531 3004 C:\WINDOWS\system32\ntmarta.dll - ok
21:32:01.0531 3004 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
21:32:01.0531 3004 C:\WINDOWS\system32\rpcss.dll - ok
21:32:01.0531 3004 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
21:32:01.0531 3004 C:\WINDOWS\system32\eventlog.dll - ok
21:32:01.0531 3004 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
21:32:01.0531 3004 C:\WINDOWS\system32\shgina.dll - ok
21:32:01.0546 3004 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
21:32:01.0546 3004 C:\WINDOWS\system32\xpsp2res.dll - ok
21:32:01.0546 3004 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
21:32:01.0546 3004 C:\WINDOWS\system32\mswsock.dll - ok
21:32:01.0546 3004 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
21:32:01.0546 3004 C:\WINDOWS\system32\hnetcfg.dll - ok
21:32:01.0546 3004 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
21:32:01.0546 3004 C:\WINDOWS\system32\wshtcpip.dll - ok
21:32:01.0546 3004 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
21:32:01.0546 3004 C:\Program Files\Bonjour\mdnsNSP.dll - ok
21:32:01.0562 3004 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
21:32:01.0562 3004 C:\WINDOWS\system32\rasadhlp.dll - ok
21:32:01.0562 3004 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
21:32:01.0562 3004 C:\WINDOWS\system32\winrnr.dll - ok
21:32:01.0562 3004 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
21:32:01.0562 3004 C:\WINDOWS\system32\dhcpcsvc.dll - ok
21:32:01.0562 3004 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
21:32:01.0562 3004 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
21:32:01.0578 3004 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
21:32:01.0578 3004 C:\WINDOWS\system32\cscdll.dll - ok
21:32:01.0578 3004 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
21:32:01.0578 3004 C:\WINDOWS\system32\dimsntfy.dll - ok
21:32:01.0578 3004 [ 9537C3F4853ABB33DD839F52F198F22B ] C:\WINDOWS\system32\LMIinit.dll
21:32:01.0578 3004 C:\WINDOWS\system32\LMIinit.dll - ok
21:32:01.0578 3004 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
21:32:01.0578 3004 C:\WINDOWS\system32\wlnotify.dll - ok
21:32:01.0578 3004 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
21:32:01.0578 3004 C:\WINDOWS\system32\dnsrslvr.dll - ok
21:32:01.0593 3004 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
21:32:01.0593 3004 C:\WINDOWS\system32\wzcsvc.dll - ok
21:32:01.0593 3004 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
21:32:01.0593 3004 C:\WINDOWS\system32\atl.dll - ok
21:32:01.0593 3004 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
21:32:01.0593 3004 C:\WINDOWS\system32\eapolqec.dll - ok
21:32:01.0593 3004 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
21:32:01.0593 3004 C:\WINDOWS\system32\qutil.dll - ok
21:32:01.0609 3004 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
21:32:01.0609 3004 C:\WINDOWS\system32\rtutils.dll - ok
21:32:01.0609 3004 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
21:32:01.0609 3004 C:\WINDOWS\system32\wmi.dll - ok
21:32:01.0609 3004 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
21:32:01.0609 3004 C:\WINDOWS\system32\dot3api.dll - ok
21:32:01.0609 3004 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
21:32:01.0609 3004 C:\WINDOWS\system32\esent.dll - ok
21:32:01.0609 3004 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
21:32:01.0609 3004 C:\WINDOWS\system32\rastls.dll - ok
21:32:01.0625 3004 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
21:32:01.0625 3004 C:\WINDOWS\system32\cryptui.dll - ok
21:32:01.0625 3004 [ 6CE32F7778061CCC5814D5E0F282D369 ] C:\WINDOWS\system32\wininet.dll
21:32:01.0625 3004 C:\WINDOWS\system32\wininet.dll - ok
21:32:01.0625 3004 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
21:32:01.0625 3004 C:\WINDOWS\system32\normaliz.dll - ok
21:32:01.0625 3004 [ 05642AE6A7BDAA7541A7451F5A4C6512 ] C:\WINDOWS\system32\urlmon.dll
21:32:01.0625 3004 C:\WINDOWS\system32\urlmon.dll - ok
21:32:01.0640 3004 [ 58BD4689E1DCD40A903721D7EF45F2EC ] C:\WINDOWS\system32\iertutil.dll
21:32:01.0640 3004 C:\WINDOWS\system32\iertutil.dll - ok
21:32:01.0640 3004 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
21:32:01.0640 3004 C:\WINDOWS\system32\mprapi.dll - ok
21:32:01.0640 3004 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
21:32:01.0640 3004 C:\WINDOWS\system32\activeds.dll - ok
21:32:01.0640 3004 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
21:32:01.0640 3004 C:\WINDOWS\system32\adsldpc.dll - ok
21:32:01.0640 3004 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
21:32:01.0640 3004 C:\WINDOWS\system32\rasapi32.dll - ok
21:32:01.0656 3004 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
21:32:01.0656 3004 C:\WINDOWS\system32\rasman.dll - ok
21:32:01.0656 3004 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
21:32:01.0656 3004 C:\WINDOWS\system32\riched20.dll - ok
21:32:01.0656 3004 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
21:32:01.0656 3004 C:\WINDOWS\system32\tapi32.dll - ok
21:32:01.0656 3004 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
21:32:01.0656 3004 C:\WINDOWS\system32\schedsvc.dll - ok
21:32:01.0671 3004 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
21:32:01.0671 3004 C:\WINDOWS\system32\raschap.dll - ok
21:32:01.0671 3004 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
21:32:01.0671 3004 C:\WINDOWS\system32\msidle.dll - ok
21:32:01.0671 3004 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
21:32:01.0671 3004 C:\WINDOWS\system32\spoolsv.exe - ok
21:32:01.0671 3004 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
21:32:01.0671 3004 C:\WINDOWS\system32\audiosrv.dll - ok
21:32:01.0671 3004 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
21:32:01.0671 3004 C:\WINDOWS\system32\wkssvc.dll - ok
21:32:01.0687 3004 [ 3DEBBECF665DCDDE3A95D9B902010817 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:32:01.0687 3004 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
21:32:01.0687 3004 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
21:32:01.0687 3004 C:\WINDOWS\system32\drivers\parvdm.sys - ok
21:32:01.0687 3004 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
21:32:01.0687 3004 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
21:32:01.0687 3004 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
21:32:01.0687 3004 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
21:32:01.0703 3004 [ 6C63DC384A15E2AFD4A860031EF40267 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
21:32:01.0703 3004 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
21:32:01.0703 3004 [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
21:32:01.0703 3004 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
21:32:01.0703 3004 [ 64894527838C86454E2F378FF39FA336 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
21:32:01.0703 3004 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
21:32:01.0703 3004 [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
21:32:01.0703 3004 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
21:32:01.0718 3004 [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
21:32:01.0718 3004 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
21:32:01.0718 3004 [ D8D46A439659B8B43A41B266E4646527 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
21:32:01.0718 3004 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
21:32:01.0718 3004 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
21:32:01.0718 3004 C:\WINDOWS\system32\wsock32.dll - ok
21:32:01.0734 3004 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
21:32:01.0734 3004 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
21:32:01.0734 3004 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
21:32:01.0734 3004 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
21:32:01.0734 3004 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
21:32:01.0734 3004 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
21:32:01.0734 3004 [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
21:32:01.0734 3004 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
21:32:01.0750 3004 [ 1224BC6DE919F8CD8C1C945280E63852 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
21:32:01.0750 3004 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
21:32:01.0750 3004 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
21:32:01.0750 3004 C:\Program Files\Bonjour\mDNSResponder.exe - ok
21:32:01.0750 3004 [ 905B5BF5BE0A86E8412801BF20357195 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
21:32:01.0750 3004 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
21:32:01.0750 3004 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\WINDOWS\system32\dnssd.dll
21:32:01.0750 3004 C:\WINDOWS\system32\dnssd.dll - ok
21:32:01.0765 3004 [ CF3126A2FF45AA224FC541BC543C2D9C ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
21:32:01.0765 3004 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
21:32:01.0765 3004 [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
21:32:01.0765 3004 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
21:32:01.0765 3004 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:32:01.0765 3004 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
21:32:01.0765 3004 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
21:32:01.0765 3004 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
21:32:01.0765 3004 [ B04DB1F0B2652FCBCCC5FD0C46579F0F ] C:\WINDOWS\system32\mscoree.dll
21:32:01.0765 3004 C:\WINDOWS\system32\mscoree.dll - ok
21:32:01.0781 3004 [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
21:32:01.0781 3004 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
21:32:01.0781 3004 [ B591E761161D1EF547D76EF236EAA6A5 ] C:\Program Files\Java\jre7\bin\jqs.exe
21:32:01.0781 3004 C:\Program Files\Java\jre7\bin\jqs.exe - ok
21:32:01.0781 3004 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
21:32:01.0781 3004 C:\WINDOWS\system32\certcli.dll - ok
21:32:01.0781 3004 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
21:32:01.0781 3004 C:\WINDOWS\system32\cryptsvc.dll - ok
21:32:01.0781 3004 [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
21:32:01.0781 3004 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
21:32:01.0796 3004 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
21:32:01.0796 3004 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
21:32:01.0796 3004 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
21:32:01.0796 3004 C:\WINDOWS\system32\hid.dll - ok
21:32:01.0812 3004 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
21:32:01.0812 3004 C:\WINDOWS\system32\hidserv.dll - ok
21:32:01.0812 3004 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
21:32:01.0812 3004 C:\WINDOWS\system32\es.dll - ok
21:32:01.0812 3004 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
21:32:01.0812 3004 C:\WINDOWS\system32\pdh.dll - ok
21:32:01.0812 3004 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
21:32:01.0812 3004 C:\WINDOWS\system32\odbcbcp.dll - ok
21:32:01.0828 3004 [ 2135894A03850D9AC641E4EF9A1759C6 ] C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll
21:32:01.0875 3004 C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll - ok
21:32:01.0890 3004 [ 3D67740573A70C6C9B1614982CFAC4C5 ] C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
21:32:01.0890 3004 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe - ok
21:32:01.0890 3004 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
21:32:01.0890 3004 C:\WINDOWS\system32\netmsg.dll - ok
21:32:01.0890 3004 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
21:32:01.0890 3004 C:\WINDOWS\system32\srvsvc.dll - ok
21:32:01.0906 3004 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] C:\Program Files\LogMeIn\x86\rainfo.sys
21:32:01.0906 3004 C:\Program Files\LogMeIn\x86\rainfo.sys - ok
21:32:01.0906 3004 [ D95F3217C9DFA24ECA582ED8E435E221 ] C:\Program Files\LogMeIn\x86\ramaint.exe
21:32:01.0906 3004 C:\Program Files\LogMeIn\x86\ramaint.exe - ok
21:32:01.0906 3004 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
21:32:01.0906 3004 C:\WINDOWS\system32\drivers\srv.sys - ok
21:32:01.0921 3004 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
21:32:01.0921 3004 C:\WINDOWS\system32\snmpapi.dll - ok
21:32:01.0921 3004 [ 63E8D944AFBEEBB243F25C4ED07E74C5 ] C:\WINDOWS\system32\inetmib1.dll
21:32:01.0921 3004 C:\WINDOWS\system32\inetmib1.dll - ok
21:32:01.0921 3004 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
21:32:01.0921 3004 C:\WINDOWS\system32\perfos.dll - ok
21:32:01.0937 3004 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
21:32:01.0937 3004 C:\WINDOWS\system32\perfdisk.dll - ok
21:32:01.0937 3004 [ B8AE25C09B8C26FF72820430294E4EF6 ] C:\WINDOWS\system32\rassapi.dll
21:32:01.0937 3004 C:\WINDOWS\system32\rassapi.dll - ok
21:32:01.0937 3004 [ 33CD12979BD4AE881F3C097905BBCFF9 ] C:\Program Files\LogMeIn\x86\LogMeIn.dll
21:32:01.0937 3004 C:\Program Files\LogMeIn\x86\LogMeIn.dll - ok
21:32:01.0953 3004 [ 432618FA75B61059D2C57D6A7E55147A ] C:\Program Files\LogMeIn\x86\LogMeIn.exe
21:32:01.0953 3004 C:\Program Files\LogMeIn\x86\LogMeIn.exe - ok
21:32:01.0953 3004 [ 3FAA563DDF853320F90259D455A01D79 ] C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
21:32:01.0953 3004 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys - ok
21:32:01.0953 3004 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
21:32:01.0953 3004 C:\WINDOWS\system32\spoolss.dll - ok
21:32:01.0968 3004 [ AA897735D5AB916297A6823A9B2D61B1 ] C:\WINDOWS\system32\localspl.dll
21:32:01.0968 3004 C:\WINDOWS\system32\localspl.dll - ok
21:32:01.0968 3004 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
21:32:01.0968 3004 C:\WINDOWS\system32\cnbjmon.dll - ok
21:32:01.0968 3004 [ 9A3053C8B97B5F8D2191DF4F3D868EEE ] C:\WINDOWS\system32\LMIport.dll
21:32:01.0968 3004 C:\WINDOWS\system32\LMIport.dll - ok
21:32:01.0984 3004 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
21:32:01.0984 3004 C:\WINDOWS\system32\pjlmon.dll - ok
21:32:01.0984 3004 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
21:32:01.0984 3004 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
21:32:01.0984 3004 [ 375B160A176359B8F92CBE38B920065E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
21:32:01.0984 3004 C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll - ok
21:32:01.0984 3004 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
21:32:01.0984 3004 C:\WINDOWS\system32\tcpmon.dll - ok
21:32:02.0000 3004 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
21:32:02.0000 3004 C:\WINDOWS\system32\usbmon.dll - ok
21:32:02.0000 3004 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
21:32:02.0000 3004 C:\WINDOWS\system32\netrap.dll - ok
21:32:02.0000 3004 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
21:32:02.0000 3004 C:\WINDOWS\system32\win32spl.dll - ok
21:32:02.0015 3004 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
21:32:02.0015 3004 C:\WINDOWS\system32\inetpp.dll - ok
21:32:02.0015 3004 [ 729DA5D23A9AD20A6AA353156A126420 ] C:\WINDOWS\system32\ieframe.dll
21:32:02.0015 3004 C:\WINDOWS\system32\ieframe.dll - ok
21:32:02.0015 3004 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:32:02.0015 3004 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
21:32:02.0031 3004 [ A21C2A8E47D40FCC40A2B1573E666A53 ] C:\Program Files\Java\jre7\bin\awt.dll
21:32:02.0031 3004 C:\Program Files\Java\jre7\bin\awt.dll - ok
21:32:02.0031 3004 [ 8624E0E2418413614EE1FECDB7B76B88 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
21:32:02.0031 3004 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
21:32:02.0031 3004 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
21:32:02.0031 3004 C:\WINDOWS\system32\security.dll - ok
21:32:02.0046 3004 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
21:32:02.0046 3004 C:\WINDOWS\system32\wuapi.dll - ok
21:32:02.0046 3004 [ D4467A285C91752018F67CDBA8680BAB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
21:32:02.0046 3004 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
21:32:02.0046 3004 [ 966CD21542A62F9AB237D84C451CC137 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
21:32:02.0046 3004 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
21:32:02.0062 3004 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
21:32:02.0062 3004 C:\WINDOWS\system32\cabinet.dll - ok
21:32:02.0062 3004 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
21:32:02.0062 3004 C:\WINDOWS\system32\wups.dll - ok
21:32:02.0062 3004 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
21:32:02.0062 3004 C:\WINDOWS\system32\wdmaud.drv - ok
21:32:02.0062 3004 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
21:32:02.0062 3004 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
21:32:02.0078 3004 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
21:32:02.0078 3004 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
21:32:02.0078 3004 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
21:32:02.0078 3004 C:\WINDOWS\system32\drivers\splitter.sys - ok
21:32:02.0078 3004 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
21:32:02.0078 3004 C:\WINDOWS\system32\drivers\aec.sys - ok
21:32:02.0093 3004 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
21:32:02.0093 3004 C:\WINDOWS\system32\cryptnet.dll - ok
21:32:02.0093 3004 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
21:32:02.0093 3004 C:\WINDOWS\system32\drivers\swmidi.sys - ok
21:32:02.0093 3004 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
21:32:02.0093 3004 C:\WINDOWS\system32\sensapi.dll - ok
21:32:02.0109 3004 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
21:32:02.0109 3004 C:\WINDOWS\system32\drivers\DMusic.sys - ok
21:32:02.0109 3004 [ 8C77ECF3C7DCBB926312B7ECED6ECA75 ] C:\WINDOWS\system32\winhttp.dll
21:32:02.0109 3004 C:\WINDOWS\system32\winhttp.dll - ok
21:32:02.0109 3004 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
21:32:02.0109 3004 C:\WINDOWS\system32\drivers\kmixer.sys - ok
21:32:02.0125 3004 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
21:32:02.0125 3004 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
21:32:02.0125 3004 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
21:32:02.0125 3004 C:\WINDOWS\system32\msacm32.drv - ok
21:32:02.0125 3004 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
21:32:02.0125 3004 C:\WINDOWS\system32\midimap.dll - ok
21:32:02.0140 3004 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
21:32:02.0140 3004 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
21:32:02.0140 3004 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
21:32:02.0140 3004 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
21:32:02.0140 3004 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
21:32:02.0140 3004 C:\WINDOWS\system32\dsound.dll - ok
21:32:02.0156 3004 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:32:02.0156 3004 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
21:32:02.0156 3004 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
21:32:02.0156 3004 C:\WINDOWS\system32\ksuser.dll - ok
21:32:02.0171 3004 [ 4BE1DCAD76BE96D1EC887A41E570C404 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
21:32:02.0171 3004 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
21:32:02.0171 3004 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
21:32:02.0171 3004 C:\WINDOWS\system32\ipsecsvc.dll - ok
21:32:02.0171 3004 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
21:32:02.0171 3004 C:\WINDOWS\system32\oakley.dll - ok
21:32:02.0171 3004 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
21:32:02.0171 3004 C:\WINDOWS\system32\seclogon.dll - ok
21:32:02.0187 3004 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
21:32:02.0187 3004 C:\WINDOWS\system32\sens.dll - ok
21:32:02.0187 3004 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
21:32:02.0187 3004 C:\WINDOWS\system32\srsvc.dll - ok
21:32:02.0187 3004 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
21:32:02.0187 3004 C:\WINDOWS\system32\wiaservc.dll - ok
21:32:02.0203 3004 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
21:32:02.0203 3004 C:\WINDOWS\system32\winipsec.dll - ok
21:32:02.0218 3004 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
21:32:02.0218 3004 C:\WINDOWS\system32\pstorsvc.dll - ok
21:32:02.0218 3004 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
21:32:02.0218 3004 C:\WINDOWS\system32\psbase.dll - ok
21:32:02.0234 3004 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
21:32:02.0234 3004 C:\WINDOWS\system32\wuauserv.dll - ok
21:32:02.0234 3004 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
21:32:02.0234 3004 C:\WINDOWS\system32\wuaueng.dll - ok
21:32:02.0234 3004 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
21:32:02.0234 3004 C:\WINDOWS\system32\dssenh.dll - ok
21:32:02.0234 3004 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
21:32:02.0234 3004 C:\WINDOWS\system32\cfgmgr32.dll - ok
21:32:02.0250 3004 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
21:32:02.0250 3004 C:\WINDOWS\system32\mscms.dll - ok
21:32:02.0250 3004 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
21:32:02.0250 3004 C:\WINDOWS\system32\mspatcha.dll - ok
21:32:02.0250 3004 [ A06CE3399D16DB864F55FAEB1F1927A9 ] C:\WINDOWS\system32\browser.dll
21:32:02.0250 3004 C:\WINDOWS\system32\browser.dll - ok
21:32:02.0265 3004 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
21:32:02.0265 3004 C:\WINDOWS\system32\actxprxy.dll - ok
21:32:02.0265 3004 [ FBDB9D0935B9907B809B381FDDF1627F ] C:\WINDOWS\system32\regsvr32.exe
21:32:02.0265 3004 C:\WINDOWS\system32\regsvr32.exe - ok
21:32:02.0265 3004 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
21:32:02.0265 3004 C:\WINDOWS\system32\wups2.dll - ok
21:32:02.0281 3004 [ 90760987BCCCF34D05EF6093EC278A96 ] C:\Program Files\Java\jre7\bin\dcpr.dll
21:32:02.0281 3004 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
21:32:02.0281 3004 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
21:32:02.0281 3004 C:\WINDOWS\system32\wuauclt.exe - ok
21:32:02.0281 3004 [ D2D31D7A394A70040FCAC5F54A130FBA ] C:\Program Files\Java\jre7\bin\deploy.dll
21:32:02.0281 3004 C:\Program Files\Java\jre7\bin\deploy.dll - ok
21:32:02.0296 3004 [ C09775FEB73BDF16BB87A509C5FF12AD ] C:\Program Files\Java\jre7\bin\fontmanager.dll
21:32:02.0296 3004 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
21:32:02.0296 3004 [ B98F28229D292B99FF449FF3647F31BA ] C:\Program Files\Java\jre7\bin\java.dll
21:32:02.0296 3004 C:\Program Files\Java\jre7\bin\java.dll - ok
21:32:02.0296 3004 [ 23C84DBECF3BD95687623F23BCD66441 ] C:\Program Files\Java\jre7\bin\javaw.exe
21:32:02.0296 3004 C:\Program Files\Java\jre7\bin\javaw.exe - ok
21:32:02.0312 3004 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
21:32:02.0312 3004 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
21:32:02.0312 3004 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
21:32:02.0312 3004 C:\WINDOWS\system32\vssapi.dll - ok
21:32:02.0312 3004 [ 0384126B913AC2E090804C642302945E ] C:\Program Files\Java\jre7\bin\jp2native.dll
21:32:02.0312 3004 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
21:32:02.0328 3004 [ 0AD792A78419867BF5D750853D80FA11 ] C:\WINDOWS\system32\msxml3.dll
21:32:02.0328 3004 C:\WINDOWS\system32\msxml3.dll - ok
21:32:02.0328 3004 [ CB91CCFA95601066772A004550B55A85 ] C:\Program Files\Java\jre7\bin\jpeg.dll
21:32:02.0328 3004 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
21:32:02.0328 3004 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
21:32:02.0328 3004 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
21:32:02.0343 3004 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
21:32:02.0343 3004 C:\WINDOWS\system32\wbem\esscli.dll - ok
21:32:02.0343 3004 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
21:32:02.0343 3004 C:\WINDOWS\system32\wbem\fastprox.dll - ok
21:32:02.0343 3004 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
21:32:02.0343 3004 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
21:32:02.0343 3004 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
21:32:02.0343 3004 C:\WINDOWS\system32\comsvcs.dll - ok
21:32:02.0359 3004 [ 2E4A927544CDA0279501AA757FFFB538 ] C:\Program Files\Java\jre7\bin\net.dll
21:32:02.0359 3004 C:\Program Files\Java\jre7\bin\net.dll - ok
21:32:02.0359 3004 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
21:32:02.0359 3004 C:\WINDOWS\system32\colbact.dll - ok
21:32:02.0359 3004 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
21:32:02.0359 3004 C:\WINDOWS\system32\clusapi.dll - ok
21:32:02.0375 3004 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
21:32:02.0375 3004 C:\WINDOWS\system32\mtxclu.dll - ok
21:32:02.0375 3004 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
21:32:02.0375 3004 C:\WINDOWS\system32\resutils.dll - ok
21:32:02.0375 3004 [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
21:32:02.0375 3004 C:\WINDOWS\system32\qmgr.dll - ok
21:32:02.0375 3004 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
21:32:02.0375 3004 C:\WINDOWS\system32\shfolder.dll - ok
21:32:02.0390 3004 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
21:32:02.0390 3004 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
21:32:02.0390 3004 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
21:32:02.0390 3004 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
21:32:02.0390 3004 [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
21:32:02.0390 3004 C:\WINDOWS\system32\qmgrprxy.dll - ok
21:32:02.0406 3004 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
21:32:02.0406 3004 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
21:32:02.0406 3004 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
21:32:02.0406 3004 C:\WINDOWS\system32\netman.dll - ok
21:32:02.0406 3004 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
21:32:02.0406 3004 C:\WINDOWS\system32\netshell.dll - ok
21:32:02.0421 3004 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
21:32:02.0421 3004 C:\WINDOWS\system32\credui.dll - ok
21:32:02.0421 3004 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
21:32:02.0421 3004 C:\WINDOWS\system32\dot3dlg.dll - ok
21:32:02.0421 3004 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
21:32:02.0421 3004 C:\WINDOWS\system32\onex.dll - ok
21:32:02.0437 3004 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
21:32:02.0437 3004 C:\WINDOWS\system32\eappcfg.dll - ok
21:32:02.0437 3004 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
21:32:02.0437 3004 C:\WINDOWS\system32\eappprxy.dll - ok
21:32:02.0437 3004 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
21:32:02.0437 3004 C:\WINDOWS\system32\wzcsapi.dll - ok
21:32:02.0453 3004 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
21:32:02.0453 3004 C:\WINDOWS\system32\wbem\wbemess.dll - ok
21:32:02.0453 3004 [ 805766A11E747A44C7C5FBD7F26E9001 ] C:\Program Files\Java\jre7\bin\nio.dll
21:32:02.0453 3004 C:\Program Files\Java\jre7\bin\nio.dll - ok
21:32:02.0453 3004 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
21:32:02.0453 3004 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
21:32:02.0468 3004 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
21:32:02.0468 3004 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
21:32:02.0468 3004 [ 2D168A9627CFCE9C5AC20A90E54D66D4 ] C:\Program Files\Java\jre7\bin\verify.dll
21:32:02.0468 3004 C:\Program Files\Java\jre7\bin\verify.dll - ok
21:32:02.0468 3004 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
21:32:02.0468 3004 C:\WINDOWS\system32\wbem\framedyn.dll - ok
21:32:02.0468 3004 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
21:32:02.0468 3004 C:\WINDOWS\system32\upnp.dll - ok
21:32:02.0484 3004 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
21:32:02.0484 3004 C:\WINDOWS\system32\drivers\http.sys - ok
21:32:02.0484 3004 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
21:32:02.0484 3004 C:\WINDOWS\system32\ssdpapi.dll - ok
21:32:02.0484 3004 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
21:32:02.0484 3004 C:\WINDOWS\system32\netcfgx.dll - ok
21:32:02.0500 3004 [ 9D54D4A8C18081F398FEC0D839340542 ] C:\Program Files\Java\jre7\bin\zip.dll
21:32:02.0500 3004 C:\Program Files\Java\jre7\bin\zip.dll - ok
21:32:02.0500 3004 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
21:32:02.0500 3004 C:\WINDOWS\system32\rasmans.dll - ok
21:32:02.0500 3004 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
21:32:02.0500 3004 C:\WINDOWS\system32\ssdpsrv.dll - ok
21:32:02.0515 3004 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
21:32:02.0515 3004 C:\WINDOWS\system32\tapisrv.dll - ok
21:32:02.0515 3004 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
21:32:02.0515 3004 C:\WINDOWS\system32\rastapi.dll - ok
21:32:02.0515 3004 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
21:32:02.0515 3004 C:\WINDOWS\system32\unimdm.tsp - ok
21:32:02.0531 3004 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
21:32:02.0531 3004 C:\WINDOWS\system32\uniplat.dll - ok
21:32:02.0531 3004 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
21:32:02.0531 3004 C:\WINDOWS\system32\kmddsp.tsp - ok
21:32:02.0531 3004 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
21:32:02.0531 3004 C:\WINDOWS\system32\ndptsp.tsp - ok
21:32:02.0546 3004 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
21:32:02.0546 3004 C:\WINDOWS\system32\h323.tsp - ok
21:32:02.0546 3004 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
21:32:02.0546 3004 C:\WINDOWS\system32\ipconf.tsp - ok
21:32:02.0546 3004 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
21:32:02.0546 3004 C:\WINDOWS\system32\hidphone.tsp - ok
21:32:02.0546 3004 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
21:32:02.0546 3004 C:\WINDOWS\system32\rasppp.dll - ok
21:32:02.0562 3004 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
21:32:02.0562 3004 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
21:32:02.0562 3004 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
21:32:02.0562 3004 C:\WINDOWS\system32\ntlsapi.dll - ok
21:32:02.0562 3004 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
21:32:02.0562 3004 C:\WINDOWS\system32\rasqec.dll - ok
21:32:02.0578 3004 [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll
21:32:02.0578 3004 C:\WINDOWS\system32\httpapi.dll - ok
21:32:02.0578 3004 [ 960F6D3CD9A1BA6435D7AADD102B297F ] C:\WINDOWS\system32\wbem\wmiprov.dll
21:32:02.0578 3004 C:\WINDOWS\system32\wbem\wmiprov.dll - ok
21:32:02.0578 3004 [ 6100A808600F44D999CEBDEF8841C7A3 ] C:\WINDOWS\system32\w3ssl.dll
21:32:02.0578 3004 C:\WINDOWS\system32\w3ssl.dll - ok
21:32:02.0593 3004 [ 4A93B65CFB514F2EA76B59568D5F39CE ] C:\WINDOWS\system32\strmfilt.dll
21:32:02.0593 3004 C:\WINDOWS\system32\strmfilt.dll - ok
21:32:02.0593 3004 [ 8FED1E0A491D4990853D23F21C59C730 ] C:\WINDOWS\system32\advpack.dll
21:32:02.0593 3004 C:\WINDOWS\system32\advpack.dll - ok
21:32:02.0593 3004 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
21:32:02.0593 3004 C:\WINDOWS\system32\msi.dll - ok
21:32:02.0609 3004 [ 6E067E803B1A2E77AC58ADC787B65D3D ] C:\WINDOWS\system32\LMIRfsClientNP.dll
21:32:02.0609 3004 C:\WINDOWS\system32\LMIRfsClientNP.dll - ok
21:32:02.0609 3004 [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
21:32:02.0609 3004 C:\WINDOWS\system32\mpnotify.exe - ok
21:32:02.0609 3004 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
21:32:02.0609 3004 C:\WINDOWS\system32\termsrv.dll - ok
21:32:02.0609 3004 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
21:32:02.0609 3004 C:\WINDOWS\system32\cscui.dll - ok
21:32:02.0625 3004 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
21:32:02.0625 3004 C:\WINDOWS\system32\icaapi.dll - ok
21:32:02.0625 3004 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
21:32:02.0625 3004 C:\WINDOWS\system32\mstlsapi.dll - ok
21:32:02.0625 3004 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
21:32:02.0625 3004 C:\WINDOWS\system32\dpcdll.dll - ok
21:32:02.0640 3004 [ 7853D2AB445C10F97610B2B05FA4CF0A ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
21:32:02.0640 3004 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
21:32:02.0640 3004 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
21:32:02.0640 3004 C:\WINDOWS\system32\userinit.exe - ok
21:32:02.0640 3004 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
21:32:02.0640 3004 C:\WINDOWS\explorer.exe - ok
21:32:02.0656 3004 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
21:32:02.0656 3004 C:\WINDOWS\system32\rundll32.exe - ok
21:32:02.0656 3004 [ 03C76895F47A1339A697269000675266 ] C:\WINDOWS\system32\newdev.dll
21:32:02.0656 3004 C:\WINDOWS\system32\newdev.dll - ok
21:32:02.0656 3004 [ B1C23558820A1B889949C1B5B050AA62 ] C:\WINDOWS\system32\browseui.dll
21:32:02.0656 3004 C:\WINDOWS\system32\browseui.dll - ok
21:32:02.0671 3004 [ EA28E642E65DC6767578EA3B37D3DA0C ] C:\WINDOWS\system32\shdocvw.dll
21:32:02.0671 3004 C:\WINDOWS\system32\shdocvw.dll - ok
21:32:02.0671 3004 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
21:32:02.0671 3004 C:\WINDOWS\system32\desk.cpl - ok
21:32:02.0671 3004 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
21:32:02.0671 3004 C:\WINDOWS\system32\themeui.dll - ok
21:32:02.0687 3004 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
21:32:02.0687 3004 C:\WINDOWS\system32\cmd.exe - ok
21:32:02.0687 3004 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\Bowlin\LOCALS~1\Temp\725191A1-EB5F-4967-89F2-13B5D72F8567.exe
21:32:02.0687 3004 C:\DOCUME~1\Bowlin\LOCALS~1\Temp\725191A1-EB5F-4967-89F2-13B5D72F8567.exe - ok
21:32:02.0687 3004 [ B27AC9DB372E7BA30CA01A95573DD002 ] C:\Program Files\Windows Media Player\wmpband.dll
21:32:02.0687 3004 C:\Program Files\Windows Media Player\wmpband.dll - ok
21:32:02.0687 3004 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
21:32:02.0687 3004 C:\WINDOWS\system32\imapi.exe - ok
21:32:02.0703 3004 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
21:32:02.0703 3004 C:\WINDOWS\system32\linkinfo.dll - ok
21:32:02.0703 3004 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
21:32:02.0703 3004 C:\WINDOWS\system32\ntshrui.dll - ok
21:32:02.0703 3004 [ F58C386AED895E76C1AC272D3319DF55 ] C:\WINDOWS\RTHDCPL.EXE
21:32:02.0703 3004 C:\WINDOWS\RTHDCPL.EXE - ok
21:32:02.0718 3004 [ EA31039E691C6F8F5469649526EEA5FB ] C:\WINDOWS\ALCMTR.EXE
21:32:02.0718 3004 C:\WINDOWS\ALCMTR.EXE - ok
21:32:02.0718 3004 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\67223964.sys
21:32:02.0718 3004 C:\WINDOWS\system32\drivers\67223964.sys - ok
21:32:02.0718 3004 [ 64A9832CD323B49D9EFD0CC58CFDEE4F ] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
21:32:02.0718 3004 C:\Program Files\NVIDIA Corporation\nView\nwiz.exe - ok
21:32:02.0734 3004 [ 234051C0D242A6F4A79AE5212C1323D4 ] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
21:32:02.0734 3004 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe - ok
21:32:02.0734 3004 [ E6DC28CB4EFA278A75C3F7DB4B96A3C0 ] C:\WINDOWS\vVX3000.exe
21:32:02.0734 3004 C:\WINDOWS\vVX3000.exe - ok
21:32:02.0750 3004 [ F7675B88DD03788C7EF3CE63F2E6949F ] C:\Program Files\LogMeIn\x86\LogMeInSystray.dll
21:32:02.0750 3004 C:\Program Files\LogMeIn\x86\LogMeInSystray.dll - ok
21:32:02.0750 3004 [ 22068D35A065335EAA8DDF0223C819E3 ] C:\Program Files\LogMeIn\x86\rntfywnd.dll
21:32:02.0750 3004 C:\Program Files\LogMeIn\x86\rntfywnd.dll - ok
21:32:02.0750 3004 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
21:32:02.0750 3004 C:\WINDOWS\system32\oledlg.dll - ok
21:32:02.0765 3004 [ 8E16BF5600797E678EA97051CF93E6BF ] C:\WINDOWS\system32\dumprep.exe
21:32:02.0765 3004 C:\WINDOWS\system32\dumprep.exe - ok
21:32:02.0765 3004 [ C26B09276755E0698B31CF0BAE0BF182 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
21:32:02.0765 3004 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
21:32:02.0765 3004 [ D35E4A237C5FC7DBF27466C4D06A5D1F ] C:\Program Files\NVIDIA Corporation\nView\nView.dll
21:32:02.0765 3004 C:\Program Files\NVIDIA Corporation\nView\nView.dll - ok
21:32:02.0781 3004 [ F4D0446BA874917354801F210E66F545 ] C:\Program Files\iTunes\iTunesHelper.exe
21:32:02.0781 3004 C:\Program Files\iTunes\iTunesHelper.exe - ok
21:32:02.0781 3004 [ 505F022493D471025ADD399A4162208B ] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
21:32:02.0781 3004 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
21:32:02.0781 3004 [ 848F20153185A85AB09A4FBCED4E7CC7 ] C:\WINDOWS\system32\nvmctray.dll
21:32:02.0781 3004 C:\WINDOWS\system32\nvmctray.dll - ok
21:32:02.0781 3004 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:32:02.0781 3004 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
21:32:02.0796 3004 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
21:32:02.0796 3004 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
21:32:02.0796 3004 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
21:32:02.0796 3004 C:\WINDOWS\system32\webcheck.dll - ok
21:32:02.0796 3004 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
21:32:02.0796 3004 C:\WINDOWS\system32\mlang.dll - ok
21:32:02.0812 3004 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
21:32:02.0812 3004 C:\WINDOWS\system32\hhctrl.ocx - ok
21:32:02.0812 3004 [ 4EA7BB1AC8FEA8A1A794B12464B27488 ] C:\Program Files\iTunes\iTunesHelper.dll
21:32:02.0812 3004 C:\Program Files\iTunes\iTunesHelper.dll - ok
21:32:02.0812 3004 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
21:32:02.0812 3004 C:\WINDOWS\system32\wbem\ncprov.dll - ok
21:32:02.0828 3004 [ DE3AE986D7EAE99216073522B2E4F1F8 ] C:\Documents and Settings\Bowlin\Application Data\dsecr.dll
21:32:02.0859 3004 C:\Documents and Settings\Bowlin\Application Data\dsecr.dll - ok
21:32:02.0859 3004 [ AB22B563F87D199F4D0FB4E8DD3B30F8 ] C:\Documents and Settings\Bowlin\Application Data\wrorsy.dll
21:32:02.0859 3004 C:\Documents and Settings\Bowlin\Application Data\wrorsy.dll - ok
21:32:02.0859 3004 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
21:32:02.0859 3004 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
21:32:02.0875 3004 [ 5112FBD9885D79A9FC73BDE9B1EF9334 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
21:32:02.0875 3004 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
21:32:02.0875 3004 [ 378137A1872CF45448C1F665635929EF ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
21:32:02.0875 3004 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
21:32:02.0875 3004 [ 221B9E05B7D5F22B27F5281E80C7118E ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
21:32:02.0875 3004 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
21:32:02.0890 3004 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
21:32:02.0890 3004 C:\WINDOWS\system32\stobject.dll - ok
21:32:02.0890 3004 [ 040C824AA47565B32B8A8717A237509B ] C:\WINDOWS\system32\nvwddi.dll
21:32:02.0890 3004 C:\WINDOWS\system32\nvwddi.dll - ok
21:32:02.0890 3004 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
21:32:02.0890 3004 C:\WINDOWS\system32\faultrep.dll - ok
21:32:02.0906 3004 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
21:32:02.0906 3004 C:\WINDOWS\system32\batmeter.dll - ok
21:32:02.0906 3004 [ 5C4ADB808B54126C1ED2FBA0EAE06C63 ] C:\WINDOWS\system32\upnpui.dll
21:32:02.0906 3004 C:\WINDOWS\system32\upnpui.dll - ok
21:32:02.0906 3004 [ 9AD324B5AF7F7EEDF0E3F28D3B6C5973 ] C:\Program Files\Mozilla Firefox\mozsqlite3.dll
21:32:02.0906 3004 C:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
21:32:02.0921 3004 [ 753D03E5EF91C7F2F2BF518333CD525B ] C:\Documents and Settings\Bowlin\Application Data\a657e0ab-7d0f-4c42-b166-b93609d80bca79\aeabdfcbbdbca.exe
21:32:02.0921 3004 C:\Documents and Settings\Bowlin\Application Data\a657e0ab-7d0f-4c42-b166-b93609d80bca79\aeabdfcbbdbca.exe - ok
21:32:02.0921 3004 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
21:32:02.0921 3004 C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
21:32:02.0921 3004 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
21:32:02.0921 3004 C:\WINDOWS\system32\ctfmon.exe - ok
21:32:02.0953 3004 [ C5EF3A0EB45E5A18C5BBE85889CE865C ] C:\Documents and Settings\Bowlin\Application Data\mpsvc.dll
21:32:02.0953 3004 C:\Documents and Settings\Bowlin\Application Data\mpsvc.dll - ok
21:32:02.0953 3004 [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
21:32:02.0953 3004 C:\WINDOWS\system32\riched32.dll - ok
21:32:02.0953 3004 [ 127CD00925C1A2B759765C5B9600DE30 ] C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
21:32:02.0953 3004 C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe - ok
21:32:02.0953 3004 [ 22CA9BB95AC4153E014584B18F0569A8 ] C:\Program Files\Mozilla Firefox\mozglue.dll
21:32:02.0953 3004 C:\Program Files\Mozilla Firefox\mozglue.dll - ok
21:32:02.0968 3004 [ 06A4250C9E3606CAE3F68DA45702F342 ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
21:32:02.0968 3004 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
21:32:02.0968 3004 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\MSCTF.dll
21:32:02.0968 3004 C:\WINDOWS\system32\MSCTF.dll - ok
21:32:02.0968 3004 [ B60DDDD2D63CE41CB8C487FCFBB6419E ] C:\Program Files\Internet Explorer\iexplore.exe
21:32:02.0968 3004 C:\Program Files\Internet Explorer\iexplore.exe - ok
21:32:02.0984 3004 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
21:32:02.0984 3004 C:\WINDOWS\system32\rasdlg.dll - ok
21:32:02.0984 3004 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
21:32:02.0984 3004 C:\WINDOWS\system32\msutb.dll - ok
21:32:02.0984 3004 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\SPTIP.dll
21:32:02.0984 3004 C:\WINDOWS\ime\SPTIP.dll - ok
21:32:03.0000 3004 [ 20DC6DCAEB3C750C54C2A09CA044C8DA ] C:\PROGRA~1\Yahoo!\Messenger\YImage.dll
21:32:03.0000 3004 C:\PROGRA~1\Yahoo!\Messenger\YImage.dll - ok
21:32:03.0000 3004 [ 33D9B7BB7BA323BAFE489DF033DAC824 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
21:32:03.0000 3004 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll - ok
21:32:03.0000 3004 [ 38A683644592E99FAF0D1882EC014C3B ] C:\PROGRA~1\Yahoo!\Messenger\ylog.dll
21:32:03.0000 3004 C:\PROGRA~1\Yahoo!\Messenger\ylog.dll - ok
21:32:03.0015 3004 [ E295326C79DB2CD4CC1DD5A929490109 ] C:\PROGRA~1\Yahoo!\Messenger\YCPFoundation.dll
21:32:03.0015 3004 C:\PROGRA~1\Yahoo!\Messenger\YCPFoundation.dll - ok
21:32:03.0015 3004 [ 77E6673A112C98F99EF44776F4DE2E4D ] C:\WINDOWS\AppPatch\aclayers.dll
21:32:03.0015 3004 C:\WINDOWS\AppPatch\aclayers.dll - ok
21:32:03.0015 3004 [ CA1972397B845B2F53F5DC63C22FD98A ] C:\Program Files\iPod\bin\iPodService.exe
21:32:03.0015 3004 C:\Program Files\iPod\bin\iPodService.exe - ok
21:32:03.0031 3004 [ 83E624D0986FA920AFB69EB71D79942D ] C:\PROGRA~1\Yahoo!\Messenger\nspr4.dll
21:32:03.0031 3004 C:\PROGRA~1\Yahoo!\Messenger\nspr4.dll - ok
21:32:03.0031 3004 [ ADB0C499E90EAAFB0FC4FE031CF3F87F ] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
21:32:03.0031 3004 C:\PROGRA~1\Yahoo!\Messenger\yui.dll - ok
21:32:03.0031 3004 [ 5EB87BA0B93CA7E894FC8002E3CE4C2A ] C:\Program Files\Internet Explorer\sqmapi.dll
21:32:03.0031 3004 C:\Program Files\Internet Explorer\sqmapi.dll - ok
21:32:03.0046 3004 [ 4752A325E7CA1CADFCAAB831E6CF4587 ] C:\PROGRA~1\Yahoo!\Messenger\ymsglite.dll
21:32:03.0046 3004 C:\PROGRA~1\Yahoo!\Messenger\ymsglite.dll - ok
21:32:03.0046 3004 [ 065B2F67EBF71130E9126B161F3740DC ] C:\Program Files\Internet Explorer\xpshims.dll
21:32:03.0046 3004 C:\Program Files\Internet Explorer\xpshims.dll - ok
21:32:03.0046 3004 [ 11734790410900D2CD6B7839020E4DD9 ] C:\WINDOWS\system32\ieui.dll
21:32:03.0046 3004 C:\WINDOWS\system32\ieui.dll - ok
21:32:03.0062 3004 [ 11D7F529EC4095FD9A57E8563621FA9C ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
21:32:03.0062 3004 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
21:32:03.0062 3004 [ 63D45933877B81F56CA29D4A479E2206 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
21:32:03.0062 3004 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
21:32:03.0062 3004 [ E52C84483710797C56D72A751275A3A8 ] C:\PROGRA~1\Yahoo!\Messenger\YHTTP.dll
21:32:03.0062 3004 C:\PROGRA~1\Yahoo!\Messenger\YHTTP.dll - ok
21:32:03.0078 3004 [ 2AD2E831FB023915188008F5B3103F5B ] C:\Program Files\Internet Explorer\ieproxy.dll
21:32:03.0078 3004 C:\Program Files\Internet Explorer\ieproxy.dll - ok
21:32:03.0078 3004 [ A238CE7CE547499629F8C80F43DD56FA ] C:\PROGRA~1\Yahoo!\Messenger\RGX.dll
21:32:03.0078 3004 C:\PROGRA~1\Yahoo!\Messenger\RGX.dll - ok
21:32:03.0078 3004 [ 11E16C171F97D389A2E8BC1C3560EC34 ] C:\PROGRA~1\Yahoo!\Messenger\YCPSSL.dll
21:32:03.0078 3004 C:\PROGRA~1\Yahoo!\Messenger\YCPSSL.dll - ok
21:32:03.0078 3004 [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\MSIMTF.dll
21:32:03.0078 3004 C:\WINDOWS\system32\MSIMTF.dll - ok
21:32:03.0093 3004 [ 885A585519842651F9F7F42C620B48E7 ] C:\PROGRA~1\Yahoo!\Messenger\yalertcenterM.dll
21:32:03.0093 3004 C:\PROGRA~1\Yahoo!\Messenger\yalertcenterM.dll - ok
21:32:03.0093 3004 [ 455D14F7F7455FEE0886BA545F0E6617 ] C:\PROGRA~1\Yahoo!\Messenger\ymdm_audio.dll
21:32:03.0093 3004 C:\PROGRA~1\Yahoo!\Messenger\ymdm_audio.dll - ok
21:32:03.0093 3004 [ 76EF51AB610C80348CA7990788D57EB8 ] C:\PROGRA~1\Yahoo!\Messenger\rmc_audio.dll
21:32:03.0093 3004 C:\PROGRA~1\Yahoo!\Messenger\rmc_audio.dll - ok
21:32:03.0109 3004 [ 87D233EC2D421BF2C9F193177B8AD0A0 ] C:\PROGRA~1\Yahoo!\Messenger\ymdm_video.dll
21:32:03.0109 3004 C:\PROGRA~1\Yahoo!\Messenger\ymdm_video.dll - ok
21:32:03.0109 3004 [ C1F9A46A92D6E2A452C4252599573A0A ] C:\PROGRA~1\Yahoo!\Messenger\core_video.dll
21:32:03.0109 3004 C:\PROGRA~1\Yahoo!\Messenger\core_video.dll - ok
21:32:03.0109 3004 [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
21:32:03.0109 3004 C:\WINDOWS\system32\ddraw.dll - ok
21:32:03.0125 3004 [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
21:32:03.0125 3004 C:\WINDOWS\system32\dciman32.dll - ok
21:32:03.0125 3004 [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
21:32:03.0125 3004 C:\WINDOWS\system32\d3d9.dll - ok
21:32:03.0125 3004 [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
21:32:03.0125 3004 C:\WINDOWS\system32\d3d8thk.dll - ok
21:32:03.0140 3004 [ 05E07A93F6920323B0B4732953C5ECB4 ] C:\PROGRA~1\Yahoo!\Messenger\pcre.dll
21:32:03.0140 3004 C:\PROGRA~1\Yahoo!\Messenger\pcre.dll - ok
21:32:03.0140 3004 [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll
21:32:03.0140 3004 C:\WINDOWS\system32\xmllite.dll - ok
21:32:03.0140 3004 [ F40DD3104A3D5CDB708D66D5AA8C3A00 ] C:\PROGRA~1\Yahoo!\Messenger\ConnectionWizard.dll
21:32:03.0140 3004 C:\PROGRA~1\Yahoo!\Messenger\ConnectionWizard.dll - ok
21:32:03.0140 3004 ============================================================
21:32:03.0140 3004 Scan finished
21:32:03.0140 3004 ============================================================
21:32:03.0156 2604 Detected object count: 0
21:32:03.0156 2604 Actual detected object count: 0
21:33:25.0390 3216 Deinitialize success


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-29 21:36:34
-----------------------------
21:36:34.093 OS Version: Windows 5.1.2600 Service Pack 3
21:36:34.093 Number of processors: 2 586 0x6B02
21:36:34.093 ComputerName: JUNK UserName:
21:36:34.812 Initialize success
21:40:59.656 AVAST engine defs: 13012903
21:41:08.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
21:41:08.703 Disk 0 Vendor: ST325031 3.AA Size: 238475MB BusType: 3
21:41:08.718 Disk 0 MBR read successfully
21:41:08.718 Disk 0 MBR scan
21:41:08.765 Disk 0 Windows XP default MBR code
21:41:08.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
21:41:08.765 Disk 0 scanning sectors +488376000
21:41:08.828 Disk 0 scanning C:\WINDOWS\system32\drivers
21:41:17.015 Service scanning
21:41:33.031 Modules scanning
21:41:36.890 Disk 0 trace - called modules:
21:41:36.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
21:41:36.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a988030]
21:41:36.921 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000068[0x8a983920]
21:41:36.937 5 ACPI.sys[b7f51620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path1Target1Lun0[0x8a98fa38]
21:41:37.593 AVAST engine scan C:\WINDOWS
21:41:42.843 AVAST engine scan C:\WINDOWS\system32
21:44:12.484 AVAST engine scan C:\WINDOWS\system32\drivers
21:44:27.671 AVAST engine scan C:\Documents and Settings\Bowlin
21:44:27.859 File: C:\Documents and Settings\Bowlin\Application Data\a657e0ab-7d0f-4c42-b166-b93609d80bca79\aeabdfcbbdbca.exe **INFECTED** Win32:Rootkit-gen [Rtk]
21:45:09.859 File: C:\Documents and Settings\Bowlin\Application Data\dsecr.dll **INFECTED** Win32:Malware-gen
21:45:26.046 File: C:\Documents and Settings\Bowlin\Application Data\mpsvc.dll **INFECTED** Win32:Medfos-AQ [Trj]
21:45:34.671 File: C:\Documents and Settings\Bowlin\Application Data\wrorsy.dll **INFECTED** Win32:Medfos-AQ [Trj]
21:54:48.875 AVAST engine scan C:\Documents and Settings\All Users
21:58:15.750 Scan finished successfully
01:51:17.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bowlin\Desktop\MBR.dat"
01:51:17.531 The log file has been saved successfully to "C:\Documents and Settings\Bowlin\Desktop\aswMBR.txt"
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
    C:\Documents and Settings\Bowlin\Application Data\dsecr.dll 
    C:\Documents and Settings\Bowlin\Application Data\mpsvc.dll 
    C:\Documents and Settings\Bowlin\Application Data\wrorsy.dll
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP