Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FSSM32.exe and FSM32.exe Hog the CPU [Solved]


  • This topic is locked This topic is locked

#1
kwengerd

kwengerd

    Member

  • Member
  • PipPip
  • 12 posts
I have had bad lagging issues and slow computer issues for a while now. I'm realizing that what appears to be the F-Secure program is hogging the CPU, sometimes up to 98%. I ran the OTL program and am pasting the results here. I'm close to formatting the hard drive and starting fresh but would rather not go through all that hassle. I'd appreciate an opionion from a higher ranking Geek than myself, lol. THANK YOU!

OTL.TXT

OTL logfile created on: 3/23/2013 7:30:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Keith Wengerd\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.68% Memory free
2.58 Gb Paging File | 1.88 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 46.97 Gb Free Space | 32.54% Space Free | Partition Type: NTFS
Drive K: | 144.33 Gb Total Space | 46.97 Gb Free Space | 32.54% Space Free | Partition Type: NTFS

Computer Name: KWENGERD | User Name: Keith Wengerd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/23 07:17:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keith Wengerd\My Documents\Downloads\OTL.exe
PRC - [2013/03/10 09:33:56 | 001,019,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
PRC - [2013/03/10 09:33:46 | 000,622,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32.exe
PRC - [2013/02/18 23:03:01 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/02/04 18:12:12 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/01/08 00:03:15 | 000,494,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/09/14 20:18:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/05/23 06:18:45 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
PRC - [2010/02/24 22:39:04 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\CenturyLink Online Security\FWES\program\fsdfwd.exe
PRC - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
PRC - [2009/08/05 11:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
PRC - [2009/08/05 11:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
PRC - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 23:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/08 22:48:34 | 000,030,888 | ---- | M] () -- C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/17 08:14:03 | 000,207,536 | ---- | M] () -- c:\Program Files\CenturyLink Online Security\DAAS2\daas2.dll
MOD - [2009/08/05 11:59:08 | 000,199,264 | ---- | M] () -- C:\Program Files\CenturyLink Online Security\Spam Control\fsas.dll
MOD - [2009/08/05 11:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files\CenturyLink Online Security\FSPC\fspcfsm.eng
MOD - [2009/08/05 11:58:30 | 000,236,128 | ---- | M] () -- \\?\c:\program files\centurylink online security\hips\fsumi.dll
MOD - [2009/08/05 11:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\CenturyLink Online Security\FSGUI\strres.eng
MOD - [2009/08/05 11:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files\CenturyLink Online Security\FSGUI\gres.dll
MOD - [2009/08/05 11:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\CenturyLink Online Security\FSGUI\flyerres.eng
MOD - [2009/08/05 11:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\CenturyLink Online Security\FSGUI\fsavures.eng
MOD - [2009/08/05 11:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\CenturyLink Online Security\FSGUI\about.dll
MOD - [2009/08/05 11:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\CenturyLink Online Security\FSGUI\aboutres.dll
MOD - [2009/08/05 11:56:08 | 000,036,864 | ---- | M] () -- C:\Program Files\CenturyLink Online Security\Anti-Virus\fsavhres.eng
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - [2013/03/10 09:42:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/04 18:12:58 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/04 18:12:12 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/08/16 12:17:14 | 000,182,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/09/14 20:18:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/23 06:18:45 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/03/14 13:43:56 | 002,855,440 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/02/24 22:39:04 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\CenturyLink Online Security\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\gwfjl.sys -- (qlrscih)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - File not found [Kernel | Auto | Stopped] -- -- (DLPortIO)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btkrnl.sys -- (btkrnl)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - File not found [Adapter | Auto | Unknown] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)
DRV - [2013/03/10 09:47:33 | 000,145,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/08/17 10:41:58 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2011/09/25 21:25:40 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/25 21:25:39 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/13 15:03:38 | 000,045,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/03/14 13:43:40 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/12/17 18:23:23 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2009/08/05 11:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/07/27 19:50:36 | 000,517,632 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/07/03 16:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/14 10:23:31 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/17 08:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/06/26 10:06:50 | 000,875,191 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WINACHCF.sys -- (Winachcf)
DRV - [2002/06/14 03:40:22 | 000,021,276 | R--- | M] (Micronas GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\uacflt.sys -- (UacbFlt)
DRV - [2001/08/17 13:28:16 | 000,793,598 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USR1806.SYS -- (USR1806)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...B&cr=1752481369
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whitesmok...cfg=2-267-0-...
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {645701DB-0A59-AE3F-8D62-BAA040AFB663}
IE - HKU\.DEFAULT\..\SearchScopes\{E97FE316-EA8E-7A57-3B26-D5A0B88D26F9}: "URL" = http://www.whitesmokestart.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Yahoo!&cfg=2-267-0-...
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whitesmok...cfg=2-267-0-...
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {645701DB-0A59-AE3F-8D62-BAA040AFB663}
IE - HKU\S-1-5-18\..\SearchScopes\{E97FE316-EA8E-7A57-3B26-D5A0B88D26F9}: "URL" = http://www.whitesmokestart.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Yahoo!&cfg=2-267-0-...
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>



IE - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60284
IE - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\..\SearchScopes\{80A0F7FF-8288-4137-A959-57DB6750ACAD}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3171454
IE - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...ms}&tbid=160284
IE - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: bettergmail2%40ginatrapani.org:1.2
FF - prefs.js..extensions.enabledAddons: esnipesnipeit%40esnipe.com:1.1.11
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.9.1
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.1
FF - prefs.js..extensions.enabledAddons: %7B30E08C68-889E-11E0-95EF-DA7E4824019B%7D:0.8
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7Be1aaa9f8-4500-47f1-9a0a-b02bd60e4076%7D:178.7.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.13
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.2
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.67
FF - prefs.js..extensions.enabledItems: {4fa0d965-cd01-4d08-9bdb-0d8c47cfd5d8}:3.16


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@delorme.com/SendToGPS: C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll (DeLorme)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@autodesk.com/DWF: c:\Program Files\Autodesk\Autodesk Design Review Firefox Add-on v1.1\npADRdwf.dll (Autodesk)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\CenturyLink Online Security\NRS\[email protected] [2011/09/28 03:34:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/10/11 16:52:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/30 20:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/10 09:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 09:41:35 | 000,000,000 | ---D | M]

[2008/08/27 22:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Extensions
[2013/02/25 08:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions
[2012/09/16 18:37:34 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/09/16 18:37:37 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/11/05 16:19:41 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\[email protected]
[2011/09/03 13:00:34 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\[email protected]
[2012/09/27 20:14:35 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\[email protected]
[2012/09/16 18:37:33 | 000,040,385 | ---- | M] () (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\[email protected]
[2012/09/16 15:21:22 | 000,194,020 | ---- | M] () (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\[email protected]
[2012/09/27 20:12:45 | 000,993,464 | ---- | M] () (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{1a46a8a0-3278-11dd-bd11-0800200c9a66}.xpi
[2012/11/06 17:43:15 | 000,076,798 | ---- | M] () (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2012/09/16 18:37:34 | 000,269,659 | ---- | M] () (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012/09/27 20:13:21 | 003,079,430 | ---- | M] () (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}.xpi
[2013/02/25 08:09:58 | 000,019,706 | ---- | M] () (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}.xpi
[2012/11/18 15:43:58 | 000,252,340 | ---- | M] () (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/08/10 23:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2013/03/10 09:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/04 21:20:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/02 03:00:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/03/10 09:42:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2006/10/09 12:18:18 | 000,233,472 | ---- | M] (Coolsavings, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCpnMgr.dll
[2011/08/04 21:20:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/11 18:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2012/11/30 20:50:44 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/09/18 17:46:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/20 06:28:15 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://searchfunmood...B&cr=1752481369
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/ig?hl=en
CHR - Extension: No name found = C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa\1.0\
CHR - Extension: No name found = C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/24 18:54:16 | 000,432,719 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 14900 more lines...
O2 - BHO: (no name) - {1f502a4c-4a61-4ada-a9ec-95f0601153c9} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\CenturyLink Online Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartmenuLogoff = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\CenturyLink Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\CenturyLink Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\CenturyLink Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\CenturyLink Online Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB3277B7-1665-4125-9116-B37D9D086746}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{cb54c6a9-785b-11dc-b76b-001320c27dbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cb54c6a9-785b-11dc-b76b-001320c27dbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb54c6a9-785b-11dc-b76b-001320c27dbd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/23 07:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Wengerd\Start Menu\Programs\HiJackThis
[2013/03/23 07:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/03/22 20:11:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Keith Wengerd\Recent
[2013/03/21 23:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/20 16:51:47 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/20 16:51:47 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/10 09:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/23 07:28:03 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 07:27:39 | 000,239,234 | ---- | M] () -- C:\Documents and Settings\Keith Wengerd\Desktop\Task Manager.jpg
[2013/03/23 07:25:06 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Keith Wengerd\Desktop\Microsoft PhotoDraw V2.lnk
[2013/03/23 07:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/23 07:08:06 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1283446441-3683596738-2567388227-1005UA.job
[2013/03/23 06:57:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/23 00:05:47 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2013/03/22 23:28:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/22 22:08:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1283446441-3683596738-2567388227-1005Core.job
[2013/03/22 21:51:08 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1283446441-3683596738-2567388227-1005.job
[2013/03/22 20:16:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/22 20:16:16 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/22 16:31:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/03/22 08:15:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/20 19:49:07 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1283446441-3683596738-2567388227-1005.job
[2013/03/15 17:43:23 | 000,523,150 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/15 17:43:23 | 000,096,738 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/10 09:35:54 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Keith Wengerd\Desktop\Microsoft Office Excel 2007.lnk
[2013/02/24 11:55:17 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/23 07:27:39 | 000,239,234 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\Desktop\Task Manager.jpg
[2013/03/15 02:28:34 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2013/01/22 17:38:36 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2013/01/20 20:43:45 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\recently-used.xbel
[2013/01/20 09:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2012/12/21 04:16:39 | 000,496,922 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/14 17:49:49 | 000,120,272 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/21 00:34:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/07 07:54:56 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/10/07 07:54:55 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/06/21 16:23:22 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\Application Data\PFP120JPR.{PB
[2011/06/21 16:23:22 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\Application Data\PFP120JCM.{PB
[2011/04/17 18:24:18 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/04/17 18:24:17 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/28 20:01:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\defogger_reenable
[2011/02/26 23:46:17 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/07/12 00:04:48 | 000,015,709 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\anohive.lib
[2009/07/12 00:04:47 | 000,013,991 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\udukusorut.sys
[2009/07/12 00:04:47 | 000,010,130 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\Application Data\nobelof.dll
[2009/04/14 21:17:07 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\udownload.dat
[2008/12/03 16:28:14 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\JavaMediaPlayer_audiolevel.cfg
[2008/05/12 21:18:19 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Profiles
[2008/05/12 21:18:19 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Keith Wengerd\Application Data\Printer Icons
[2008/05/12 21:18:19 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/05/12 21:18:19 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Resources
[2006/01/24 22:26:39 | 000,188,928 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/12 19:16:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2012/08/10 23:32:56 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2005/08/16 06:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164

< End of report >


Extras.TXT

OTL Extras logfile created on: 3/23/2013 7:30:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Keith Wengerd\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.68% Memory free
2.58 Gb Paging File | 1.88 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 46.97 Gb Free Space | 32.54% Space Free | Partition Type: NTFS
Drive K: | 144.33 Gb Total Space | 46.97 Gb Free Space | 32.54% Space Free | Partition Type: NTFS

Computer Name: KWENGERD | User Name: Keith Wengerd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"9999:TCP" = 9999:TCP:LocalSubNet:Enabled:DNA
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"94:TCP" = 94:TCP:*:Enabled:VRS Recording System Web Control Panel
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Ratbag\Dirt Track Racing\DTR.exe" = C:\Program Files\Ratbag\Dirt Track Racing\DTR.exe:*:Disabled:DTR -- ()
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Harley-Davidson® - Race Across America\bin\Harley.exe" = C:\Program Files\Harley-Davidson® - Race Across America\bin\Harley.exe:*:Disabled:Harley -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Documents and Settings\Keith Wengerd\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\Keith Wengerd\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Disabled:BlueSoleil -- (IVT Corporation.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0319B53F-FAE5-4811-B0B3-19CC1F8E674E}" = The Go Ronald Games
"{044B95A9-52BF-46D7-931F-E03E4934164C}_is1" = DeLorme Cache Register 1.0
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1" = DeLorme Send To GPS 1.4
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{19991EAD-C273-47EB-87E8-0D274925230B}" = OEB Resource Driver
"{19F71F50-EE15-4213-A1ED-EA74FFA60C51}" = CacheStats
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{26BEEF24-B264-41E3-9D5E-0529D79FADB6}" = Free CraigsList Reader Pro from CraigsPal 4.5.1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5EA394-1033-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}" = GimpShop 2.8
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B895A80-01B6-4315-97CA-26B2DAB61577}" = SoftPlan reView 2012 File Viewers
"{5F81DD84-6A2F-11D4-903E-00E0293397B7}" = Bible Data Type System Files
"{5F81DD89-6A2F-11D4-903E-00E0293397B7}" = Common System Files
"{5F81DD92-6A2F-11D4-903E-00E0293397B7}" = Libronix Digital Library System
"{5F81DD97-6A2F-11D4-903E-00E0293397B7}" = Libronix DLS Application
"{5F81DD9B-6A2F-11D4-903E-00E0293397B7}" = LibronixUpdate
"{5F81DD9F-6A2F-11D4-903E-00E0293397B7}" = LLS Resource Driver
"{5F81DDA3-6A2F-11D4-903E-00E0293397B7}" = PDF Resource Driver
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{669A37FF-A446-46F9-8AAE-EEC1988A2ADF}" = Autodesk Design Review Firefox Add-on v1.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CB5335-6D2A-4207-B811-6CB6C6925039}" = Batch Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7D56255D-7AA3-4657-8BDB-D21F552C7A56}" = Digimax L60
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0EFB06D-0C7C-4A85-B1D3-65AF82536A7B}" = Sentence Diagramming
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7CA6CC5-465B-41F8-96B5-F66BDF4482C7}" = VZAccess Manager
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A7E7E283-8AB2-3EFE-A3BD-8482F72BAFCF}" = Google Talk Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA5F2475-89C6-11D6-9D72-0008C7223F91}" = Zoom V.92 PCI Voice Faxmodem
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BED6A1C2-4088-422A-9521-319C4C4EF7BB}" = Punch! Home and Landscape Design Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA0AF735-4583-413E-897F-E91A237EE2E1}" = Libronix DLS Shortcuts
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC351B44-5610-43C5-81E6-A2C760CB0A20}" = Graphical Query Editor
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{F12F5528-8AE7-49DD-B883-4D469C5C211F}" = DeLorme Topo USA 8.0
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FECB001A-62F8-4E84-8FD0-4B963D039A63}" = Samsung Contacts Copier
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.0 Standard
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Allway Sync_is1" = Allway Sync version 12.2.3
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Belarc Advisor" = Belarc Advisor 8.1
"Big Game Hunter II" = Big Game Hunter II
"Cabela's 4x4 Off-road Adventure" = Cabela's 4x4 Off-road Adventure
"CCleaner" = CCleaner
"Charting Companion for Family Tree Maker 1.0" = Charting Companion for Family Tree Maker
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dirt Track Racing" = Dirt Track Racing
"DVD Shrink_is1" = DVD Shrink 3.2
"DWG TrueView 2011" = DWG TrueView 2011
"EasyGPS_is1" = EasyGPS 3.06
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"FarmVille Tools_is1" = FarmVille Tools V2.3.2
"File Shredder_is1" = File Shredder 2.0
"FreeCell Wizard_is1" = FreeCell Wizard version 3.0.1
"Freemake Video Converter_is1" = Freemake Video Converter version 3.1.2
"F-Secure Product 444" = CenturyLink™ Online Security
"Harley-Davidson® - Race Across America" = Harley-Davidson® - Race Across America
"HOTROD" = HOTROD
"ie7" = Windows Internet Explorer 7
"InstallShield_{0319B53F-FAE5-4811-B0B3-19CC1F8E674E}" = The Go Ronald Games
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"JimsList" = JimsList
"Libronix DLS" = Libronix Digital Library System
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mb9_12" = Math Blaster Ages 9-12
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.10
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"mti_oh" = Ohio Topo Map
"NASCAR Revolution" = NASCAR Revolution SE
"Need For Speed - Porsche Unleashed Demo" = Need For Speed - Porsche Unleashed Demo
"NETGEAR Live Parental Controls Management Utility" = NETGEAR Live Parental Controls Management Utility 2.1.5
"PhotoParade.exe" = PhotoParade Player
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel® PRO Network Connections Drivers
"RaceFX_is1" = RaceFX
"RaceTender" = RaceTender 1.4.1
"rayman2" = rayman2
"RealPlayer 15.0" = RealPlayer
"Smart Defrag 2_is1" = Smart Defrag 2
"TurboTax Premier 2005" = TurboTax Premier 2005
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"Xilisoft Audio Converter 6" = Xilisoft Audio Converter 6
"ZDaemon" = ZDaemon (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1283446441-3683596738-2567388227-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2013 10:21:50 AM | Computer Name = KWENGERD | Source = F-Secure DeepGuard | ID = 103
Description = 1026 2013-02-18 18:13:41-04:00 KWENGERD KWENGERD\Keith Wengerd
F-Secure DeepGuard DeepGuard configuration was rejected. Old configuration will
be used if possible. Error code: XML parse failed!

Error - 3/17/2013 10:21:50 AM | Computer Name = KWENGERD | Source = F-Secure Anti-Virus | ID = 103
Description = 1027 2013-02-18 18:14:11-04:00 KWENGERD KWENGERD\Keith Wengerd
F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume2\Program Files\Mozilla
Firefox\firefox.exe

Error - 3/17/2013 10:21:50 AM | Computer Name = KWENGERD | Source = F-Secure DeepGuard | ID = 103
Description = 1028 2013-02-18 18:14:13-04:00 KWENGERD KWENGERD\Keith Wengerd
F-Secure DeepGuard DeepGuard configuration was rejected. Old configuration will
be used if possible. Error code: XML parse failed!

Error - 3/17/2013 10:21:50 AM | Computer Name = KWENGERD | Source = F-Secure Anti-Virus | ID = 103
Description = 1029 2013-02-18 18:14:29-04:00 KWENGERD KWENGERD\Keith Wengerd
F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume2\Program Files\Mozilla
Firefox\firefox.exe

Error - 3/17/2013 10:21:50 AM | Computer Name = KWENGERD | Source = F-Secure DeepGuard | ID = 103
Description = 1030 2013-02-18 18:14:31-04:00 KWENGERD KWENGERD\Keith Wengerd
F-Secure DeepGuard DeepGuard configuration was rejected. Old configuration will
be used if possible. Error code: XML parse failed!

Error - 3/17/2013 10:21:50 AM | Computer Name = KWENGERD | Source = F-Secure Anti-Virus | ID = 103
Description = 1031 2013-02-18 18:15:04-04:00 KWENGERD KWENGERD\Keith Wengerd
F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume2\Program Files\Mozilla
Firefox\firefox.exe

Error - 3/17/2013 10:21:50 AM | Computer Name = KWENGERD | Source = F-Secure DeepGuard | ID = 103
Description = 1032 2013-02-18 18:15:07-04:00 KWENGERD KWENGERD\Keith Wengerd
F-Secure DeepGuard DeepGuard configuration was rejected. Old configuration will
be used if possible. Error code: XML parse failed!

Error - 3/17/2013 10:21:50 AM | Computer Name = KWENGERD | Source = F-Secure Anti-Virus | ID = 103
Description = 1033 2013-02-18 18:15:39-04:00 KWENGERD KWENGERD\Keith Wengerd
F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume2\Program Files\JimsList\JimsList.exe


Error - 3/17/2013 10:21:50 AM | Computer Name = KWENGERD | Source = F-Secure DeepGuard | ID = 103
Description = 1034 2013-02-18 18:15:40-04:00 KWENGERD KWENGERD\Keith Wengerd
F-Secure DeepGuard DeepGuard configuration was rejected. Old configuration will
be used if possible. Error code: XML parse failed!

Error - 3/17/2013 12:41:51 PM | Computer Name = KWENGERD | Source = F-Secure Anti-Virus | ID = 103
Description = 1035 2013-02-18 18:17:11-04:00 KWENGERD KWENGERD\Keith Wengerd
F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume2\Program Files\Mozilla
Firefox\firefox.exe

[ OSession Events ]
Error - 11/11/2012 7:46:04 PM | Computer Name = KWENGERD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 89098
seconds with 8160 seconds of active time. This session ended with a crash.

Error - 12/14/2012 8:31:23 AM | Computer Name = KWENGERD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29864
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/21/2013 3:18:09 AM | Computer Name = KWENGERD | Source = Service Control Manager | ID = 7000
Description = The DriverLINX Port I/O Driver service failed to start due to the
following error: %%2

Error - 3/21/2013 3:20:05 AM | Computer Name = KWENGERD | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 3/21/2013 4:31:00 PM | Computer Name = KWENGERD | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 3/22/2013 4:31:00 PM | Computer Name = KWENGERD | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 3/22/2013 7:15:40 PM | Computer Name = KWENGERD | Source = Service Control Manager | ID = 7000
Description = The PCASp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 3/22/2013 7:15:40 PM | Computer Name = KWENGERD | Source = Service Control Manager | ID = 7000
Description = The DriverLINX Port I/O Driver service failed to start due to the
following error: %%2

Error - 3/22/2013 7:17:38 PM | Computer Name = KWENGERD | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 3/22/2013 8:16:41 PM | Computer Name = KWENGERD | Source = Service Control Manager | ID = 7000
Description = The PCASp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 3/22/2013 8:16:41 PM | Computer Name = KWENGERD | Source = Service Control Manager | ID = 7000
Description = The DriverLINX Port I/O Driver service failed to start due to the
following error: %%2

Error - 3/22/2013 8:18:39 PM | Computer Name = KWENGERD | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.


< End of report >





Pic of Task Manager attached

Attached Thumbnails

  • Task Manager.jpg

Edited by kwengerd, 23 March 2013 - 08:43 AM.

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kwengerd

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
kwengerd

kwengerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OK, I ran Security Check, AdwCleaner, RogueKiller for 32bit. FSSM32.exe is still running at a high CPU level. It was pretty quick this morning and is still that way now (not lagging), even thought FSSM32.exe says it is running near 100% on the CPU.

Results of screen317's Security Check version 0.99.61
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
CenturyLinkT Online Security 9.01
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 26
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (Review.)
````````Process Check: objlist.exe by Laurent````````
CenturyLink Online Security Anti-Virus fsgk32st.exe
CenturyLink Online Security Anti-Virus FSGK32.EXE
CenturyLink Online Security Anti-Virus fssm32.exe
CenturyLink Online Security Common FSMA32.EXE
CenturyLink Online Security Common FSHDLL32.EXE
CenturyLink Online Security Common FSM32.EXE
CenturyLink Online Security FWES Program fsdfwd.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````


# AdwCleaner v2.115 - Logfile created 03/23/2013 at 16:46:25
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Keith Wengerd - KWENGERD
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Keith Wengerd\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\d5nh5eg4.default\searchplugins\funmoods.xml
File Deleted : C:\Documents and Settings\Joe\Local Settings\Application Data\funmoods.crx
File Deleted : C:\Documents and Settings\Joe\Local Settings\Application Data\funmoods-speeddial_sf.crx
File Deleted : C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Deleted : C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Deleted : C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Deleted : C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Deleted : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7bm1njh.default\searchplugins\yahoo-zugo.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\Joe\Application Data\Funmoods
Folder Deleted : C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\d5nh5eg4.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Folder Deleted : C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\d5nh5eg4.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Joe\Funmoods
Folder Deleted : C:\Documents and Settings\Keith Wengerd\Application Data\Funmoods
Folder Deleted : C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\DownTango
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7bm1njh.default\extensions\[email protected]
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Red Sky

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DownTango
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17123

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtD0CtByB0D0B0DtCtC0D0AtN0D0Tzu0CtAzzzztN1L2XzutBtFtBtFtCtFyEtDyB&cr=1752481369 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7bm1njh.default\prefs.js

Deleted : user_pref("extentions.y2layers.installId", "e4f9b754-3d7f-495f-8d79-358e211620fd");

File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\zal7r6dc.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\prefs.js

C:\Documents and Settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\user.js ... Deleted !

Deleted : user_pref("browser.newtabpage.pinned", "[null,null,{\"url\":\"hxxps://mail.google.com/mail/u/0/?shva[...]
Deleted : user_pref("browser.search.selectedEngine", "MyWebSearch");
Deleted : user_pref("extensions.funmoods.aflt", "adknlg1y");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2[...]
Deleted : user_pref("extensions.funmoods.id", "001320C27DBD11DA");
Deleted : user_pref("extensions.funmoods.instlDay", "15727");
Deleted : user_pref("extensions.funmoods.instlRef", "adknlg1y");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=adknlg1y&ir=adknlg1y&[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:30:50");
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]

File : C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\d5nh5eg4.default\prefs.js

C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\d5nh5eg4.default\user.js ... Deleted !

Deleted : user_pref("browser.search.order.1", "Search The Web(vGrabber)");
Deleted : user_pref("browser.search.selectedEngine", "Funmoods");
Deleted : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2Xzu[...]
Deleted : user_pref("extensions.funmoods.aflt", "adknlg1y");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2[...]
Deleted : user_pref("extensions.funmoods.id", "001320C27DBD11DA");
Deleted : user_pref("extensions.funmoods.instlDay", "15727");
Deleted : user_pref("extensions.funmoods.instlRef", "adknlg1y");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=adknlg1y&ir=adknlg1y&[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:17:14");
Deleted : user_pref("extensions.vgrabber.srchPrvdr", "Search The Web(vGrabber)");

File : C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\4j3rq7xa.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Melody\Application Data\Mozilla\Firefox\Profiles\rwiyv134.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Documents and Settings\Keith Wengerd\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [13143 octets] - [23/03/2013 16:46:25]

########## EOF - C:\AdwCleaner[S1].txt - [13204 octets] ##########


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Keith Wengerd [Admin rights]
Mode : Scan -- Date : 03/23/2013 17:01:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[TASK][SUSP PATH] At1.job : C:\DOCUME~1\KEITHW~1\APPLIC~1\Funmoods\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-75NCB1 +++++
--- User ---
[MBR] ccd14587e2bd1506151bda17c281545b
[BSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 147793 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 302760990 | Size: 4753 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03232013_02d1701.txt >>
RKreport[1]_S_03232013_02d1701.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kwengerd

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
kwengerd

kwengerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 13-03-23.01 - Keith Wengerd 03/23/2013 22:44:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1402 [GMT -4:00]
Running from: c:\documents and settings\Keith Wengerd\Desktop\ComboFix.exe
AV: CenturyLink™ Online Security 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: CenturyLink™ Online Security 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Keith Wengerd\Application Data\nobelof.dll
c:\documents and settings\Keith Wengerd\Application Data\Otto
c:\documents and settings\Keith Wengerd\Application Data\Otto\config.set
c:\documents and settings\Keith Wengerd\System
c:\documents and settings\Keith Wengerd\System\win_qs8.jqx
c:\documents and settings\Keith Wengerd\WINDOWS
c:\program files\Drop Down Deals
c:\windows\ixom.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\o02PrEz
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3A8.tmp
c:\windows\system32\SET3AE.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B7.tmp
c:\windows\system32\SET3B8.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\Temp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\yler._sy
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_ITLPERF
-------\Legacy_UacbFlt
-------\Service_6to4
-------\Service_UacbFlt
.
.
((((((((((((((((((((((((( Files Created from 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))))
.
.
2013-03-23 11:20 . 2013-03-23 11:20 388096 ----a-r- c:\documents and settings\Keith Wengerd\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-23 11:20 . 2013-03-23 11:20 -------- d-----w- c:\program files\Trend Micro
2013-03-20 20:51 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-20 20:51 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 00:32 . 2008-10-08 20:00 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2005-08-16 10:18 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 00:51 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll
2013-02-06 00:51 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-02-06 00:51 . 2005-08-16 10:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-06 00:51 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2013-02-04 22:12 . 2012-03-31 01:51 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-04 22:12 . 2011-06-26 20:56 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2005-08-16 10:18 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2005-08-16 10:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-04 04:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2005-08-16 10:18 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-16 10:18 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-03-10 13:42 . 2013-03-10 13:40 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-02-04 4763008]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\CenturyLink Online Security\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\CenturyLink Online Security\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-26 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Continue installation.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Continue installation.lnk
backup=c:\windows\pss\Continue installation.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-03-06 22:39 574296 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-02 05:40 136176 ----atw- c:\documents and settings\Keith Wengerd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-01 00:50 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1ca0602a575f3f4"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"BotkindSyncService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"a2AntiMalware"=2 (0x2)
"!SASCORE"=2 (0x2)
"AdvancedSystemCareService5"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Ratbag\\Dirt Track Racing\\DTR.exe"=
"c:\\Program Files\\Harley-Davidson® - Race Across America\\bin\\Harley.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\Keith Wengerd\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2/24/2010 10:14 PM 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2/24/2010 10:13 PM 82120]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [10/7/2011 7:54 AM 14776]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\CenturyLink Online Security\HIPS\drivers\fshs.sys [2/24/2010 10:13 PM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [6/3/2011 9:00 PM 45472]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys [2/24/2010 10:12 PM 145464]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\CenturyLink Online Security\ORSP Client\fsorsp.exe [2/24/2010 10:13 PM 61088]
S0 qlrscih;qlrscih;c:\windows\system32\drivers\gwfjl.sys --> c:\windows\system32\drivers\gwfjl.sys [?]
S2 DLPortIO;DriverLINX Port I/O Driver; [x]
S2 gupdate1ca0602a575f3f4;Google Update Service (gupdate1ca0602a575f3f4);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2009 6:46 AM 133104]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [2/13/2011 4:35 PM 73728]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]
S3 USR1806;U.S. Robotics Faxmodem Driver 1806;c:\windows\system32\drivers\USR1806.SYS [10/6/2006 9:21 AM 793598]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
S4 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2/13/2011 4:34 PM 2855440]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [3/30/2012 9:55 PM 913752]
S4 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service --> c:\program files\Allway Sync\Bin\SyncService.exe service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:12]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 10:46]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 10:46]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1283446441-3683596738-2567388227-1005Core.job
- c:\documents and settings\Keith Wengerd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 05:40]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1283446441-3683596738-2567388227-1005UA.job
- c:\documents and settings\Keith Wengerd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 05:40]
.
2013-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1283446441-3683596738-2567388227-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-03-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1283446441-3683596738-2567388227-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-03-23 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CENTUR~1\ANTI-V~1\fsav.exe [2010-02-25 15:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
LSP: c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-02-25 07:09; {e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}; c:\documents and settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}.xpi
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1f502a4c-4a61-4ada-a9ec-95f0601153c9} - (no file)
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AddRemove-Cabela's 4x4 Off-road Adventure - c:\program files\Activision Value\Cabela's 4x4 Off-road Adventure\Uninst.isu
AddRemove-Need For Speed - Porsche Unleashed Demo - c:\program files\Electronic Arts\Need For Speed - Porsche Unleashed Demo\uninst.log
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-23 23:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(780)
c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
.
- - - - - - - > 'explorer.exe'(1400)
c:\windows\system32\WININET.dll
c:\program files\CenturyLink Online Security\Spam Control\fsscoepl.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
c:\program files\CenturyLink Online Security\Common\FSMA32.EXE
c:\program files\CenturyLink Online Security\Common\FSHDLL32.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\taskmgr.exe
c:\program files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE
.
**************************************************************************
.
Completion time: 2013-03-23 23:50:17 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-24 03:50
.
Pre-Run: 50,422,865,920 bytes free
Post-Run: 51,049,906,176 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C4CB6A105F66B5A7F790E0041009BC5E


Seems to run ok but FSSM32.EXE is still running high CPU. OK combo ran overnight and this morning only explorer and system idle were showing CPU usage. As soon as I started Firefox, FSSM32 took over CPU usage. It doesn't appear as though it is making the system lag though. Maybe it is normal.
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kwengerd


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
  • 0

#7
kwengerd

kwengerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
20:48:32.0687 3532 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:48:34.0718 3532 ============================================================
20:48:34.0718 3532 Current date / time: 2013/03/24 20:48:34.0718
20:48:34.0718 3532 SystemInfo:
20:48:34.0718 3532
20:48:34.0718 3532 OS Version: 5.1.2600 ServicePack: 3.0
20:48:34.0718 3532 Product type: Workstation
20:48:34.0718 3532 ComputerName: KWENGERD
20:48:34.0718 3532 UserName: Keith Wengerd
20:48:34.0718 3532 Windows directory: C:\WINDOWS
20:48:34.0750 3532 System windows directory: C:\WINDOWS
20:48:34.0750 3532 Processor architecture: Intel x86
20:48:34.0750 3532 Number of processors: 1
20:48:34.0750 3532 Page size: 0x1000
20:48:34.0750 3532 Boot type: Normal boot
20:48:34.0750 3532 ============================================================
20:49:27.0234 3532 BG loaded
20:49:29.0796 3532 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:49:30.0000 3532 ============================================================
20:49:30.0000 3532 \Device\Harddisk0\DR0:
20:49:30.0031 3532 MBR partitions:
20:49:30.0031 3532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x120A8A59
20:49:30.0031 3532 ============================================================
20:49:30.0187 3532 C: <-> \Device\Harddisk0\DR0\Partition1
20:49:30.0187 3532 ============================================================
20:49:30.0187 3532 Initialize success
20:49:30.0187 3532 ============================================================
20:49:49.0171 1348 ============================================================
20:49:49.0171 1348 Scan started
20:49:49.0171 1348 Mode: Manual; SigCheck; TDLFS;
20:49:49.0171 1348 ============================================================
20:49:49.0625 1348 ================ Scan system memory ========================
20:50:36.0218 1348 System memory - ok
20:50:36.0218 1348 ================ Scan services =============================
20:50:36.0640 1348 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:50:37.0015 1348 !SASCORE - ok
20:50:37.0234 1348 [ 71574A98093D94BDBB3CB74E272D29A5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
20:50:39.0968 1348 a2acc - ok
20:50:40.0656 1348 [ 7A7C84F860B5BCFA1587091E5AF45923 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
20:50:48.0953 1348 a2AntiMalware - ok
20:50:53.0687 1348 Abiosdsk - ok
20:50:53.0750 1348 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:51:08.0750 1348 abp480n5 - ok
20:51:09.0000 1348 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:51:11.0328 1348 ACPI - ok
20:51:11.0390 1348 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:51:12.0000 1348 ACPIEC - ok
20:51:12.0156 1348 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:51:12.0671 1348 AdobeFlashPlayerUpdateSvc - ok
20:51:12.0734 1348 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:51:13.0484 1348 adpu160m - ok
20:51:13.0640 1348 [ B11C71B29FA69E4586F9B65560E6604D ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
20:51:14.0578 1348 AdvancedSystemCareService5 - ok
20:51:14.0796 1348 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:51:15.0421 1348 aec - ok
20:51:15.0531 1348 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:51:16.0031 1348 AFD - ok
20:51:16.0468 1348 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
20:51:16.0984 1348 agp440 - ok
20:51:17.0062 1348 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:51:17.0562 1348 agpCPQ - ok
20:51:17.0625 1348 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:51:18.0656 1348 Aha154x - ok
20:51:18.0687 1348 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:51:19.0328 1348 aic78u2 - ok
20:51:19.0359 1348 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:51:20.0093 1348 aic78xx - ok
20:51:20.0140 1348 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:51:20.0843 1348 Alerter - ok
20:51:20.0906 1348 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:51:21.0500 1348 ALG - ok
20:51:21.0562 1348 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
20:51:21.0828 1348 AliIde - ok
20:51:21.0906 1348 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:51:22.0796 1348 alim1541 - ok
20:51:22.0828 1348 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:51:23.0343 1348 amdagp - ok
20:51:23.0421 1348 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
20:51:24.0531 1348 amsint - ok
20:51:24.0921 1348 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:51:31.0546 1348 Apple Mobile Device - ok
20:51:31.0703 1348 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:51:38.0312 1348 AppMgmt - ok
20:51:38.0406 1348 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
20:51:38.0937 1348 asc - ok
20:51:38.0984 1348 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:51:39.0250 1348 asc3350p - ok
20:51:39.0359 1348 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:51:39.0734 1348 asc3550 - ok
20:51:40.0046 1348 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:51:40.0187 1348 aspnet_state - ok
20:51:40.0265 1348 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:51:40.0562 1348 AsyncMac - ok
20:51:40.0593 1348 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:51:40.0843 1348 atapi - ok
20:51:40.0843 1348 Atdisk - ok
20:51:40.0890 1348 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:51:41.0375 1348 Atmarpc - ok
20:51:41.0421 1348 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:51:41.0921 1348 AudioSrv - ok
20:51:41.0984 1348 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:51:42.0921 1348 audstub - ok
20:51:43.0015 1348 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
20:51:43.0437 1348 BANTExt ( UnsignedFile.Multi.Generic ) - warning
20:51:43.0437 1348 BANTExt - detected UnsignedFile.Multi.Generic (1)
20:51:43.0843 1348 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:51:46.0281 1348 Beep - ok
20:51:46.0453 1348 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:51:47.0265 1348 BITS - ok
20:51:47.0265 1348 BlueletAudio - ok
20:51:47.0281 1348 BlueletSCOAudio - ok
20:51:47.0390 1348 BotkindSyncService - ok
20:51:47.0437 1348 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:51:47.0718 1348 Browser - ok
20:51:47.0718 1348 BT - ok
20:51:47.0750 1348 Btcsrusb - ok
20:51:47.0828 1348 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
20:51:48.0468 1348 BthEnum - ok
20:51:48.0468 1348 BTHidEnum - ok
20:51:48.0515 1348 BTHidMgr - ok
20:51:48.0625 1348 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
20:51:49.0171 1348 BthPan - ok
20:51:49.0250 1348 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
20:51:49.0484 1348 BTHPORT - ok
20:51:49.0515 1348 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
20:51:49.0968 1348 BthServ - ok
20:51:50.0000 1348 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
20:51:50.0703 1348 BTHUSB - ok
20:51:50.0703 1348 btkrnl - ok
20:51:50.0750 1348 catchme - ok
20:51:50.0828 1348 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:51:51.0593 1348 cbidf - ok
20:51:51.0671 1348 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:51:52.0203 1348 cbidf2k - ok
20:51:52.0406 1348 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:51:52.0843 1348 CCDECODE - ok
20:51:53.0015 1348 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:51:55.0828 1348 cd20xrnt - ok
20:51:55.0921 1348 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:51:57.0625 1348 Cdaudio - ok
20:51:57.0875 1348 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:51:58.0531 1348 Cdfs - ok
20:51:59.0000 1348 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:51:59.0515 1348 Cdrom - ok
20:51:59.0578 1348 Changer - ok
20:51:59.0843 1348 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:52:00.0734 1348 CiSvc - ok
20:52:00.0859 1348 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:52:01.0515 1348 ClipSrv - ok
20:52:01.0656 1348 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:52:02.0125 1348 clr_optimization_v2.0.50727_32 - ok
20:52:06.0609 1348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:52:07.0718 1348 clr_optimization_v4.0.30319_32 - ok
20:52:08.0156 1348 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:52:09.0218 1348 CmdIde - ok
20:52:09.0218 1348 COMSysApp - ok
20:52:09.0265 1348 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:52:09.0625 1348 Cpqarray - ok
20:52:09.0703 1348 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:52:09.0921 1348 CryptSvc - ok
20:52:10.0109 1348 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:52:11.0906 1348 dac2w2k - ok
20:52:11.0937 1348 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:52:13.0781 1348 dac960nt - ok
20:52:13.0859 1348 [ 13F87920B684B23D1FA803E1BB017507 ] dc3d C:\WINDOWS\system32\DRIVERS\dc3d.sys
20:52:13.0890 1348 dc3d - ok
20:52:14.0031 1348 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:52:14.0343 1348 DcomLaunch - ok
20:52:14.0453 1348 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:52:15.0343 1348 Dhcp - ok
20:52:15.0406 1348 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:52:15.0734 1348 Disk - ok
20:52:15.0750 1348 DLPortIO - ok
20:52:15.0750 1348 dmadmin - ok
20:52:16.0031 1348 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:52:17.0843 1348 dmboot - ok
20:52:17.0937 1348 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:52:19.0843 1348 dmio - ok
20:52:19.0953 1348 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:52:20.0703 1348 dmload - ok
20:52:20.0734 1348 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:52:21.0953 1348 dmserver - ok
20:52:21.0984 1348 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:52:22.0359 1348 DMusic - ok
20:52:22.0453 1348 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:52:38.0593 1348 Dnscache - ok
20:52:38.0750 1348 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:52:40.0765 1348 Dot3svc - ok
20:52:40.0812 1348 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:52:43.0328 1348 dpti2o - ok
20:52:43.0718 1348 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:52:44.0109 1348 drmkaud - ok
20:52:44.0234 1348 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
20:52:45.0218 1348 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
20:52:45.0218 1348 drvmcdb - detected UnsignedFile.Multi.Generic (1)
20:52:45.0250 1348 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
20:52:45.0890 1348 drvnddm ( UnsignedFile.Multi.Generic ) - warning
20:52:45.0890 1348 drvnddm - detected UnsignedFile.Multi.Generic (1)
20:52:46.0859 1348 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:52:48.0015 1348 DSproct ( UnsignedFile.Multi.Generic ) - warning
20:52:48.0015 1348 DSproct - detected UnsignedFile.Multi.Generic (1)
20:52:48.0125 1348 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
20:52:49.0125 1348 dsunidrv - ok
20:52:49.0375 1348 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:52:51.0031 1348 E100B - ok
20:52:51.0140 1348 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:52:51.0906 1348 EapHost - ok
20:52:53.0000 1348 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
20:52:53.0671 1348 ehRecvr - ok
20:52:53.0828 1348 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
20:52:54.0953 1348 ehSched - ok
20:52:55.0031 1348 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:52:56.0265 1348 ERSvc - ok
20:52:56.0312 1348 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:52:56.0437 1348 Eventlog - ok
20:52:56.0468 1348 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:52:56.0578 1348 EventSystem - ok
20:52:56.0953 1348 [ 3DB7415150DFB85FCF470E10F4745FD3 ] F-Secure Gatekeeper C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys
20:52:57.0218 1348 F-Secure Gatekeeper - ok
20:52:57.0312 1348 [ A9BE66E05254B20DF82E0F7CDDECA7DD ] F-Secure Gatekeeper Handler Starter C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
20:52:57.0515 1348 F-Secure Gatekeeper Handler Starter - ok
20:52:57.0609 1348 [ F5ACA65237C7511D5803CDC5E7003D75 ] F-Secure HIPS C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys
20:52:57.0812 1348 F-Secure HIPS - ok
20:52:57.0937 1348 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:52:58.0281 1348 Fastfat - ok
20:52:58.0328 1348 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:52:58.0437 1348 FastUserSwitchingCompatibility - ok
20:52:58.0500 1348 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
20:52:58.0984 1348 Fax - ok
20:52:59.0031 1348 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:52:59.0906 1348 Fdc - ok
20:52:59.0968 1348 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:53:01.0000 1348 Fips - ok
20:53:01.0093 1348 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:53:01.0875 1348 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:53:01.0875 1348 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:53:02.0046 1348 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:53:03.0000 1348 Flpydisk - ok
20:53:03.0093 1348 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:53:04.0406 1348 FltMgr - ok
20:53:04.0531 1348 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:53:04.0625 1348 FontCache3.0.0.0 - ok
20:53:04.0640 1348 [ 18DA737DD5122A475DA4948ED4643675 ] fsbts C:\WINDOWS\system32\Drivers\fsbts.sys
20:53:04.0687 1348 fsbts - ok
20:53:04.0875 1348 [ 8E0BF7478CC3BAED48282ADBC97ADAFB ] FSDFWD C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
20:53:04.0906 1348 FSDFWD - ok
20:53:04.0937 1348 [ ACA3910A53A057B8C3A6EBF4EF788C7C ] FSFW C:\WINDOWS\system32\drivers\fsdfw.sys
20:53:04.0968 1348 FSFW - ok
20:53:05.0140 1348 [ 392E85687A902239C01BADDF212B1A36 ] FSMA C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
20:53:10.0328 1348 FSMA - ok
20:53:10.0656 1348 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
20:53:11.0437 1348 FSORSPClient - ok
20:53:11.0484 1348 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:53:11.0687 1348 Fs_Rec - ok
20:53:11.0812 1348 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:53:12.0046 1348 Ftdisk - ok
20:53:12.0140 1348 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:53:12.0171 1348 GEARAspiWDM - ok
20:53:12.0218 1348 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:53:12.0625 1348 Gpc - ok
20:53:12.0812 1348 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca0602a575f3f4 C:\Program Files\Google\Update\GoogleUpdate.exe
20:53:13.0015 1348 gupdate1ca0602a575f3f4 - ok
20:53:13.0125 1348 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:53:13.0296 1348 gupdatem - ok
20:53:13.0375 1348 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:53:13.0890 1348 HDAudBus - ok
20:53:13.0968 1348 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:53:14.0515 1348 helpsvc - ok
20:53:14.0562 1348 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:53:15.0468 1348 HidServ - ok
20:53:15.0562 1348 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:53:16.0531 1348 HidUsb - ok
20:53:16.0625 1348 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:53:17.0640 1348 hkmsvc - ok
20:53:17.0687 1348 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
20:53:18.0750 1348 hpn - ok
20:53:18.0812 1348 HSFHWBS2 - ok
20:53:18.0937 1348 HSF_DP - ok
20:53:19.0140 1348 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:53:19.0734 1348 HTTP - ok
20:53:19.0828 1348 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:53:20.0359 1348 HTTPFilter - ok
20:53:20.0390 1348 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:53:20.0546 1348 i2omgmt - ok
20:53:20.0578 1348 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:53:20.0875 1348 i2omp - ok
20:53:20.0906 1348 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:53:21.0109 1348 i8042prt - ok
20:53:21.0343 1348 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:53:22.0187 1348 ialm - ok
20:53:22.0343 1348 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:53:23.0375 1348 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:53:23.0375 1348 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:53:23.0781 1348 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:53:24.0156 1348 idsvc - ok
20:53:24.0250 1348 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:53:25.0437 1348 Imapi - ok
20:53:25.0484 1348 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:53:25.0796 1348 ImapiService - ok
20:53:25.0843 1348 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:53:26.0093 1348 ini910u - ok
20:53:26.0140 1348 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:53:26.0593 1348 IntelIde - ok
20:53:26.0656 1348 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:53:27.0546 1348 intelppm - ok
20:53:27.0640 1348 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:53:28.0531 1348 Ip6Fw - ok
20:53:28.0625 1348 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:53:29.0718 1348 IpFilterDriver - ok
20:53:29.0796 1348 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:53:30.0781 1348 IpInIp - ok
20:53:30.0906 1348 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:53:32.0062 1348 IpNat - ok
20:53:32.0406 1348 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:53:32.0609 1348 iPod Service - ok
20:53:32.0656 1348 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:53:32.0859 1348 IPSec - ok
20:53:32.0906 1348 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:53:38.0484 1348 IRENUM - ok
20:53:38.0593 1348 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:53:40.0109 1348 isapnp - ok
20:53:40.0265 1348 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:53:40.0312 1348 JavaQuickStarterService - ok
20:53:40.0343 1348 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:53:40.0843 1348 Kbdclass - ok
20:53:40.0984 1348 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:53:41.0796 1348 kbdhid - ok
20:53:41.0843 1348 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:53:42.0125 1348 kmixer - ok
20:53:42.0171 1348 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:53:42.0562 1348 KSecDD - ok
20:53:42.0640 1348 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:53:43.0296 1348 lanmanserver - ok
20:53:43.0343 1348 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:53:43.0812 1348 lanmanworkstation - ok
20:53:43.0875 1348 lbrtfdc - ok
20:53:44.0203 1348 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:53:45.0515 1348 LmHosts - ok
20:53:45.0609 1348 [ 9EE18A5A45552673A67532EA37370377 ] ltmodem5 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
20:53:46.0781 1348 ltmodem5 - ok
20:53:46.0828 1348 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
20:53:47.0656 1348 McrdSvc - ok
20:53:47.0875 1348 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
20:53:48.0093 1348 MDM ( UnsignedFile.Multi.Generic ) - warning
20:53:48.0093 1348 MDM - detected UnsignedFile.Multi.Generic (1)
20:53:48.0125 1348 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:53:48.0234 1348 mdmxsdk - ok
20:53:48.0281 1348 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:53:53.0671 1348 Messenger - ok
20:53:53.0859 1348 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
20:53:55.0250 1348 MHN ( UnsignedFile.Multi.Generic ) - warning
20:53:55.0250 1348 MHN - detected UnsignedFile.Multi.Generic (1)
20:53:55.0281 1348 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:53:55.0328 1348 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:53:55.0328 1348 MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:53:55.0390 1348 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:53:55.0640 1348 mnmdd - ok
20:53:55.0687 1348 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:53:55.0984 1348 mnmsrvc - ok
20:53:56.0031 1348 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:53:56.0937 1348 Modem - ok
20:53:57.0015 1348 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:53:57.0468 1348 MODEMCSA - ok
20:53:57.0515 1348 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:53:57.0718 1348 Mouclass - ok
20:53:57.0750 1348 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:53:58.0203 1348 mouhid - ok
20:53:58.0281 1348 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:53:59.0078 1348 MountMgr - ok
20:53:59.0156 1348 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:53:59.0781 1348 MozillaMaintenance - ok
20:53:59.0937 1348 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:54:00.0828 1348 mraid35x - ok
20:54:01.0000 1348 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:54:02.0203 1348 MRxDAV - ok
20:54:02.0296 1348 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:54:02.0765 1348 MRxSmb - ok
20:54:03.0109 1348 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:54:03.0937 1348 MSDTC - ok
20:54:03.0968 1348 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:54:04.0265 1348 Msfs - ok
20:54:04.0281 1348 MSIServer - ok
20:54:04.0296 1348 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:54:04.0484 1348 MSKSSRV - ok
20:54:04.0500 1348 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:54:04.0671 1348 MSPCLOCK - ok
20:54:04.0687 1348 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:54:04.0859 1348 MSPQM - ok
20:54:04.0953 1348 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:54:10.0484 1348 mssmbios - ok
20:54:10.0515 1348 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:54:12.0015 1348 MSTEE - ok
20:54:12.0062 1348 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:54:12.0171 1348 Mup - ok
20:54:12.0203 1348 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:54:12.0671 1348 NABTSFEC - ok
20:54:12.0812 1348 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:54:13.0734 1348 napagent - ok
20:54:13.0828 1348 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:54:14.0046 1348 NDIS - ok
20:54:14.0078 1348 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:54:14.0296 1348 NdisIP - ok
20:54:14.0343 1348 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:54:14.0671 1348 NdisTapi - ok
20:54:14.0750 1348 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:54:15.0625 1348 Ndisuio - ok
20:54:15.0734 1348 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:54:16.0718 1348 NdisWan - ok
20:54:16.0812 1348 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:54:17.0531 1348 NDProxy - ok
20:54:17.0578 1348 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:54:18.0546 1348 NetBIOS - ok
20:54:18.0609 1348 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:54:19.0156 1348 NetBT - ok
20:54:19.0296 1348 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:54:20.0406 1348 NetDDE - ok
20:54:20.0406 1348 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:54:20.0593 1348 NetDDEdsdm - ok
20:54:20.0687 1348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:54:20.0890 1348 Netlogon - ok
20:54:20.0937 1348 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:54:21.0109 1348 Netman - ok
20:54:21.0187 1348 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:54:21.0765 1348 NetTcpPortSharing - ok
20:54:21.0843 1348 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:54:27.0156 1348 Nla - ok
20:54:27.0187 1348 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:54:27.0531 1348 Npfs - ok
20:54:27.0578 1348 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:54:28.0171 1348 Ntfs - ok
20:54:28.0281 1348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:54:29.0125 1348 NtLmSsp - ok
20:54:29.0187 1348 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:54:29.0546 1348 NtmsSvc - ok
20:54:29.0593 1348 [ 9620A1D8160A550F064BBAF48D0F97CC ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
20:54:29.0625 1348 NuidFltr - ok
20:54:29.0687 1348 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:54:30.0187 1348 Null - ok
20:54:30.0437 1348 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:54:33.0140 1348 nv - ok
20:54:33.0250 1348 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:54:34.0203 1348 NwlnkFlt - ok
20:54:34.0281 1348 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:54:34.0968 1348 NwlnkFwd - ok
20:54:35.0093 1348 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:54:35.0609 1348 odserv - ok
20:54:35.0656 1348 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:54:35.0687 1348 ose - ok
20:54:35.0812 1348 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:54:36.0015 1348 Parport - ok
20:54:36.0046 1348 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:54:36.0296 1348 PartMgr - ok
20:54:36.0359 1348 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:54:37.0046 1348 ParVdm - ok
20:54:37.0046 1348 PCASp50 - ok
20:54:37.0109 1348 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:54:38.0359 1348 PCI - ok
20:54:38.0375 1348 PCIDump - ok
20:54:38.0406 1348 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:54:38.0609 1348 PCIIde - ok
20:54:38.0656 1348 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:54:38.0875 1348 Pcmcia - ok
20:54:38.0890 1348 PDCOMP - ok
20:54:38.0906 1348 PDFRAME - ok
20:54:38.0906 1348 PDRELI - ok
20:54:38.0921 1348 PDRFRAME - ok
20:54:38.0953 1348 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
20:54:39.0484 1348 perc2 - ok
20:54:39.0562 1348 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:54:40.0375 1348 perc2hib - ok
20:54:40.0593 1348 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:54:40.0656 1348 PlugPlay - ok
20:54:40.0718 1348 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
20:54:40.0734 1348 Point32 - ok
20:54:40.0750 1348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:54:40.0921 1348 PolicyAgent - ok
20:54:40.0968 1348 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:54:41.0437 1348 PptpMiniport - ok
20:54:41.0453 1348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:54:42.0343 1348 ProtectedStorage - ok
20:54:42.0421 1348 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:54:43.0453 1348 PSched - ok
20:54:43.0734 1348 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:54:44.0703 1348 Ptilink - ok
20:54:44.0859 1348 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:54:45.0125 1348 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:54:45.0125 1348 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:54:45.0203 1348 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:54:45.0968 1348 ql1080 - ok
20:54:46.0000 1348 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:54:47.0062 1348 Ql10wnt - ok
20:54:47.0125 1348 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:54:47.0437 1348 ql12160 - ok
20:54:47.0453 1348 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:54:47.0718 1348 ql1240 - ok
20:54:47.0750 1348 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:54:47.0937 1348 ql1280 - ok
20:54:47.0937 1348 qlrscih - ok
20:54:47.0968 1348 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:54:48.0156 1348 RasAcd - ok
20:54:48.0218 1348 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:54:53.0671 1348 RasAuto - ok
20:54:53.0718 1348 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:54:54.0968 1348 Rasl2tp - ok
20:54:55.0062 1348 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:54:55.0281 1348 RasMan - ok
20:54:55.0328 1348 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:54:55.0531 1348 RasPppoe - ok
20:54:55.0562 1348 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:54:56.0015 1348 Raspti - ok
20:54:56.0140 1348 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:54:56.0984 1348 Rdbss - ok
20:54:57.0015 1348 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:54:57.0328 1348 RDPCDD - ok
20:54:57.0390 1348 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:54:57.0593 1348 rdpdr - ok
20:54:57.0640 1348 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:54:57.0984 1348 RDPWD - ok
20:54:58.0093 1348 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:54:59.0250 1348 RDSessMgr - ok
20:54:59.0343 1348 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:55:00.0343 1348 redbook - ok
20:55:00.0437 1348 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:55:01.0390 1348 RemoteAccess - ok
20:55:01.0453 1348 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:55:02.0375 1348 RemoteRegistry - ok
20:55:02.0421 1348 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
20:55:03.0140 1348 RFCOMM - ok
20:55:03.0265 1348 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
20:55:03.0859 1348 ROOTMODEM - ok
20:55:03.0890 1348 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:55:04.0171 1348 RpcLocator - ok
20:55:04.0203 1348 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:55:04.0250 1348 RpcSs - ok
20:55:04.0296 1348 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:55:04.0484 1348 RSVP - ok
20:55:04.0640 1348 [ C2A6F7F35E617744A65DBFB0C0A64ADC ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
20:55:05.0265 1348 rt2870 - ok
20:55:05.0281 1348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:55:06.0546 1348 SamSs - ok
20:55:06.0640 1348 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:55:06.0828 1348 SASDIFSV - ok
20:55:06.0875 1348 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:55:06.0890 1348 SASKUTIL - ok
20:55:06.0984 1348 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:55:07.0234 1348 SCardSvr - ok
20:55:07.0281 1348 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:55:07.0671 1348 Schedule - ok
20:55:07.0796 1348 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:55:08.0687 1348 Secdrv - ok
20:55:08.0734 1348 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:55:09.0046 1348 seclogon - ok
20:55:09.0093 1348 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:55:09.0312 1348 SENS - ok
20:55:09.0359 1348 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:55:09.0859 1348 serenum - ok
20:55:09.0937 1348 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:55:10.0875 1348 Serial - ok
20:55:11.0390 1348 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:55:12.0328 1348 Sfloppy - ok
20:55:12.0406 1348 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:55:13.0546 1348 SharedAccess - ok
20:55:13.0593 1348 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:55:14.0015 1348 ShellHWDetection - ok
20:55:14.0078 1348 Simbad - ok
20:55:14.0265 1348 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:55:15.0468 1348 sisagp - ok
20:55:15.0515 1348 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:55:15.0796 1348 SLIP - ok
20:55:15.0843 1348 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
20:55:15.0859 1348 SmartDefragDriver - ok
20:55:16.0000 1348 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
20:55:16.0437 1348 SMSIVZAM5 - ok
20:55:16.0484 1348 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:55:22.0093 1348 SONYPVU1 - ok
20:55:22.0140 1348 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:55:22.0281 1348 Sparrow - ok
20:55:22.0328 1348 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:55:22.0531 1348 splitter - ok
20:55:22.0578 1348 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:55:22.0703 1348 Spooler - ok
20:55:22.0734 1348 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:55:23.0453 1348 sr - ok
20:55:23.0562 1348 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:55:24.0187 1348 srservice - ok
20:55:24.0234 1348 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:55:24.0359 1348 Srv - ok
20:55:24.0421 1348 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:55:24.0703 1348 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
20:55:24.0703 1348 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
20:55:24.0765 1348 [ D6870895FE46A464A19141440EB6CC1E ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
20:55:25.0281 1348 sscdbus - ok
20:55:25.0359 1348 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
20:55:25.0796 1348 sscdmdfl - ok
20:55:25.0890 1348 [ 55A15707E32B6709242AD127E62CA55A ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
20:55:26.0390 1348 sscdmdm - ok
20:55:26.0484 1348 [ 9FA66E361A99F8920C7609BAE6814A0E ] sscdserd C:\WINDOWS\system32\DRIVERS\sscdserd.sys
20:55:26.0968 1348 sscdserd - ok
20:55:27.0046 1348 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:55:28.0046 1348 SSDPSRV - ok
20:55:28.0109 1348 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
20:55:28.0437 1348 ssrtln ( UnsignedFile.Multi.Generic ) - warning
20:55:28.0437 1348 ssrtln - detected UnsignedFile.Multi.Generic (1)
20:55:28.0656 1348 [ 26EB7ACF476A3461B85F5BCE9A677A4A ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
20:55:29.0671 1348 STHDA - ok
20:55:29.0812 1348 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
20:55:30.0187 1348 StillCam - ok
20:55:30.0312 1348 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:55:30.0578 1348 stisvc - ok
20:55:30.0625 1348 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:55:30.0812 1348 streamip - ok
20:55:30.0812 1348 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:55:31.0328 1348 swenum - ok
20:55:31.0359 1348 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:55:32.0625 1348 swmidi - ok
20:55:32.0640 1348 SwPrv - ok
20:55:32.0703 1348 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
20:55:32.0875 1348 symc810 - ok
20:55:32.0906 1348 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:55:33.0171 1348 symc8xx - ok
20:55:33.0203 1348 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:\WINDOWS\system32\drivers\symlcbrd.sys
20:55:33.0328 1348 symlcbrd - ok
20:55:33.0359 1348 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:55:33.0875 1348 sym_hi - ok
20:55:34.0046 1348 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:55:34.0875 1348 sym_u3 - ok
20:55:34.0937 1348 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:55:35.0187 1348 sysaudio - ok
20:55:35.0234 1348 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:55:35.0718 1348 SysmonLog - ok
20:55:35.0781 1348 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:55:36.0625 1348 TapiSrv - ok
20:55:36.0734 1348 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:55:37.0265 1348 Tcpip - ok
20:55:37.0421 1348 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:55:38.0437 1348 TDPIPE - ok
20:55:38.0531 1348 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:55:39.0734 1348 TDTCP - ok
20:55:39.0796 1348 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:55:40.0265 1348 TermDD - ok
20:55:40.0625 1348 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:55:41.0515 1348 TermService - ok
20:55:41.0562 1348 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
20:55:41.0578 1348 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
20:55:41.0578 1348 tfsnboio - detected UnsignedFile.Multi.Generic (1)
20:55:41.0578 1348 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
20:55:41.0687 1348 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
20:55:41.0687 1348 tfsncofs - detected UnsignedFile.Multi.Generic (1)
20:55:41.0703 1348 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
20:55:41.0750 1348 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
20:55:41.0750 1348 tfsndrct - detected UnsignedFile.Multi.Generic (1)
20:55:41.0781 1348 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
20:55:41.0812 1348 tfsndres ( UnsignedFile.Multi.Generic ) - warning
20:55:41.0812 1348 tfsndres - detected UnsignedFile.Multi.Generic (1)
20:55:41.0843 1348 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
20:55:42.0546 1348 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
20:55:42.0546 1348 tfsnifs - detected UnsignedFile.Multi.Generic (1)
20:55:42.0562 1348 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
20:55:43.0687 1348 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
20:55:43.0687 1348 tfsnopio - detected UnsignedFile.Multi.Generic (1)
20:55:43.0718 1348 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
20:55:43.0812 1348 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
20:55:43.0812 1348 tfsnpool - detected UnsignedFile.Multi.Generic (1)
20:55:43.0843 1348 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
20:55:43.0953 1348 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
20:55:43.0953 1348 tfsnudf - detected UnsignedFile.Multi.Generic (1)
20:55:43.0984 1348 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
20:55:44.0046 1348 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
20:55:44.0046 1348 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
20:55:44.0078 1348 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:55:44.0109 1348 Themes - ok
20:55:44.0156 1348 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:55:44.0593 1348 TlntSvr - ok
20:55:44.0656 1348 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
20:55:45.0515 1348 TosIde - ok
20:55:45.0578 1348 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:55:45.0890 1348 TrkWks - ok
20:55:45.0921 1348 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:55:46.0156 1348 Udfs - ok
20:55:46.0203 1348 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
20:55:46.0406 1348 ultra - ok
20:55:46.0546 1348 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:55:46.0796 1348 Update - ok
20:55:46.0859 1348 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:55:47.0812 1348 upnphost - ok
20:55:47.0890 1348 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:55:48.0843 1348 UPS - ok
20:55:49.0140 1348 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:55:49.0687 1348 USBAAPL - ok
20:55:49.0781 1348 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:55:50.0750 1348 usbaudio - ok
20:55:50.0812 1348 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
20:55:51.0234 1348 usbbus - ok
20:55:51.0281 1348 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:55:52.0484 1348 usbccgp - ok
20:55:52.0515 1348 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
20:55:52.0578 1348 UsbDiag - ok
20:55:52.0656 1348 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:55:52.0875 1348 usbehci - ok
20:55:52.0890 1348 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:55:53.0078 1348 usbhub - ok
20:55:53.0125 1348 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
20:55:58.0468 1348 USBModem - ok
20:55:58.0531 1348 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:55:59.0812 1348 usbohci - ok
20:55:59.0875 1348 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:56:00.0093 1348 usbprint - ok
20:56:00.0156 1348 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:56:00.0359 1348 usbscan - ok
20:56:00.0406 1348 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:56:00.0765 1348 USBSTOR - ok
20:56:00.0875 1348 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:56:01.0859 1348 usbuhci - ok
20:56:01.0890 1348 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:56:02.0234 1348 usbvideo - ok
20:56:02.0281 1348 [ 9954D3230C4DD155285E90FE04FBB136 ] USR1806 C:\WINDOWS\system32\DRIVERS\USR1806.SYS
20:56:02.0750 1348 USR1806 - ok
20:56:02.0812 1348 VComm - ok
20:56:02.0859 1348 VcommMgr - ok
20:56:02.0890 1348 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:56:03.0687 1348 VgaSave - ok
20:56:03.0765 1348 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:56:04.0781 1348 viaagp - ok
20:56:05.0140 1348 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:56:06.0296 1348 ViaIde - ok
20:56:06.0390 1348 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:56:07.0343 1348 VolSnap - ok
20:56:07.0453 1348 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:56:08.0265 1348 VSS - ok
20:56:08.0484 1348 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
20:56:08.0968 1348 w32time - ok
20:56:09.0046 1348 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:56:09.0250 1348 Wanarp - ok
20:56:09.0265 1348 wanatw - ok
20:56:09.0328 1348 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:56:09.0359 1348 Wdf01000 - ok
20:56:09.0359 1348 WDICA - ok
20:56:09.0406 1348 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:56:10.0031 1348 wdmaud - ok
20:56:10.0093 1348 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:56:16.0234 1348 WebClient - ok
20:56:16.0406 1348 [ 41E8A037C8DFE81A1F31B2FE04AE1AFE ] Winachcf C:\WINDOWS\system32\DRIVERS\winachcf.sys
20:56:17.0109 1348 Winachcf ( UnsignedFile.Multi.Generic ) - warning
20:56:17.0109 1348 Winachcf - detected UnsignedFile.Multi.Generic (1)
20:56:17.0140 1348 winachsf - ok
20:56:17.0546 1348 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:56:17.0984 1348 winmgmt - ok
20:56:18.0046 1348 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
20:56:18.0515 1348 WinRM - ok
20:56:18.0578 1348 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:56:19.0203 1348 WmdmPmSN - ok
20:56:19.0328 1348 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:56:19.0968 1348 Wmi - ok
20:56:20.0109 1348 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:56:21.0000 1348 WmiApSrv - ok
20:56:21.0250 1348 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:56:22.0609 1348 WMPNetworkSvc - ok
20:56:22.0640 1348 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
20:56:23.0234 1348 WpdUsb - ok
20:56:23.0796 1348 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:56:23.0968 1348 WPFFontCache_v0400 - ok
20:56:24.0000 1348 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:56:24.0234 1348 WS2IFSL - ok
20:56:24.0343 1348 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:56:24.0921 1348 wscsvc - ok
20:56:24.0968 1348 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:56:26.0250 1348 WSTCODEC - ok
20:56:26.0296 1348 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:56:26.0484 1348 wuauserv - ok
20:56:26.0515 1348 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:56:26.0593 1348 WudfPf - ok
20:56:26.0625 1348 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:56:26.0765 1348 WudfRd - ok
20:56:26.0812 1348 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:56:26.0906 1348 WudfSvc - ok
20:56:26.0968 1348 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:56:28.0000 1348 WZCSVC - ok
20:56:28.0031 1348 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:56:28.0343 1348 xmlprov - ok
20:56:28.0390 1348 ================ Scan global ===============================
20:56:28.0421 1348 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:56:28.0453 1348 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:56:28.0500 1348 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:56:28.0515 1348 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:56:28.0515 1348 [Global] - ok
20:56:28.0515 1348 ================ Scan MBR ==================================
20:56:28.0546 1348 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
20:56:34.0343 1348 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:56:34.0343 1348 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:56:34.0343 1348 ================ Scan VBR ==================================
20:56:34.0343 1348 [ BF189CCDF3FDC265DB4DD6F07F185D73 ] \Device\Harddisk0\DR0\Partition1
20:56:34.0343 1348 \Device\Harddisk0\DR0\Partition1 - ok
20:56:34.0343 1348 ================ Scan active images ========================
20:56:34.0343 1348 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
20:56:34.0343 1348 C:\WINDOWS\system32\drivers\intelppm.sys - ok
20:56:34.0359 1348 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
20:56:34.0359 1348 C:\WINDOWS\system32\drivers\videoprt.sys - ok
20:56:34.0359 1348 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] C:\WINDOWS\system32\drivers\ialmnt5.sys
20:56:34.0359 1348 C:\WINDOWS\system32\drivers\ialmnt5.sys - ok
20:56:34.0359 1348 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
20:56:34.0359 1348 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
20:56:34.0375 1348 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
20:56:34.0375 1348 C:\WINDOWS\system32\drivers\usbport.sys - ok
20:56:34.0375 1348 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
20:56:34.0375 1348 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
20:56:34.0390 1348 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
20:56:34.0390 1348 C:\WINDOWS\system32\drivers\usbehci.sys - ok
20:56:34.0390 1348 [ 95974E66D3DE4951D29E28E8BC0B644C ] C:\WINDOWS\system32\drivers\e100b325.sys
20:56:34.0390 1348 C:\WINDOWS\system32\drivers\e100b325.sys - ok
20:56:34.0390 1348 [ A9573045BAA16EAB9B1085205B82F1ED ] C:\WINDOWS\system32\drivers\serscan.sys
20:56:34.0390 1348 C:\WINDOWS\system32\drivers\serscan.sys - ok
20:56:34.0390 1348 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
20:56:34.0390 1348 C:\WINDOWS\system32\drivers\audstub.sys - ok
20:56:34.0406 1348 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
20:56:34.0406 1348 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
20:56:34.0406 1348 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
20:56:34.0406 1348 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
20:56:34.0421 1348 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
20:56:34.0421 1348 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
20:56:34.0421 1348 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
20:56:34.0421 1348 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
20:56:34.0421 1348 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
20:56:34.0421 1348 C:\WINDOWS\system32\drivers\tdi.sys - ok
20:56:34.0437 1348 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
20:56:34.0437 1348 C:\WINDOWS\system32\drivers\raspptp.sys - ok
20:56:34.0437 1348 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
20:56:34.0437 1348 C:\WINDOWS\system32\drivers\msgpc.sys - ok
20:56:34.0437 1348 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
20:56:34.0437 1348 C:\WINDOWS\system32\drivers\psched.sys - ok
20:56:34.0453 1348 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
20:56:34.0453 1348 C:\WINDOWS\system32\drivers\ptilink.sys - ok
20:56:34.0453 1348 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
20:56:34.0453 1348 C:\WINDOWS\system32\drivers\raspti.sys - ok
20:56:34.0453 1348 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
20:56:34.0453 1348 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
20:56:34.0468 1348 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
20:56:34.0468 1348 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
20:56:34.0468 1348 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
20:56:34.0468 1348 C:\WINDOWS\system32\drivers\ks.sys - ok
20:56:34.0484 1348 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
20:56:34.0484 1348 C:\WINDOWS\system32\drivers\mouclass.sys - ok
20:56:34.0484 1348 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
20:56:34.0484 1348 C:\WINDOWS\system32\drivers\termdd.sys - ok
20:56:34.0484 1348 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
20:56:34.0484 1348 C:\WINDOWS\system32\drivers\swenum.sys - ok
20:56:34.0500 1348 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
20:56:34.0500 1348 C:\WINDOWS\system32\drivers\update.sys - ok
20:56:34.0500 1348 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
20:56:34.0500 1348 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
20:56:34.0500 1348 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
20:56:34.0500 1348 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
20:56:34.0515 1348 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
20:56:34.0515 1348 C:\WINDOWS\system32\drivers\usbd.sys - ok
20:56:34.0515 1348 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
20:56:34.0515 1348 C:\WINDOWS\system32\drivers\usbhub.sys - ok
20:56:34.0515 1348 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
20:56:34.0515 1348 C:\WINDOWS\system32\drivers\drmk.sys - ok
20:56:34.0531 1348 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
20:56:34.0531 1348 C:\WINDOWS\system32\drivers\portcls.sys - ok
20:56:34.0531 1348 [ 26EB7ACF476A3461B85F5BCE9A677A4A ] C:\WINDOWS\system32\drivers\sthda.sys
20:56:34.0531 1348 C:\WINDOWS\system32\drivers\sthda.sys - ok
20:56:34.0531 1348 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
20:56:34.0531 1348 C:\WINDOWS\system32\drivers\cdrom.sys - ok
20:56:34.0546 1348 [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\system32\drivers\i2omgmt.sys
20:56:34.0546 1348 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
20:56:34.0546 1348 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
20:56:34.0546 1348 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
20:56:34.0562 1348 [ D7968049BE0ADBB6A57CEE3960320911 ] C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:56:34.0562 1348 C:\WINDOWS\system32\drivers\sscdbhk5.sys - ok
20:56:34.0562 1348 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
20:56:34.0562 1348 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
20:56:34.0562 1348 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
20:56:34.0562 1348 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
20:56:34.0578 1348 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
20:56:34.0578 1348 C:\WINDOWS\system32\drivers\beep.sys - ok
20:56:34.0578 1348 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
20:56:34.0578 1348 C:\WINDOWS\system32\drivers\null.sys - ok
20:56:34.0578 1348 [ C3FFD65ABFB6441E7606CF74F1155273 ] C:\WINDOWS\system32\drivers\ssrtln.sys
20:56:34.0578 1348 C:\WINDOWS\system32\drivers\ssrtln.sys - ok
20:56:34.0593 1348 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
20:56:34.0593 1348 C:\WINDOWS\system32\drivers\hidparse.sys - ok
20:56:34.0593 1348 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
20:56:34.0593 1348 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
20:56:34.0593 1348 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
20:56:34.0593 1348 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
20:56:34.0609 1348 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
20:56:34.0609 1348 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
20:56:34.0609 1348 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
20:56:34.0609 1348 C:\WINDOWS\system32\drivers\msfs.sys - ok
20:56:34.0625 1348 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
20:56:34.0625 1348 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
20:56:34.0625 1348 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
20:56:34.0625 1348 C:\WINDOWS\system32\drivers\vga.sys - ok
20:56:34.0625 1348 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
20:56:34.0625 1348 C:\WINDOWS\system32\drivers\ipsec.sys - ok
20:56:34.0640 1348 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
20:56:34.0640 1348 C:\WINDOWS\system32\drivers\npfs.sys - ok
20:56:34.0640 1348 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
20:56:34.0640 1348 C:\WINDOWS\system32\drivers\rasacd.sys - ok
20:56:34.0640 1348 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
20:56:34.0640 1348 C:\WINDOWS\system32\drivers\tcpip.sys - ok
20:56:34.0656 1348 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
20:56:34.0656 1348 C:\WINDOWS\system32\drivers\ipnat.sys - ok
20:56:34.0656 1348 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
20:56:34.0656 1348 C:\WINDOWS\system32\drivers\netbt.sys - ok
20:56:34.0656 1348 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
20:56:34.0656 1348 C:\WINDOWS\system32\drivers\afd.sys - ok
20:56:34.0671 1348 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
20:56:34.0671 1348 C:\WINDOWS\system32\drivers\netbios.sys - ok
20:56:34.0671 1348 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
20:56:34.0671 1348 C:\WINDOWS\system32\drivers\wanarp.sys - ok
20:56:34.0671 1348 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:56:34.0671 1348 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
20:56:34.0687 1348 [ 77B9FC20084B48408AD3E87570EB4A85 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:56:34.0687 1348 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok
20:56:34.0687 1348 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
20:56:34.0687 1348 C:\WINDOWS\system32\drivers\serial.sys - ok
20:56:34.0703 1348 [ 39763504067962108505BFF25F024345 ] C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:56:34.0703 1348 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS - ok
20:56:34.0703 1348 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
20:56:34.0703 1348 C:\WINDOWS\system32\drivers\rdbss.sys - ok
20:56:34.0703 1348 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
20:56:34.0703 1348 C:\WINDOWS\system32\drivers\redbook.sys - ok
20:56:34.0718 1348 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
20:56:34.0718 1348 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
20:56:34.0718 1348 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
20:56:34.0718 1348 C:\WINDOWS\system32\drivers\fips.sys - ok
20:56:34.0718 1348 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
20:56:34.0718 1348 C:\WINDOWS\system32\drivers\imapi.sys - ok
20:56:34.0734 1348 [ F5ACA65237C7511D5803CDC5E7003D75 ] C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys
20:56:34.0734 1348 C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys - ok
20:56:34.0734 1348 [ 5D7BE7B19E827125E016325334E58FF1 ] C:\WINDOWS\system32\drivers\BANTExt.sys
20:56:34.0734 1348 C:\WINDOWS\system32\drivers\BANTExt.sys - ok
20:56:34.0734 1348 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
20:56:34.0734 1348 C:\WINDOWS\system32\ntdll.dll - ok
20:56:34.0750 1348 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
20:56:34.0750 1348 C:\WINDOWS\system32\smss.exe - ok
20:56:34.0750 1348 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
20:56:34.0750 1348 C:\WINDOWS\system32\autochk.exe - ok
20:56:34.0765 1348 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
20:56:34.0765 1348 C:\WINDOWS\system32\sfcfiles.dll - ok
20:56:34.0765 1348 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
20:56:34.0765 1348 C:\WINDOWS\system32\drivers\usbstor.sys - ok
20:56:34.0765 1348 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
20:56:34.0765 1348 C:\WINDOWS\system32\drivers\usbprint.sys - ok
20:56:34.0781 1348 [ 13F87920B684B23D1FA803E1BB017507 ] C:\WINDOWS\system32\drivers\dc3d.sys
20:56:34.0781 1348 C:\WINDOWS\system32\drivers\dc3d.sys - ok
20:56:34.0781 1348 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
20:56:34.0781 1348 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
20:56:34.0781 1348 [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
20:56:34.0781 1348 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
20:56:34.0796 1348 [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
20:56:34.0796 1348 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
20:56:34.0796 1348 [ D6870895FE46A464A19141440EB6CC1E ] C:\WINDOWS\system32\drivers\sscdbus.sys
20:56:34.0796 1348 C:\WINDOWS\system32\drivers\sscdbus.sys - ok
20:56:34.0796 1348 [ F85B5BA4753C3E6B2B5BFCA410A458A4 ] C:\WINDOWS\system32\drivers\sscdwh.sys
20:56:34.0796 1348 C:\WINDOWS\system32\drivers\sscdwh.sys - ok
20:56:34.0812 1348 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
20:56:34.0812 1348 C:\WINDOWS\system32\drivers\hidclass.sys - ok
20:56:34.0812 1348 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
20:56:34.0812 1348 C:\WINDOWS\system32\drivers\hidusb.sys - ok
20:56:34.0812 1348 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
20:56:34.0812 1348 C:\WINDOWS\system32\drivers\modem.sys - ok
20:56:34.0828 1348 [ 38BA174E60FDA4219EFC917D514C2E28 ] C:\WINDOWS\system32\drivers\sscdcm.sys
20:56:34.0828 1348 C:\WINDOWS\system32\drivers\sscdcm.sys - ok
20:56:34.0828 1348 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] C:\WINDOWS\system32\drivers\sscdmdfl.sys
20:56:34.0828 1348 C:\WINDOWS\system32\drivers\sscdmdfl.sys - ok
20:56:34.0843 1348 [ 55A15707E32B6709242AD127E62CA55A ] C:\WINDOWS\system32\drivers\sscdmdm.sys
20:56:34.0843 1348 C:\WINDOWS\system32\drivers\sscdmdm.sys - ok
20:56:34.0843 1348 [ 9FA66E361A99F8920C7609BAE6814A0E ] C:\WINDOWS\system32\drivers\sscdserd.sys
20:56:34.0843 1348 C:\WINDOWS\system32\drivers\sscdserd.sys - ok
20:56:34.0843 1348 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
20:56:34.0843 1348 C:\WINDOWS\system32\drivers\mouhid.sys - ok
20:56:34.0859 1348 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] C:\WINDOWS\system32\drivers\point32.sys
20:56:34.0859 1348 C:\WINDOWS\system32\drivers\point32.sys - ok
20:56:34.0859 1348 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
20:56:34.0859 1348 C:\WINDOWS\system32\drivers\wmilib.sys - ok
20:56:34.0859 1348 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
20:56:34.0859 1348 C:\WINDOWS\system32\drivers\atapi.sys - ok
20:56:34.0875 1348 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
20:56:34.0875 1348 C:\WINDOWS\system32\drivers\dxapi.sys - ok
20:56:34.0875 1348 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
20:56:34.0875 1348 C:\WINDOWS\system32\watchdog.sys - ok
20:56:34.0875 1348 [ BD39EC6064A1B5DFDABCF312A38A37EE ] C:\WINDOWS\system32\win32k.sys
20:56:34.0875 1348 C:\WINDOWS\system32\win32k.sys - ok
20:56:34.0890 1348 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:56:34.0890 1348 C:\WINDOWS\system32\basesrv.dll - ok
20:56:34.0890 1348 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
20:56:34.0890 1348 C:\WINDOWS\system32\csrsrv.dll - ok
20:56:34.0890 1348 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
20:56:34.0890 1348 C:\WINDOWS\system32\csrss.exe - ok
20:56:34.0906 1348 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:56:34.0906 1348 C:\WINDOWS\system32\winsrv.dll - ok
20:56:34.0906 1348 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
20:56:34.0906 1348 C:\WINDOWS\system32\gdi32.dll - ok
20:56:34.0906 1348 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
20:56:34.0906 1348 C:\WINDOWS\system32\kernel32.dll - ok
20:56:34.0921 1348 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
20:56:34.0921 1348 C:\WINDOWS\system32\user32.dll - ok
20:56:34.0921 1348 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
20:56:34.0921 1348 C:\WINDOWS\system32\drivers\dxg.sys - ok
20:56:34.0937 1348 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
20:56:34.0937 1348 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
20:56:34.0937 1348 [ A70E25C193FE92936665617D3B4973D6 ] C:\WINDOWS\system32\ialmdnt5.dll
20:56:34.0937 1348 C:\WINDOWS\system32\ialmdnt5.dll - ok
20:56:34.0937 1348 [ 4C3E431C30F13918B2B624839C5851D4 ] C:\WINDOWS\system32\ialmrnt5.dll
20:56:34.0937 1348 C:\WINDOWS\system32\ialmrnt5.dll - ok
20:56:34.0953 1348 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
20:56:34.0953 1348 C:\WINDOWS\system32\vga.dll - ok
20:56:34.0953 1348 [ D3F8D22ED63CDBB7F535AA4A914296C4 ] C:\WINDOWS\system32\ialmdev5.dll
20:56:34.0953 1348 C:\WINDOWS\system32\ialmdev5.dll - ok
20:56:34.0953 1348 [ ECAF48B8262DCEFCC605FABCBB15B6EF ] C:\WINDOWS\system32\ialmdd5.dll
20:56:34.0953 1348 C:\WINDOWS\system32\ialmdd5.dll - ok
20:56:34.0968 1348 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
20:56:34.0968 1348 C:\WINDOWS\system32\winlogon.exe - ok
20:56:34.0968 1348 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
20:56:34.0968 1348 C:\WINDOWS\system32\advapi32.dll - ok
20:56:34.0968 1348 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
20:56:34.0968 1348 C:\WINDOWS\system32\rpcrt4.dll - ok
20:56:34.0984 1348 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
20:56:34.0984 1348 C:\WINDOWS\system32\secur32.dll - ok
20:56:34.0984 1348 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
20:56:34.0984 1348 C:\WINDOWS\system32\authz.dll - ok
20:56:34.0984 1348 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
20:56:34.0984 1348 C:\WINDOWS\system32\msvcrt.dll - ok
20:56:35.0000 1348 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
20:56:35.0000 1348 C:\WINDOWS\system32\crypt32.dll - ok
20:56:35.0000 1348 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
20:56:35.0000 1348 C:\WINDOWS\system32\msasn1.dll - ok
20:56:35.0015 1348 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
20:56:35.0015 1348 C:\WINDOWS\system32\nddeapi.dll - ok
20:56:35.0015 1348 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
20:56:35.0015 1348 C:\WINDOWS\system32\netapi32.dll - ok
20:56:35.0015 1348 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
20:56:35.0015 1348 C:\WINDOWS\system32\profmap.dll - ok
20:56:35.0031 1348 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
20:56:35.0031 1348 C:\WINDOWS\system32\userenv.dll - ok
20:56:35.0031 1348 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
20:56:35.0031 1348 C:\WINDOWS\system32\psapi.dll - ok
20:56:35.0031 1348 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
20:56:35.0031 1348 C:\WINDOWS\system32\regapi.dll - ok
20:56:35.0046 1348 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
20:56:35.0046 1348 C:\WINDOWS\system32\setupapi.dll - ok
20:56:35.0046 1348 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
20:56:35.0046 1348 C:\WINDOWS\system32\version.dll - ok
20:56:35.0046 1348 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
20:56:35.0046 1348 C:\WINDOWS\system32\winsta.dll - ok
20:56:35.0062 1348 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
20:56:35.0062 1348 C:\WINDOWS\system32\wintrust.dll - ok
20:56:35.0062 1348 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
20:56:35.0062 1348 C:\WINDOWS\system32\imagehlp.dll - ok
20:56:35.0062 1348 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
20:56:35.0062 1348 C:\WINDOWS\system32\imm32.dll - ok
20:56:35.0078 1348 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
20:56:35.0078 1348 C:\WINDOWS\system32\ws2help.dll - ok
20:56:35.0078 1348 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
20:56:35.0078 1348 C:\WINDOWS\system32\ws2_32.dll - ok
20:56:35.0093 1348 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
20:56:35.0093 1348 C:\WINDOWS\system32\kbdus.dll - ok
20:56:35.0093 1348 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
20:56:35.0093 1348 C:\WINDOWS\system32\msgina.dll - ok
20:56:35.0093 1348 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
20:56:35.0093 1348 C:\WINDOWS\system32\comctl32.dll - ok
20:56:35.0109 1348 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
20:56:35.0109 1348 C:\WINDOWS\system32\comdlg32.dll - ok
20:56:35.0109 1348 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
20:56:35.0109 1348 C:\WINDOWS\system32\odbc32.dll - ok
20:56:35.0109 1348 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
20:56:35.0109 1348 C:\WINDOWS\system32\shell32.dll - ok
20:56:35.0125 1348 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
20:56:35.0125 1348 C:\WINDOWS\system32\shlwapi.dll - ok
20:56:35.0125 1348 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
20:56:35.0125 1348 C:\WINDOWS\system32\sxs.dll - ok
20:56:35.0140 1348 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
20:56:35.0140 1348 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
20:56:35.0140 1348 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
20:56:35.0140 1348 C:\WINDOWS\system32\odbcint.dll - ok
20:56:35.0140 1348 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
20:56:35.0140 1348 C:\WINDOWS\system32\shsvcs.dll - ok
20:56:35.0140 1348 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
20:56:35.0140 1348 C:\WINDOWS\system32\sfc.dll - ok
20:56:35.0156 1348 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
20:56:35.0156 1348 C:\WINDOWS\system32\ole32.dll - ok
20:56:35.0156 1348 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
20:56:35.0156 1348 C:\WINDOWS\system32\sfc_os.dll - ok
20:56:35.0171 1348 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
20:56:35.0171 1348 C:\WINDOWS\system32\apphelp.dll - ok
20:56:35.0171 1348 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
20:56:35.0171 1348 C:\WINDOWS\system32\lsasrv.dll - ok
20:56:35.0171 1348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
20:56:35.0171 1348 C:\WINDOWS\system32\lsass.exe - ok
20:56:35.0187 1348 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:56:35.0187 1348 C:\WINDOWS\system32\services.exe - ok
20:56:35.0187 1348 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
20:56:35.0187 1348 C:\WINDOWS\system32\msvcp60.dll - ok
20:56:35.0187 1348 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
20:56:35.0187 1348 C:\WINDOWS\system32\ncobjapi.dll - ok
20:56:35.0203 1348 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
20:56:35.0203 1348 C:\WINDOWS\system32\mpr.dll - ok
20:56:35.0203 1348 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
20:56:35.0203 1348 C:\WINDOWS\system32\scesrv.dll - ok
20:56:35.0203 1348 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
20:56:35.0203 1348 C:\WINDOWS\system32\dnsapi.dll - ok
20:56:35.0218 1348 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
20:56:35.0218 1348 C:\WINDOWS\system32\ntdsapi.dll - ok
20:56:35.0218 1348 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
20:56:35.0218 1348 C:\WINDOWS\system32\umpnpmgr.dll - ok
20:56:35.0234 1348 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
20:56:35.0234 1348 C:\WINDOWS\system32\shimeng.dll - ok
20:56:35.0234 1348 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
20:56:35.0234 1348 C:\WINDOWS\system32\wldap32.dll - ok
20:56:35.0234 1348 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
20:56:35.0234 1348 C:\WINDOWS\AppPatch\acadproc.dll - ok
20:56:35.0250 1348 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
20:56:35.0250 1348 C:\WINDOWS\system32\samlib.dll - ok
20:56:35.0250 1348 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
20:56:35.0250 1348 C:\WINDOWS\system32\samsrv.dll - ok
20:56:35.0250 1348 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
20:56:35.0250 1348 C:\WINDOWS\system32\cryptdll.dll - ok
20:56:35.0265 1348 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
20:56:35.0265 1348 C:\WINDOWS\AppPatch\acgenral.dll - ok
20:56:35.0265 1348 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
20:56:35.0265 1348 C:\WINDOWS\system32\winmm.dll - ok
20:56:35.0281 1348 [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
20:56:35.0281 1348 C:\WINDOWS\system32\oleaut32.dll - ok
20:56:35.0281 1348 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
20:56:35.0281 1348 C:\WINDOWS\system32\msacm32.dll - ok
20:56:35.0281 1348 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
20:56:35.0281 1348 C:\WINDOWS\system32\uxtheme.dll - ok
20:56:35.0296 1348 [ E73F18195CCF4AAAA87B2D22E83F791C ] C:\WINDOWS\system32\serwvdrv.dll
20:56:35.0296 1348 C:\WINDOWS\system32\serwvdrv.dll - ok
20:56:35.0296 1348 [ EC2AD9AC452E0A8D976FB1B1718517CE ] C:\WINDOWS\system32\umdmxfrm.dll
20:56:35.0296 1348 C:\WINDOWS\system32\umdmxfrm.dll - ok
20:56:35.0296 1348 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
20:56:35.0296 1348 C:\WINDOWS\system32\msapsspc.dll - ok
20:56:35.0312 1348 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
20:56:35.0312 1348 C:\WINDOWS\system32\msvcrt40.dll - ok
20:56:35.0312 1348 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
20:56:35.0312 1348 C:\WINDOWS\system32\schannel.dll - ok
20:56:35.0312 1348 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
20:56:35.0312 1348 C:\WINDOWS\system32\digest.dll - ok
20:56:35.0328 1348 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
20:56:35.0328 1348 C:\WINDOWS\system32\msnsspc.dll - ok
20:56:35.0328 1348 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
20:56:35.0328 1348 C:\WINDOWS\system32\msctfime.ime - ok
20:56:35.0328 1348 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
20:56:35.0328 1348 C:\WINDOWS\system32\msprivs.dll - ok
20:56:35.0343 1348 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
20:56:35.0343 1348 C:\WINDOWS\system32\atmfd.dll - ok
20:56:35.0343 1348 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
20:56:35.0343 1348 C:\WINDOWS\system32\kerberos.dll - ok
20:56:35.0359 1348 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
20:56:35.0359 1348 C:\WINDOWS\system32\msv1_0.dll - ok
20:56:35.0359 1348 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
20:56:35.0359 1348 C:\WINDOWS\system32\iphlpapi.dll - ok
20:56:35.0359 1348 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
20:56:35.0359 1348 C:\WINDOWS\system32\netlogon.dll - ok
20:56:35.0375 1348 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
20:56:35.0375 1348 C:\WINDOWS\system32\w32time.dll - ok
20:56:35.0375 1348 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
20:56:35.0375 1348 C:\WINDOWS\system32\rsaenh.dll - ok
20:56:35.0375 1348 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
20:56:35.0375 1348 C:\WINDOWS\system32\wdigest.dll - ok
20:56:35.0390 1348 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
20:56:35.0390 1348 C:\WINDOWS\system32\winscard.dll - ok
20:56:35.0390 1348 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
20:56:35.0390 1348 C:\WINDOWS\system32\wtsapi32.dll - ok
20:56:35.0390 1348 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
20:56:35.0390 1348 C:\WINDOWS\system32\scecli.dll - ok
20:56:35.0406 1348 [ EE83A4EBAE70BC93CF14879D062F548B ] C:\WINDOWS\system32\drivers\drvnddm.sys
20:56:35.0406 1348 C:\WINDOWS\system32\drivers\drvnddm.sys - ok
20:56:35.0406 1348 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] C:\WINDOWS\system32\dla\tfsndres.sys
20:56:35.0406 1348 C:\WINDOWS\system32\dla\tfsndres.sys - ok
20:56:35.0406 1348 [ B92F67A71CC8176F331B8AA8D9F555AD ] C:\WINDOWS\system32\dla\tfsnifs.sys
20:56:35.0406 1348 C:\WINDOWS\system32\dla\tfsnifs.sys - ok
20:56:35.0421 1348 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] C:\WINDOWS\system32\dla\tfsnopio.sys
20:56:35.0421 1348 C:\WINDOWS\system32\dla\tfsnopio.sys - ok
20:56:35.0421 1348 [ 30698355067D07DA5F9EB81132C9FDD6 ] C:\WINDOWS\system32\dla\tfsnboio.sys
20:56:35.0421 1348 C:\WINDOWS\system32\dla\tfsnboio.sys - ok
20:56:35.0421 1348 [ FB9D825BB4A2ABDF24600F7505050E2B ] C:\WINDOWS\system32\dla\tfsncofs.sys
20:56:35.0421 1348 C:\WINDOWS\system32\dla\tfsncofs.sys - ok
20:56:35.0437 1348 [ BBA22094F0F7C210567EFDAF11F64495 ] C:\WINDOWS\system32\dla\tfsnpool.sys
20:56:35.0437 1348 C:\WINDOWS\system32\dla\tfsnpool.sys - ok
20:56:35.0437 1348 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] C:\WINDOWS\system32\dla\tfsndrct.sys
20:56:35.0437 1348 C:\WINDOWS\system32\dla\tfsndrct.sys - ok
20:56:35.0437 1348 [ 81340BEF80B9811E98CE64611E67E3FF ] C:\WINDOWS\system32\dla\tfsnudf.sys
20:56:35.0437 1348 C:\WINDOWS\system32\dla\tfsnudf.sys - ok
20:56:35.0453 1348 [ C035FD116224CCC8325F384776B6A8BB ] C:\WINDOWS\system32\dla\tfsnudfa.sys
20:56:35.0453 1348 C:\WINDOWS\system32\dla\tfsnudfa.sys - ok
20:56:35.0453 1348 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
20:56:35.0453 1348 C:\WINDOWS\system32\svchost.exe - ok
20:56:35.0468 1348 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
20:56:35.0468 1348 C:\WINDOWS\system32\ntmarta.dll - ok
20:56:35.0468 1348 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
20:56:35.0468 1348 C:\WINDOWS\system32\rpcss.dll - ok
20:56:35.0468 1348 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
20:56:35.0468 1348 C:\WINDOWS\system32\xpsp2res.dll - ok
20:56:35.0484 1348 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
20:56:35.0484 1348 C:\WINDOWS\system32\eventlog.dll - ok
20:56:35.0484 1348 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
20:56:35.0484 1348 C:\WINDOWS\system32\mswsock.dll - ok
20:56:35.0484 1348 [ EF2EBB2A7A9ECFF43379D32273205D54 ] C:\Program Files\CenturyLink Online Security\FSPS\program\fslsp.dll
20:56:35.0484 1348 C:\Program Files\CenturyLink Online Security\FSPS\program\fslsp.dll - ok
20:56:35.0500 1348 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
20:56:35.0500 1348 C:\WINDOWS\system32\hnetcfg.dll - ok
20:56:35.0500 1348 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
20:56:35.0500 1348 C:\WINDOWS\system32\wshtcpip.dll - ok
20:56:35.0500 1348 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
20:56:35.0500 1348 C:\WINDOWS\system32\winrnr.dll - ok
20:56:35.0515 1348 [ 46C55935FA730144449C884A472827E0 ] C:\WINDOWS\system32\wshbth.dll
20:56:35.0515 1348 C:\WINDOWS\system32\wshbth.dll - ok
20:56:35.0515 1348 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
20:56:35.0515 1348 C:\WINDOWS\system32\rasadhlp.dll - ok
20:56:35.0531 1348 [ 05231C04253C5BC30B26CBAAE680ED89 ] C:\WINDOWS\system32\WudfSvc.dll
20:56:35.0531 1348 C:\WINDOWS\system32\WudfSvc.dll - ok
20:56:35.0531 1348 [ 5CAF91E865FE0C85048A233E594544D2 ] C:\WINDOWS\system32\WudfPlatform.dll
20:56:35.0531 1348 C:\WINDOWS\system32\WudfPlatform.dll - ok
20:56:35.0531 1348 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
20:56:35.0531 1348 C:\WINDOWS\system32\cscdll.dll - ok
20:56:35.0546 1348 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
20:56:35.0546 1348 C:\WINDOWS\system32\logonui.exe - ok
20:56:35.0546 1348 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
20:56:35.0546 1348 C:\WINDOWS\system32\dimsntfy.dll - ok
20:56:35.0546 1348 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
20:56:35.0546 1348 C:\WINDOWS\system32\wlnotify.dll - ok
20:56:35.0562 1348 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
20:56:35.0562 1348 C:\WINDOWS\system32\duser.dll - ok
20:56:35.0562 1348 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
20:56:35.0562 1348 C:\WINDOWS\system32\winspool.drv - ok
20:56:35.0562 1348 [ D7DCFB4D0C58FFB569DE93E1681FD37A ] C:\WINDOWS\system32\WgaLogon.dll
20:56:35.0562 1348 C:\WINDOWS\system32\WgaLogon.dll - ok
20:56:35.0578 1348 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
20:56:35.0578 1348 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
20:56:35.0578 1348 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
20:56:35.0578 1348 C:\WINDOWS\system32\clbcatq.dll - ok
20:56:35.0578 1348 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
20:56:35.0578 1348 C:\WINDOWS\system32\msimg32.dll - ok
20:56:35.0593 1348 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
20:56:35.0593 1348 C:\WINDOWS\system32\oleacc.dll - ok
20:56:35.0593 1348 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
20:56:35.0593 1348 C:\WINDOWS\system32\dhcpcsvc.dll - ok
20:56:35.0609 1348 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
20:56:35.0609 1348 C:\WINDOWS\system32\comres.dll - ok
20:56:35.0609 1348 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
20:56:35.0609 1348 C:\WINDOWS\system32\msxml3.dll - ok
20:56:35.0609 1348 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
20:56:35.0609 1348 C:\WINDOWS\system32\dnsrslvr.dll - ok
20:56:35.0625 1348 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
20:56:35.0625 1348 C:\WINDOWS\system32\shgina.dll - ok
20:56:35.0625 1348 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
20:56:35.0625 1348 C:\WINDOWS\system32\wzcsvc.dll - ok
20:56:35.0625 1348 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
20:56:35.0625 1348 C:\WINDOWS\system32\rtutils.dll - ok
20:56:35.0640 1348 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
20:56:35.0640 1348 C:\WINDOWS\system32\wmi.dll - ok
20:56:35.0640 1348 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
20:56:35.0640 1348 C:\WINDOWS\system32\eapolqec.dll - ok
20:56:35.0640 1348 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
20:56:35.0640 1348 C:\WINDOWS\system32\atl.dll - ok
20:56:35.0656 1348 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
20:56:35.0656 1348 C:\WINDOWS\system32\qutil.dll - ok
20:56:35.0656 1348 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
20:56:35.0656 1348 C:\WINDOWS\system32\dot3api.dll - ok
20:56:35.0656 1348 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
20:56:35.0656 1348 C:\WINDOWS\system32\esent.dll - ok
20:56:35.0671 1348 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
20:56:35.0671 1348 C:\WINDOWS\system32\rastls.dll - ok
20:56:35.0671 1348 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
20:56:35.0671 1348 C:\WINDOWS\system32\cryptui.dll - ok
20:56:35.0687 1348 [ E4E5BDE977FE2330D6B970CC832DF3A8 ] C:\WINDOWS\system32\wininet.dll
20:56:35.0687 1348 C:\WINDOWS\system32\wininet.dll - ok
20:56:35.0687 1348 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
20:56:35.0687 1348 C:\WINDOWS\system32\normaliz.dll - ok
20:56:35.0687 1348 [ 80C2C4CEDEAC43129E7452114EC67013 ] C:\WINDOWS\system32\iertutil.dll
20:56:35.0687 1348 C:\WINDOWS\system32\iertutil.dll - ok
20:56:35.0703 1348 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
20:56:35.0703 1348 C:\WINDOWS\system32\mprapi.dll - ok
20:56:35.0703 1348 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
20:56:35.0703 1348 C:\WINDOWS\system32\activeds.dll - ok
20:56:35.0703 1348 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
20:56:35.0703 1348 C:\WINDOWS\system32\adsldpc.dll - ok
20:56:35.0718 1348 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
20:56:35.0718 1348 C:\WINDOWS\system32\rasapi32.dll - ok
20:56:35.0718 1348 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
20:56:35.0718 1348 C:\WINDOWS\system32\rasman.dll - ok
20:56:35.0718 1348 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
20:56:35.0718 1348 C:\WINDOWS\system32\tapi32.dll - ok
20:56:35.0734 1348 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
20:56:35.0734 1348 C:\WINDOWS\system32\riched20.dll - ok
20:56:35.0734 1348 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
20:56:35.0734 1348 C:\WINDOWS\system32\raschap.dll - ok
20:56:35.0734 1348 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
20:56:35.0734 1348 C:\WINDOWS\system32\schedsvc.dll - ok
20:56:35.0750 1348 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
20:56:35.0750 1348 C:\WINDOWS\system32\msidle.dll - ok
20:56:35.0750 1348 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
20:56:35.0750 1348 C:\WINDOWS\system32\spoolsv.exe - ok
20:56:35.0750 1348 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
20:56:35.0765 1348 C:\WINDOWS\system32\audiosrv.dll - ok
20:56:35.0765 1348 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
20:56:35.0765 1348 C:\WINDOWS\system32\wkssvc.dll - ok
20:56:35.0765 1348 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
20:56:35.0765 1348 C:\WINDOWS\system32\cscui.dll - ok
20:56:35.0781 1348 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
20:56:35.0781 1348 C:\WINDOWS\system32\powrprof.dll - ok
20:56:35.0781 1348 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
20:56:35.0781 1348 C:\WINDOWS\system32\dpcdll.dll - ok
20:56:35.0781 1348 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
20:56:35.0781 1348 C:\WINDOWS\system32\wdmaud.drv - ok
20:56:35.0796 1348 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
20:56:35.0796 1348 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
20:56:35.0796 1348 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
20:56:35.0796 1348 C:\WINDOWS\system32\drprov.dll - ok
20:56:35.0796 1348 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
20:56:35.0796 1348 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
20:56:35.0812 1348 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
20:56:35.0812 1348 C:\WINDOWS\system32\ntlanman.dll - ok
20:56:35.0812 1348 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
20:56:35.0812 1348 C:\WINDOWS\system32\netui0.dll - ok
20:56:35.0812 1348 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
20:56:35.0812 1348 C:\WINDOWS\system32\netui1.dll - ok
20:56:35.0828 1348 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
20:56:35.0828 1348 C:\WINDOWS\system32\netrap.dll - ok
20:56:35.0828 1348 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
20:56:35.0828 1348 C:\WINDOWS\system32\davclnt.dll - ok
20:56:35.0843 1348 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
20:56:35.0843 1348 C:\WINDOWS\system32\drivers\aec.sys - ok
20:56:35.0843 1348 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
20:56:35.0843 1348 C:\WINDOWS\system32\drivers\splitter.sys - ok
20:56:35.0843 1348 [ 69A5ADF546505F4C69EF3046BF798B49 ] C:\WINDOWS\system32\mprui.dll
20:56:35.0843 1348 C:\WINDOWS\system32\mprui.dll - ok
20:56:35.0859 1348 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
20:56:35.0859 1348 C:\WINDOWS\system32\netmsg.dll - ok
20:56:35.0859 1348 [ 1414E666316CA7D9823DBD2D4ADA5971 ] C:\WINDOWS\system32\netui2.dll
20:56:35.0859 1348 C:\WINDOWS\system32\netui2.dll - ok
20:56:35.0859 1348 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
20:56:35.0859 1348 C:\WINDOWS\system32\drivers\swmidi.sys - ok
20:56:35.0875 1348 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
20:56:35.0875 1348 C:\WINDOWS\system32\drivers\dmusic.sys - ok
20:56:35.0875 1348 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
20:56:35.0875 1348 C:\WINDOWS\system32\drivers\kmixer.sys - ok
20:56:35.0875 1348 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
20:56:35.0875 1348 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
20:56:35.0890 1348 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
20:56:35.0890 1348 C:\WINDOWS\system32\msacm32.drv - ok
20:56:35.0890 1348 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
20:56:35.0890 1348 C:\WINDOWS\system32\midimap.dll - ok
20:56:35.0890 1348 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:56:35.0890 1348 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
20:56:35.0906 1348 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
20:56:35.0906 1348 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
20:56:35.0906 1348 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
20:56:35.0906 1348 C:\WINDOWS\system32\mscoree.dll - ok
20:56:35.0906 1348 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] C:\WINDOWS\ehome\ehrecvr.exe
20:56:35.0906 1348 C:\WINDOWS\ehome\ehrecvr.exe - ok
20:56:35.0921 1348 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
20:56:35.0921 1348 C:\WINDOWS\system32\cryptsvc.dll - ok
20:56:35.0921 1348 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] C:\WINDOWS\system32\drivers\dsunidrv.sys
20:56:35.0921 1348 C:\WINDOWS\system32\drivers\dsunidrv.sys - ok
20:56:35.0921 1348 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
20:56:35.0921 1348 C:\WINDOWS\system32\certcli.dll - ok
20:56:35.0937 1348 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
20:56:35.0937 1348 C:\WINDOWS\system32\faultrep.dll - ok
20:56:35.0937 1348 [ 6D280BC969218AE4A72180F907C32913 ] C:\WINDOWS\ehome\ehTrace.dll
20:56:35.0937 1348 C:\WINDOWS\ehome\ehTrace.dll - ok
20:56:35.0953 1348 [ A53243709439AC2A4C216B817F8D7411 ] C:\WINDOWS\ehome\ehSched.exe
20:56:35.0953 1348 C:\WINDOWS\ehome\ehSched.exe - ok
20:56:35.0953 1348 [ A9BE66E05254B20DF82E0F7CDDECA7DD ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
20:56:35.0953 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe - ok
20:56:35.0953 1348 [ 008DF0C9D81BD814480DD9C052893E8C ] C:\WINDOWS\ehome\ehRec.exe
20:56:35.0953 1348 C:\WINDOWS\ehome\ehRec.exe - ok
20:56:35.0968 1348 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
20:56:35.0968 1348 C:\WINDOWS\system32\ersvc.dll - ok
20:56:35.0968 1348 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
20:56:35.0968 1348 C:\WINDOWS\system32\es.dll - ok
20:56:35.0968 1348 [ 392E85687A902239C01BADDF212B1A36 ] C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
20:56:35.0968 1348 C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE - ok
20:56:35.0984 1348 [ E7A33307A0816678AD50C7110EA50A33 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32.exe
20:56:35.0984 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32.exe - ok
20:56:35.0984 1348 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
20:56:35.0984 1348 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
20:56:35.0984 1348 [ 945D921BB4FF2DED24F62D2BAF2AB48B ] C:\Program Files\CenturyLink Online Security\Common\FSMA32.DLL
20:56:36.0000 1348 C:\Program Files\CenturyLink Online Security\Common\FSMA32.DLL - ok
20:56:36.0000 1348 [ 0EA6E48104D562FA453F32FEB01E92C6 ] C:\Program Files\CenturyLink Online Security\Common\FSPMAPI.DLL
20:56:36.0000 1348 C:\Program Files\CenturyLink Online Security\Common\FSPMAPI.DLL - ok
20:56:36.0000 1348 [ 926AFC4848FF3297BB264333BF51E21F ] C:\WINDOWS\system32\sbe.dll
20:56:36.0000 1348 C:\WINDOWS\system32\sbe.dll - ok
20:56:36.0015 1348 [ 7B3740169BDE2892091084007AB6BABA ] C:\Program Files\CenturyLink Online Security\Anti-Virus\updcfg.dll
20:56:36.0015 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\updcfg.dll - ok
20:56:36.0015 1348 [ 626A24ED1228580B9518C01930936DF9 ] C:\Program Files\Google\Update\GoogleUpdate.exe
20:56:36.0015 1348 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
20:56:36.0015 1348 [ 7E48D9BC72C8A0A9525F309F92A284D4 ] C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
20:56:36.0015 1348 C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE - ok
20:56:36.0031 1348 [ 9D80D4BD26396FDC2D2C4E4D5E1EBA36 ] C:\Program Files\CenturyLink Online Security\Common\FCH32.DLL
20:56:36.0031 1348 C:\Program Files\CenturyLink Online Security\Common\FCH32.DLL - ok
20:56:36.0031 1348 [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
20:56:36.0031 1348 C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
20:56:36.0031 1348 [ 7C87A5FB95777E4132B11FC3D92CAAF5 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
20:56:36.0031 1348 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll - ok
20:56:36.0046 1348 [ E325BCDBB6DED6C89F679B8AE89E975C ] C:\WINDOWS\system32\msvidctl.dll
20:56:36.0046 1348 C:\WINDOWS\system32\msvidctl.dll - ok
20:56:36.0046 1348 [ D43E59FAABE2DDD06B569C1836A146DD ] C:\Program Files\CenturyLink Online Security\Common\FSPMENG.DLL
20:56:36.0046 1348 C:\Program Files\CenturyLink Online Security\Common\FSPMENG.DLL - ok
20:56:36.0046 1348 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
20:56:36.0046 1348 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll - ok
20:56:36.0062 1348 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
20:56:36.0062 1348 C:\WINDOWS\system32\msi.dll - ok
20:56:36.0062 1348 [ 31F68153B971F917BAE07A4B0A19167A ] C:\Program Files\CenturyLink Online Security\DAAS2\fsclm.dll
20:56:36.0062 1348 C:\Program Files\CenturyLink Online Security\DAAS2\fsclm.dll - ok
20:56:36.0078 1348 [ 554C96E3C39E5BA98EFAFEC2CEACFA72 ] C:\Program Files\CenturyLink Online Security\Common\FSMA32S.DLL
20:56:36.0078 1348 C:\Program Files\CenturyLink Online Security\Common\FSMA32S.DLL - ok
20:56:36.0078 1348 [ ADE43E6677BA2D52413DDDAB38438555 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
20:56:36.0078 1348 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - ok
20:56:36.0078 1348 [ 68997E95D4B4079A4663C794AC4798BA ] C:\Program Files\CenturyLink Online Security\Scanner-Interface\fsgkiapi.dll
20:56:36.0078 1348 C:\Program Files\CenturyLink Online Security\Scanner-Interface\fsgkiapi.dll - ok
20:56:36.0093 1348 [ BF107ACF2CDD552AABE14E8C3E62E3FC ] C:\WINDOWS\system32\quartz.dll
20:56:36.0093 1348 C:\WINDOWS\system32\quartz.dll - ok
20:56:36.0093 1348 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
20:56:36.0093 1348 C:\WINDOWS\system32\fltlib.dll - ok
20:56:36.0093 1348 [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll
20:56:36.0093 1348 C:\WINDOWS\system32\devenum.dll - ok
20:56:36.0109 1348 [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
20:56:36.0109 1348 C:\WINDOWS\system32\msdmo.dll - ok
20:56:36.0109 1348 [ C0A447BCA69D9661D1EF7EDF4C700FE3 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
20:56:36.0109 1348 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - ok
20:56:36.0109 1348 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
20:56:36.0109 1348 C:\WINDOWS\system32\dbghelp.dll - ok
20:56:36.0125 1348 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
20:56:36.0125 1348 C:\WINDOWS\system32\wsock32.dll - ok
20:56:36.0125 1348 [ 21E9E1D02F36980968FF1AEA3A4C7C97 ] C:\Program Files\CenturyLink Online Security\Common\FAMEH32.DLL
20:56:36.0125 1348 C:\Program Files\CenturyLink Online Security\Common\FAMEH32.DLL - ok
20:56:36.0140 1348 [ A28FB45FD44FA90E5F2BF94B642B7A39 ] C:\Program Files\CenturyLink Online Security\Common\fslapi.dll
20:56:36.0140 1348 C:\Program Files\CenturyLink Online Security\Common\fslapi.dll - ok
20:56:36.0140 1348 [ 2D74A891C52271A641C46F7396BF4EE1 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\fsaua.dll
20:56:36.0140 1348 C:\Program Files\CenturyLink Online Security\FSAUA\program\fsaua.dll - ok
20:56:36.0140 1348 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
20:56:36.0140 1348 C:\WINDOWS\system32\drivers\http.sys - ok
20:56:36.0156 1348 [ 2975C66459C426C20BC22D639DF6B611 ] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
20:56:36.0156 1348 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok
20:56:36.0156 1348 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
20:56:36.0156 1348 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
20:56:36.0156 1348 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
20:56:36.0156 1348 C:\WINDOWS\system32\sensapi.dll - ok
20:56:36.0171 1348 [ 195741AEE20369980796B557358CD774 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
20:56:36.0171 1348 C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
20:56:36.0171 1348 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
20:56:36.0171 1348 C:\WINDOWS\system32\ipsecsvc.dll - ok
20:56:36.0171 1348 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
20:56:36.0171 1348 C:\WINDOWS\system32\seclogon.dll - ok
20:56:36.0187 1348 [ 7E4BF91C9111B04BAA363E33E992616B ] C:\Program Files\CenturyLink Online Security\Common\AMEHEVN.DLL
20:56:36.0187 1348 C:\Program Files\CenturyLink Online Security\Common\AMEHEVN.DLL - ok
20:56:36.0187 1348 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
20:56:36.0187 1348 C:\WINDOWS\system32\netman.dll - ok
20:56:36.0203 1348 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
20:56:36.0203 1348 C:\WINDOWS\system32\oakley.dll - ok
20:56:36.0203 1348 [ 367F95031128D466E09BDAC0C4F8BA8A ] C:\Program Files\CenturyLink Online Security\FSPC\fspc.dll
20:56:36.0203 1348 C:\Program Files\CenturyLink Online Security\FSPC\fspc.dll - ok
20:56:36.0203 1348 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
20:56:36.0203 1348 C:\WINDOWS\system32\netshell.dll - ok
20:56:36.0218 1348 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
20:56:36.0218 1348 C:\WINDOWS\system32\winipsec.dll - ok
20:56:36.0218 1348 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
20:56:36.0218 1348 C:\WINDOWS\system32\pstorsvc.dll - ok
20:56:36.0218 1348 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
20:56:36.0218 1348 C:\WINDOWS\system32\psbase.dll - ok
20:56:36.0234 1348 [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
20:56:36.0234 1348 C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
20:56:36.0234 1348 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
20:56:36.0234 1348 C:\WINDOWS\system32\mstask.dll - ok
20:56:36.0234 1348 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
20:56:36.0234 1348 C:\WINDOWS\system32\dssenh.dll - ok
20:56:36.0250 1348 [ 5C77C4DB091466CA4C04F01DC7C767CB ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f924740\mscorlib.dll
20:56:36.0250 1348 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f924740\mscorlib.dll - ok
20:56:36.0250 1348 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
20:56:36.0250 1348 C:\WINDOWS\system32\ssdpsrv.dll - ok
20:56:36.0250 1348 [ B226F8A4D780ACDF76145B58BB791D5B ] C:\WINDOWS\system32\drivers\symlcbrd.sys
20:56:36.0250 1348 C:\WINDOWS\system32\drivers\symlcbrd.sys - ok
20:56:36.0265 1348 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
20:56:36.0265 1348 C:\WINDOWS\system32\wiaservc.dll - ok
20:56:36.0265 1348 [ 6F5C55D2FA1B3080647460E1329CDAEA ] C:\Program Files\CenturyLink Online Security\TNB\fstnb.dll
20:56:36.0265 1348 C:\Program Files\CenturyLink Online Security\TNB\fstnb.dll - ok
20:56:36.0281 1348 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
20:56:36.0281 1348 C:\WINDOWS\system32\cfgmgr32.dll - ok
20:56:36.0281 1348 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
20:56:36.0281 1348 C:\WINDOWS\system32\mscms.dll - ok
20:56:36.0281 1348 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
20:56:36.0281 1348 C:\WINDOWS\system32\credui.dll - ok
20:56:36.0296 1348 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
20:56:36.0296 1348 C:\WINDOWS\system32\userinit.exe - ok
20:56:36.0296 1348 [ 9E053578E7E8248DD8AA097AA8933097 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\fsaua_api_dll.dll
20:56:36.0296 1348 C:\Program Files\CenturyLink Online Security\FSAUA\program\fsaua_api_dll.dll - ok
20:56:36.0296 1348 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
20:56:36.0296 1348 C:\WINDOWS\system32\dot3dlg.dll - ok
20:56:36.0312 1348 [ DF0A511F38F16016BF658FCA0090CB87 ] C:\WINDOWS\ehome\mcrdsvc.exe
20:56:36.0312 1348 C:\WINDOWS\ehome\mcrdsvc.exe - ok
20:56:36.0312 1348 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
20:56:36.0312 1348 C:\WINDOWS\system32\onex.dll - ok
20:56:36.0312 1348 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
20:56:36.0312 1348 C:\WINDOWS\system32\eappcfg.dll - ok
20:56:36.0328 1348 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
20:56:36.0328 1348 C:\WINDOWS\system32\ssdpapi.dll - ok
20:56:36.0328 1348 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
20:56:36.0328 1348 C:\WINDOWS\system32\eappprxy.dll - ok
20:56:36.0343 1348 [ AE8028E980FCAB6CCAF68E6850D8FE50 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
20:56:36.0343 1348 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - ok
20:56:36.0343 1348 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
20:56:36.0343 1348 C:\WINDOWS\system32\wzcsapi.dll - ok
20:56:36.0343 1348 [ 73B44FE5423982B2709D6EA2F674B807 ] C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
20:56:36.0343 1348 C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll - ok
20:56:36.0359 1348 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
20:56:36.0359 1348 C:\WINDOWS\explorer.exe - ok
20:56:36.0359 1348 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
20:56:36.0359 1348 C:\WINDOWS\system32\srvsvc.dll - ok
20:56:36.0359 1348 [ 9FA838B634DEE1CC552B17CCA85F0A2A ] C:\Program Files\CenturyLink Online Security\Common\AMEHLOG.DLL
20:56:36.0359 1348 C:\Program Files\CenturyLink Online Security\Common\AMEHLOG.DLL - ok
20:56:36.0375 1348 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
20:56:36.0375 1348 C:\WINDOWS\system32\hidserv.dll - ok
20:56:36.0375 1348 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
20:56:36.0375 1348 C:\WINDOWS\system32\hid.dll - ok
20:56:36.0375 1348 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
20:56:36.0375 1348 C:\WINDOWS\system32\srsvc.dll - ok
20:56:36.0390 1348 [ E6019253451DBB67740F7027AD9E1CB5 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
20:56:36.0390 1348 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
20:56:36.0390 1348 [ D0B84EC82FCD2FEF93EDD3527362FAE0 ] C:\Program Files\CenturyLink Online Security\FSGUI\fsstm.exe
20:56:36.0390 1348 C:\Program Files\CenturyLink Online Security\FSGUI\fsstm.exe - ok
20:56:36.0390 1348 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
20:56:36.0390 1348 C:\WINDOWS\system32\sens.dll - ok
20:56:36.0406 1348 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
20:56:36.0406 1348 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
20:56:36.0406 1348 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
20:56:36.0406 1348 C:\WINDOWS\system32\wuauserv.dll - ok
20:56:36.0406 1348 [ AB9AAC01AC223F03707748C038A03244 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
20:56:36.0406 1348 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - ok
20:56:36.0421 1348 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
20:56:36.0421 1348 C:\WINDOWS\system32\browseui.dll - ok
20:56:36.0421 1348 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
20:56:36.0421 1348 C:\WINDOWS\system32\vssapi.dll - ok
20:56:36.0421 1348 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
20:56:36.0421 1348 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
20:56:36.0437 1348 [ FE1EC76785411CA41846A16833F9C480 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\fsauach.exe
20:56:36.0437 1348 C:\Program Files\CenturyLink Online Security\FSAUA\program\fsauach.exe - ok
20:56:36.0437 1348 [ 29A86B84BE97922C2FFDA0265D47ADBD ] C:\Program Files\CenturyLink Online Security\ExploitShield\esauahandlerconsole.exe
20:56:36.0437 1348 C:\Program Files\CenturyLink Online Security\ExploitShield\esauahandlerconsole.exe - ok
20:56:36.0453 1348 [ BC38EDE84E18872B616C45EE15849F30 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\fsus.exe
20:56:36.0453 1348 C:\Program Files\CenturyLink Online Security\FSAUA\program\fsus.exe - ok
20:56:36.0453 1348 [ EF7A9942B1D60091E48C73B9688C62F3 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\ih8.exe
20:56:36.0453 1348 C:\Program Files\CenturyLink Online Security\FSAUA\program\ih8.exe - ok
20:56:36.0453 1348 [ 6A565EE3BB659B6C8B5F393FDCA7453E ] C:\Program Files\CenturyLink Online Security\NRS\litmus-update-handler.exe
20:56:36.0453 1348 C:\Program Files\CenturyLink Online Security\NRS\litmus-update-handler.exe - ok
20:56:36.0468 1348 [ D641F8456B2BE9B7F07BECCA3B4B3C2C ] C:\Program Files\CenturyLink Online Security\ORSP Client\orspupd.exe
20:56:36.0468 1348 C:\Program Files\CenturyLink Online Security\ORSP Client\orspupd.exe - ok
20:56:36.0468 1348 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
20:56:36.0468 1348 C:\WINDOWS\system32\wuaueng.dll - ok
20:56:36.0468 1348 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
20:56:36.0468 1348 C:\WINDOWS\system32\shdocvw.dll - ok
20:56:36.0484 1348 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
20:56:36.0484 1348 C:\WINDOWS\system32\winhttp.dll - ok
20:56:36.0484 1348 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
20:56:36.0484 1348 C:\WINDOWS\system32\cabinet.dll - ok
20:56:36.0484 1348 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
20:56:36.0484 1348 C:\WINDOWS\system32\mspatcha.dll - ok
20:56:36.0500 1348 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
20:56:36.0500 1348 C:\WINDOWS\system32\actxprxy.dll - ok
20:56:36.0500 1348 [ 3F994A6CF62AA8ED7B82CBE8AD7BE810 ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
20:56:36.0500 1348 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
20:56:36.0515 1348 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
20:56:36.0515 1348 C:\WINDOWS\system32\drivers\srv.sys - ok
20:56:36.0515 1348 [ 2C594CC1A9A04524F0F203046AD451C5 ] C:\Program Files\CenturyLink Online Security\FSGUI\chmres.eng
20:56:36.0515 1348 C:\Program Files\CenturyLink Online Security\FSGUI\chmres.eng - ok
20:56:36.0515 1348 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
20:56:36.0515 1348 C:\WINDOWS\system32\tapisrv.dll - ok
20:56:36.0531 1348 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
20:56:36.0531 1348 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
20:56:36.0531 1348 [ A9B74917D9A297DCE56BB19331EA8E44 ] C:\Program Files\CenturyLink Online Security\FSGUI\strres.eng
20:56:36.0531 1348 C:\Program Files\CenturyLink Online Security\FSGUI\strres.eng - ok
20:56:36.0531 1348 [ CF9EEA7F51101A281B99FCA7AFFA2524 ] C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
20:56:36.0531 1348 C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll - ok
20:56:36.0546 1348 [ 4D2D1ED08C2FD846D350C3CCEE0926C7 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\ih8run.exe
20:56:36.0546 1348 C:\Program Files\CenturyLink Online Security\FSAUA\program\ih8run.exe - ok
20:56:36.0546 1348 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
20:56:36.0546 1348 C:\WINDOWS\system32\ipnathlp.dll - ok
20:56:36.0546 1348 [ 8BA39E5F79366F45AF9759C1DAE346AE ] C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
20:56:36.0546 1348 C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll - ok
20:56:36.0562 1348 [ EC2F1423B0F6DD7EB8EE384967479E3F ] C:\WINDOWS\system32\AcSignIcon.dll
20:56:36.0562 1348 C:\WINDOWS\system32\AcSignIcon.dll - ok
20:56:36.0562 1348 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
20:56:36.0562 1348 C:\WINDOWS\system32\wscsvc.dll - ok
20:56:36.0578 1348 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
20:56:36.0578 1348 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok
20:56:36.0578 1348 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
20:56:36.0578 1348 C:\WINDOWS\system32\wups.dll - ok
20:56:36.0578 1348 [ E97D6A8684466DF94FF3BC24FB787A07 ] C:\WINDOWS\system32\fxssvc.exe
20:56:36.0578 1348 C:\WINDOWS\system32\fxssvc.exe - ok
20:56:36.0593 1348 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
20:56:36.0593 1348 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
20:56:36.0593 1348 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
20:56:36.0593 1348 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
20:56:36.0593 1348 [ 0967D9749326622FA8FDE688CA126736 ] C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
20:56:36.0593 1348 C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll - ok
20:56:36.0609 1348 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
20:56:36.0609 1348 C:\WINDOWS\system32\comsvcs.dll - ok
20:56:36.0609 1348 [ 27DB3CEB88A1EF2BE1E193A05964973C ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
20:56:36.0609 1348 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
20:56:36.0625 1348 [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
20:56:36.0625 1348 C:\WINDOWS\system32\fxsevent.dll - ok
20:56:36.0625 1348 [ 1144EF6B4BB72E33B41912AE1AE4F97A ] C:\WINDOWS\system32\fxstiff.dll
20:56:36.0625 1348 C:\WINDOWS\system32\fxstiff.dll - ok
20:56:36.0625 1348 [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
20:56:36.0625 1348 C:\WINDOWS\system32\fxsapi.dll - ok
20:56:36.0640 1348 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
20:56:36.0640 1348 C:\WINDOWS\system32\colbact.dll - ok
20:56:36.0640 1348 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
20:56:36.0640 1348 C:\WINDOWS\system32\spoolss.dll - ok
20:56:36.0640 1348 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
20:56:36.0640 1348 C:\WINDOWS\system32\mtxclu.dll - ok
20:56:36.0656 1348 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
20:56:36.0656 1348 C:\WINDOWS\system32\localspl.dll - ok
20:56:36.0656 1348 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
20:56:36.0656 1348 C:\WINDOWS\system32\clusapi.dll - ok
20:56:36.0656 1348 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
20:56:36.0656 1348 C:\WINDOWS\system32\resutils.dll - ok
20:56:36.0671 1348 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
20:56:36.0671 1348 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
20:56:36.0671 1348 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
20:56:36.0671 1348 C:\WINDOWS\system32\cnbjmon.dll - ok
20:56:36.0671 1348 [ B6335A2EFBF0B4B7D4080E8B933A9F9B ] C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
20:56:36.0671 1348 C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll - ok
20:56:36.0687 1348 [ 20F3BA47A831C787EFD6177A3CF0F4DC ] C:\WINDOWS\system32\zsdepl.dcl
20:56:36.0687 1348 C:\WINDOWS\system32\zsdepl.dcl - ok
20:56:36.0687 1348 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
20:56:36.0687 1348 C:\WINDOWS\system32\wbem\esscli.dll - ok
20:56:36.0687 1348 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
20:56:36.0687 1348 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok
20:56:36.0703 1348 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
20:56:36.0703 1348 C:\WINDOWS\system32\desk.cpl - ok
20:56:36.0703 1348 [ 95647F820CBC025676D7B407E2BCFBE6 ] C:\WINDOWS\system32\mdimon.dll
20:56:36.0703 1348 C:\WINDOWS\system32\mdimon.dll - ok
20:56:36.0718 1348 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
20:56:36.0718 1348 C:\WINDOWS\system32\wbem\fastprox.dll - ok
20:56:36.0718 1348 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
20:56:36.0718 1348 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
20:56:36.0718 1348 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
20:56:36.0718 1348 C:\WINDOWS\system32\themeui.dll - ok
20:56:36.0734 1348 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
20:56:36.0734 1348 C:\WINDOWS\system32\wups2.dll - ok
20:56:36.0734 1348 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
20:56:36.0734 1348 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
20:56:36.0734 1348 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
20:56:36.0734 1348 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
20:56:36.0750 1348 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
20:56:36.0750 1348 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
20:56:36.0750 1348 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
20:56:36.0750 1348 C:\WINDOWS\system32\wuauclt.exe - ok
20:56:36.0750 1348 [ B0877FEFA8FB0E58F1099BD0958ECC97 ] C:\WINDOWS\system32\urlmon.dll
20:56:36.0750 1348 C:\WINDOWS\system32\urlmon.dll - ok
20:56:36.0765 1348 [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
20:56:36.0765 1348 C:\WINDOWS\system32\fxsmon.dll - ok
20:56:36.0765 1348 [ 1574DD9D409F2DC45CF82C22B99164A4 ] C:\WINDOWS\system32\pdfcmnnt.dll
20:56:36.0765 1348 C:\WINDOWS\system32\pdfcmnnt.dll - ok
20:56:36.0765 1348 [ 6D0A021A23A281AB9F212CF1E2BD3757 ] C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
20:56:36.0765 1348 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - ok
20:56:36.0781 1348 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
20:56:36.0781 1348 C:\WINDOWS\system32\pjlmon.dll - ok
20:56:36.0781 1348 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
20:56:36.0781 1348 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
20:56:36.0796 1348 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
20:56:36.0796 1348 C:\WINDOWS\system32\tcpmon.dll - ok
20:56:36.0796 1348 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
20:56:36.0796 1348 C:\WINDOWS\system32\usbmon.dll - ok
20:56:36.0796 1348 [ 4424AE65F7AF8181AC99FE46BC2700C9 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
20:56:36.0796 1348 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
20:56:36.0812 1348 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
20:56:36.0812 1348 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
20:56:36.0812 1348 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
20:56:36.0812 1348 C:\WINDOWS\system32\win32spl.dll - ok
20:56:36.0812 1348 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
20:56:36.0812 1348 C:\WINDOWS\system32\wbem\wbemess.dll - ok
20:56:36.0828 1348 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
20:56:36.0828 1348 C:\WINDOWS\system32\inetpp.dll - ok
20:56:36.0828 1348 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
20:56:36.0828 1348 C:\WINDOWS\system32\wuapi.dll - ok
20:56:36.0828 1348 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
20:56:36.0828 1348 C:\WINDOWS\system32\cmd.exe - ok
20:56:36.0843 1348 [ 11E47C2A717C03E1C5E05E1CFF6FA3DF ] C:\WINDOWS\system32\ieframe.dll
20:56:36.0843 1348 C:\WINDOWS\system32\ieframe.dll - ok
20:56:36.0843 1348 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
20:56:36.0843 1348 C:\WINDOWS\system32\wbem\ncprov.dll - ok
20:56:36.0843 1348 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
20:56:36.0843 1348 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
20:56:36.0859 1348 [ D1990C7D2766450378B97283FF458AFA ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5e0b0ec9\System.dll
20:56:36.0859 1348 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5e0b0ec9\System.dll - ok
20:56:36.0859 1348 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
20:56:36.0859 1348 C:\WINDOWS\system32\browser.dll - ok
20:56:36.0875 1348 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
20:56:36.0875 1348 C:\WINDOWS\system32\shfolder.dll - ok
20:56:36.0875 1348 [ 52ABC8C57DFEE5A7AAA210CE2E9DFE73 ] C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
20:56:36.0875 1348 C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll - ok
20:56:36.0875 1348 [ 0CE5F8AE9C371A965D17E3F2ED134809 ] C:\WINDOWS\system32\fxst30.dll
20:56:36.0875 1348 C:\WINDOWS\system32\fxst30.dll - ok
20:56:36.0890 1348 [ 2D583E2844FDD592D1629EB6B10E5702 ] C:\WINDOWS\system32\fxsroute.dll
20:56:36.0890 1348 C:\WINDOWS\system32\fxsroute.dll - ok
20:56:36.0890 1348 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
20:56:36.0890 1348 C:\WINDOWS\system32\unimdm.tsp - ok
20:56:36.0890 1348 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
20:56:36.0890 1348 C:\WINDOWS\system32\uniplat.dll - ok
20:56:36.0921 1348 [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
20:56:36.0921 1348 C:\WINDOWS\system32\unimdmat.dll - ok
20:56:36.0921 1348 [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
20:56:36.0921 1348 C:\WINDOWS\system32\modemui.dll - ok
20:56:36.0937 1348 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
20:56:36.0937 1348 C:\WINDOWS\system32\kmddsp.tsp - ok
20:56:36.0937 1348 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
20:56:36.0937 1348 C:\WINDOWS\system32\ndptsp.tsp - ok
20:56:36.0937 1348 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
20:56:36.0937 1348 C:\WINDOWS\system32\ipconf.tsp - ok
20:56:36.0953 1348 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
20:56:36.0953 1348 C:\WINDOWS\system32\h323.tsp - ok
20:56:36.0953 1348 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
20:56:36.0953 1348 C:\WINDOWS\system32\hidphone.tsp - ok
20:56:36.0953 1348 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
20:56:36.0953 1348 C:\WINDOWS\system32\termsrv.dll - ok
20:56:36.0968 1348 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
20:56:36.0968 1348 C:\WINDOWS\system32\icaapi.dll - ok
20:56:36.0968 1348 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
20:56:36.0968 1348 C:\WINDOWS\system32\mstlsapi.dll - ok
20:56:36.0968 1348 [ 3DB7415150DFB85FCF470E10F4745FD3 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys
20:56:36.0968 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys - ok
20:56:36.0984 1348 [ 8E0BF7478CC3BAED48282ADBC97ADAFB ] C:\Program Files\CenturyLink Online Security\FWES\program\fsdfwd.exe
20:56:36.0984 1348 C:\Program Files\CenturyLink Online Security\FWES\program\fsdfwd.exe - ok
20:56:36.0984 1348 [ 939BCEE3498C4DBFAAA4AF51968FFE72 ] C:\Program Files\CenturyLink Online Security\HIPS\fships.dll
20:56:36.0984 1348 C:\Program Files\CenturyLink Online Security\HIPS\fships.dll - ok
20:56:37.0000 1348 [ 1C55259F89A68F223939A34753965B0C ] C:\Program Files\CenturyLink Online Security\ORSP Client\orspapi.dll
20:56:37.0000 1348 C:\Program Files\CenturyLink Online Security\ORSP Client\orspapi.dll - ok
20:56:37.0000 1348 [ D9475978214C01F06A51B52CCCA8FFF2 ] C:\Program Files\CenturyLink Online Security\ORSP Client\json_c.dll
20:56:37.0000 1348 C:\Program Files\CenturyLink Online Security\ORSP Client\json_c.dll - ok
20:56:37.0000 1348 [ F60955CB38E60ECCBFC02A63740AA7CB ] C:\Program Files\CenturyLink Online Security\HIPS\fsumi.dll
20:56:37.0000 1348 C:\Program Files\CenturyLink Online Security\HIPS\fsumi.dll - ok
20:56:37.0015 1348 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
20:56:37.0015 1348 C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe - ok
20:56:37.0015 1348 [ BEF0E24D58AE175BD0BD4F3CB93FAA76 ] C:\Program Files\CenturyLink Online Security\ORSP Client\orspplug.dll
20:56:37.0015 1348 C:\Program Files\CenturyLink Online Security\ORSP Client\orspplug.dll - ok
20:56:37.0015 1348 [ 7881C705403427AC25A6E19E62BDD6C5 ] C:\Program Files\CenturyLink Online Security\FWES\program\fsmirror.dll
20:56:37.0015 1348 C:\Program Files\CenturyLink Online Security\FWES\program\fsmirror.dll - ok
20:56:37.0031 1348 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
20:56:37.0031 1348 C:\WINDOWS\system32\rasmans.dll - ok
20:56:37.0031 1348 [ 254CCDC043DFADC5D5EF99B533BB1DC2 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
20:56:37.0031 1348 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll - ok
20:56:37.0031 1348 [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\KEITHW~1\LOCALS~1\temp\4E9E70F5-55B9-41E7-93D6-46E328A094E4.exe
20:56:37.0031 1348 C:\DOCUME~1\KEITHW~1\LOCALS~1\temp\4E9E70F5-55B9-41E7-93D6-46E328A094E4.exe - ok
20:56:37.0046 1348 [ EA741F04557C13E0187DFBEE85922FE7 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
20:56:37.0046 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe - ok
20:56:37.0046 1348 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
20:56:37.0046 1348 C:\WINDOWS\system32\netcfgx.dll - ok
20:56:37.0062 1348 [ 047CD344AC7B76BA3C224FAE1A4627C9 ] C:\WINDOWS\system32\WgaTray.exe
20:56:37.0062 1348 C:\WINDOWS\system32\WgaTray.exe - ok
20:56:37.0062 1348 [ 74E24784C5C7A72349DF02B90BCB75CE ] C:\Program Files\CenturyLink Online Security\FWES\program\fsesperf.dll
20:56:37.0062 1348 C:\Program Files\CenturyLink Online Security\FWES\program\fsesperf.dll - ok
20:56:37.0062 1348 [ 7CC5951B917EAC1C2E42600A1B669373 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\hashlib_x86.dll
20:56:37.0062 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\hashlib_x86.dll - ok
20:56:37.0078 1348 [ EFC9013F2BDEBDE18CF26FC897922710 ] C:\Program Files\CenturyLink Online Security\DAAS2\daas2.dll
20:56:37.0078 1348 C:\Program Files\CenturyLink Online Security\DAAS2\daas2.dll - ok
20:56:37.0078 1348 [ ED39EE168420E54F2750B6A3A7F5B1A2 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fshive2.dll
20:56:37.0078 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fshive2.dll - ok
20:56:37.0078 1348 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
20:56:37.0078 1348 C:\WINDOWS\system32\rastapi.dll - ok
20:56:37.0093 1348 [ C193D67B5E3655C1A520D24E04040145 ] C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
20:56:37.0093 1348 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll - ok
20:56:37.0093 1348 [ 66946DE593185983B6D05F837D452262 ] C:\WINDOWS\ehome\ehui.dll
20:56:37.0093 1348 C:\WINDOWS\ehome\ehui.dll - ok
20:56:37.0093 1348 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
20:56:37.0093 1348 C:\WINDOWS\system32\alg.exe - ok
20:56:37.0109 1348 [ 1983D6073E88A2E13EF3B9E2E1E9B76A ] C:\Program Files\CenturyLink Online Security\Common\fsdfwres.eng
20:56:37.0109 1348 C:\Program Files\CenturyLink Online Security\Common\fsdfwres.eng - ok
20:56:37.0109 1348 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
20:56:37.0109 1348 C:\WINDOWS\system32\rasppp.dll - ok
20:56:37.0125 1348 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
20:56:37.0125 1348 C:\WINDOWS\system32\ntlsapi.dll - ok
20:56:37.0125 1348 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
20:56:37.0125 1348 C:\WINDOWS\system32\rasqec.dll - ok
20:56:37.0125 1348 [ F5FCADD58790C996901D2752214FD33C ] C:\Program Files\CenturyLink Online Security\Anti-Virus\aquarius\fpiaqu.dll
20:56:37.0125 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\aquarius\fpiaqu.dll - ok
20:56:37.0140 1348 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
20:56:37.0140 1348 C:\WINDOWS\system32\cryptnet.dll - ok
20:56:37.0140 1348 [ E058C4821D48E0A67F6069CB50818D44 ] C:\WINDOWS\system32\LegitCheckControl.dll
20:56:37.0140 1348 C:\WINDOWS\system32\LegitCheckControl.dll - ok
20:56:37.0140 1348 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
20:56:37.0140 1348 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
20:56:37.0156 1348 [ 1755023407FDE00D9916505A557569D5 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\aquarius\core\bdcore.dll
20:56:37.0156 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\aquarius\core\bdcore.dll - ok
20:56:37.0156 1348 [ 855F6333E3A4DFC6F3C8B0520C261FCD ] C:\WINDOWS\system32\msftedit.dll
20:56:37.0156 1348 C:\WINDOWS\system32\msftedit.dll - ok
20:56:37.0156 1348 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
20:56:37.0156 1348 C:\WINDOWS\system32\linkinfo.dll - ok
20:56:37.0171 1348 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
20:56:37.0171 1348 C:\WINDOWS\system32\ntshrui.dll - ok
20:56:37.0171 1348 [ 7AC813E17BD960987C5DA788AF295361 ] C:\WINDOWS\ehome\EhDebug.dll
20:56:37.0171 1348 C:\WINDOWS\ehome\EhDebug.dll - ok
20:56:37.0171 1348 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
20:56:37.0171 1348 C:\WINDOWS\system32\licwmi.dll - ok
20:56:37.0187 1348 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
20:56:37.0187 1348 C:\WINDOWS\system32\wbem\framedyn.dll - ok
20:56:37.0187 1348 [ A5205B3AF85B1477AB2C2A1E12201598 ] C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
20:56:37.0187 1348 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll - ok
20:56:37.0203 1348 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
20:56:37.0203 1348 C:\WINDOWS\system32\verclsid.exe - ok
20:56:37.0203 1348 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
20:56:37.0203 1348 C:\WINDOWS\system32\licdll.dll - ok
20:56:37.0203 1348 [ 4F573EE9531D8357A82D829155E26A1B ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsbl.dll
20:56:37.0203 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsbl.dll - ok
20:56:37.0218 1348 [ E053AD1EA4F713DED08164069BF2A105 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsbld.dll
20:56:37.0218 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsbld.dll - ok
20:56:37.0218 1348 [ 5C48E952DEEEE7A3A8D0A946279CA51B ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a3b83f55\System.Xml.dll
20:56:37.0218 1348 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a3b83f55\System.Xml.dll - ok
20:56:37.0218 1348 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
20:56:37.0218 1348 C:\WINDOWS\system32\msxml6.dll - ok
20:56:37.0234 1348 [ 0AEFF41B9C87ADF782EFB8F6495D0D62 ] C:\WINDOWS\system32\webcheck.dll
20:56:37.0234 1348 C:\WINDOWS\system32\webcheck.dll - ok
20:56:37.0234 1348 [ 82AB31C0204A6F3F6751B152382AFE60 ] C:\Program Files\CenturyLink Online Security\Gemini\fsgem.dll
20:56:37.0234 1348 C:\Program Files\CenturyLink Online Security\Gemini\fsgem.dll - ok
20:56:37.0234 1348 [ DFEACC79A891759CFA0708E2BCB0BA17 ] C:\Program Files\CenturyLink Online Security\Gemini\fsgeme.dll
20:56:37.0234 1348 C:\Program Files\CenturyLink Online Security\Gemini\fsgeme.dll - ok
20:56:37.0250 1348 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
20:56:37.0250 1348 C:\WINDOWS\system32\stobject.dll - ok
20:56:37.0250 1348 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
20:56:37.0250 1348 C:\WINDOWS\system32\batmeter.dll - ok
20:56:37.0265 1348 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
20:56:37.0265 1348 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
20:56:37.0265 1348 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
20:56:37.0265 1348 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
20:56:37.0265 1348 [ 7EEEF81589C2ECF62ECC2473E2EA885A ] C:\PROGRA~1\CENTUR~1\ANTI-V~1\fsepx32.dll
20:56:37.0265 1348 C:\PROGRA~1\CENTUR~1\ANTI-V~1\fsepx32.dll - ok
20:56:37.0281 1348 [ 3550DFA6FFFBD7604DABB28DF4ABF096 ] C:\WINDOWS\ehome\custsat.dll
20:56:37.0281 1348 C:\WINDOWS\ehome\custsat.dll - ok
20:56:37.0281 1348 [ 576FF75D51B79536C3AE7659B482B7D5 ] C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
20:56:37.0281 1348 C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll - ok
20:56:37.0281 1348 [ 5370F7E290EECF4732CCB71F5C7E6833 ] C:\PROGRA~1\CENTUR~1\ANTI-V~1\fsecr32.dll
20:56:37.0281 1348 C:\PROGRA~1\CENTUR~1\ANTI-V~1\fsecr32.dll - ok
20:56:37.0296 1348 [ 6F640DC052CF77161A23E29261593793 ] C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
20:56:37.0296 1348 C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll - ok
20:56:37.0296 1348 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
20:56:37.0296 1348 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
20:56:37.0296 1348 [ 8D74462038DDAE95966EF5F1E53C96B0 ] C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
20:56:37.0296 1348 C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE - ok
20:56:37.0312 1348 [ B12354F653F12CC5F6654FFF41A2A7B6 ] C:\Program Files\CenturyLink Online Security\Spam Control\fsas.dll
20:56:37.0312 1348 C:\Program Files\CenturyLink Online Security\Spam Control\fsas.dll - ok
20:56:37.0312 1348 [ 6A4BCC3E4DAB2875A5C729D73052F0D5 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsuss.dll
20:56:37.0312 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsuss.dll - ok
20:56:37.0328 1348 [ 0F0F5B564C5A3C9B38A6220230252567 ] C:\WINDOWS\ehome\ehProxy.dll
20:56:37.0328 1348 C:\WINDOWS\ehome\ehProxy.dll - ok
20:56:37.0328 1348 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\56992008.sys
20:56:37.0328 1348 C:\WINDOWS\system32\drivers\56992008.sys - ok
20:56:37.0328 1348 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
20:56:37.0328 1348 C:\WINDOWS\system32\upnp.dll - ok
20:56:37.0343 1348 [ 30D9CFDDDE206082A5A3CF71AAB6C9C3 ] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
20:56:37.0343 1348 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - ok
20:56:37.0343 1348 [ E87205C3CEF3C23F778D8E3731AC9C6A ] C:\Program Files\CenturyLink Online Security\FSGUI\about.dll
20:56:37.0343 1348 C:\Program Files\CenturyLink Online Security\FSGUI\about.dll - ok
20:56:37.0343 1348 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
20:56:37.0343 1348 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
20:56:37.0359 1348 [ 2A3998F26FAE6AE2F4B2968553B404CE ] C:\Program Files\CenturyLink Online Security\FSGUI\tnbutil.exe
20:56:37.0359 1348 C:\Program Files\CenturyLink Online Security\FSGUI\tnbutil.exe - ok
20:56:37.0359 1348 [ 35BF04D47CA7E6D255CCC8739C50A2D0 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsusscr.dll
20:56:37.0359 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsusscr.dll - ok
20:56:37.0359 1348 [ 4814DEDE3A8F5B36839C11B04324F240 ] C:\Program Files\Microsoft IntelliType Pro\itype.exe
20:56:37.0359 1348 C:\Program Files\Microsoft IntelliType Pro\itype.exe - ok
20:56:37.0375 1348 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
20:56:37.0375 1348 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
20:56:37.0375 1348 [ 234E8297EAC9BC2D9E1AD1EB035A195A ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
20:56:37.0375 1348 C:\Program Files\Microsoft IntelliPoint\ipoint.exe - ok
20:56:37.0390 1348 [ EA08C74D9BE05E53D3C92456413AA656 ] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
20:56:37.0390 1348 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll - ok
20:56:37.0390 1348 [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
20:56:37.0390 1348 C:\WINDOWS\system32\riched32.dll - ok
20:56:37.0390 1348 [ 4D042B1F1375CF371AFBE0E0276BA627 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
20:56:37.0390 1348 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe - ok
20:56:37.0390 1348 [ 6C190D156098A0ED045465284F2B2878 ] C:\Program Files\CenturyLink Online Security\FSGUI\aboutres.dll
20:56:37.0390 1348 C:\Program Files\CenturyLink Online Security\FSGUI\aboutres.dll - ok
20:56:37.0406 1348 [ 390679F7A217A5E73D756276C40AE887 ] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
20:56:37.0406 1348 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - ok
20:56:37.0406 1348 [ 751184DF487A1B3C95CB29B0D0069C28 ] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
20:56:37.0406 1348 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE - ok
20:56:37.0421 1348 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
20:56:37.0421 1348 C:\WINDOWS\system32\security.dll - ok
20:56:37.0421 1348 [ 87F369078A9CDA1A9202B50A22BE9D76 ] C:\Program Files\CenturyLink Online Security\Common\FSMRES.eng
20:56:37.0421 1348 C:\Program Files\CenturyLink Online Security\Common\FSMRES.eng - ok
20:56:37.0421 1348 [ 3970F0746068ADF25C4FB7E1642C7FD0 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
20:56:37.0421 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe - ok
20:56:37.0437 1348 [ DD1B616C6D246C2C3D98D719F7415E22 ] C:\Program Files\CenturyLink Online Security\Common\fswscs.dll
20:56:37.0437 1348 C:\Program Files\CenturyLink Online Security\Common\fswscs.dll - ok
20:56:37.0437 1348 [ E42D1DBDEA761562EDA2F9A2EB88B8D0 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsavhres.eng
20:56:37.0437 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsavhres.eng - ok
20:56:37.0437 1348 [ DCF5D05D51840AE2D498676EAE7A2F4A ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsched.dll
20:56:37.0437 1348 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsched.dll - ok
20:56:37.0453 1348 [ 1BD96C48598C0D8534E6DFB1BAF4DC13 ] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
20:56:37.0453 1348 C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe - ok
20:56:37.0453 1348 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
20:56:37.0453 1348 C:\WINDOWS\system32\ctfmon.exe - ok
20:56:37.0453 1348 [ 63AFCE1F41E0A9D804629C6F6EEDF385 ] C:\Program Files\CenturyLink Online Security\FSGUI\fsmuiav.dll
20:56:37.0453 1348 C:\Program Files\CenturyLink Online Security\FSGUI\fsmuiav.dll - ok
20:56:37.0468 1348 [ 1CB91768DF18E7E0D69034E1AAF1C564 ] C:\Program Files\CenturyLink Online Security\Common\fpshx.eng
20:56:37.0468 1348 C:\Program Files\CenturyLink Online Security\Common\fpshx.eng - ok
20:56:37.0468 1348 [ 02855E9FC9B2649750E5599FC179C0D6 ] C:\Program Files\CenturyLink Online Security\Common\FSABTRES.eng
20:56:37.0468 1348 C:\Program Files\CenturyLink Online Security\Common\FSABTRES.eng - ok
20:56:37.0468 1348 ============================================================
20:56:37.0468 1348 Scan finished
20:56:37.0468 1348 ============================================================
20:56:42.0656 1432 Detected object count: 23
20:56:42.0656 1432 Actual detected object count: 23
20:57:22.0140 1432 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0140 1432 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0140 1432 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0140 1432 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0156 1432 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0156 1432 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0156 1432 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0156 1432 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0156 1432 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0156 1432 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0156 1432 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0156 1432 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0156 1432 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0156 1432 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0171 1432 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0171 1432 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0171 1432 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0171 1432 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0171 1432 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0171 1432 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0171 1432 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0171 1432 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0171 1432 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0171 1432 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0171 1432 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0171 1432 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0187 1432 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0187 1432 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0187 1432 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0187 1432 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0187 1432 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0187 1432 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0187 1432 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0187 1432 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0187 1432 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0187 1432 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0187 1432 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0187 1432 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0187 1432 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0187 1432 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0187 1432 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0187 1432 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0187 1432 Winachcf ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:22.0187 1432 Winachcf ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:22.0203 1432 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:57:22.0203 1432 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.11

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2137075712, free: 1350819840

------------ Kernel report ------------
03/24/2013 20:58:50
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
36948648.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
fsdfw.sys
\WINDOWS\System32\drivers\NDIS.SYS
SmartDefragDriver.sys
Mup.sys
fsbts.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\sscdbus.sys
\SystemRoot\system32\DRIVERS\sscdwh.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\sscdmdm.sys
\SystemRoot\system32\DRIVERS\sscdcm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\sscdmdfl.sys
\SystemRoot\system32\DRIVERS\sscdserd.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point32.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\WINDOWS\system32\drivers\symlcbrd.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR7
Upper Device Object: 0xffffffff8a6ac030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff8a77b890
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff8a8c7030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff8a83aea0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff8a66f030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff8aa0bea0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff8a80b268
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff8aa0b770
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8aaf0ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8aa9fd98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.24.09
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8aaf0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ab40958, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8aaf0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8aa9fd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe10f5a80, 0xffffffff8aaf0ab8, 0xffffffff89b74610
Lower DeviceData: 0xffffffffe34efb80, 0xffffffff8aa9fd98, 0xffffffff89b91a28
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E686F016

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 80325 Numsec = 302680665
Partition file system is NTFS
Partition is bootable

Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 302760990 Numsec = 9735390

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a80b268, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a9fd920, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a80b268, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a856ed0, DeviceName: Unknown, DriverName: \Driver\drvmcdb\
DevicePointer: 0xffffffff8aa0b770, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a66f030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a740020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a66f030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a761ed0, DeviceName: Unknown, DriverName: \Driver\drvmcdb\
DevicePointer: 0xffffffff8aa0bea0, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a8c7030, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a73e020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a8c7030, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a804ed0, DeviceName: Unknown, DriverName: \Driver\drvmcdb\
DevicePointer: 0xffffffff8a83aea0, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a6ac030, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a88b190, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6ac030, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8aa02ed0, DeviceName: Unknown, DriverName: \Driver\drvmcdb\
DevicePointer: 0xffffffff8a77b890, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.11

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2137075712, free: 1570922496

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.11

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2137075712, free: 1463021568

------------ Kernel report ------------
03/24/2013 21:15:13
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
fsdfw.sys
\WINDOWS\System32\drivers\NDIS.SYS
SmartDefragDriver.sys
Mup.sys
fsbts.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\sscdbus.sys
\SystemRoot\system32\DRIVERS\sscdwh.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\sscdmdm.sys
\SystemRoot\system32\DRIVERS\sscdcm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\sscdmdfl.sys
\SystemRoot\system32\DRIVERS\sscdserd.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point32.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\symlcbrd.sys
\??\C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR7
Upper Device Object: 0xffffffff8a897ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff8a7cb2a8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff8a9be030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff8a742ea0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff8aa4f030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff8aa6d508
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff8a88bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff8a6bfc10
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8aae7ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8ab32d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.11

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2137075712, free: 1582972928

=======================================

TDSSKILLER ran as intended. MBAR hung up mid way through. I rebooted and ran it again and it locked up at the scan step. I rebooted again and checked for a log and it has at least part of one, posted above.

It seems to be running much worse after running these last two utilities. Lagging horribly, firefox tabs keep churning.
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello



I would like you to rerun TDSSKiller and this time when it gets to this part

\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

I want you to select Delete this time instead of skip.


Gringo
  • 0

#9
kwengerd

kwengerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
08:11:03.0718 2936 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:11:05.0750 2936 ============================================================
08:11:05.0750 2936 Current date / time: 2013/03/25 08:11:05.0750
08:11:05.0750 2936 SystemInfo:
08:11:05.0781 2936
08:11:05.0781 2936 OS Version: 5.1.2600 ServicePack: 3.0
08:11:05.0781 2936 Product type: Workstation
08:11:05.0781 2936 ComputerName: KWENGERD
08:11:05.0781 2936 UserName: Keith Wengerd
08:11:05.0781 2936 Windows directory: C:\WINDOWS
08:11:05.0781 2936 System windows directory: C:\WINDOWS
08:11:05.0781 2936 Processor architecture: Intel x86
08:11:05.0781 2936 Number of processors: 1
08:11:05.0781 2936 Page size: 0x1000
08:11:05.0781 2936 Boot type: Normal boot
08:11:05.0781 2936 ============================================================
08:11:11.0625 2936 BG loaded
08:11:12.0359 2936 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:11:12.0468 2936 ============================================================
08:11:12.0468 2936 \Device\Harddisk0\DR0:
08:11:12.0484 2936 MBR partitions:
08:11:12.0484 2936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x120A8A59
08:11:12.0484 2936 ============================================================
08:11:12.0718 2936 C: <-> \Device\Harddisk0\DR0\Partition1
08:11:12.0812 2936 ============================================================
08:11:12.0812 2936 Initialize success
08:11:12.0812 2936 ============================================================
08:14:12.0140 3232 ============================================================
08:14:12.0140 3232 Scan started
08:14:12.0140 3232 Mode: Manual; SigCheck; TDLFS;
08:14:12.0140 3232 ============================================================
08:14:14.0671 3232 ================ Scan system memory ========================
08:14:40.0500 3232 System memory - ok
08:14:40.0500 3232 ================ Scan services =============================
08:14:41.0296 3232 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:14:42.0234 3232 !SASCORE - ok
08:14:42.0359 3232 [ 71574A98093D94BDBB3CB74E272D29A5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
08:14:44.0265 3232 a2acc - ok
08:14:45.0093 3232 [ 7A7C84F860B5BCFA1587091E5AF45923 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
08:14:47.0937 3232 a2AntiMalware - ok
08:14:53.0390 3232 Abiosdsk - ok
08:14:53.0484 3232 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:14:53.0968 3232 abp480n5 - ok
08:14:54.0000 3232 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:14:54.0328 3232 ACPI - ok
08:14:54.0390 3232 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:14:55.0109 3232 ACPIEC - ok
08:14:55.0265 3232 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:14:56.0281 3232 AdobeFlashPlayerUpdateSvc - ok
08:14:56.0468 3232 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:14:56.0687 3232 adpu160m - ok
08:14:56.0984 3232 [ B11C71B29FA69E4586F9B65560E6604D ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
08:14:58.0062 3232 AdvancedSystemCareService5 - ok
08:14:58.0171 3232 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:14:58.0437 3232 aec - ok
08:14:58.0468 3232 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:14:58.0828 3232 AFD - ok
08:14:58.0875 3232 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
08:14:59.0921 3232 agp440 - ok
08:14:59.0984 3232 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:15:00.0984 3232 agpCPQ - ok
08:15:01.0062 3232 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:15:02.0093 3232 Aha154x - ok
08:15:02.0578 3232 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:15:04.0031 3232 aic78u2 - ok
08:15:04.0109 3232 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:15:04.0562 3232 aic78xx - ok
08:15:04.0718 3232 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:15:04.0937 3232 Alerter - ok
08:15:04.0968 3232 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:15:05.0171 3232 ALG - ok
08:15:05.0281 3232 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
08:15:05.0937 3232 AliIde - ok
08:15:05.0953 3232 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:15:07.0250 3232 alim1541 - ok
08:15:07.0281 3232 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:15:07.0500 3232 amdagp - ok
08:15:07.0546 3232 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
08:15:07.0687 3232 amsint - ok
08:15:07.0906 3232 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:15:08.0203 3232 Apple Mobile Device - ok
08:15:08.0328 3232 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:15:09.0109 3232 AppMgmt - ok
08:15:09.0187 3232 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
08:15:09.0437 3232 asc - ok
08:15:09.0453 3232 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:15:09.0609 3232 asc3350p - ok
08:15:09.0640 3232 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:15:10.0140 3232 asc3550 - ok
08:15:10.0859 3232 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:15:11.0140 3232 aspnet_state - ok
08:15:11.0234 3232 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:15:12.0078 3232 AsyncMac - ok
08:15:12.0156 3232 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:15:13.0203 3232 atapi - ok
08:15:13.0265 3232 Atdisk - ok
08:15:13.0453 3232 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:15:14.0421 3232 Atmarpc - ok
08:15:14.0515 3232 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:15:15.0593 3232 AudioSrv - ok
08:15:15.0640 3232 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:15:16.0031 3232 audstub - ok
08:15:16.0046 3232 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
08:15:16.0156 3232 BANTExt ( UnsignedFile.Multi.Generic ) - warning
08:15:16.0156 3232 BANTExt - detected UnsignedFile.Multi.Generic (1)
08:15:16.0203 3232 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:15:16.0375 3232 Beep - ok
08:15:16.0421 3232 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:15:22.0109 3232 BITS - ok
08:15:22.0109 3232 BlueletAudio - ok
08:15:22.0125 3232 BlueletSCOAudio - ok
08:15:22.0250 3232 BotkindSyncService - ok
08:15:22.0296 3232 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:15:23.0390 3232 Browser - ok
08:15:23.0390 3232 BT - ok
08:15:23.0406 3232 Btcsrusb - ok
08:15:23.0500 3232 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
08:15:23.0734 3232 BthEnum - ok
08:15:23.0734 3232 BTHidEnum - ok
08:15:23.0750 3232 BTHidMgr - ok
08:15:23.0796 3232 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:15:24.0140 3232 BthPan - ok
08:15:24.0187 3232 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
08:15:24.0687 3232 BTHPORT - ok
08:15:24.0734 3232 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
08:15:25.0437 3232 BthServ - ok
08:15:25.0531 3232 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
08:15:25.0781 3232 BTHUSB - ok
08:15:25.0781 3232 btkrnl - ok
08:15:25.0796 3232 catchme - ok
08:15:25.0843 3232 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:15:26.0343 3232 cbidf - ok
08:15:26.0343 3232 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:15:27.0156 3232 cbidf2k - ok
08:15:27.0203 3232 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:15:28.0156 3232 CCDECODE - ok
08:15:28.0250 3232 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:15:29.0140 3232 cd20xrnt - ok
08:15:29.0234 3232 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:15:30.0281 3232 Cdaudio - ok
08:15:30.0406 3232 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:15:30.0937 3232 Cdfs - ok
08:15:31.0000 3232 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:15:32.0156 3232 Cdrom - ok
08:15:32.0171 3232 Changer - ok
08:15:32.0234 3232 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:15:32.0500 3232 CiSvc - ok
08:15:32.0546 3232 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:15:32.0750 3232 ClipSrv - ok
08:15:32.0796 3232 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:15:33.0937 3232 clr_optimization_v2.0.50727_32 - ok
08:15:34.0296 3232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:15:39.0593 3232 clr_optimization_v4.0.30319_32 - ok
08:15:39.0640 3232 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:15:39.0859 3232 CmdIde - ok
08:15:39.0859 3232 COMSysApp - ok
08:15:40.0187 3232 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:15:40.0390 3232 Cpqarray - ok
08:15:40.0453 3232 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:15:40.0687 3232 CryptSvc - ok
08:15:40.0718 3232 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:15:41.0109 3232 dac2w2k - ok
08:15:41.0125 3232 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:15:42.0203 3232 dac960nt - ok
08:15:42.0250 3232 [ 13F87920B684B23D1FA803E1BB017507 ] dc3d C:\WINDOWS\system32\DRIVERS\dc3d.sys
08:15:42.0343 3232 dc3d - ok
08:15:42.0453 3232 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:15:42.0515 3232 DcomLaunch - ok
08:15:42.0562 3232 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:15:42.0781 3232 Dhcp - ok
08:15:42.0812 3232 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:15:42.0984 3232 Disk - ok
08:15:43.0031 3232 DLPortIO - ok
08:15:43.0156 3232 dmadmin - ok
08:15:43.0359 3232 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:15:43.0609 3232 dmboot - ok
08:15:43.0656 3232 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:15:44.0156 3232 dmio - ok
08:15:44.0203 3232 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:15:44.0625 3232 dmload - ok
08:15:44.0656 3232 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:15:45.0093 3232 dmserver - ok
08:15:45.0109 3232 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:15:45.0578 3232 DMusic - ok
08:15:45.0625 3232 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:15:45.0875 3232 Dnscache - ok
08:15:45.0937 3232 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:15:50.0156 3232 Dot3svc - ok
08:15:50.0218 3232 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:15:50.0453 3232 dpti2o - ok
08:15:50.0500 3232 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:15:50.0687 3232 drmkaud - ok
08:15:50.0718 3232 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
08:15:51.0515 3232 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
08:15:51.0515 3232 drvmcdb - detected UnsignedFile.Multi.Generic (1)
08:15:51.0546 3232 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
08:15:52.0656 3232 drvnddm ( UnsignedFile.Multi.Generic ) - warning
08:15:52.0656 3232 drvnddm - detected UnsignedFile.Multi.Generic (1)
08:15:52.0843 3232 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
08:15:52.0859 3232 DSproct ( UnsignedFile.Multi.Generic ) - warning
08:15:52.0859 3232 DSproct - detected UnsignedFile.Multi.Generic (1)
08:15:52.0906 3232 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
08:15:53.0000 3232 dsunidrv - ok
08:15:53.0078 3232 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:15:53.0187 3232 E100B - ok
08:15:53.0218 3232 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:15:53.0437 3232 EapHost - ok
08:15:53.0531 3232 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
08:15:53.0703 3232 ehRecvr - ok
08:15:53.0750 3232 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
08:15:54.0000 3232 ehSched - ok
08:15:54.0093 3232 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:15:54.0546 3232 ERSvc - ok
08:15:54.0578 3232 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:15:54.0703 3232 Eventlog - ok
08:15:54.0750 3232 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:15:54.0906 3232 EventSystem - ok
08:15:55.0046 3232 [ 3DB7415150DFB85FCF470E10F4745FD3 ] F-Secure Gatekeeper C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys
08:15:55.0078 3232 F-Secure Gatekeeper - ok
08:15:55.0109 3232 [ A9BE66E05254B20DF82E0F7CDDECA7DD ] F-Secure Gatekeeper Handler Starter C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
08:15:55.0140 3232 F-Secure Gatekeeper Handler Starter - ok
08:15:55.0187 3232 [ F5ACA65237C7511D5803CDC5E7003D75 ] F-Secure HIPS C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys
08:15:55.0234 3232 F-Secure HIPS - ok
08:15:55.0296 3232 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:15:55.0640 3232 Fastfat - ok
08:15:55.0703 3232 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:15:55.0921 3232 FastUserSwitchingCompatibility - ok
08:15:55.0953 3232 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
08:15:56.0453 3232 Fax - ok
08:15:56.0468 3232 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:15:56.0890 3232 Fdc - ok
08:15:56.0968 3232 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:15:57.0406 3232 Fips - ok
08:15:57.0484 3232 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:15:57.0656 3232 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
08:15:57.0656 3232 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
08:15:57.0703 3232 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:15:58.0312 3232 Flpydisk - ok
08:15:58.0343 3232 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:15:58.0765 3232 FltMgr - ok
08:15:58.0843 3232 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:15:58.0875 3232 FontCache3.0.0.0 - ok
08:15:58.0906 3232 [ 18DA737DD5122A475DA4948ED4643675 ] fsbts C:\WINDOWS\system32\Drivers\fsbts.sys
08:15:58.0937 3232 fsbts - ok
08:15:59.0109 3232 [ 8E0BF7478CC3BAED48282ADBC97ADAFB ] FSDFWD C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
08:15:59.0187 3232 FSDFWD - ok
08:15:59.0218 3232 [ ACA3910A53A057B8C3A6EBF4EF788C7C ] FSFW C:\WINDOWS\system32\drivers\fsdfw.sys
08:15:59.0265 3232 FSFW - ok
08:15:59.0359 3232 [ 392E85687A902239C01BADDF212B1A36 ] FSMA C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
08:15:59.0390 3232 FSMA - ok
08:15:59.0468 3232 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
08:15:59.0531 3232 FSORSPClient - ok
08:15:59.0562 3232 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:16:00.0000 3232 Fs_Rec - ok
08:16:00.0046 3232 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:16:00.0531 3232 Ftdisk - ok
08:16:00.0562 3232 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:16:00.0703 3232 GEARAspiWDM - ok
08:16:00.0796 3232 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:16:01.0218 3232 Gpc - ok
08:16:01.0296 3232 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca0602a575f3f4 C:\Program Files\Google\Update\GoogleUpdate.exe
08:16:01.0312 3232 gupdate1ca0602a575f3f4 - ok
08:16:01.0359 3232 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:16:01.0375 3232 gupdatem - ok
08:16:01.0390 3232 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:16:02.0140 3232 HDAudBus - ok
08:16:02.0250 3232 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:16:02.0687 3232 helpsvc - ok
08:16:02.0734 3232 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:16:02.0937 3232 HidServ - ok
08:16:02.0968 3232 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:16:03.0125 3232 HidUsb - ok
08:16:03.0234 3232 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:16:03.0468 3232 hkmsvc - ok
08:16:03.0484 3232 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
08:16:03.0671 3232 hpn - ok
08:16:03.0687 3232 HSFHWBS2 - ok
08:16:03.0687 3232 HSF_DP - ok
08:16:03.0734 3232 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:16:03.0859 3232 HTTP - ok
08:16:03.0921 3232 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:16:09.0812 3232 HTTPFilter - ok
08:16:09.0859 3232 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
08:16:10.0140 3232 i2omgmt - ok
08:16:10.0187 3232 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:16:11.0593 3232 i2omp - ok
08:16:11.0625 3232 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:16:12.0265 3232 i8042prt - ok
08:16:12.0468 3232 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:16:13.0328 3232 ialm - ok
08:16:13.0531 3232 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:16:14.0375 3232 IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:16:14.0375 3232 IDriverT - detected UnsignedFile.Multi.Generic (1)
08:16:14.0796 3232 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:16:16.0656 3232 idsvc - ok
08:16:16.0687 3232 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:16:17.0406 3232 Imapi - ok
08:16:17.0484 3232 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:16:18.0500 3232 ImapiService - ok
08:16:18.0531 3232 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:16:19.0140 3232 ini910u - ok
08:16:19.0234 3232 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
08:16:19.0718 3232 IntelIde - ok
08:16:19.0781 3232 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:16:20.0031 3232 intelppm - ok
08:16:20.0046 3232 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:16:20.0578 3232 Ip6Fw - ok
08:16:20.0640 3232 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:16:21.0046 3232 IpFilterDriver - ok
08:16:21.0093 3232 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:16:21.0359 3232 IpInIp - ok
08:16:21.0453 3232 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:16:21.0906 3232 IpNat - ok
08:16:22.0296 3232 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:16:22.0859 3232 iPod Service - ok
08:16:22.0906 3232 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:16:23.0703 3232 IPSec - ok
08:16:23.0734 3232 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:16:24.0312 3232 IRENUM - ok
08:16:24.0343 3232 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:16:24.0703 3232 isapnp - ok
08:16:25.0015 3232 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:16:25.0734 3232 JavaQuickStarterService - ok
08:16:25.0781 3232 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:16:26.0062 3232 Kbdclass - ok
08:16:26.0093 3232 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:16:26.0375 3232 kbdhid - ok
08:16:26.0421 3232 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:16:26.0875 3232 kmixer - ok
08:16:26.0937 3232 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:16:27.0562 3232 KSecDD - ok
08:16:27.0609 3232 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:16:28.0187 3232 lanmanserver - ok
08:16:28.0312 3232 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:16:28.0734 3232 lanmanworkstation - ok
08:16:28.0734 3232 lbrtfdc - ok
08:16:28.0781 3232 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:16:29.0093 3232 LmHosts - ok
08:16:29.0312 3232 [ 9EE18A5A45552673A67532EA37370377 ] ltmodem5 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
08:16:29.0937 3232 ltmodem5 - ok
08:16:30.0046 3232 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
08:16:30.0328 3232 McrdSvc - ok
08:16:30.0640 3232 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
08:16:32.0218 3232 MDM ( UnsignedFile.Multi.Generic ) - warning
08:16:32.0218 3232 MDM - detected UnsignedFile.Multi.Generic (1)
08:16:32.0250 3232 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:16:32.0546 3232 mdmxsdk - ok
08:16:32.0640 3232 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:16:33.0031 3232 Messenger - ok
08:16:33.0125 3232 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
08:16:33.0578 3232 MHN ( UnsignedFile.Multi.Generic ) - warning
08:16:33.0593 3232 MHN - detected UnsignedFile.Multi.Generic (1)
08:16:33.0625 3232 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:16:34.0234 3232 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
08:16:34.0234 3232 MHNDRV - detected UnsignedFile.Multi.Generic (1)
08:16:34.0296 3232 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:16:34.0734 3232 mnmdd - ok
08:16:34.0765 3232 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:16:35.0281 3232 mnmsrvc - ok
08:16:35.0375 3232 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:16:36.0015 3232 Modem - ok
08:16:36.0046 3232 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:16:36.0265 3232 MODEMCSA - ok
08:16:36.0296 3232 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:16:36.0546 3232 Mouclass - ok
08:16:36.0578 3232 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:16:36.0937 3232 mouhid - ok
08:16:37.0031 3232 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:16:37.0281 3232 MountMgr - ok
08:16:37.0421 3232 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:16:37.0578 3232 MozillaMaintenance - ok
08:16:37.0656 3232 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:16:37.0937 3232 mraid35x - ok
08:16:38.0015 3232 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:16:38.0343 3232 MRxDAV - ok
08:16:38.0546 3232 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:16:40.0187 3232 MRxSmb - ok
08:16:40.0281 3232 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:16:40.0796 3232 MSDTC - ok
08:16:40.0859 3232 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:16:41.0218 3232 Msfs - ok
08:16:41.0218 3232 MSIServer - ok
08:16:41.0250 3232 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:16:41.0562 3232 MSKSSRV - ok
08:16:41.0625 3232 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:16:41.0984 3232 MSPCLOCK - ok
08:16:42.0000 3232 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:16:42.0250 3232 MSPQM - ok
08:16:42.0281 3232 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:16:42.0546 3232 mssmbios - ok
08:16:42.0609 3232 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
08:16:42.0984 3232 MSTEE - ok
08:16:43.0031 3232 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:16:43.0375 3232 Mup - ok
08:16:43.0437 3232 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:16:43.0734 3232 NABTSFEC - ok
08:16:43.0843 3232 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:16:44.0343 3232 napagent - ok
08:16:44.0421 3232 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:16:44.0875 3232 NDIS - ok
08:16:44.0906 3232 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:16:45.0203 3232 NdisIP - ok
08:16:45.0234 3232 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:16:45.0890 3232 NdisTapi - ok
08:16:45.0937 3232 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:16:46.0218 3232 Ndisuio - ok
08:16:46.0250 3232 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:16:46.0562 3232 NdisWan - ok
08:16:46.0609 3232 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:16:46.0796 3232 NDProxy - ok
08:16:46.0843 3232 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:16:47.0218 3232 NetBIOS - ok
08:16:47.0281 3232 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:16:47.0812 3232 NetBT - ok
08:16:47.0843 3232 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:16:48.0484 3232 NetDDE - ok
08:16:48.0500 3232 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:16:48.0765 3232 NetDDEdsdm - ok
08:16:48.0812 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:16:49.0140 3232 Netlogon - ok
08:16:49.0250 3232 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:16:49.0578 3232 Netman - ok
08:16:49.0640 3232 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:16:50.0015 3232 NetTcpPortSharing - ok
08:16:50.0093 3232 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:16:50.0343 3232 Nla - ok
08:16:50.0406 3232 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:16:50.0781 3232 Npfs - ok
08:16:50.0953 3232 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:16:51.0859 3232 Ntfs - ok
08:16:51.0890 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:16:52.0140 3232 NtLmSsp - ok
08:16:52.0343 3232 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:16:52.0859 3232 NtmsSvc - ok
08:16:52.0890 3232 [ 9620A1D8160A550F064BBAF48D0F97CC ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
08:16:53.0046 3232 NuidFltr - ok
08:16:53.0125 3232 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:16:53.0453 3232 Null - ok
08:16:53.0937 3232 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:16:54.0718 3232 nv - ok
08:16:54.0812 3232 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:16:55.0203 3232 NwlnkFlt - ok
08:16:55.0218 3232 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:16:55.0500 3232 NwlnkFwd - ok
08:16:55.0953 3232 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:16:57.0015 3232 odserv - ok
08:16:57.0093 3232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:16:57.0375 3232 ose - ok
08:16:57.0421 3232 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:16:57.0859 3232 Parport - ok
08:16:57.0890 3232 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:16:58.0218 3232 PartMgr - ok
08:16:58.0281 3232 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:16:58.0593 3232 ParVdm - ok
08:16:58.0609 3232 PCASp50 - ok
08:16:58.0671 3232 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:16:59.0062 3232 PCI - ok
08:16:59.0078 3232 PCIDump - ok
08:16:59.0109 3232 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:16:59.0343 3232 PCIIde - ok
08:16:59.0375 3232 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:16:59.0718 3232 Pcmcia - ok
08:16:59.0718 3232 PDCOMP - ok
08:16:59.0734 3232 PDFRAME - ok
08:16:59.0750 3232 PDRELI - ok
08:16:59.0750 3232 PDRFRAME - ok
08:16:59.0781 3232 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
08:17:00.0015 3232 perc2 - ok
08:17:00.0046 3232 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:17:00.0343 3232 perc2hib - ok
08:17:00.0390 3232 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:17:00.0546 3232 PlugPlay - ok
08:17:00.0609 3232 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
08:17:00.0843 3232 Point32 - ok
08:17:00.0875 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:17:01.0062 3232 PolicyAgent - ok
08:17:01.0125 3232 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:17:01.0468 3232 PptpMiniport - ok
08:17:01.0484 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:17:01.0687 3232 ProtectedStorage - ok
08:17:01.0718 3232 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:17:02.0062 3232 PSched - ok
08:17:02.0125 3232 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:17:02.0562 3232 Ptilink - ok
08:17:02.0593 3232 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:17:02.0968 3232 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
08:17:02.0968 3232 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
08:17:03.0046 3232 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:17:03.0281 3232 ql1080 - ok
08:17:03.0328 3232 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:17:03.0718 3232 Ql10wnt - ok
08:17:03.0750 3232 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:17:04.0031 3232 ql12160 - ok
08:17:04.0062 3232 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:17:04.0375 3232 ql1240 - ok
08:17:04.0406 3232 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:17:04.0796 3232 ql1280 - ok
08:17:04.0796 3232 qlrscih - ok
08:17:04.0843 3232 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:17:05.0156 3232 RasAcd - ok
08:17:05.0203 3232 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:17:05.0562 3232 RasAuto - ok
08:17:05.0640 3232 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:17:06.0046 3232 Rasl2tp - ok
08:17:06.0140 3232 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:17:06.0515 3232 RasMan - ok
08:17:06.0531 3232 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:17:06.0781 3232 RasPppoe - ok
08:17:06.0812 3232 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:17:07.0062 3232 Raspti - ok
08:17:07.0218 3232 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:17:07.0593 3232 Rdbss - ok
08:17:07.0625 3232 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:17:07.0937 3232 RDPCDD - ok
08:17:08.0046 3232 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:17:08.0453 3232 rdpdr - ok
08:17:08.0546 3232 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:17:09.0390 3232 RDPWD - ok
08:17:09.0468 3232 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:17:10.0343 3232 RDSessMgr - ok
08:17:10.0375 3232 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:17:11.0031 3232 redbook - ok
08:17:11.0125 3232 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:17:11.0437 3232 RemoteAccess - ok
08:17:11.0484 3232 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:17:11.0875 3232 RemoteRegistry - ok
08:17:11.0937 3232 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
08:17:12.0203 3232 RFCOMM - ok
08:17:12.0265 3232 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
08:17:12.0593 3232 ROOTMODEM - ok
08:17:12.0625 3232 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:17:12.0890 3232 RpcLocator - ok
08:17:13.0031 3232 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
08:17:13.0296 3232 RpcSs - ok
08:17:13.0375 3232 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:17:13.0828 3232 RSVP - ok
08:17:14.0062 3232 [ C2A6F7F35E617744A65DBFB0C0A64ADC ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
08:17:14.0640 3232 rt2870 - ok
08:17:14.0671 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:17:14.0937 3232 SamSs - ok
08:17:15.0031 3232 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:17:15.0187 3232 SASDIFSV - ok
08:17:15.0234 3232 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:17:15.0406 3232 SASKUTIL - ok
08:17:15.0437 3232 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:17:16.0359 3232 SCardSvr - ok
08:17:16.0484 3232 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:17:16.0906 3232 Schedule - ok
08:17:16.0953 3232 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:17:17.0250 3232 Secdrv - ok
08:17:17.0328 3232 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:17:17.0656 3232 seclogon - ok
08:17:17.0750 3232 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:17:18.0468 3232 SENS - ok
08:17:18.0531 3232 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:17:18.0921 3232 serenum - ok
08:17:18.0953 3232 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:17:19.0343 3232 Serial - ok
08:17:19.0406 3232 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:17:19.0656 3232 Sfloppy - ok
08:17:19.0843 3232 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:17:20.0296 3232 SharedAccess - ok
08:17:20.0359 3232 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:17:20.0562 3232 ShellHWDetection - ok
08:17:20.0578 3232 Simbad - ok
08:17:20.0656 3232 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:17:21.0046 3232 sisagp - ok
08:17:21.0093 3232 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:17:21.0406 3232 SLIP - ok
08:17:21.0468 3232 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
08:17:21.0765 3232 SmartDefragDriver - ok
08:17:21.0984 3232 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
08:17:22.0156 3232 SMSIVZAM5 - ok
08:17:22.0234 3232 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
08:17:22.0562 3232 SONYPVU1 - ok
08:17:22.0625 3232 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:17:22.0890 3232 Sparrow - ok
08:17:22.0937 3232 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:17:23.0250 3232 splitter - ok
08:17:23.0296 3232 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:17:23.0437 3232 Spooler - ok
08:17:23.0484 3232 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:17:23.0843 3232 sr - ok
08:17:23.0937 3232 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:17:24.0468 3232 srservice - ok
08:17:24.0625 3232 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:17:24.0937 3232 Srv - ok
08:17:24.0984 3232 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
08:17:25.0265 3232 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
08:17:25.0265 3232 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
08:17:25.0312 3232 [ D6870895FE46A464A19141440EB6CC1E ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
08:17:25.0703 3232 sscdbus - ok
08:17:25.0734 3232 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
08:17:26.0046 3232 sscdmdfl - ok
08:17:26.0078 3232 [ 55A15707E32B6709242AD127E62CA55A ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
08:17:26.0250 3232 sscdmdm - ok
08:17:26.0281 3232 [ 9FA66E361A99F8920C7609BAE6814A0E ] sscdserd C:\WINDOWS\system32\DRIVERS\sscdserd.sys
08:17:26.0406 3232 sscdserd - ok
08:17:26.0453 3232 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:17:26.0718 3232 SSDPSRV - ok
08:17:26.0781 3232 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
08:17:26.0953 3232 ssrtln ( UnsignedFile.Multi.Generic ) - warning
08:17:26.0953 3232 ssrtln - detected UnsignedFile.Multi.Generic (1)
08:17:27.0296 3232 [ 26EB7ACF476A3461B85F5BCE9A677A4A ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
08:17:28.0468 3232 STHDA - ok
08:17:28.0546 3232 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
08:17:28.0765 3232 StillCam - ok
08:17:28.0937 3232 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:17:29.0296 3232 stisvc - ok
08:17:29.0328 3232 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:17:29.0750 3232 streamip - ok
08:17:29.0781 3232 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:17:30.0093 3232 swenum - ok
08:17:30.0171 3232 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:17:30.0515 3232 swmidi - ok
08:17:30.0531 3232 SwPrv - ok
08:17:30.0593 3232 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
08:17:30.0875 3232 symc810 - ok
08:17:30.0906 3232 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:17:31.0203 3232 symc8xx - ok
08:17:31.0265 3232 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:\WINDOWS\system32\drivers\symlcbrd.sys
08:17:31.0437 3232 symlcbrd - ok
08:17:31.0484 3232 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:17:31.0921 3232 sym_hi - ok
08:17:31.0953 3232 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:17:32.0265 3232 sym_u3 - ok
08:17:32.0296 3232 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:17:32.0593 3232 sysaudio - ok
08:17:32.0656 3232 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:17:33.0296 3232 SysmonLog - ok
08:17:33.0375 3232 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:17:33.0765 3232 TapiSrv - ok
08:17:33.0906 3232 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:17:34.0406 3232 Tcpip - ok
08:17:34.0468 3232 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:17:34.0734 3232 TDPIPE - ok
08:17:34.0765 3232 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:17:35.0062 3232 TDTCP - ok
08:17:35.0078 3232 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:17:35.0375 3232 TermDD - ok
08:17:35.0531 3232 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:17:36.0453 3232 TermService - ok
08:17:36.0562 3232 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
08:17:36.0890 3232 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
08:17:36.0890 3232 tfsnboio - detected UnsignedFile.Multi.Generic (1)
08:17:36.0921 3232 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
08:17:37.0093 3232 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
08:17:37.0093 3232 tfsncofs - detected UnsignedFile.Multi.Generic (1)
08:17:37.0125 3232 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
08:17:37.0250 3232 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
08:17:37.0250 3232 tfsndrct - detected UnsignedFile.Multi.Generic (1)
08:17:37.0281 3232 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
08:17:37.0468 3232 tfsndres ( UnsignedFile.Multi.Generic ) - warning
08:17:37.0468 3232 tfsndres - detected UnsignedFile.Multi.Generic (1)
08:17:37.0500 3232 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
08:17:37.0843 3232 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
08:17:37.0843 3232 tfsnifs - detected UnsignedFile.Multi.Generic (1)
08:17:37.0859 3232 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
08:17:38.0140 3232 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
08:17:38.0140 3232 tfsnopio - detected UnsignedFile.Multi.Generic (1)
08:17:38.0171 3232 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
08:17:38.0390 3232 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
08:17:38.0390 3232 tfsnpool - detected UnsignedFile.Multi.Generic (1)
08:17:38.0421 3232 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
08:17:38.0750 3232 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
08:17:38.0750 3232 tfsnudf - detected UnsignedFile.Multi.Generic (1)
08:17:38.0765 3232 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
08:17:39.0000 3232 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
08:17:39.0000 3232 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
08:17:39.0078 3232 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:17:39.0250 3232 Themes - ok
08:17:39.0296 3232 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:17:39.0578 3232 TlntSvr - ok
08:17:39.0593 3232 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
08:17:39.0906 3232 TosIde - ok
08:17:39.0984 3232 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:17:40.0312 3232 TrkWks - ok
08:17:40.0375 3232 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:17:40.0671 3232 Udfs - ok
08:17:40.0765 3232 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
08:17:41.0109 3232 ultra - ok
08:17:41.0187 3232 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:17:41.0656 3232 Update - ok
08:17:41.0781 3232 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:17:42.0281 3232 upnphost - ok
08:17:42.0312 3232 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:17:42.0671 3232 UPS - ok
08:17:42.0750 3232 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
08:17:44.0656 3232 USBAAPL - ok
08:17:44.0703 3232 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:17:44.0875 3232 usbaudio - ok
08:17:45.0187 3232 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
08:17:45.0421 3232 usbbus - ok
08:17:45.0468 3232 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:17:45.0812 3232 usbccgp - ok
08:17:45.0859 3232 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
08:17:45.0921 3232 UsbDiag - ok
08:17:45.0953 3232 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:17:46.0453 3232 usbehci - ok
08:17:46.0515 3232 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:17:47.0031 3232 usbhub - ok
08:17:47.0078 3232 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
08:17:47.0156 3232 USBModem - ok
08:17:47.0171 3232 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:17:47.0500 3232 usbohci - ok
08:17:47.0531 3232 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:17:47.0718 3232 usbprint - ok
08:17:47.0750 3232 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:17:47.0953 3232 usbscan - ok
08:17:47.0968 3232 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:17:48.0375 3232 USBSTOR - ok
08:17:48.0437 3232 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:17:48.0703 3232 usbuhci - ok
08:17:48.0765 3232 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
08:17:49.0203 3232 usbvideo - ok
08:17:49.0250 3232 [ 9954D3230C4DD155285E90FE04FBB136 ] USR1806 C:\WINDOWS\system32\DRIVERS\USR1806.SYS
08:17:49.0703 3232 USR1806 - ok
08:17:49.0703 3232 VComm - ok
08:17:49.0734 3232 VcommMgr - ok
08:17:49.0812 3232 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:17:50.0687 3232 VgaSave - ok
08:17:50.0718 3232 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:17:51.0140 3232 viaagp - ok
08:17:51.0156 3232 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
08:17:52.0406 3232 ViaIde - ok
08:17:52.0421 3232 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:17:52.0812 3232 VolSnap - ok
08:17:52.0859 3232 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:17:53.0312 3232 VSS - ok
08:17:53.0359 3232 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
08:17:53.0828 3232 w32time - ok
08:17:53.0875 3232 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:17:54.0546 3232 Wanarp - ok
08:17:54.0546 3232 wanatw - ok
08:17:54.0625 3232 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:17:54.0671 3232 Wdf01000 - ok
08:17:54.0671 3232 WDICA - ok
08:17:54.0750 3232 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:17:55.0187 3232 wdmaud - ok
08:17:55.0218 3232 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:17:55.0500 3232 WebClient - ok
08:17:55.0687 3232 [ 41E8A037C8DFE81A1F31B2FE04AE1AFE ] Winachcf C:\WINDOWS\system32\DRIVERS\winachcf.sys
08:17:55.0781 3232 Winachcf ( UnsignedFile.Multi.Generic ) - warning
08:17:55.0796 3232 Winachcf - detected UnsignedFile.Multi.Generic (1)
08:17:55.0796 3232 winachsf - ok
08:17:56.0093 3232 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:18:01.0656 3232 winmgmt - ok
08:18:01.0890 3232 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
08:18:03.0250 3232 WinRM - ok
08:18:03.0312 3232 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:18:03.0437 3232 WmdmPmSN - ok
08:18:03.0515 3232 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:18:03.0640 3232 Wmi - ok
08:18:03.0734 3232 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:18:04.0062 3232 WmiApSrv - ok
08:18:04.0156 3232 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:18:04.0390 3232 WMPNetworkSvc - ok
08:18:04.0421 3232 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
08:18:04.0578 3232 WpdUsb - ok
08:18:04.0750 3232 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:18:04.0828 3232 WPFFontCache_v0400 - ok
08:18:04.0875 3232 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:18:05.0156 3232 WS2IFSL - ok
08:18:05.0203 3232 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:18:05.0500 3232 wscsvc - ok
08:18:05.0546 3232 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:18:05.0765 3232 WSTCODEC - ok
08:18:05.0812 3232 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:18:06.0140 3232 wuauserv - ok
08:18:06.0171 3232 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:18:06.0328 3232 WudfPf - ok
08:18:06.0390 3232 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:18:06.0500 3232 WudfRd - ok
08:18:06.0562 3232 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:18:06.0734 3232 WudfSvc - ok
08:18:06.0812 3232 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:18:07.0265 3232 WZCSVC - ok
08:18:07.0296 3232 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:18:07.0781 3232 xmlprov - ok
08:18:07.0843 3232 ================ Scan global ===============================
08:18:07.0875 3232 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:18:07.0937 3232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:18:07.0968 3232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:18:08.0015 3232 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:18:08.0015 3232 [Global] - ok
08:18:08.0015 3232 ================ Scan MBR ==================================
08:18:08.0046 3232 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
08:18:09.0531 3232 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:18:09.0531 3232 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:18:09.0531 3232 ================ Scan VBR ==================================
08:18:09.0531 3232 [ BF189CCDF3FDC265DB4DD6F07F185D73 ] \Device\Harddisk0\DR0\Partition1
08:18:09.0531 3232 \Device\Harddisk0\DR0\Partition1 - ok
08:18:09.0531 3232 ================ Scan active images ========================
08:18:09.0546 3232 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
08:18:09.0546 3232 C:\WINDOWS\system32\drivers\intelppm.sys - ok
08:18:09.0578 3232 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
08:18:09.0578 3232 C:\WINDOWS\system32\drivers\videoprt.sys - ok
08:18:09.0578 3232 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] C:\WINDOWS\system32\drivers\ialmnt5.sys
08:18:09.0578 3232 C:\WINDOWS\system32\drivers\ialmnt5.sys - ok
08:18:09.0593 3232 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
08:18:09.0593 3232 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
08:18:09.0593 3232 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
08:18:09.0593 3232 C:\WINDOWS\system32\drivers\usbport.sys - ok
08:18:09.0625 3232 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
08:18:09.0625 3232 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
08:18:09.0625 3232 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
08:18:09.0625 3232 C:\WINDOWS\system32\drivers\usbehci.sys - ok
08:18:09.0640 3232 [ 95974E66D3DE4951D29E28E8BC0B644C ] C:\WINDOWS\system32\drivers\e100b325.sys
08:18:09.0640 3232 C:\WINDOWS\system32\drivers\e100b325.sys - ok
08:18:09.0671 3232 [ A9573045BAA16EAB9B1085205B82F1ED ] C:\WINDOWS\system32\drivers\serscan.sys
08:18:09.0671 3232 C:\WINDOWS\system32\drivers\serscan.sys - ok
08:18:09.0671 3232 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
08:18:09.0671 3232 C:\WINDOWS\system32\drivers\audstub.sys - ok
08:18:09.0671 3232 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
08:18:09.0671 3232 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
08:18:09.0687 3232 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
08:18:09.0687 3232 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
08:18:09.0718 3232 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
08:18:09.0718 3232 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
08:18:09.0718 3232 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
08:18:09.0718 3232 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
08:18:09.0734 3232 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
08:18:09.0734 3232 C:\WINDOWS\system32\drivers\raspptp.sys - ok
08:18:09.0734 3232 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
08:18:09.0765 3232 C:\WINDOWS\system32\drivers\tdi.sys - ok
08:18:09.0765 3232 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
08:18:09.0765 3232 C:\WINDOWS\system32\drivers\msgpc.sys - ok
08:18:09.0765 3232 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
08:18:09.0765 3232 C:\WINDOWS\system32\drivers\psched.sys - ok
08:18:09.0781 3232 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
08:18:09.0781 3232 C:\WINDOWS\system32\drivers\ptilink.sys - ok
08:18:09.0812 3232 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
08:18:09.0812 3232 C:\WINDOWS\system32\drivers\raspti.sys - ok
08:18:09.0812 3232 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
08:18:09.0812 3232 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
08:18:09.0828 3232 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
08:18:09.0828 3232 C:\WINDOWS\system32\drivers\termdd.sys - ok
08:18:09.0828 3232 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
08:18:09.0828 3232 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
08:18:09.0859 3232 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
08:18:09.0859 3232 C:\WINDOWS\system32\drivers\ks.sys - ok
08:18:09.0859 3232 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
08:18:09.0859 3232 C:\WINDOWS\system32\drivers\mouclass.sys - ok
08:18:09.0875 3232 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
08:18:09.0875 3232 C:\WINDOWS\system32\drivers\swenum.sys - ok
08:18:09.0906 3232 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
08:18:09.0906 3232 C:\WINDOWS\system32\drivers\update.sys - ok
08:18:09.0906 3232 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
08:18:09.0906 3232 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
08:18:09.0921 3232 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
08:18:09.0921 3232 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
08:18:09.0921 3232 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
08:18:09.0921 3232 C:\WINDOWS\system32\drivers\usbd.sys - ok
08:18:09.0953 3232 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
08:18:09.0953 3232 C:\WINDOWS\system32\drivers\usbhub.sys - ok
08:18:09.0953 3232 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
08:18:09.0953 3232 C:\WINDOWS\system32\drivers\drmk.sys - ok
08:18:09.0968 3232 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
08:18:09.0968 3232 C:\WINDOWS\system32\drivers\portcls.sys - ok
08:18:09.0968 3232 [ 26EB7ACF476A3461B85F5BCE9A677A4A ] C:\WINDOWS\system32\drivers\sthda.sys
08:18:10.0000 3232 C:\WINDOWS\system32\drivers\sthda.sys - ok
08:18:10.0000 3232 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
08:18:10.0000 3232 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
08:18:10.0000 3232 [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\system32\drivers\i2omgmt.sys
08:18:10.0000 3232 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
08:18:10.0015 3232 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
08:18:10.0015 3232 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
08:18:10.0046 3232 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
08:18:10.0046 3232 C:\WINDOWS\system32\drivers\cdrom.sys - ok
08:18:10.0046 3232 [ D7968049BE0ADBB6A57CEE3960320911 ] C:\WINDOWS\system32\drivers\sscdbhk5.sys
08:18:10.0046 3232 C:\WINDOWS\system32\drivers\sscdbhk5.sys - ok
08:18:10.0062 3232 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
08:18:10.0062 3232 C:\WINDOWS\system32\drivers\beep.sys - ok
08:18:10.0093 3232 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
08:18:10.0093 3232 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
08:18:10.0093 3232 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
08:18:10.0093 3232 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
08:18:10.0109 3232 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
08:18:10.0109 3232 C:\WINDOWS\system32\drivers\null.sys - ok
08:18:10.0109 3232 [ C3FFD65ABFB6441E7606CF74F1155273 ] C:\WINDOWS\system32\drivers\ssrtln.sys
08:18:10.0109 3232 C:\WINDOWS\system32\drivers\ssrtln.sys - ok
08:18:10.0140 3232 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
08:18:10.0140 3232 C:\WINDOWS\system32\drivers\hidparse.sys - ok
08:18:10.0140 3232 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
08:18:10.0140 3232 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
08:18:10.0156 3232 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
08:18:10.0156 3232 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
08:18:10.0187 3232 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
08:18:10.0187 3232 C:\WINDOWS\system32\drivers\vga.sys - ok
08:18:10.0187 3232 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
08:18:10.0187 3232 C:\WINDOWS\system32\drivers\msfs.sys - ok
08:18:10.0187 3232 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
08:18:10.0187 3232 C:\WINDOWS\system32\drivers\npfs.sys - ok
08:18:10.0203 3232 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
08:18:10.0203 3232 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
08:18:10.0234 3232 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
08:18:10.0234 3232 C:\WINDOWS\system32\drivers\ipsec.sys - ok
08:18:10.0234 3232 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
08:18:10.0234 3232 C:\WINDOWS\system32\drivers\rasacd.sys - ok
08:18:10.0250 3232 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
08:18:10.0250 3232 C:\WINDOWS\system32\drivers\tcpip.sys - ok
08:18:10.0250 3232 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
08:18:10.0281 3232 C:\WINDOWS\system32\drivers\netbt.sys - ok
08:18:10.0281 3232 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
08:18:10.0281 3232 C:\WINDOWS\system32\drivers\ipnat.sys - ok
08:18:10.0281 3232 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
08:18:10.0281 3232 C:\WINDOWS\system32\drivers\wanarp.sys - ok
08:18:10.0296 3232 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
08:18:10.0296 3232 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
08:18:10.0328 3232 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
08:18:10.0328 3232 C:\WINDOWS\system32\drivers\afd.sys - ok
08:18:10.0328 3232 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
08:18:10.0328 3232 C:\WINDOWS\system32\drivers\netbios.sys - ok
08:18:10.0343 3232 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
08:18:10.0343 3232 C:\WINDOWS\system32\drivers\serial.sys - ok
08:18:10.0343 3232 [ 39763504067962108505BFF25F024345 ] C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:18:10.0343 3232 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS - ok
08:18:10.0375 3232 [ 77B9FC20084B48408AD3E87570EB4A85 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:18:10.0375 3232 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok
08:18:10.0375 3232 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
08:18:10.0375 3232 C:\WINDOWS\system32\drivers\redbook.sys - ok
08:18:10.0390 3232 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
08:18:10.0390 3232 C:\WINDOWS\system32\drivers\rdbss.sys - ok
08:18:10.0421 3232 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
08:18:10.0421 3232 C:\WINDOWS\system32\drivers\imapi.sys - ok
08:18:10.0421 3232 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
08:18:10.0421 3232 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
08:18:10.0421 3232 [ F5ACA65237C7511D5803CDC5E7003D75 ] C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys
08:18:10.0421 3232 C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys - ok
08:18:10.0437 3232 [ 5D7BE7B19E827125E016325334E58FF1 ] C:\WINDOWS\system32\drivers\BANTExt.sys
08:18:10.0437 3232 C:\WINDOWS\system32\drivers\BANTExt.sys - ok
08:18:10.0468 3232 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
08:18:10.0468 3232 C:\WINDOWS\system32\drivers\fips.sys - ok
08:18:10.0468 3232 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
08:18:10.0468 3232 C:\WINDOWS\system32\ntdll.dll - ok
08:18:10.0484 3232 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
08:18:10.0484 3232 C:\WINDOWS\system32\smss.exe - ok
08:18:10.0484 3232 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
08:18:10.0515 3232 C:\WINDOWS\system32\autochk.exe - ok
08:18:10.0515 3232 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
08:18:10.0515 3232 C:\WINDOWS\system32\sfcfiles.dll - ok
08:18:10.0515 3232 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
08:18:10.0515 3232 C:\WINDOWS\system32\drivers\usbstor.sys - ok
08:18:10.0531 3232 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
08:18:10.0531 3232 C:\WINDOWS\system32\drivers\usbprint.sys - ok
08:18:10.0562 3232 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
08:18:10.0562 3232 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
08:18:10.0562 3232 [ 13F87920B684B23D1FA803E1BB017507 ] C:\WINDOWS\system32\drivers\dc3d.sys
08:18:10.0562 3232 C:\WINDOWS\system32\drivers\dc3d.sys - ok
08:18:10.0578 3232 [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
08:18:10.0578 3232 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
08:18:10.0578 3232 [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
08:18:10.0578 3232 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
08:18:10.0609 3232 [ D6870895FE46A464A19141440EB6CC1E ] C:\WINDOWS\system32\drivers\sscdbus.sys
08:18:10.0609 3232 C:\WINDOWS\system32\drivers\sscdbus.sys - ok
08:18:10.0609 3232 [ F85B5BA4753C3E6B2B5BFCA410A458A4 ] C:\WINDOWS\system32\drivers\sscdwh.sys
08:18:10.0609 3232 C:\WINDOWS\system32\drivers\sscdwh.sys - ok
08:18:10.0625 3232 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
08:18:10.0625 3232 C:\WINDOWS\system32\drivers\hidclass.sys - ok
08:18:10.0656 3232 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
08:18:10.0656 3232 C:\WINDOWS\system32\drivers\hidusb.sys - ok
08:18:10.0656 3232 [ 38BA174E60FDA4219EFC917D514C2E28 ] C:\WINDOWS\system32\drivers\sscdcm.sys
08:18:10.0656 3232 C:\WINDOWS\system32\drivers\sscdcm.sys - ok
08:18:10.0671 3232 [ 55A15707E32B6709242AD127E62CA55A ] C:\WINDOWS\system32\drivers\sscdmdm.sys
08:18:10.0671 3232 C:\WINDOWS\system32\drivers\sscdmdm.sys - ok
08:18:10.0703 3232 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
08:18:10.0703 3232 C:\WINDOWS\system32\drivers\modem.sys - ok
08:18:10.0703 3232 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] C:\WINDOWS\system32\drivers\sscdmdfl.sys
08:18:10.0703 3232 C:\WINDOWS\system32\drivers\sscdmdfl.sys - ok
08:18:10.0703 3232 [ 9FA66E361A99F8920C7609BAE6814A0E ] C:\WINDOWS\system32\drivers\sscdserd.sys
08:18:10.0703 3232 C:\WINDOWS\system32\drivers\sscdserd.sys - ok
08:18:10.0718 3232 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
08:18:10.0718 3232 C:\WINDOWS\system32\drivers\mouhid.sys - ok
08:18:10.0750 3232 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] C:\WINDOWS\system32\drivers\point32.sys
08:18:10.0750 3232 C:\WINDOWS\system32\drivers\point32.sys - ok
08:18:10.0750 3232 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
08:18:10.0750 3232 C:\WINDOWS\system32\drivers\wmilib.sys - ok
08:18:10.0765 3232 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
08:18:10.0765 3232 C:\WINDOWS\system32\drivers\atapi.sys - ok
08:18:10.0765 3232 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
08:18:10.0796 3232 C:\WINDOWS\system32\drivers\dxapi.sys - ok
08:18:10.0796 3232 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
08:18:10.0796 3232 C:\WINDOWS\system32\watchdog.sys - ok
08:18:10.0796 3232 [ BD39EC6064A1B5DFDABCF312A38A37EE ] C:\WINDOWS\system32\win32k.sys
08:18:10.0796 3232 C:\WINDOWS\system32\win32k.sys - ok
08:18:10.0812 3232 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:18:10.0812 3232 C:\WINDOWS\system32\basesrv.dll - ok
08:18:10.0843 3232 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
08:18:10.0843 3232 C:\WINDOWS\system32\csrsrv.dll - ok
08:18:10.0843 3232 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
08:18:10.0843 3232 C:\WINDOWS\system32\csrss.exe - ok
08:18:10.0859 3232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:18:10.0859 3232 C:\WINDOWS\system32\winsrv.dll - ok
08:18:10.0859 3232 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
08:18:10.0859 3232 C:\WINDOWS\system32\drivers\dxg.sys - ok
08:18:10.0875 3232 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
08:18:10.0875 3232 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
08:18:10.0890 3232 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
08:18:10.0890 3232 C:\WINDOWS\system32\gdi32.dll - ok
08:18:10.0890 3232 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
08:18:10.0890 3232 C:\WINDOWS\system32\kernel32.dll - ok
08:18:10.0937 3232 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
08:18:10.0937 3232 C:\WINDOWS\system32\user32.dll - ok
08:18:10.0937 3232 [ A70E25C193FE92936665617D3B4973D6 ] C:\WINDOWS\system32\ialmdnt5.dll
08:18:10.0937 3232 C:\WINDOWS\system32\ialmdnt5.dll - ok
08:18:10.0937 3232 [ 4C3E431C30F13918B2B624839C5851D4 ] C:\WINDOWS\system32\ialmrnt5.dll
08:18:10.0937 3232 C:\WINDOWS\system32\ialmrnt5.dll - ok
08:18:10.0953 3232 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
08:18:10.0953 3232 C:\WINDOWS\system32\vga.dll - ok
08:18:10.0984 3232 [ D3F8D22ED63CDBB7F535AA4A914296C4 ] C:\WINDOWS\system32\ialmdev5.dll
08:18:10.0984 3232 C:\WINDOWS\system32\ialmdev5.dll - ok
08:18:10.0984 3232 [ ECAF48B8262DCEFCC605FABCBB15B6EF ] C:\WINDOWS\system32\ialmdd5.dll
08:18:10.0984 3232 C:\WINDOWS\system32\ialmdd5.dll - ok
08:18:11.0000 3232 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
08:18:11.0000 3232 C:\WINDOWS\system32\winlogon.exe - ok
08:18:11.0000 3232 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
08:18:11.0031 3232 C:\WINDOWS\system32\advapi32.dll - ok
08:18:11.0031 3232 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
08:18:11.0031 3232 C:\WINDOWS\system32\authz.dll - ok
08:18:11.0031 3232 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
08:18:11.0031 3232 C:\WINDOWS\system32\crypt32.dll - ok
08:18:11.0046 3232 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
08:18:11.0046 3232 C:\WINDOWS\system32\msasn1.dll - ok
08:18:11.0078 3232 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
08:18:11.0078 3232 C:\WINDOWS\system32\msvcrt.dll - ok
08:18:11.0078 3232 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
08:18:11.0078 3232 C:\WINDOWS\system32\nddeapi.dll - ok
08:18:11.0093 3232 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
08:18:11.0093 3232 C:\WINDOWS\system32\netapi32.dll - ok
08:18:11.0093 3232 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
08:18:11.0093 3232 C:\WINDOWS\system32\profmap.dll - ok
08:18:11.0125 3232 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
08:18:11.0125 3232 C:\WINDOWS\system32\rpcrt4.dll - ok
08:18:11.0125 3232 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
08:18:11.0125 3232 C:\WINDOWS\system32\secur32.dll - ok
08:18:11.0140 3232 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
08:18:11.0140 3232 C:\WINDOWS\system32\imagehlp.dll - ok
08:18:11.0171 3232 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
08:18:11.0171 3232 C:\WINDOWS\system32\imm32.dll - ok
08:18:11.0171 3232 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
08:18:11.0171 3232 C:\WINDOWS\system32\psapi.dll - ok
08:18:11.0171 3232 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
08:18:11.0171 3232 C:\WINDOWS\system32\regapi.dll - ok
08:18:11.0187 3232 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
08:18:11.0187 3232 C:\WINDOWS\system32\setupapi.dll - ok
08:18:11.0218 3232 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
08:18:11.0218 3232 C:\WINDOWS\system32\userenv.dll - ok
08:18:11.0218 3232 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
08:18:11.0218 3232 C:\WINDOWS\system32\version.dll - ok
08:18:11.0234 3232 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
08:18:11.0234 3232 C:\WINDOWS\system32\winsta.dll - ok
08:18:11.0234 3232 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
08:18:11.0265 3232 C:\WINDOWS\system32\wintrust.dll - ok
08:18:11.0265 3232 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
08:18:11.0265 3232 C:\WINDOWS\system32\ws2help.dll - ok
08:18:11.0265 3232 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
08:18:11.0265 3232 C:\WINDOWS\system32\ws2_32.dll - ok
08:18:11.0281 3232 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
08:18:11.0281 3232 C:\WINDOWS\system32\kbdus.dll - ok
08:18:11.0312 3232 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
08:18:11.0312 3232 C:\WINDOWS\system32\msgina.dll - ok
08:18:11.0312 3232 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
08:18:11.0312 3232 C:\WINDOWS\system32\comctl32.dll - ok
08:18:11.0328 3232 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
08:18:11.0328 3232 C:\WINDOWS\system32\comdlg32.dll - ok
08:18:11.0328 3232 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
08:18:11.0328 3232 C:\WINDOWS\system32\odbc32.dll - ok
08:18:11.0359 3232 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
08:18:11.0359 3232 C:\WINDOWS\system32\shell32.dll - ok
08:18:11.0375 3232 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
08:18:11.0375 3232 C:\WINDOWS\system32\shlwapi.dll - ok
08:18:11.0375 3232 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
08:18:11.0375 3232 C:\WINDOWS\system32\sxs.dll - ok
08:18:11.0406 3232 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
08:18:11.0406 3232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
08:18:11.0406 3232 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
08:18:11.0406 3232 C:\WINDOWS\system32\odbcint.dll - ok
08:18:11.0406 3232 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
08:18:11.0406 3232 C:\WINDOWS\system32\ole32.dll - ok
08:18:11.0421 3232 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
08:18:11.0421 3232 C:\WINDOWS\system32\sfc.dll - ok
08:18:11.0453 3232 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
08:18:11.0453 3232 C:\WINDOWS\system32\sfc_os.dll - ok
08:18:11.0453 3232 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
08:18:11.0453 3232 C:\WINDOWS\system32\shsvcs.dll - ok
08:18:11.0468 3232 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
08:18:11.0468 3232 C:\WINDOWS\system32\apphelp.dll - ok
08:18:11.0468 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
08:18:11.0500 3232 C:\WINDOWS\system32\lsass.exe - ok
08:18:11.0500 3232 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:18:11.0500 3232 C:\WINDOWS\system32\services.exe - ok
08:18:11.0500 3232 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
08:18:11.0500 3232 C:\WINDOWS\system32\dnsapi.dll - ok
08:18:11.0515 3232 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
08:18:11.0515 3232 C:\WINDOWS\system32\lsasrv.dll - ok
08:18:11.0546 3232 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
08:18:11.0546 3232 C:\WINDOWS\system32\mpr.dll - ok
08:18:11.0546 3232 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
08:18:11.0546 3232 C:\WINDOWS\system32\msvcp60.dll - ok
08:18:11.0562 3232 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
08:18:11.0562 3232 C:\WINDOWS\system32\ncobjapi.dll - ok
08:18:11.0562 3232 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
08:18:11.0562 3232 C:\WINDOWS\system32\ntdsapi.dll - ok
08:18:11.0593 3232 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
08:18:11.0593 3232 C:\WINDOWS\system32\scesrv.dll - ok
08:18:11.0593 3232 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
08:18:11.0593 3232 C:\WINDOWS\system32\umpnpmgr.dll - ok
08:18:11.0609 3232 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
08:18:11.0609 3232 C:\WINDOWS\AppPatch\acadproc.dll - ok
08:18:11.0640 3232 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
08:18:11.0640 3232 C:\WINDOWS\system32\cryptdll.dll - ok
08:18:11.0640 3232 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
08:18:11.0640 3232 C:\WINDOWS\system32\samlib.dll - ok
08:18:11.0640 3232 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
08:18:11.0640 3232 C:\WINDOWS\system32\samsrv.dll - ok
08:18:11.0656 3232 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
08:18:11.0656 3232 C:\WINDOWS\system32\shimeng.dll - ok
08:18:11.0687 3232 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
08:18:11.0687 3232 C:\WINDOWS\system32\wldap32.dll - ok
08:18:11.0687 3232 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
08:18:11.0687 3232 C:\WINDOWS\AppPatch\acgenral.dll - ok
08:18:11.0703 3232 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
08:18:11.0703 3232 C:\WINDOWS\system32\msacm32.dll - ok
08:18:11.0703 3232 [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
08:18:11.0734 3232 C:\WINDOWS\system32\oleaut32.dll - ok
08:18:11.0734 3232 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
08:18:11.0734 3232 C:\WINDOWS\system32\uxtheme.dll - ok
08:18:11.0734 3232 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
08:18:11.0734 3232 C:\WINDOWS\system32\winmm.dll - ok
08:18:11.0750 3232 [ E73F18195CCF4AAAA87B2D22E83F791C ] C:\WINDOWS\system32\serwvdrv.dll
08:18:11.0750 3232 C:\WINDOWS\system32\serwvdrv.dll - ok
08:18:11.0781 3232 [ EC2AD9AC452E0A8D976FB1B1718517CE ] C:\WINDOWS\system32\umdmxfrm.dll
08:18:11.0781 3232 C:\WINDOWS\system32\umdmxfrm.dll - ok
08:18:11.0781 3232 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
08:18:11.0781 3232 C:\WINDOWS\system32\digest.dll - ok
08:18:11.0796 3232 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
08:18:11.0796 3232 C:\WINDOWS\system32\msapsspc.dll - ok
08:18:11.0796 3232 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
08:18:11.0796 3232 C:\WINDOWS\system32\msnsspc.dll - ok
08:18:11.0828 3232 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
08:18:11.0828 3232 C:\WINDOWS\system32\msvcrt40.dll - ok
08:18:11.0828 3232 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
08:18:11.0828 3232 C:\WINDOWS\system32\schannel.dll - ok
08:18:11.0843 3232 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
08:18:11.0843 3232 C:\WINDOWS\system32\msctfime.ime - ok
08:18:11.0875 3232 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
08:18:11.0875 3232 C:\WINDOWS\system32\atmfd.dll - ok
08:18:11.0875 3232 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
08:18:11.0875 3232 C:\WINDOWS\system32\kerberos.dll - ok
08:18:11.0875 3232 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
08:18:11.0875 3232 C:\WINDOWS\system32\msprivs.dll - ok
08:18:11.0890 3232 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
08:18:11.0890 3232 C:\WINDOWS\system32\iphlpapi.dll - ok
08:18:11.0921 3232 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
08:18:11.0921 3232 C:\WINDOWS\system32\msv1_0.dll - ok
08:18:11.0921 3232 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
08:18:11.0921 3232 C:\WINDOWS\system32\netlogon.dll - ok
08:18:11.0937 3232 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
08:18:11.0937 3232 C:\WINDOWS\system32\w32time.dll - ok
08:18:11.0937 3232 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
08:18:11.0968 3232 C:\WINDOWS\system32\wdigest.dll - ok
08:18:11.0968 3232 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
08:18:11.0968 3232 C:\WINDOWS\system32\rsaenh.dll - ok
08:18:11.0968 3232 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
08:18:11.0968 3232 C:\WINDOWS\system32\winscard.dll - ok
08:18:11.0984 3232 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
08:18:11.0984 3232 C:\WINDOWS\system32\wtsapi32.dll - ok
08:18:12.0015 3232 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
08:18:12.0015 3232 C:\WINDOWS\system32\scecli.dll - ok
08:18:12.0015 3232 [ EE83A4EBAE70BC93CF14879D062F548B ] C:\WINDOWS\system32\drivers\drvnddm.sys
08:18:12.0015 3232 C:\WINDOWS\system32\drivers\drvnddm.sys - ok
08:18:12.0031 3232 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] C:\WINDOWS\system32\dla\tfsndres.sys
08:18:12.0031 3232 C:\WINDOWS\system32\dla\tfsndres.sys - ok
08:18:12.0031 3232 [ B92F67A71CC8176F331B8AA8D9F555AD ] C:\WINDOWS\system32\dla\tfsnifs.sys
08:18:12.0031 3232 C:\WINDOWS\system32\dla\tfsnifs.sys - ok
08:18:12.0062 3232 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] C:\WINDOWS\system32\dla\tfsnopio.sys
08:18:12.0062 3232 C:\WINDOWS\system32\dla\tfsnopio.sys - ok
08:18:12.0062 3232 [ 30698355067D07DA5F9EB81132C9FDD6 ] C:\WINDOWS\system32\dla\tfsnboio.sys
08:18:12.0062 3232 C:\WINDOWS\system32\dla\tfsnboio.sys - ok
08:18:12.0078 3232 [ FB9D825BB4A2ABDF24600F7505050E2B ] C:\WINDOWS\system32\dla\tfsncofs.sys
08:18:12.0078 3232 C:\WINDOWS\system32\dla\tfsncofs.sys - ok
08:18:12.0109 3232 [ BBA22094F0F7C210567EFDAF11F64495 ] C:\WINDOWS\system32\dla\tfsnpool.sys
08:18:12.0109 3232 C:\WINDOWS\system32\dla\tfsnpool.sys - ok
08:18:12.0109 3232 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] C:\WINDOWS\system32\dla\tfsndrct.sys
08:18:12.0109 3232 C:\WINDOWS\system32\dla\tfsndrct.sys - ok
08:18:12.0125 3232 [ 81340BEF80B9811E98CE64611E67E3FF ] C:\WINDOWS\system32\dla\tfsnudf.sys
08:18:12.0125 3232 C:\WINDOWS\system32\dla\tfsnudf.sys - ok
08:18:12.0125 3232 [ C035FD116224CCC8325F384776B6A8BB ] C:\WINDOWS\system32\dla\tfsnudfa.sys
08:18:12.0125 3232 C:\WINDOWS\system32\dla\tfsnudfa.sys - ok
08:18:12.0156 3232 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
08:18:12.0156 3232 C:\WINDOWS\system32\svchost.exe - ok
08:18:12.0156 3232 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
08:18:12.0156 3232 C:\WINDOWS\system32\ntmarta.dll - ok
08:18:12.0171 3232 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
08:18:12.0171 3232 C:\WINDOWS\system32\rpcss.dll - ok
08:18:12.0171 3232 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
08:18:12.0203 3232 C:\WINDOWS\system32\xpsp2res.dll - ok
08:18:12.0203 3232 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
08:18:12.0203 3232 C:\WINDOWS\system32\eventlog.dll - ok
08:18:12.0203 3232 [ EF2EBB2A7A9ECFF43379D32273205D54 ] C:\Program Files\CenturyLink Online Security\FSPS\program\fslsp.dll
08:18:12.0203 3232 C:\Program Files\CenturyLink Online Security\FSPS\program\fslsp.dll - ok
08:18:12.0218 3232 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
08:18:12.0218 3232 C:\WINDOWS\system32\hnetcfg.dll - ok
08:18:12.0250 3232 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
08:18:12.0250 3232 C:\WINDOWS\system32\mswsock.dll - ok
08:18:12.0250 3232 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
08:18:12.0250 3232 C:\WINDOWS\system32\wshtcpip.dll - ok
08:18:12.0265 3232 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
08:18:12.0265 3232 C:\WINDOWS\system32\rasadhlp.dll - ok
08:18:12.0265 3232 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
08:18:12.0296 3232 C:\WINDOWS\system32\winrnr.dll - ok
08:18:12.0296 3232 [ 46C55935FA730144449C884A472827E0 ] C:\WINDOWS\system32\wshbth.dll
08:18:12.0296 3232 C:\WINDOWS\system32\wshbth.dll - ok
08:18:12.0296 3232 [ 5CAF91E865FE0C85048A233E594544D2 ] C:\WINDOWS\system32\WudfPlatform.dll
08:18:12.0296 3232 C:\WINDOWS\system32\WudfPlatform.dll - ok
08:18:12.0312 3232 [ 05231C04253C5BC30B26CBAAE680ED89 ] C:\WINDOWS\system32\WudfSvc.dll
08:18:12.0312 3232 C:\WINDOWS\system32\WudfSvc.dll - ok
08:18:12.0343 3232 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
08:18:12.0343 3232 C:\WINDOWS\system32\cscdll.dll - ok
08:18:12.0343 3232 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
08:18:12.0343 3232 C:\WINDOWS\system32\logonui.exe - ok
08:18:12.0359 3232 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
08:18:12.0359 3232 C:\WINDOWS\system32\dimsntfy.dll - ok
08:18:12.0359 3232 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
08:18:12.0359 3232 C:\WINDOWS\system32\winspool.drv - ok
08:18:12.0390 3232 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
08:18:12.0390 3232 C:\WINDOWS\system32\wlnotify.dll - ok
08:18:12.0390 3232 [ D7DCFB4D0C58FFB569DE93E1681FD37A ] C:\WINDOWS\system32\WgaLogon.dll
08:18:12.0390 3232 C:\WINDOWS\system32\WgaLogon.dll - ok
08:18:12.0406 3232 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
08:18:12.0406 3232 C:\WINDOWS\system32\clbcatq.dll - ok
08:18:12.0437 3232 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
08:18:12.0437 3232 C:\WINDOWS\system32\comres.dll - ok
08:18:12.0437 3232 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
08:18:12.0437 3232 C:\WINDOWS\system32\duser.dll - ok
08:18:12.0437 3232 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
08:18:12.0437 3232 C:\WINDOWS\system32\msimg32.dll - ok
08:18:12.0453 3232 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
08:18:12.0453 3232 C:\WINDOWS\system32\oleacc.dll - ok
08:18:12.0484 3232 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
08:18:12.0484 3232 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
08:18:12.0484 3232 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
08:18:12.0484 3232 C:\WINDOWS\system32\msxml3.dll - ok
08:18:12.0500 3232 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
08:18:12.0500 3232 C:\WINDOWS\system32\shgina.dll - ok
08:18:12.0500 3232 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
08:18:12.0531 3232 C:\WINDOWS\system32\dhcpcsvc.dll - ok
08:18:12.0531 3232 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
08:18:12.0531 3232 C:\WINDOWS\system32\dnsrslvr.dll - ok
08:18:12.0531 3232 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
08:18:12.0531 3232 C:\WINDOWS\system32\rtutils.dll - ok
08:18:12.0546 3232 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
08:18:12.0546 3232 C:\WINDOWS\system32\wmi.dll - ok
08:18:12.0578 3232 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
08:18:12.0578 3232 C:\WINDOWS\system32\wzcsvc.dll - ok
08:18:12.0578 3232 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
08:18:12.0578 3232 C:\WINDOWS\system32\atl.dll - ok
08:18:12.0593 3232 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
08:18:12.0593 3232 C:\WINDOWS\system32\eapolqec.dll - ok
08:18:12.0593 3232 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
08:18:12.0593 3232 C:\WINDOWS\system32\qutil.dll - ok
08:18:12.0609 3232 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
08:18:12.0609 3232 C:\WINDOWS\system32\dot3api.dll - ok
08:18:12.0609 3232 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
08:18:12.0609 3232 C:\WINDOWS\system32\esent.dll - ok
08:18:12.0625 3232 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
08:18:12.0625 3232 C:\WINDOWS\system32\cryptui.dll - ok
08:18:12.0625 3232 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
08:18:12.0625 3232 C:\WINDOWS\system32\rastls.dll - ok
08:18:12.0640 3232 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
08:18:12.0640 3232 C:\WINDOWS\system32\activeds.dll - ok
08:18:12.0640 3232 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
08:18:12.0640 3232 C:\WINDOWS\system32\adsldpc.dll - ok
08:18:12.0640 3232 [ 80C2C4CEDEAC43129E7452114EC67013 ] C:\WINDOWS\system32\iertutil.dll
08:18:12.0640 3232 C:\WINDOWS\system32\iertutil.dll - ok
08:18:12.0656 3232 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
08:18:12.0656 3232 C:\WINDOWS\system32\mprapi.dll - ok
08:18:12.0656 3232 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
08:18:12.0656 3232 C:\WINDOWS\system32\normaliz.dll - ok
08:18:12.0671 3232 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
08:18:12.0671 3232 C:\WINDOWS\system32\rasapi32.dll - ok
08:18:12.0671 3232 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
08:18:12.0671 3232 C:\WINDOWS\system32\rasman.dll - ok
08:18:12.0687 3232 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
08:18:12.0687 3232 C:\WINDOWS\system32\tapi32.dll - ok
08:18:12.0687 3232 [ E4E5BDE977FE2330D6B970CC832DF3A8 ] C:\WINDOWS\system32\wininet.dll
08:18:12.0687 3232 C:\WINDOWS\system32\wininet.dll - ok
08:18:12.0703 3232 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
08:18:12.0703 3232 C:\WINDOWS\system32\riched20.dll - ok
08:18:12.0703 3232 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
08:18:12.0703 3232 C:\WINDOWS\system32\raschap.dll - ok
08:18:12.0703 3232 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
08:18:12.0703 3232 C:\WINDOWS\system32\schedsvc.dll - ok
08:18:12.0718 3232 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
08:18:12.0718 3232 C:\WINDOWS\system32\msidle.dll - ok
08:18:12.0718 3232 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
08:18:12.0718 3232 C:\WINDOWS\system32\spoolsv.exe - ok
08:18:12.0734 3232 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
08:18:12.0734 3232 C:\WINDOWS\system32\audiosrv.dll - ok
08:18:12.0734 3232 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
08:18:12.0734 3232 C:\WINDOWS\system32\wkssvc.dll - ok
08:18:12.0734 3232 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
08:18:12.0734 3232 C:\WINDOWS\system32\cscui.dll - ok
08:18:12.0750 3232 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
08:18:12.0750 3232 C:\WINDOWS\system32\powrprof.dll - ok
08:18:12.0750 3232 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
08:18:12.0750 3232 C:\WINDOWS\system32\dpcdll.dll - ok
08:18:12.0765 3232 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
08:18:12.0765 3232 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
08:18:12.0765 3232 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
08:18:12.0765 3232 C:\WINDOWS\system32\wdmaud.drv - ok
08:18:12.0781 3232 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
08:18:12.0781 3232 C:\WINDOWS\system32\drprov.dll - ok
08:18:12.0781 3232 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
08:18:12.0781 3232 C:\WINDOWS\system32\netrap.dll - ok
08:18:12.0781 3232 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
08:18:12.0781 3232 C:\WINDOWS\system32\netui0.dll - ok
08:18:12.0796 3232 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
08:18:12.0796 3232 C:\WINDOWS\system32\netui1.dll - ok
08:18:12.0796 3232 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
08:18:12.0796 3232 C:\WINDOWS\system32\ntlanman.dll - ok
08:18:12.0812 3232 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
08:18:12.0812 3232 C:\WINDOWS\system32\davclnt.dll - ok
08:18:12.0812 3232 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
08:18:12.0812 3232 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
08:18:12.0828 3232 [ 69A5ADF546505F4C69EF3046BF798B49 ] C:\WINDOWS\system32\mprui.dll
08:18:12.0828 3232 C:\WINDOWS\system32\mprui.dll - ok
08:18:12.0828 3232 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
08:18:12.0828 3232 C:\WINDOWS\system32\netmsg.dll - ok
08:18:12.0828 3232 [ 1414E666316CA7D9823DBD2D4ADA5971 ] C:\WINDOWS\system32\netui2.dll
08:18:12.0828 3232 C:\WINDOWS\system32\netui2.dll - ok
08:18:12.0843 3232 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
08:18:12.0843 3232 C:\WINDOWS\system32\drivers\aec.sys - ok
08:18:12.0843 3232 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
08:18:12.0843 3232 C:\WINDOWS\system32\drivers\splitter.sys - ok
08:18:12.0859 3232 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
08:18:12.0859 3232 C:\WINDOWS\system32\drivers\swmidi.sys - ok
08:18:12.0859 3232 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
08:18:12.0859 3232 C:\WINDOWS\system32\drivers\dmusic.sys - ok
08:18:12.0875 3232 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
08:18:12.0875 3232 C:\WINDOWS\system32\drivers\kmixer.sys - ok
08:18:12.0875 3232 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
08:18:12.0875 3232 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
08:18:12.0890 3232 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
08:18:12.0890 3232 C:\WINDOWS\system32\msacm32.drv - ok
08:18:12.0890 3232 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
08:18:12.0890 3232 C:\WINDOWS\system32\midimap.dll - ok
08:18:12.0890 3232 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:18:12.0890 3232 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
08:18:12.0906 3232 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
08:18:12.0906 3232 C:\WINDOWS\system32\mscoree.dll - ok
08:18:12.0921 3232 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
08:18:12.0921 3232 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
08:18:12.0921 3232 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
08:18:12.0921 3232 C:\WINDOWS\system32\certcli.dll - ok
08:18:12.0921 3232 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
08:18:12.0921 3232 C:\WINDOWS\system32\cryptsvc.dll - ok
08:18:12.0937 3232 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] C:\WINDOWS\system32\drivers\dsunidrv.sys
08:18:12.0937 3232 C:\WINDOWS\system32\drivers\dsunidrv.sys - ok
08:18:12.0937 3232 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] C:\WINDOWS\ehome\ehrecvr.exe
08:18:12.0937 3232 C:\WINDOWS\ehome\ehrecvr.exe - ok
08:18:12.0953 3232 [ 6D280BC969218AE4A72180F907C32913 ] C:\WINDOWS\ehome\ehTrace.dll
08:18:12.0953 3232 C:\WINDOWS\ehome\ehTrace.dll - ok
08:18:12.0953 3232 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
08:18:12.0953 3232 C:\WINDOWS\system32\faultrep.dll - ok
08:18:12.0953 3232 [ A53243709439AC2A4C216B817F8D7411 ] C:\WINDOWS\ehome\ehSched.exe
08:18:12.0953 3232 C:\WINDOWS\ehome\ehSched.exe - ok
08:18:12.0968 3232 [ A9BE66E05254B20DF82E0F7CDDECA7DD ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
08:18:12.0968 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe - ok
08:18:12.0968 3232 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
08:18:12.0968 3232 C:\WINDOWS\system32\ersvc.dll - ok
08:18:12.0984 3232 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
08:18:12.0984 3232 C:\WINDOWS\system32\es.dll - ok
08:18:12.0984 3232 [ 945D921BB4FF2DED24F62D2BAF2AB48B ] C:\Program Files\CenturyLink Online Security\Common\FSMA32.DLL
08:18:12.0984 3232 C:\Program Files\CenturyLink Online Security\Common\FSMA32.DLL - ok
08:18:13.0000 3232 [ 392E85687A902239C01BADDF212B1A36 ] C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
08:18:13.0000 3232 C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE - ok
08:18:13.0000 3232 [ 0EA6E48104D562FA453F32FEB01E92C6 ] C:\Program Files\CenturyLink Online Security\Common\FSPMAPI.DLL
08:18:13.0000 3232 C:\Program Files\CenturyLink Online Security\Common\FSPMAPI.DLL - ok
08:18:13.0000 3232 [ 926AFC4848FF3297BB264333BF51E21F ] C:\WINDOWS\system32\sbe.dll
08:18:13.0000 3232 C:\WINDOWS\system32\sbe.dll - ok
08:18:13.0015 3232 [ E7A33307A0816678AD50C7110EA50A33 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32.exe
08:18:13.0015 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32.exe - ok
08:18:13.0015 3232 [ E325BCDBB6DED6C89F679B8AE89E975C ] C:\WINDOWS\system32\msvidctl.dll
08:18:13.0015 3232 C:\WINDOWS\system32\msvidctl.dll - ok
08:18:13.0031 3232 [ BF107ACF2CDD552AABE14E8C3E62E3FC ] C:\WINDOWS\system32\quartz.dll
08:18:13.0031 3232 C:\WINDOWS\system32\quartz.dll - ok
08:18:13.0031 3232 [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll
08:18:13.0031 3232 C:\WINDOWS\system32\devenum.dll - ok
08:18:13.0046 3232 [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
08:18:13.0046 3232 C:\WINDOWS\system32\msdmo.dll - ok
08:18:13.0046 3232 [ 626A24ED1228580B9518C01930936DF9 ] C:\Program Files\Google\Update\GoogleUpdate.exe
08:18:13.0046 3232 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
08:18:13.0046 3232 [ 7B3740169BDE2892091084007AB6BABA ] C:\Program Files\CenturyLink Online Security\Anti-Virus\updcfg.dll
08:18:13.0046 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\updcfg.dll - ok
08:18:13.0062 3232 [ 008DF0C9D81BD814480DD9C052893E8C ] C:\WINDOWS\ehome\ehRec.exe
08:18:13.0062 3232 C:\WINDOWS\ehome\ehRec.exe - ok
08:18:13.0062 3232 [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
08:18:13.0062 3232 C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
08:18:13.0078 3232 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
08:18:13.0078 3232 C:\WINDOWS\system32\msi.dll - ok
08:18:13.0078 3232 [ 7E48D9BC72C8A0A9525F309F92A284D4 ] C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
08:18:13.0078 3232 C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE - ok
08:18:13.0093 3232 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
08:18:13.0093 3232 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
08:18:13.0093 3232 [ 9D80D4BD26396FDC2D2C4E4D5E1EBA36 ] C:\Program Files\CenturyLink Online Security\Common\FCH32.DLL
08:18:13.0093 3232 C:\Program Files\CenturyLink Online Security\Common\FCH32.DLL - ok
08:18:13.0093 3232 [ D43E59FAABE2DDD06B569C1836A146DD ] C:\Program Files\CenturyLink Online Security\Common\FSPMENG.DLL
08:18:13.0093 3232 C:\Program Files\CenturyLink Online Security\Common\FSPMENG.DLL - ok
08:18:13.0109 3232 [ 31F68153B971F917BAE07A4B0A19167A ] C:\Program Files\CenturyLink Online Security\DAAS2\fsclm.dll
08:18:13.0109 3232 C:\Program Files\CenturyLink Online Security\DAAS2\fsclm.dll - ok
08:18:13.0109 3232 [ 554C96E3C39E5BA98EFAFEC2CEACFA72 ] C:\Program Files\CenturyLink Online Security\Common\FSMA32S.DLL
08:18:13.0109 3232 C:\Program Files\CenturyLink Online Security\Common\FSMA32S.DLL - ok
08:18:13.0125 3232 [ 68997E95D4B4079A4663C794AC4798BA ] C:\Program Files\CenturyLink Online Security\Scanner-Interface\fsgkiapi.dll
08:18:13.0125 3232 C:\Program Files\CenturyLink Online Security\Scanner-Interface\fsgkiapi.dll - ok
08:18:13.0125 3232 [ 7C87A5FB95777E4132B11FC3D92CAAF5 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
08:18:13.0125 3232 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll - ok
08:18:13.0125 3232 [ ADE43E6677BA2D52413DDDAB38438555 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
08:18:13.0125 3232 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - ok
08:18:13.0140 3232 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
08:18:13.0140 3232 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll - ok
08:18:13.0140 3232 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
08:18:13.0140 3232 C:\WINDOWS\system32\dbghelp.dll - ok
08:18:13.0187 3232 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
08:18:13.0187 3232 C:\WINDOWS\system32\fltlib.dll - ok
08:18:13.0187 3232 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
08:18:13.0187 3232 C:\WINDOWS\system32\drivers\http.sys - ok
08:18:13.0187 3232 [ C0A447BCA69D9661D1EF7EDF4C700FE3 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
08:18:13.0187 3232 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - ok
08:18:13.0203 3232 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
08:18:13.0203 3232 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
08:18:13.0203 3232 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
08:18:13.0203 3232 C:\WINDOWS\system32\hid.dll - ok
08:18:13.0218 3232 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
08:18:13.0218 3232 C:\WINDOWS\system32\hidserv.dll - ok
08:18:13.0218 3232 [ 195741AEE20369980796B557358CD774 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
08:18:13.0218 3232 C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
08:18:13.0218 3232 [ 5C77C4DB091466CA4C04F01DC7C767CB ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f924740\mscorlib.dll
08:18:13.0218 3232 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f924740\mscorlib.dll - ok
08:18:13.0234 3232 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
08:18:13.0234 3232 C:\WINDOWS\system32\ipsecsvc.dll - ok
08:18:13.0234 3232 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
08:18:13.0234 3232 C:\WINDOWS\system32\netman.dll - ok
08:18:13.0250 3232 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
08:18:13.0250 3232 C:\WINDOWS\system32\netshell.dll - ok
08:18:13.0250 3232 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
08:18:13.0250 3232 C:\WINDOWS\system32\oakley.dll - ok
08:18:13.0265 3232 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
08:18:13.0265 3232 C:\WINDOWS\system32\srvsvc.dll - ok
08:18:13.0265 3232 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
08:18:13.0265 3232 C:\WINDOWS\system32\winipsec.dll - ok
08:18:13.0265 3232 [ AE8028E980FCAB6CCAF68E6850D8FE50 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
08:18:13.0265 3232 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - ok
08:18:13.0296 3232 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
08:18:13.0296 3232 C:\WINDOWS\system32\credui.dll - ok
08:18:13.0296 3232 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
08:18:13.0296 3232 C:\WINDOWS\system32\dot3dlg.dll - ok
08:18:13.0312 3232 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
08:18:13.0312 3232 C:\WINDOWS\system32\onex.dll - ok
08:18:13.0312 3232 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
08:18:13.0312 3232 C:\WINDOWS\system32\psbase.dll - ok
08:18:13.0328 3232 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
08:18:13.0328 3232 C:\WINDOWS\system32\pstorsvc.dll - ok
08:18:13.0328 3232 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
08:18:13.0328 3232 C:\WINDOWS\system32\eappcfg.dll - ok
08:18:13.0328 3232 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
08:18:13.0328 3232 C:\WINDOWS\system32\eappprxy.dll - ok
08:18:13.0343 3232 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
08:18:13.0343 3232 C:\WINDOWS\system32\wzcsapi.dll - ok
08:18:13.0343 3232 [ 73B44FE5423982B2709D6EA2F674B807 ] C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
08:18:13.0343 3232 C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll - ok
08:18:13.0359 3232 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
08:18:13.0359 3232 C:\WINDOWS\system32\seclogon.dll - ok
08:18:13.0359 3232 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
08:18:13.0687 3232 C:\WINDOWS\system32\sens.dll - ok
08:18:13.0687 3232 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
08:18:13.0687 3232 C:\WINDOWS\system32\srsvc.dll - ok
08:18:13.0703 3232 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
08:18:13.0703 3232 C:\WINDOWS\system32\drivers\srv.sys - ok
08:18:13.0703 3232 [ AB9AAC01AC223F03707748C038A03244 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
08:18:13.0703 3232 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - ok
08:18:13.0734 3232 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
08:18:13.0734 3232 C:\WINDOWS\system32\dssenh.dll - ok
08:18:13.0734 3232 [ 2975C66459C426C20BC22D639DF6B611 ] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
08:18:13.0734 3232 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok
08:18:13.0750 3232 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
08:18:13.0750 3232 C:\WINDOWS\system32\ssdpsrv.dll - ok
08:18:13.0750 3232 [ 21E9E1D02F36980968FF1AEA3A4C7C97 ] C:\Program Files\CenturyLink Online Security\Common\FAMEH32.DLL
08:18:13.0750 3232 C:\Program Files\CenturyLink Online Security\Common\FAMEH32.DLL - ok
08:18:13.0781 3232 [ A28FB45FD44FA90E5F2BF94B642B7A39 ] C:\Program Files\CenturyLink Online Security\Common\fslapi.dll
08:18:13.0781 3232 C:\Program Files\CenturyLink Online Security\Common\fslapi.dll - ok
08:18:13.0781 3232 [ 2D74A891C52271A641C46F7396BF4EE1 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\fsaua.dll
08:18:13.0781 3232 C:\Program Files\CenturyLink Online Security\FSAUA\program\fsaua.dll - ok
08:18:13.0796 3232 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
08:18:13.0796 3232 C:\WINDOWS\system32\spoolss.dll - ok
08:18:13.0828 3232 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
08:18:13.0828 3232 C:\WINDOWS\system32\sensapi.dll - ok
08:18:13.0828 3232 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
08:18:13.0828 3232 C:\WINDOWS\system32\wsock32.dll - ok
08:18:13.0828 3232 [ 7E4BF91C9111B04BAA363E33E992616B ] C:\Program Files\CenturyLink Online Security\Common\AMEHEVN.DLL
08:18:13.0828 3232 C:\Program Files\CenturyLink Online Security\Common\AMEHEVN.DLL - ok
08:18:13.0843 3232 [ 367F95031128D466E09BDAC0C4F8BA8A ] C:\Program Files\CenturyLink Online Security\FSPC\fspc.dll
08:18:13.0843 3232 C:\Program Files\CenturyLink Online Security\FSPC\fspc.dll - ok
08:18:13.0875 3232 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
08:18:13.0875 3232 C:\WINDOWS\system32\cfgmgr32.dll - ok
08:18:13.0875 3232 [ B226F8A4D780ACDF76145B58BB791D5B ] C:\WINDOWS\system32\drivers\symlcbrd.sys
08:18:13.0875 3232 C:\WINDOWS\system32\drivers\symlcbrd.sys - ok
08:18:13.0890 3232 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
08:18:13.0890 3232 C:\WINDOWS\system32\tapisrv.dll - ok
08:18:13.0890 3232 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
08:18:13.0937 3232 C:\WINDOWS\system32\wiaservc.dll - ok
08:18:13.0937 3232 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
08:18:13.0937 3232 C:\WINDOWS\system32\mscms.dll - ok
08:18:13.0937 3232 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
08:18:13.0937 3232 C:\WINDOWS\system32\vssapi.dll - ok
08:18:13.0953 3232 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
08:18:13.0953 3232 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
08:18:13.0984 3232 [ E97D6A8684466DF94FF3BC24FB787A07 ] C:\WINDOWS\system32\fxssvc.exe
08:18:13.0984 3232 C:\WINDOWS\system32\fxssvc.exe - ok
08:18:13.0984 3232 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
08:18:13.0984 3232 C:\WINDOWS\system32\wuaueng.dll - ok
08:18:14.0000 3232 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
08:18:14.0000 3232 C:\WINDOWS\system32\wuauserv.dll - ok
08:18:14.0000 3232 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
08:18:14.0000 3232 C:\WINDOWS\system32\cabinet.dll - ok
08:18:14.0031 3232 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
08:18:14.0031 3232 C:\WINDOWS\system32\mspatcha.dll - ok
08:18:14.0031 3232 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
08:18:14.0031 3232 C:\WINDOWS\system32\winhttp.dll - ok
08:18:14.0046 3232 [ 6F5C55D2FA1B3080647460E1329CDAEA ] C:\Program Files\CenturyLink Online Security\TNB\fstnb.dll
08:18:14.0046 3232 C:\Program Files\CenturyLink Online Security\TNB\fstnb.dll - ok
08:18:14.0078 3232 [ 9E053578E7E8248DD8AA097AA8933097 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\fsaua_api_dll.dll
08:18:14.0078 3232 C:\Program Files\CenturyLink Online Security\FSAUA\program\fsaua_api_dll.dll - ok
08:18:14.0078 3232 [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
08:18:14.0078 3232 C:\WINDOWS\system32\fxsevent.dll - ok
08:18:14.0078 3232 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
08:18:14.0078 3232 C:\WINDOWS\system32\wups.dll - ok
08:18:14.0093 3232 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
08:18:14.0093 3232 C:\WINDOWS\system32\wups2.dll - ok
08:18:14.0125 3232 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
08:18:14.0125 3232 C:\WINDOWS\system32\comsvcs.dll - ok
08:18:14.0125 3232 [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
08:18:14.0125 3232 C:\WINDOWS\system32\fxsapi.dll - ok
08:18:14.0140 3232 [ 1144EF6B4BB72E33B41912AE1AE4F97A ] C:\WINDOWS\system32\fxstiff.dll
08:18:14.0140 3232 C:\WINDOWS\system32\fxstiff.dll - ok
08:18:14.0140 3232 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
08:18:14.0171 3232 C:\WINDOWS\system32\colbact.dll - ok
08:18:14.0171 3232 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
08:18:14.0171 3232 C:\WINDOWS\system32\mtxclu.dll - ok
08:18:14.0171 3232 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
08:18:14.0171 3232 C:\WINDOWS\system32\clusapi.dll - ok
08:18:14.0187 3232 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
08:18:14.0187 3232 C:\WINDOWS\system32\resutils.dll - ok
08:18:14.0218 3232 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
08:18:14.0218 3232 C:\WINDOWS\system32\ipnathlp.dll - ok
08:18:14.0218 3232 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
08:18:14.0218 3232 C:\WINDOWS\system32\wscsvc.dll - ok
08:18:14.0234 3232 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
08:18:14.0234 3232 C:\WINDOWS\system32\wuauclt.exe - ok
08:18:14.0234 3232 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
08:18:14.0234 3232 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
08:18:14.0265 3232 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
08:18:14.0265 3232 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
08:18:14.0265 3232 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
08:18:14.0265 3232 C:\WINDOWS\system32\wbem\esscli.dll - ok
08:18:14.0281 3232 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
08:18:14.0281 3232 C:\WINDOWS\system32\wbem\fastprox.dll - ok
08:18:14.0312 3232 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
08:18:14.0312 3232 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
08:18:14.0312 3232 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
08:18:14.0312 3232 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
08:18:14.0312 3232 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
08:18:14.0312 3232 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
08:18:14.0328 3232 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
08:18:14.0328 3232 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
08:18:14.0359 3232 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
08:18:14.0359 3232 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
08:18:14.0359 3232 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
08:18:14.0359 3232 C:\WINDOWS\system32\wbem\wbemess.dll - ok
08:18:14.0375 3232 [ DF0A511F38F16016BF658FCA0090CB87 ] C:\WINDOWS\ehome\mcrdsvc.exe
08:18:14.0375 3232 C:\WINDOWS\ehome\mcrdsvc.exe - ok
08:18:14.0375 3232 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
08:18:14.0406 3232 C:\WINDOWS\system32\localspl.dll - ok
08:18:14.0406 3232 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
08:18:14.0406 3232 C:\WINDOWS\system32\wuapi.dll - ok
08:18:14.0406 3232 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
08:18:14.0406 3232 C:\WINDOWS\system32\cnbjmon.dll - ok
08:18:14.0421 3232 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
08:18:14.0421 3232 C:\WINDOWS\system32\ssdpapi.dll - ok
08:18:14.0453 3232 [ 20F3BA47A831C787EFD6177A3CF0F4DC ] C:\WINDOWS\system32\zsdepl.dcl
08:18:14.0453 3232 C:\WINDOWS\system32\zsdepl.dcl - ok
08:18:14.0453 3232 [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
08:18:14.0453 3232 C:\WINDOWS\system32\fxsmon.dll - ok
08:18:14.0468 3232 [ 95647F820CBC025676D7B407E2BCFBE6 ] C:\WINDOWS\system32\mdimon.dll
08:18:14.0468 3232 C:\WINDOWS\system32\mdimon.dll - ok
08:18:14.0468 3232 [ 1574DD9D409F2DC45CF82C22B99164A4 ] C:\WINDOWS\system32\pdfcmnnt.dll
08:18:14.0468 3232 C:\WINDOWS\system32\pdfcmnnt.dll - ok
08:18:14.0500 3232 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
08:18:14.0500 3232 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
08:18:14.0500 3232 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
08:18:14.0500 3232 C:\WINDOWS\system32\pjlmon.dll - ok
08:18:14.0515 3232 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
08:18:14.0515 3232 C:\WINDOWS\system32\tcpmon.dll - ok
08:18:14.0546 3232 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
08:18:14.0546 3232 C:\WINDOWS\system32\usbmon.dll - ok
08:18:14.0546 3232 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
08:18:14.0546 3232 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
08:18:14.0546 3232 [ 4424AE65F7AF8181AC99FE46BC2700C9 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
08:18:14.0546 3232 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
08:18:14.0562 3232 [ 9FA838B634DEE1CC552B17CCA85F0A2A ] C:\Program Files\CenturyLink Online Security\Common\AMEHLOG.DLL
08:18:14.0562 3232 C:\Program Files\CenturyLink Online Security\Common\AMEHLOG.DLL - ok
08:18:14.0593 3232 [ D0B84EC82FCD2FEF93EDD3527362FAE0 ] C:\Program Files\CenturyLink Online Security\FSGUI\fsstm.exe
08:18:14.0593 3232 C:\Program Files\CenturyLink Online Security\FSGUI\fsstm.exe - ok
08:18:14.0593 3232 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
08:18:14.0593 3232 C:\WINDOWS\system32\wbem\ncprov.dll - ok
08:18:14.0609 3232 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
08:18:14.0609 3232 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
08:18:14.0609 3232 [ 2C594CC1A9A04524F0F203046AD451C5 ] C:\Program Files\CenturyLink Online Security\FSGUI\chmres.eng
08:18:14.0625 3232 C:\Program Files\CenturyLink Online Security\FSGUI\chmres.eng - ok
08:18:14.0625 3232 [ A9B74917D9A297DCE56BB19331EA8E44 ] C:\Program Files\CenturyLink Online Security\FSGUI\strres.eng
08:18:14.0625 3232 C:\Program Files\CenturyLink Online Security\FSGUI\strres.eng - ok
08:18:14.0625 3232 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
08:18:14.0625 3232 C:\WINDOWS\system32\win32spl.dll - ok
08:18:14.0640 3232 [ E6019253451DBB67740F7027AD9E1CB5 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
08:18:14.0640 3232 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
08:18:14.0671 3232 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
08:18:14.0671 3232 C:\WINDOWS\system32\userinit.exe - ok
08:18:14.0671 3232 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
08:18:14.0671 3232 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
08:18:14.0687 3232 [ 3F994A6CF62AA8ED7B82CBE8AD7BE810 ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
08:18:14.0687 3232 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
08:18:14.0687 3232 [ FE1EC76785411CA41846A16833F9C480 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\fsauach.exe
08:18:14.0687 3232 C:\Program Files\CenturyLink Online Security\FSAUA\program\fsauach.exe - ok
08:18:14.0718 3232 [ EF7A9942B1D60091E48C73B9688C62F3 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\ih8.exe
08:18:14.0718 3232 C:\Program Files\CenturyLink Online Security\FSAUA\program\ih8.exe - ok
08:18:14.0718 3232 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
08:18:14.0718 3232 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
08:18:14.0765 3232 [ BC38EDE84E18872B616C45EE15849F30 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\fsus.exe
08:18:14.0765 3232 C:\Program Files\CenturyLink Online Security\FSAUA\program\fsus.exe - ok
08:18:14.0828 3232 [ D641F8456B2BE9B7F07BECCA3B4B3C2C ] C:\Program Files\CenturyLink Online Security\ORSP Client\orspupd.exe
08:18:14.0828 3232 C:\Program Files\CenturyLink Online Security\ORSP Client\orspupd.exe - ok
08:18:14.0890 3232 [ 29A86B84BE97922C2FFDA0265D47ADBD ] C:\Program Files\CenturyLink Online Security\ExploitShield\esauahandlerconsole.exe
08:18:14.0890 3232 C:\Program Files\CenturyLink Online Security\ExploitShield\esauahandlerconsole.exe - ok
08:18:14.0953 3232 [ 6A565EE3BB659B6C8B5F393FDCA7453E ] C:\Program Files\CenturyLink Online Security\NRS\litmus-update-handler.exe
08:18:14.0953 3232 C:\Program Files\CenturyLink Online Security\NRS\litmus-update-handler.exe - ok
08:18:14.0984 3232 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
08:18:14.0984 3232 C:\WINDOWS\system32\inetpp.dll - ok
08:18:15.0000 3232 [ 4D2D1ED08C2FD846D350C3CCEE0926C7 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\ih8run.exe
08:18:15.0000 3232 C:\Program Files\CenturyLink Online Security\FSAUA\program\ih8run.exe - ok
08:18:15.0000 3232 [ 27DB3CEB88A1EF2BE1E193A05964973C ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
08:18:15.0000 3232 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
08:18:15.0015 3232 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
08:18:15.0015 3232 C:\WINDOWS\explorer.exe - ok
08:18:15.0015 3232 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
08:18:15.0015 3232 C:\WINDOWS\system32\browseui.dll - ok
08:18:15.0031 3232 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
08:18:15.0031 3232 C:\WINDOWS\system32\shdocvw.dll - ok
08:18:15.0031 3232 [ EC2F1423B0F6DD7EB8EE384967479E3F ] C:\WINDOWS\system32\AcSignIcon.dll
08:18:15.0031 3232 C:\WINDOWS\system32\AcSignIcon.dll - ok
08:18:15.0046 3232 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
08:18:15.0046 3232 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok
08:18:15.0046 3232 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
08:18:15.0046 3232 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok
08:18:15.0046 3232 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
08:18:15.0046 3232 C:\WINDOWS\system32\desk.cpl - ok
08:18:15.0093 3232 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
08:18:15.0093 3232 C:\WINDOWS\system32\themeui.dll - ok
08:18:15.0093 3232 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
08:18:15.0093 3232 C:\WINDOWS\system32\actxprxy.dll - ok
08:18:15.0109 3232 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
08:18:15.0109 3232 C:\WINDOWS\system32\browser.dll - ok
08:18:15.0109 3232 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
08:18:15.0109 3232 C:\WINDOWS\system32\shfolder.dll - ok
08:18:15.0109 3232 [ B0877FEFA8FB0E58F1099BD0958ECC97 ] C:\WINDOWS\system32\urlmon.dll
08:18:15.0109 3232 C:\WINDOWS\system32\urlmon.dll - ok
08:18:15.0125 3232 [ 11E47C2A717C03E1C5E05E1CFF6FA3DF ] C:\WINDOWS\system32\ieframe.dll
08:18:15.0125 3232 C:\WINDOWS\system32\ieframe.dll - ok
08:18:15.0125 3232 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
08:18:15.0125 3232 C:\WINDOWS\system32\cmd.exe - ok
08:18:15.0125 3232 [ 2D583E2844FDD592D1629EB6B10E5702 ] C:\WINDOWS\system32\fxsroute.dll
08:18:15.0125 3232 C:\WINDOWS\system32\fxsroute.dll - ok
08:18:15.0140 3232 [ 0CE5F8AE9C371A965D17E3F2ED134809 ] C:\WINDOWS\system32\fxst30.dll
08:18:15.0140 3232 C:\WINDOWS\system32\fxst30.dll - ok
08:18:15.0140 3232 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
08:18:15.0140 3232 C:\WINDOWS\system32\unimdm.tsp - ok
08:18:15.0140 3232 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
08:18:15.0140 3232 C:\WINDOWS\system32\uniplat.dll - ok
08:18:15.0156 3232 [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\KEITHW~1\LOCALS~1\temp\956E9A3D-A6BE-482F-BD9D-C6B4706417CD.exe
08:18:15.0156 3232 C:\DOCUME~1\KEITHW~1\LOCALS~1\temp\956E9A3D-A6BE-482F-BD9D-C6B4706417CD.exe - ok
08:18:15.0156 3232 [ C193D67B5E3655C1A520D24E04040145 ] C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
08:18:15.0156 3232 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll - ok
08:18:15.0171 3232 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
08:18:15.0171 3232 C:\WINDOWS\system32\linkinfo.dll - ok
08:18:15.0171 3232 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
08:18:15.0171 3232 C:\WINDOWS\system32\ntshrui.dll - ok
08:18:15.0171 3232 [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
08:18:15.0171 3232 C:\WINDOWS\system32\unimdmat.dll - ok
08:18:15.0187 3232 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
08:18:15.0187 3232 C:\WINDOWS\system32\h323.tsp - ok
08:18:15.0187 3232 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
08:18:15.0187 3232 C:\WINDOWS\system32\ipconf.tsp - ok
08:18:15.0187 3232 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
08:18:15.0187 3232 C:\WINDOWS\system32\kmddsp.tsp - ok
08:18:15.0203 3232 [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
08:18:15.0203 3232 C:\WINDOWS\system32\modemui.dll - ok
08:18:15.0203 3232 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
08:18:15.0203 3232 C:\WINDOWS\system32\ndptsp.tsp - ok
08:18:15.0203 3232 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
08:18:15.0203 3232 C:\WINDOWS\system32\hidphone.tsp - ok
08:18:15.0218 3232 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
08:18:15.0218 3232 C:\WINDOWS\system32\termsrv.dll - ok
08:18:15.0218 3232 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
08:18:15.0218 3232 C:\WINDOWS\system32\icaapi.dll - ok
08:18:15.0234 3232 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
08:18:15.0234 3232 C:\WINDOWS\system32\mstlsapi.dll - ok
08:18:15.0234 3232 [ 3DB7415150DFB85FCF470E10F4745FD3 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys
08:18:15.0234 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys - ok
08:18:15.0234 3232 [ 8E0BF7478CC3BAED48282ADBC97ADAFB ] C:\Program Files\CenturyLink Online Security\FWES\program\fsdfwd.exe
08:18:15.0234 3232 C:\Program Files\CenturyLink Online Security\FWES\program\fsdfwd.exe - ok
08:18:15.0234 3232 [ 939BCEE3498C4DBFAAA4AF51968FFE72 ] C:\Program Files\CenturyLink Online Security\HIPS\fships.dll
08:18:15.0234 3232 C:\Program Files\CenturyLink Online Security\HIPS\fships.dll - ok
08:18:15.0250 3232 [ 1C55259F89A68F223939A34753965B0C ] C:\Program Files\CenturyLink Online Security\ORSP Client\orspapi.dll
08:18:15.0250 3232 C:\Program Files\CenturyLink Online Security\ORSP Client\orspapi.dll - ok
08:18:15.0250 3232 [ F60955CB38E60ECCBFC02A63740AA7CB ] C:\Program Files\CenturyLink Online Security\HIPS\fsumi.dll
08:18:15.0250 3232 C:\Program Files\CenturyLink Online Security\HIPS\fsumi.dll - ok
08:18:15.0265 3232 [ D9475978214C01F06A51B52CCCA8FFF2 ] C:\Program Files\CenturyLink Online Security\ORSP Client\json_c.dll
08:18:15.0265 3232 C:\Program Files\CenturyLink Online Security\ORSP Client\json_c.dll - ok
08:18:15.0265 3232 [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
08:18:15.0265 3232 C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
08:18:15.0265 3232 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
08:18:15.0265 3232 C:\WINDOWS\system32\mstask.dll - ok
08:18:15.0281 3232 [ EA741F04557C13E0187DFBEE85922FE7 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
08:18:15.0281 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe - ok
08:18:15.0281 3232 [ 7CC5951B917EAC1C2E42600A1B669373 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\hashlib_x86.dll
08:18:15.0281 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\hashlib_x86.dll - ok
08:18:15.0281 3232 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
08:18:15.0281 3232 C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe - ok
08:18:15.0296 3232 [ ED39EE168420E54F2750B6A3A7F5B1A2 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fshive2.dll
08:18:15.0296 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fshive2.dll - ok
08:18:15.0296 3232 [ BEF0E24D58AE175BD0BD4F3CB93FAA76 ] C:\Program Files\CenturyLink Online Security\ORSP Client\orspplug.dll
08:18:15.0296 3232 C:\Program Files\CenturyLink Online Security\ORSP Client\orspplug.dll - ok
08:18:15.0296 3232 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
08:18:15.0296 3232 C:\WINDOWS\system32\alg.exe - ok
08:18:15.0312 3232 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
08:18:15.0312 3232 C:\WINDOWS\system32\rasmans.dll - ok
08:18:15.0312 3232 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
08:18:15.0312 3232 C:\WINDOWS\system32\netcfgx.dll - ok
08:18:15.0312 3232 [ 7881C705403427AC25A6E19E62BDD6C5 ] C:\Program Files\CenturyLink Online Security\FWES\program\fsmirror.dll
08:18:15.0328 3232 C:\Program Files\CenturyLink Online Security\FWES\program\fsmirror.dll - ok
08:18:15.0328 3232 [ F5FCADD58790C996901D2752214FD33C ] C:\Program Files\CenturyLink Online Security\Anti-Virus\aquarius\fpiaqu.dll
08:18:15.0328 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\aquarius\fpiaqu.dll - ok
08:18:15.0328 3232 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
08:18:15.0328 3232 C:\WINDOWS\system32\rastapi.dll - ok
08:18:15.0343 3232 [ 1755023407FDE00D9916505A557569D5 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\aquarius\core\bdcore.dll
08:18:15.0343 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\aquarius\core\bdcore.dll - ok
08:18:15.0343 3232 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
08:18:15.0343 3232 C:\WINDOWS\system32\rasppp.dll - ok
08:18:15.0343 3232 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
08:18:15.0343 3232 C:\WINDOWS\system32\ntlsapi.dll - ok
08:18:15.0359 3232 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
08:18:15.0359 3232 C:\WINDOWS\system32\rasqec.dll - ok
08:18:15.0359 3232 [ 047CD344AC7B76BA3C224FAE1A4627C9 ] C:\WINDOWS\system32\WgaTray.exe
08:18:15.0359 3232 C:\WINDOWS\system32\WgaTray.exe - ok
08:18:15.0359 3232 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\72236658.sys
08:18:15.0359 3232 C:\WINDOWS\system32\drivers\72236658.sys - ok
08:18:15.0375 3232 [ 4F573EE9531D8357A82D829155E26A1B ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsbl.dll
08:18:15.0375 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsbl.dll - ok
08:18:15.0375 3232 [ E053AD1EA4F713DED08164069BF2A105 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsbld.dll
08:18:15.0375 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsbld.dll - ok
08:18:15.0375 3232 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
08:18:15.0375 3232 C:\WINDOWS\system32\verclsid.exe - ok
08:18:15.0390 3232 [ 82AB31C0204A6F3F6751B152382AFE60 ] C:\Program Files\CenturyLink Online Security\Gemini\fsgem.dll
08:18:15.0390 3232 C:\Program Files\CenturyLink Online Security\Gemini\fsgem.dll - ok
08:18:15.0390 3232 [ DFEACC79A891759CFA0708E2BCB0BA17 ] C:\Program Files\CenturyLink Online Security\Gemini\fsgeme.dll
08:18:15.0390 3232 C:\Program Files\CenturyLink Online Security\Gemini\fsgeme.dll - ok
08:18:15.0406 3232 [ 7EEEF81589C2ECF62ECC2473E2EA885A ] C:\PROGRA~1\CENTUR~1\ANTI-V~1\fsepx32.dll
08:18:15.0406 3232 C:\PROGRA~1\CENTUR~1\ANTI-V~1\fsepx32.dll - ok
08:18:15.0406 3232 [ EFC9013F2BDEBDE18CF26FC897922710 ] C:\Program Files\CenturyLink Online Security\DAAS2\daas2.dll
08:18:15.0406 3232 C:\Program Files\CenturyLink Online Security\DAAS2\daas2.dll - ok
08:18:15.0406 3232 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
08:18:15.0406 3232 C:\WINDOWS\system32\mlang.dll - ok
08:18:15.0421 3232 [ 5D999BF519415D1C8EE0B97FF6A254DB ] C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
08:18:15.0421 3232 C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL - ok
08:18:15.0421 3232 [ E520AA2CC6A87C8E9BF058FF40E03DE8 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
08:18:15.0421 3232 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL - ok
08:18:15.0421 3232 [ 5370F7E290EECF4732CCB71F5C7E6833 ] C:\PROGRA~1\CENTUR~1\ANTI-V~1\fsecr32.dll
08:18:15.0421 3232 C:\PROGRA~1\CENTUR~1\ANTI-V~1\fsecr32.dll - ok
08:18:15.0437 3232 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
08:18:15.0437 3232 C:\WINDOWS\system32\cryptnet.dll - ok
08:18:15.0437 3232 [ 8D74462038DDAE95966EF5F1E53C96B0 ] C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
08:18:15.0437 3232 C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE - ok
08:18:15.0437 3232 [ 2A3998F26FAE6AE2F4B2968553B404CE ] C:\Program Files\CenturyLink Online Security\FSGUI\tnbutil.exe
08:18:15.0437 3232 C:\Program Files\CenturyLink Online Security\FSGUI\tnbutil.exe - ok
08:18:15.0453 3232 [ E058C4821D48E0A67F6069CB50818D44 ] C:\WINDOWS\system32\LegitCheckControl.dll
08:18:15.0453 3232 C:\WINDOWS\system32\LegitCheckControl.dll - ok
08:18:15.0453 3232 [ 4814DEDE3A8F5B36839C11B04324F240 ] C:\Program Files\Microsoft IntelliType Pro\itype.exe
08:18:15.0453 3232 C:\Program Files\Microsoft IntelliType Pro\itype.exe - ok
08:18:15.0453 3232 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
08:18:15.0453 3232 C:\WINDOWS\system32\upnp.dll - ok
08:18:15.0468 3232 [ E87205C3CEF3C23F778D8E3731AC9C6A ] C:\Program Files\CenturyLink Online Security\FSGUI\about.dll
08:18:15.0468 3232 C:\Program Files\CenturyLink Online Security\FSGUI\about.dll - ok
08:18:15.0468 3232 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
08:18:15.0468 3232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
08:18:15.0484 3232 [ 234E8297EAC9BC2D9E1AD1EB035A195A ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
08:18:15.0484 3232 C:\Program Files\Microsoft IntelliPoint\ipoint.exe - ok
08:18:15.0484 3232 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
08:18:15.0484 3232 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
08:18:15.0484 3232 [ 1C22A3866112ED41E1F3684DAE9AD5D2 ] C:\WINDOWS\system32\mmcshext.dll
08:18:15.0484 3232 C:\WINDOWS\system32\mmcshext.dll - ok
08:18:15.0484 3232 [ D3E868700D9B5E3C54B7EED060215CC1 ] C:\WINDOWS\system32\hhsetup.dll
08:18:15.0484 3232 C:\WINDOWS\system32\hhsetup.dll - ok
08:18:15.0500 3232 [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
08:18:15.0500 3232 C:\WINDOWS\system32\riched32.dll - ok
08:18:15.0500 3232 [ 6C190D156098A0ED045465284F2B2878 ] C:\Program Files\CenturyLink Online Security\FSGUI\aboutres.dll
08:18:15.0500 3232 C:\Program Files\CenturyLink Online Security\FSGUI\aboutres.dll - ok
08:18:15.0515 3232 [ 4D042B1F1375CF371AFBE0E0276BA627 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
08:18:15.0515 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe - ok
08:18:15.0515 3232 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft IntelliType Pro\SQMAPI.dll
08:18:15.0515 3232 C:\Program Files\Microsoft IntelliType Pro\SQMAPI.dll - ok
08:18:15.0515 3232 [ BE79731201E858D18AF63DD42BD3D87C ] C:\Program Files\Microsoft IntelliType Pro\dpgmkb.dll
08:18:15.0515 3232 C:\Program Files\Microsoft IntelliType Pro\dpgmkb.dll - ok
08:18:15.0531 3232 [ 3F0363B40376047EFF6A9B97D633B750 ] C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll
08:18:15.0531 3232 C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll - ok
08:18:15.0531 3232 [ 390679F7A217A5E73D756276C40AE887 ] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
08:18:15.0531 3232 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - ok
08:18:15.0531 3232 [ 2226D03C8990597FC2FEE86CE3F3B62A ] C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
08:18:15.0531 3232 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll - ok
08:18:15.0546 3232 [ 751184DF487A1B3C95CB29B0D0069C28 ] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
08:18:15.0546 3232 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE - ok
08:18:15.0546 3232 [ 1BD96C48598C0D8534E6DFB1BAF4DC13 ] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
08:18:15.0546 3232 C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe - ok
08:18:15.0546 3232 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
08:18:15.0546 3232 C:\WINDOWS\system32\ctfmon.exe - ok
08:18:15.0562 3232 [ B12354F653F12CC5F6654FFF41A2A7B6 ] C:\Program Files\CenturyLink Online Security\Spam Control\fsas.dll
08:18:15.0562 3232 C:\Program Files\CenturyLink Online Security\Spam Control\fsas.dll - ok
08:18:15.0562 3232 [ 2BA8242CD13B239565628220FBD0535B ] C:\Program Files\IObit\Advanced SystemCare 5\rtl120.bpl
08:18:15.0562 3232 C:\Program Files\IObit\Advanced SystemCare 5\rtl120.bpl - ok
08:18:15.0562 3232 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
08:18:15.0562 3232 C:\WINDOWS\system32\msctf.dll - ok
08:18:15.0578 3232 [ 6A4BCC3E4DAB2875A5C729D73052F0D5 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsuss.dll
08:18:15.0578 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsuss.dll - ok
08:18:15.0578 3232 [ 4B88BD98983A2CD9BE90F368B4F59F0A ] C:\Program Files\Adobe\Acrobat 8.0\Esl\asneu.dll
08:18:15.0578 3232 C:\Program Files\Adobe\Acrobat 8.0\Esl\asneu.dll - ok
08:18:15.0593 3232 [ AFF70DA0D8D1E87438F714DB2558FA99 ] C:\Program Files\Microsoft IntelliPoint\ipres.dll
08:18:15.0593 3232 C:\Program Files\Microsoft IntelliPoint\ipres.dll - ok
08:18:15.0593 3232 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
08:18:15.0593 3232 C:\WINDOWS\system32\msutb.dll - ok
08:18:15.0593 3232 [ 365456CC509DD6E5B5293B75CD572696 ] C:\Program Files\Microsoft IntelliType Pro\itres.dll
08:18:15.0593 3232 C:\Program Files\Microsoft IntelliType Pro\itres.dll - ok
08:18:15.0609 3232 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
08:18:15.0609 3232 C:\WINDOWS\system32\licwmi.dll - ok
08:18:15.0609 3232 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
08:18:15.0609 3232 C:\WINDOWS\system32\wbem\framedyn.dll - ok
08:18:15.0625 3232 [ 366C8882EE8FEE647B2B8A96BC3558AD ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.dll
08:18:15.0625 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.dll - ok
08:18:15.0625 3232 [ 0AEFF41B9C87ADF782EFB8F6495D0D62 ] C:\WINDOWS\system32\webcheck.dll
08:18:15.0625 3232 C:\WINDOWS\system32\webcheck.dll - ok
08:18:15.0625 3232 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
08:18:15.0625 3232 C:\WINDOWS\ime\sptip.dll - ok
08:18:15.0640 3232 [ C00CF0A533CFB1C8CC1D3A3625437B74 ] C:\Program Files\Microsoft IntelliPoint\srres.dll
08:18:15.0640 3232 C:\Program Files\Microsoft IntelliPoint\srres.dll - ok
08:18:15.0640 3232 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
08:18:15.0640 3232 C:\WINDOWS\system32\stobject.dll - ok
08:18:15.0640 3232 [ 570264C86DC12A9F012E096A7075CC6C ] C:\Program Files\Microsoft IntelliType Pro\srres.dll
08:18:15.0640 3232 C:\Program Files\Microsoft IntelliType Pro\srres.dll - ok
08:18:15.0656 3232 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
08:18:15.0656 3232 C:\WINDOWS\system32\batmeter.dll - ok
08:18:15.0656 3232 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
08:18:15.0656 3232 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
08:18:15.0671 3232 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
08:18:15.0671 3232 C:\WINDOWS\system32\licdll.dll - ok
08:18:15.0671 3232 [ 35BF04D47CA7E6D255CCC8739C50A2D0 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsusscr.dll
08:18:15.0671 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsusscr.dll - ok
08:18:15.0671 3232 [ 98E53CA00D3C0A2E9FAA4E59C101AEBA ] C:\WINDOWS\system32\mslbui.dll
08:18:15.0671 3232 C:\WINDOWS\system32\mslbui.dll - ok
08:18:15.0687 3232 [ 41E107E57DD21B2A119709F0BB8CE576 ] C:\WINDOWS\system32\dfshim.dll
08:18:15.0687 3232 C:\WINDOWS\system32\dfshim.dll - ok
08:18:15.0687 3232 [ E716BE751FCA66E97E49757305F44B3C ] C:\Program Files\IObit\Advanced SystemCare 5\vcl120.bpl
08:18:15.0687 3232 C:\Program Files\IObit\Advanced SystemCare 5\vcl120.bpl - ok
08:18:15.0687 3232 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
08:18:15.0687 3232 C:\WINDOWS\system32\hhctrl.ocx - ok
08:18:15.0703 3232 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
08:18:15.0703 3232 C:\WINDOWS\system32\msxml6.dll - ok
08:18:15.0703 3232 [ A748A1D18BBD8B09DC2F238878C3CEC3 ] C:\Program Files\CenturyLink Online Security\FSGUI\gres.dll
08:18:15.0703 3232 C:\Program Files\CenturyLink Online Security\FSGUI\gres.dll - ok
08:18:15.0703 3232 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
08:18:15.0703 3232 C:\WINDOWS\system32\mydocs.dll - ok
08:18:15.0718 3232 [ AB6D0A4EBA0B43A83A21F698F3E1BCC8 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
08:18:15.0718 3232 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfdll.dll - ok
08:18:15.0718 3232 [ F64FD5C7FEF7FC25CBA37974FF3584D7 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll
08:18:15.0718 3232 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
08:18:15.0718 3232 [ E11FF49ABE1319D9361C9B4A8BF01E61 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AGM.dll
08:18:15.0718 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AGM.dll - ok
08:18:15.0734 3232 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
08:18:15.0734 3232 C:\WINDOWS\system32\oledlg.dll - ok
08:18:15.0734 3232 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
08:18:15.0734 3232 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
08:18:15.0734 3232 [ 477E08FE0114AFEA114FC954C983D4DB ] C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
08:18:15.0734 3232 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL - ok
08:18:15.0750 3232 [ 8E33D170B6A1561798816A37DABCA3B8 ] C:\WINDOWS\system32\jsproxy.dll
08:18:15.0750 3232 C:\WINDOWS\system32\jsproxy.dll - ok
08:18:15.0750 3232 [ 6B447F5802D67E20220BE91917F76033 ] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
08:18:15.0750 3232 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - ok
08:18:15.0750 3232 [ 56AD8E1ED1A47721F45959B4D6151153 ] C:\Program Files\IObit\Advanced SystemCare 5\datastate.dll
08:18:15.0750 3232 C:\Program Files\IObit\Advanced SystemCare 5\datastate.dll - ok
08:18:15.0765 3232 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
08:18:15.0765 3232 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
08:18:15.0765 3232 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
08:18:15.0765 3232 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
08:18:15.0781 3232 [ FECC04A2AA659868A3E47E6A06237DD1 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\CoolType.dll
08:18:15.0781 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\CoolType.dll - ok
08:18:15.0781 3232 [ 329701BA5C5FE54619F38CB88D92702E ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\BIB.dll
08:18:15.0781 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\BIB.dll - ok
08:18:15.0781 3232 [ 980918B5A4E21CD3D9313A9FE8DCC697 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ace.dll
08:18:15.0781 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ace.dll - ok
08:18:15.0796 3232 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
08:18:15.0796 3232 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
08:18:15.0796 3232 [ 0B7EA5926EF6175D1525222EE64A5B9B ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeLM.dll
08:18:15.0796 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeLM.dll - ok
08:18:15.0796 3232 [ 6F2E09108202E5EB008C69488FAFD27C ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll
08:18:15.0796 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll - ok
08:18:15.0812 3232 [ 4B88BD98983A2CD9BE90F368B4F59F0A ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll
08:18:15.0812 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll - ok
08:18:15.0812 3232 [ 3FB0F47B4C0C048EE97B0E2B4FF9C67D ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll
08:18:15.0812 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll - ok
08:18:15.0812 3232 [ DE519C164F3300D83F4EFB4A23DAD2AC ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll
08:18:15.0812 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll - ok
08:18:15.0828 3232 [ 4970CDA5FC955A8A0B6EAEE92BBD22AB ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll
08:18:15.0828 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll - ok
08:18:15.0828 3232 [ EBA4D535D61C72B844F6E1C5015A0E9E ] C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
08:18:15.0828 3232 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe - ok
08:18:15.0843 3232 [ DEFB448563184A96B6ABD737BAE66A33 ] C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
08:18:15.0843 3232 C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe - ok
08:18:15.0843 3232 [ 4B2F13FF26579B8D4F851AE157705445 ] C:\Program Files\IObit\Advanced SystemCare 5\OFCommon.dll
08:18:15.0843 3232 C:\Program Files\IObit\Advanced SystemCare 5\OFCommon.dll - ok
08:18:15.0843 3232 [ B8FA9D02A0E4222C1A755F0BF68151D0 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatFNP.dll
08:18:15.0843 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatFNP.dll - ok
08:18:15.0859 3232 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
08:18:15.0859 3232 C:\WINDOWS\system32\rasdlg.dll - ok
08:18:15.0859 3232 [ 880F7ED2DF24DB14AF96C6D797958796 ] C:\WINDOWS\system32\wbem\wbemdisp.dll
08:18:15.0859 3232 C:\WINDOWS\system32\wbem\wbemdisp.dll - ok
08:18:15.0859 3232 [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
08:18:15.0859 3232 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
08:18:15.0875 3232 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
08:18:15.0875 3232 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
08:18:15.0875 3232 [ A169FF4FF90E59C61F1D1FC9099A2F13 ] C:\Program Files\Microsoft IntelliType Pro\dpgcmd.dll
08:18:15.0875 3232 C:\Program Files\Microsoft IntelliType Pro\dpgcmd.dll - ok
08:18:15.0875 3232 [ 90A9B542C9300E540864D9FE1C42A130 ] C:\WINDOWS\system32\fxsst.dll
08:18:15.0875 3232 C:\WINDOWS\system32\fxsst.dll - ok
08:18:15.0890 3232 [ 87F369078A9CDA1A9202B50A22BE9D76 ] C:\Program Files\CenturyLink Online Security\Common\FSMRES.eng
08:18:15.0890 3232 C:\Program Files\CenturyLink Online Security\Common\FSMRES.eng - ok
08:18:15.0890 3232 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
08:18:15.0890 3232 C:\WINDOWS\system32\security.dll - ok
08:18:15.0890 3232 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
08:18:15.0890 3232 C:\WINDOWS\system32\snmpapi.dll - ok
08:18:15.0906 3232 [ 4F5D1910AB264FA0E66B115FF4AC51DF ] C:\Program Files\Microsoft IntelliType Pro\Components\Commands\DPGHnt\DPGHnt.dll
08:18:15.0906 3232 C:\Program Files\Microsoft IntelliType Pro\Components\Commands\DPGHnt\DPGHnt.dll - ok
08:18:15.0906 3232 [ 63AFCE1F41E0A9D804629C6F6EEDF385 ] C:\Program Files\CenturyLink Online Security\FSGUI\fsmuiav.dll
08:18:15.0906 3232 C:\Program Files\CenturyLink Online Security\FSGUI\fsmuiav.dll - ok
08:18:15.0921 3232 [ C6958AD2091238B71237D73358CEC2AB ] C:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE
08:18:15.0921 3232 C:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE - ok
08:18:15.0921 3232 [ 88A75BCFB50E729214631406FEA1A192 ] C:\Program Files\CenturyLink Online Security\FSAUA\program\fsauainfo.dll
08:18:15.0921 3232 C:\Program Files\CenturyLink Online Security\FSAUA\program\fsauainfo.dll - ok
08:18:15.0921 3232 [ 7ABEE64692283BB0F6188EA272D110A6 ] C:\Program Files\CenturyLink Online Security\FSGUI\guilaunc.dll
08:18:15.0921 3232 C:\Program Files\CenturyLink Online Security\FSGUI\guilaunc.dll - ok
08:18:15.0937 3232 [ 1F6FB56BE1A5C2C79116A0B98AC20758 ] C:\Program Files\CenturyLink Online Security\FSGUI\guiplugn.dll
08:18:15.0937 3232 C:\Program Files\CenturyLink Online Security\FSGUI\guiplugn.dll - ok
08:18:15.0937 3232 [ 59EF15DECFA8571A650C667BF1EDC532 ] C:\Program Files\CenturyLink Online Security\FSPC\fspcapi.dll
08:18:15.0937 3232 C:\Program Files\CenturyLink Online Security\FSPC\fspcapi.dll - ok
08:18:15.0937 3232 [ 69B58FD331414600D14C50F9C49D68FD ] C:\Program Files\CenturyLink Online Security\FSGUI\pcpwd.dll
08:18:15.0937 3232 C:\Program Files\CenturyLink Online Security\FSGUI\pcpwd.dll - ok
08:18:15.0953 3232 [ F76D04F7413B07DAA029F6520B64B4E8 ] C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:18:15.0953 3232 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - ok
08:18:15.0953 3232 [ C88C65DF1ED4DFD34CFBD11CDFE519A3 ] C:\WINDOWS\system32\wucltui.dll
08:18:15.0953 3232 C:\WINDOWS\system32\wucltui.dll - ok
08:18:15.0953 3232 [ C31DD4CEC06D2908AE5F212A0B13805B ] C:\WINDOWS\system32\wuaucpl.cpl
08:18:15.0953 3232 C:\WINDOWS\system32\wuaucpl.cpl - ok
08:18:15.0968 3232 [ BBDFDBEAD1B7A1CFD44BFFFD177FB627 ] C:\WINDOWS\system32\mucltui.dll
08:18:15.0968 3232 C:\WINDOWS\system32\mucltui.dll - ok
08:18:15.0968 3232 [ 4441959E5ADF0FFA28745E06972E475B ] C:\Program Files\CenturyLink Online Security\FSGUI\fsavures.eng
08:18:15.0968 3232 C:\Program Files\CenturyLink Online Security\FSGUI\fsavures.eng - ok
08:18:15.0984 3232 [ C186663F33D3885BA4BF6F68AC40EA51 ] C:\Program Files\CenturyLink Online Security\FSGUI\fsavesui.dll
08:18:15.0984 3232 C:\Program Files\CenturyLink Online Security\FSGUI\fsavesui.dll - ok
08:18:15.0984 3232 [ E56DED2BD8F5DB2901A334E26D4F73D4 ] C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
08:18:15.0984 3232 C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll - ok
08:18:15.0984 3232 [ 80AA4214C5BC0A355151BD115017313F ] C:\WINDOWS\system32\bthprops.cpl
08:18:15.0984 3232 C:\WINDOWS\system32\bthprops.cpl - ok
08:18:15.0984 3232 [ B1762156256B0238C21BAA4C06CEF727 ] C:\WINDOWS\system32\devmgr.dll
08:18:15.0984 3232 C:\WINDOWS\system32\devmgr.dll - ok
08:18:16.0000 3232 [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll
08:18:16.0000 3232 C:\WINDOWS\system32\httpapi.dll - ok
08:18:16.0000 3232 [ D2DFBEA43ECFDD5FA864FAEF0A74C291 ] C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll
08:18:16.0000 3232 C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll - ok
08:18:16.0015 3232 [ 4A93B65CFB514F2EA76B59568D5F39CE ] C:\WINDOWS\system32\strmfilt.dll
08:18:16.0015 3232 C:\WINDOWS\system32\strmfilt.dll - ok
08:18:16.0015 3232 [ 6100A808600F44D999CEBDEF8841C7A3 ] C:\WINDOWS\system32\w3ssl.dll
08:18:16.0015 3232 C:\WINDOWS\system32\w3ssl.dll - ok
08:18:16.0015 3232 [ A476D7A2B45D787ED4143C7F0DA4EDE1 ] C:\Program Files\Adobe\Acrobat 8.0\Esl\Aiod.dll
08:18:16.0015 3232 C:\Program Files\Adobe\Acrobat 8.0\Esl\Aiod.dll - ok
08:18:16.0031 3232 [ 7D79CFA90F112B9DE78832DE36EE535E ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrodist.exe
08:18:16.0031 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrodist.exe - ok
08:18:16.0031 3232 [ 0FA48E4171FD2D9DBB308732C6731439 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrodistdll.dll
08:18:16.0031 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrodistdll.dll - ok
08:18:16.0031 3232 [ 5095222B96196CCDB5993A831178F3EB ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll
08:18:16.0031 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll - ok
08:18:16.0046 3232 [ 219922BB9410531D4C4B9EA79975E875 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ahclient.dll
08:18:16.0046 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ahclient.dll - ok
08:18:16.0046 3232 [ 920104DBE9973EF91665A33200CBFF76 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobePDFL.dll
08:18:16.0046 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobePDFL.dll - ok
08:18:16.0046 3232 [ 64082F2382062CF8656E683107F1C1BF ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\JP2KLib.dll
08:18:16.0046 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\JP2KLib.dll - ok
08:18:16.0062 3232 [ 2111BDF986BB250582AE194541673F34 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\BibUtils.dll
08:18:16.0062 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\BibUtils.dll - ok
08:18:16.0062 3232 [ 3E48A87C2E024F05754CBBE47A17295A ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ARE.dll
08:18:16.0062 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ARE.dll - ok
08:18:16.0062 3232 [ 370A20CBF2DC3FB0732DD39A4EBA5C62 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AXE8SharedExpat.dll
08:18:16.0062 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AXE8SharedExpat.dll - ok
08:18:16.0078 3232 [ 0E88B20ED80AEADB3A3CA8B259325D8F ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Adist.dll
08:18:16.0078 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Adist.dll - ok
08:18:16.0078 3232 [ 9CBE089DAD91F83843CFCA7E019927EF ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll
08:18:16.0078 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll - ok
08:18:16.0093 3232 [ 724620E284EAD7A747ED1FE9254B0AB2 ] C:\Program Files\CenturyLink Online Security\FSGUI\flyer.dll
08:18:16.0093 3232 C:\Program Files\CenturyLink Online Security\FSGUI\flyer.dll - ok
08:18:16.0093 3232 [ 75BD6D16E511DE18ED22B6FA4E41F86F ] C:\Program Files\CenturyLink Online Security\ISPNews\ispnews.dll
08:18:16.0093 3232 C:\Program Files\CenturyLink Online Security\ISPNews\ispnews.dll - ok
08:18:16.0093 3232 [ 4A8F597308DDF77806BFC466193C7638 ] C:\Program Files\CenturyLink Online Security\ISPNews\ispnewsres.eng
08:18:16.0093 3232 C:\Program Files\CenturyLink Online Security\ISPNews\ispnewsres.eng - ok
08:18:16.0109 3232 [ B0FB9D283D2F979810EE44E6867D0BA8 ] C:\Program Files\CenturyLink Online Security\Common\FSMAUI32.DLL
08:18:16.0109 3232 C:\Program Files\CenturyLink Online Security\Common\FSMAUI32.DLL - ok
08:18:16.0109 3232 [ 4FA6B21D89943962EE1D77C2B238E146 ] C:\Program Files\CenturyLink Online Security\FSGUI\flyerres.eng
08:18:16.0109 3232 C:\Program Files\CenturyLink Online Security\FSGUI\flyerres.eng - ok
08:18:16.0109 3232 [ 96E4AF036F5D762C8D5E3325F6FF644C ] C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
08:18:16.0109 3232 C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll - ok
08:18:16.0125 3232 [ 8496AD5DB6EC9C8090D014FC9A705C56 ] C:\Program Files\Common Files\Autodesk Shared\AcShellEx\enu\AcShellExtensionRes.dll
08:18:16.0125 3232 C:\Program Files\Common Files\Autodesk Shared\AcShellEx\enu\AcShellExtensionRes.dll - ok
08:18:16.0125 3232 [ 2C60B1FBFA906A1549B58F88EE40C75A ] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
08:18:16.0125 3232 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll - ok
08:18:16.0125 3232 [ E46976758B6A20229F7F820032C80185 ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
08:18:16.0125 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe - ok
08:18:16.0140 3232 [ 1412A6785B953D99A2A83A1ED706ACE8 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
08:18:16.0140 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe - ok
08:18:16.0140 3232 [ 20607EE4886D78DD95286F2D14E9FF2F ] C:\WINDOWS\system32\msvcp71.dll
08:18:16.0140 3232 C:\WINDOWS\system32\msvcp71.dll - ok
08:18:16.0156 3232 [ 25912CC032CB14C299CEC9D2034A49F4 ] C:\WINDOWS\system32\msvcr71.dll
08:18:16.0156 3232 C:\WINDOWS\system32\msvcr71.dll - ok
08:18:16.0156 3232 [ 9434F32EBD331E74F1AC88DB4056873E ] C:\Program Files\Adobe\Acrobat 7.0\Reader\BIB.dll
08:18:16.0156 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\BIB.dll - ok
08:18:16.0156 3232 [ 6BD6DEE5851EAED866F95AAAC64CFF48 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll
08:18:16.0156 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll - ok
08:18:16.0171 3232 [ D9FBAE7542AA52B2990011CB636AE4B4 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\AGM.dll
08:18:16.0171 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\AGM.dll - ok
08:18:16.0171 3232 [ 6F6B65EECC49D535B009EED171428C8C ] C:\Program Files\Adobe\Acrobat 7.0\Reader\CoolType.dll
08:18:16.0171 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\CoolType.dll - ok
08:18:16.0171 3232 [ EA8AED38C48E90E6CE9785BE3D9A8A9E ] C:\Program Files\Adobe\Acrobat 7.0\Reader\ACE.dll
08:18:16.0171 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\ACE.dll - ok
08:18:16.0187 3232 [ 8129E7EB5973EB96C3E721762A48C1EF ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Accessibility.api
08:18:16.0187 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Accessibility.api - ok
08:18:16.0187 3232 [ 5E2FCA45BEF46B848F4B946968C921A8 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm.api
08:18:16.0187 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm.api - ok
08:18:16.0187 3232 [ 6AC998FB72033FDB5BF421AC3A898253 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annots.api
08:18:16.0187 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annots.api - ok
08:18:16.0203 3232 [ A9E08B72C6179CDC7244303D36035624 ] C:\Program Files\CenturyLink Online Security\Common\FSMAURES.eng
08:18:16.0203 3232 C:\Program Files\CenturyLink Online Security\Common\FSMAURES.eng - ok
08:18:16.0203 3232 [ C316DF2A5C6E5F0C4577B8FCD2C002A5 ] C:\Program Files\CenturyLink Online Security\Uninstall\fsisu.dll
08:18:16.0203 3232 C:\Program Files\CenturyLink Online Security\Uninstall\fsisu.dll - ok
08:18:16.0218 3232 [ 3670A099DF23BB2DBD74B4635A16A593 ] C:\Program Files\CenturyLink Online Security\FSPC\fspcfsm.dll
08:18:16.0218 3232 C:\Program Files\CenturyLink Online Security\FSPC\fspcfsm.dll - ok
08:18:16.0218 3232 [ 258C647C8D8F14492FEC48ECB6BBEFA3 ] C:\Program Files\CenturyLink Online Security\FSGUI\tnbres.eng
08:18:16.0218 3232 C:\Program Files\CenturyLink Online Security\FSGUI\tnbres.eng - ok
08:18:16.0218 3232 [ 74E24784C5C7A72349DF02B90BCB75CE ] C:\Program Files\CenturyLink Online Security\FWES\program\fsesperf.dll
08:18:16.0218 3232 C:\Program Files\CenturyLink Online Security\FWES\program\fsesperf.dll - ok
08:18:16.0234 3232 [ 68EC6F36CDE6C5B35255A7D1EC7D3907 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Checkers.api
08:18:16.0234 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Checkers.api - ok
08:18:16.0234 3232 [ 23E85E2A113347D22FA85B663FE11917 ] C:\Program Files\CenturyLink Online Security\Spam Control\fsscoepl.dll
08:18:16.0234 3232 C:\Program Files\CenturyLink Online Security\Spam Control\fsscoepl.dll - ok
08:18:16.0234 3232 [ 1983D6073E88A2E13EF3B9E2E1E9B76A ] C:\Program Files\CenturyLink Online Security\Common\fsdfwres.eng
08:18:16.0234 3232 C:\Program Files\CenturyLink Online Security\Common\fsdfwres.eng - ok
08:18:16.0250 3232 [ 2F0B23FA5F2099B924562BBA043AAD83 ] C:\Program Files\CenturyLink Online Security\Uninstall\fsisuNT.dll
08:18:16.0250 3232 C:\Program Files\CenturyLink Online Security\Uninstall\fsisuNT.dll - ok
08:18:16.0250 3232 [ DE5407A5113137DBF4B05AAB8836C396 ] C:\Program Files\CenturyLink Online Security\FSGUI\fsscgui.dll
08:18:16.0250 3232 C:\Program Files\CenturyLink Online Security\FSGUI\fsscgui.dll - ok
08:18:16.0250 3232 [ F5AEBF0D05A762B9C2A54C46D3B712FB ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\DigSig.api
08:18:16.0250 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\DigSig.api - ok
08:18:16.0265 3232 [ CC54710E7F98A8BB191C4E1D66CE6A72 ] C:\Program Files\CenturyLink Online Security\FSPC\fspcfsm.eng
08:18:16.0265 3232 C:\Program Files\CenturyLink Online Security\FSPC\fspcfsm.eng - ok
08:18:16.0265 3232 [ 344F60D239FE1BDE4DEF77246CB446B3 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\eBook.api
08:18:16.0265 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\eBook.api - ok
08:18:16.0265 3232 [ 81DB9188BABE219CAFDC7BF39059CF39 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\EScript.api
08:18:16.0265 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\EScript.api - ok
08:18:16.0281 3232 [ 023736D2988B95F0646458FE6DE82EF6 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\EWH32.api
08:18:16.0281 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\EWH32.api - ok
08:18:16.0281 3232 [ 052D7B20B2C0EA4C68794A0F35758047 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\HLS.api
08:18:16.0281 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\HLS.api - ok
08:18:16.0281 3232 [ AEB9FBFBA537E34E8B9ED6A1D926514B ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\IA32.api
08:18:16.0281 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\IA32.api - ok
08:18:16.0296 3232 [ EDE119EE66BA0B0461756913F352713C ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer.API
08:18:16.0296 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer.API - ok
08:18:16.0296 3232 [ 757C420173C12238CF2CB0A90F5F8D2C ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\LegalPDF.api
08:18:16.0296 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\LegalPDF.api - ok
08:18:16.0312 3232 [ D1558AAB07C3C65D751B195A2270ECA6 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\MakeAccessible.api
08:18:16.0312 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\MakeAccessible.api - ok
08:18:16.0312 3232 [ CAEEF70C69D86EF62F0F4278134B2149 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia.api
08:18:16.0312 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia.api - ok
08:18:16.0312 3232 [ 02AE02C0BF496D09B467100A8C121D2A ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PDDom.api
08:18:16.0312 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PDDom.api - ok
08:18:16.0328 3232 [ D1BC3432D73AE201E51FFBAD2DF44FB1 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks.api
08:18:16.0328 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks.api - ok
08:18:16.0328 3232 [ 1BB03AE5DE96458393C76E0FAF6665FA ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ViewerPS.dll
08:18:16.0328 3232 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ViewerPS.dll - ok
08:18:16.0328 3232 [ F0146091E2DA0F986E01701544CE1DC4 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PPKLite.api
08:18:16.0328 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PPKLite.api - ok
08:18:16.0343 3232 [ 8D5F2FBEB24FFF50954C01074B4CF40F ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\reflow.api
08:18:16.0343 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\reflow.api - ok
08:18:16.0343 3232 [ B00562A11EC088F6988383F846F6F1C6 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\SaveAsRTF.api
08:18:16.0343 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\SaveAsRTF.api - ok
08:18:16.0343 3232 [ 7B32613609FC0F5D79F08B48A3DC3A48 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Search.api
08:18:16.0343 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Search.api - ok
08:18:16.0359 3232 [ EE1D6EFD33F64EC5AF9CC80834E80DB5 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Search5.api
08:18:16.0359 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Search5.api - ok
08:18:16.0359 3232 [ 03BAB2F52FBA8D0D312B7FBCF9087EE9 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\SendMail.api
08:18:16.0359 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\SendMail.api - ok
08:18:16.0375 3232 [ 7CB95B3A992324CC3C02674E36139326 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Soap.api
08:18:16.0375 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Soap.api - ok
08:18:16.0375 3232 [ AE783CA586D15FB4C8ABB1965BB58CAB ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Spelling.api
08:18:16.0375 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Spelling.api - ok
08:18:16.0375 3232 [ 6BCEE60823ADE66E50BF75979F39FF43 ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Updater.api
08:18:16.0375 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Updater.api - ok
08:18:16.0390 3232 [ 9F84D428F838B591089D7397D8768DDC ] C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\weblink.api
08:18:16.0390 3232 C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\weblink.api - ok
08:18:16.0390 3232 [ 3970F0746068ADF25C4FB7E1642C7FD0 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
08:18:16.0390 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe - ok
08:18:16.0390 3232 [ DD1B616C6D246C2C3D98D719F7415E22 ] C:\Program Files\CenturyLink Online Security\Common\fswscs.dll
08:18:16.0390 3232 C:\Program Files\CenturyLink Online Security\Common\fswscs.dll - ok
08:18:16.0406 3232 [ E42D1DBDEA761562EDA2F9A2EB88B8D0 ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsavhres.eng
08:18:16.0406 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsavhres.eng - ok
08:18:16.0406 3232 [ DCF5D05D51840AE2D498676EAE7A2F4A ] C:\Program Files\CenturyLink Online Security\Anti-Virus\fsched.dll
08:18:16.0406 3232 C:\Program Files\CenturyLink Online Security\Anti-Virus\fsched.dll - ok
08:18:16.0406 3232 [ AD1EA59C74D873AC22FB839B8E3E97F7 ] C:\Program Files\Spybot - Search & Destroy\advcheck.dll
08:18:16.0406 3232 C:\Program Files\Spybot - Search & Destroy\advcheck.dll - ok
08:18:16.0421 3232 [ 1CB91768DF18E7E0D69034E1AAF1C564 ] C:\Program Files\CenturyLink Online Security\Common\fpshx.eng
08:18:16.0421 3232 C:\Program Files\CenturyLink Online Security\Common\fpshx.eng - ok
08:18:16.0421 3232 [ 02855E9FC9B2649750E5599FC179C0D6 ] C:\Program Files\CenturyLink Online Security\Common\FSABTRES.eng
08:18:16.0421 3232 C:\Program Files\CenturyLink Online Security\Common\FSABTRES.eng - ok
08:18:16.0437 3232 [ 5B22B7070319BD9E06EFBA361255B02B ] C:\Program Files\CenturyLink Online Security\Common\FSASWRES.ENG
08:18:16.0437 3232 C:\Program Files\CenturyLink Online Security\Common\FSASWRES.ENG - ok
08:18:16.0437 3232 [ A47A3B6D4EBE6E5543CC4D666E306EC7 ] C:\Program Files\CenturyLink Online Security\Common\fsavres.eng
08:18:16.0437 3232 C:\Program Files\CenturyLink Online Security\Common\fsavres.eng - ok
08:18:16.0437 3232 [ 5C3EF8262EAA078ACC75AB0E12873061 ] C:\Program Files\CenturyLink Online Security\Common\fships.eng
08:18:16.0437 3232 C:\Program Files\CenturyLink Online Security\Common\fships.eng - ok
08:18:16.0453 3232 [ 12984BEAE4304EE50C3E72FA2076E918 ] C:\Program Files\CenturyLink Online Security\Common\FSHOTFIX.eng
08:18:16.0453 3232 C:\Program Files\CenturyLink Online Security\Common\FSHOTFIX.eng - ok
08:18:16.0453 3232 [ A06E0AD67FB650E0AA053D6E89A0FE4D ] C:\Program Files\CenturyLink Online Security\Common\FSMAINST.ENG
08:18:16.0453 3232 C:\Program Files\CenturyLink Online Security\Common\FSMAINST.ENG - ok
08:18:16.0453 3232 [ 63B6C41919C6FF7C7483641225B36A1A ] C:\Program Files\CenturyLink Online Security\Common\FSMARES.eng
08:18:16.0453 3232 C:\Program Files\CenturyLink Online Security\Common\FSMARES.eng - ok
08:18:16.0468 3232 [ 26F95FAE427F0EFF115613A0CCF5279B ] C:\Program Files\CenturyLink Online Security\Common\fspcres.ENG
08:18:16.0468 3232 C:\Program Files\CenturyLink Online Security\Common\fspcres.ENG - ok
08:18:16.0468 3232 [ 8EABBD4F43821BF60F009B6B5D4906E6 ] C:\Program Files\CenturyLink Online Security\FWES\program\fsfwperf.dll
08:18:16.0468 3232 C:\Program Files\CenturyLink Online Security\FWES\program\fsfwperf.dll - ok
08:18:16.0468 3232 ============================================================
08:18:16.0468 3232 Scan finished
08:18:16.0468 3232 ============================================================
08:18:16.0625 2932 Detected object count: 23
08:18:16.0625 2932 Actual detected object count: 23
08:50:15.0656 2932 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0656 2932 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0656 2932 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0656 2932 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0656 2932 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0656 2932 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0656 2932 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0656 2932 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0671 2932 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0671 2932 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0671 2932 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0671 2932 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0671 2932 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0671 2932 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0671 2932 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0671 2932 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0687 2932 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0687 2932 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0687 2932 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0687 2932 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0687 2932 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0687 2932 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0687 2932 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0687 2932 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0687 2932 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0687 2932 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0687 2932 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0687 2932 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0703 2932 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0703 2932 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0703 2932 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0703 2932 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0703 2932 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0703 2932 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0703 2932 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0703 2932 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0703 2932 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0703 2932 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0703 2932 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0703 2932 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0703 2932 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0703 2932 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0703 2932 Winachcf ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:15.0703 2932 Winachcf ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:15.0781 2932 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
08:50:15.0781 2932 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
08:50:15.0781 2932 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
08:50:15.0812 2932 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:50:15.0812 2932 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:50:15.0828 2932 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:50:15.0953 2932 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:50:16.0031 2932 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:50:17.0468 2932 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
08:50:17.0484 2932 \Device\Harddisk0\DR0\TDLFS\dkmks.tmp - copied to quarantine
08:50:17.0484 2932 \Device\Harddisk0\DR0\TDLFS - deleted
08:50:17.0484 2932 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
08:51:19.0031 2596 Deinitialize success

I couldn't find the two lines exactly as you indicated but the one referring to drive 0, I deleted. I hope that was right.

When looking for the TDS log, I saw two curious files in the root directory that are huge and were created when TDS froze for me earlier this morning (had to force a shutdown). They are: hiberfil.sys 2,087,000kb and pagefile.sys 740,000kb

Note: I am going to be out of town for the next 5-6 days so will not respond, but I will resume as soon as I get back. Thanks for all your help! -Keith
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kwengerd

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

Advertisements


#11
kwengerd

kwengerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 13-03-23.01 - Keith Wengerd 03/27/2013 20:47:34.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1437 [GMT -4:00]
Running from: c:\documents and settings\Keith Wengerd\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Keith Wengerd\Desktop\CFScript.txt
AV: CenturyLink™ Online Security 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: CenturyLink™ Online Security 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-28 )))))))))))))))))))))))))))))))
.
.
2013-03-26 22:32 . 2013-02-25 16:47 8013376 ----a-w- c:\program files\Internet Explorer\Microsoft.mshtml.dll
2013-03-25 12:50 . 2013-03-25 12:50 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-23 11:20 . 2013-03-23 11:20 388096 ----a-r- c:\documents and settings\Keith Wengerd\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-23 11:20 . 2013-03-23 11:20 -------- d-----w- c:\program files\Trend Micro
2013-03-20 20:51 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-20 20:51 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 00:32 . 2008-10-08 20:00 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2005-08-16 10:18 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 00:51 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll
2013-02-06 00:51 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-02-06 00:51 . 2005-08-16 10:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-06 00:51 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2013-02-04 22:12 . 2012-03-31 01:51 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-04 22:12 . 2011-06-26 20:56 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2005-08-16 10:18 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2005-08-16 10:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-04 04:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2005-08-16 10:18 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-16 10:18 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-03-10 13:42 . 2013-03-10 13:40 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-02-04 4763008]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\CenturyLink Online Security\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\CenturyLink Online Security\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-26 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Continue installation.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Continue installation.lnk
backup=c:\windows\pss\Continue installation.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-03-06 22:39 574296 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-02 05:40 136176 ----atw- c:\documents and settings\Keith Wengerd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-01 00:50 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1ca0602a575f3f4"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"BotkindSyncService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"a2AntiMalware"=2 (0x2)
"!SASCORE"=2 (0x2)
"AdvancedSystemCareService5"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Ratbag\\Dirt Track Racing\\DTR.exe"=
"c:\\Program Files\\Harley-Davidson® - Race Across America\\bin\\Harley.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\Keith Wengerd\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2/24/2010 10:14 PM 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2/24/2010 10:13 PM 82120]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [10/7/2011 7:54 AM 14776]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\CenturyLink Online Security\HIPS\drivers\fshs.sys [2/24/2010 10:13 PM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [6/3/2011 9:00 PM 45472]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys [2/24/2010 10:12 PM 145464]
S0 qlrscih;qlrscih;c:\windows\system32\drivers\gwfjl.sys --> c:\windows\system32\drivers\gwfjl.sys [?]
S2 DLPortIO;DriverLINX Port I/O Driver; [x]
S2 gupdate1ca0602a575f3f4;Google Update Service (gupdate1ca0602a575f3f4);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2009 6:46 AM 133104]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [2/13/2011 4:35 PM 73728]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\CenturyLink Online Security\ORSP Client\fsorsp.exe [2/24/2010 10:13 PM 61088]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]
S3 USR1806;U.S. Robotics Faxmodem Driver 1806;c:\windows\system32\drivers\USR1806.SYS [10/6/2006 9:21 AM 793598]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
S4 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2/13/2011 4:34 PM 2855440]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [3/30/2012 9:55 PM 913752]
S4 BotkindSyncService;Botkind Service;c:\program files\Allway Sync\Bin\SyncService.exe service --> c:\program files\Allway Sync\Bin\SyncService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:12]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 10:46]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 10:46]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1283446441-3683596738-2567388227-1005Core.job
- c:\documents and settings\Keith Wengerd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 05:40]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1283446441-3683596738-2567388227-1005UA.job
- c:\documents and settings\Keith Wengerd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 05:40]
.
2013-03-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1283446441-3683596738-2567388227-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-03-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1283446441-3683596738-2567388227-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-03-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CENTUR~1\ANTI-V~1\fsav.exe [2010-02-25 15:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
LSP: c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-02-25 07:09; {e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}; c:\documents and settings\Keith Wengerd\Application Data\Mozilla\Firefox\Profiles\ga97iuvg.default\extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}.xpi
FF - ExtSQL: 2013-03-26 18:32; [email protected]; c:\program files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF - ExtSQL: 2013-03-26 18:32; [email protected]; c:\program files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1f502a4c-4a61-4ada-a9ec-95f0601153c9} - (no file)
SafeBoot-18635741.sys
SafeBoot-26097386.sys
SafeBoot-38957090.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-27 20:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(772)
c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
.
- - - - - - - > 'explorer.exe'(2608)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
c:\windows\system32\dfshim.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-03-27 21:02:32
ComboFix-quarantined-files.txt 2013-03-28 01:02
ComboFix2.txt 2013-03-24 03:50
.
Pre-Run: 50,892,845,056 bytes free
Post-Run: 50,877,898,752 bytes free
.
- - End Of File - - 64AF96FF1A228723505BFDD3C8015C93
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kwengerd

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#13
kwengerd

kwengerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
2007 Microsoft Office system
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.0 Standard
Adobe Flash Player 11 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.6
Advanced SystemCare 5
Allway Sync version 12.2.3
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Autodesk Design Review 2011
Autodesk Design Review Firefox Add-on v1.1
Avery Wizard 4.0
Batch Update
Belarc Advisor 8.1
Bible Data Type System Files
Big Game Hunter II
CacheStats
CCleaner
CenturyLink™ Online Security
Charting Companion for Family Tree Maker
Common System Files
Compatibility Pack for the 2007 Office system
Corel WordPerfect Suite 8
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell System Restore
DellSupport
DeLorme Cache Register 1.0
DeLorme Send To GPS 1.4
DeLorme Topo USA 8.0
Digimax L60
Digital Content Portal
Dirt Track Racing
Driver Detective
DVD Shrink 3.2
DWG TrueView 2011
EasyGPS 3.06
Emsisoft Anti-Malware 5.1
EPSON TWAIN 5
F-Secure PSC Prerequisites
Family Tree Maker 2006
FarmVille Tools V2.3.2
File Shredder 2.0
Free CraigsList Reader Pro from CraigsPal 4.5.1
FreeCell Wizard version 3.0.1
Freemake Video Converter version 3.1.2
Freemake Video Downloader
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
GimpShop 2.8
Google Chrome
Google Earth
Google Gmail Notifier
Google Talk Plugin
Google Update Helper
Graphical Query Editor
Harley-Davidson® - Race Across America
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HOTROD
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
Java Auto Updater
Java™ 6 Update 26
JimsList
LG USB Modem driver
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
LibronixUpdate
LLS Resource Driver
Macromedia Shockwave Player
Magic DVD Ripper V5.5.0
Malwarebytes Anti-Malware version 1.61.0.1400
Math Blaster Ages 9-12
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 8.1
Microsoft Office 2000 Premium
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft PhotoDraw 2000 V2
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Morpheus Photo Animation Suite v3.10
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
NASCAR Revolution SE
NETGEAR Live Parental Controls Management Utility 2.1.5
Nikon Message Center
Nikon Transfer
OEB Resource Driver
Ohio Topo Map
OpenOffice.org Installer 1.0
Paint.NET v3.5.10
PDF Resource Driver
PDFCreator
PhotoParade Player
PowerDVD 5.9
Punch! Home and Landscape Design Suite
QuickTime
RaceFX
RaceTender 1.4.1
rayman2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Samsung Contacts Copier
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2792100)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB2809289)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923689)
Sentence Diagramming
Smart Defrag 2
SoftPlan reView 2012 File Viewers
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SUPERAntiSpyware
swMSM
Symantec KB-DocID:2003093015493306
The Go Ronald Games
Turbo Lister
Turbo Lister 2
TurboTax Premier 2005
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
VZAccess Manager
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR archiver
WordPerfect Office 12
Xilisoft Audio Converter 6
ZDaemon (remove only)
Zoom V.92 PCI Voice Faxmodem
Zune Desktop Theme
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Adobe Reader 7.0
Java™ 6 Update 26

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.



: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#15
kwengerd

kwengerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.28.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Keith Wengerd :: KWENGERD [administrator]

3/28/2013 7:10:06 PM
mbam-log-2013-03-28 (19-10-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 331693
Time elapsed: 10 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.IBryte) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\Joe\My Documents\Downloads\Setup(1).exe (PUP.IBryte) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe\My Documents\Downloads\Setup.exe (PUP.IBryte) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe\My Documents\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:47:16 AM, on 3/29/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17123)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: (no name) - {1f502a4c-4a61-4ada-a9ec-95f0601153c9} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - mscoree.dll (file missing)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O2 - BHO: PNBHO - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\CenturyLink Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} -
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1ca0602a575f3f4) (gupdate1ca0602a575f3f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 5862 bytes

With HijackThis, I didn't do anything other than run the report.

No problems running any of these programs. I loaded Foxit instead of Adobe Reader.

FSSM32.EXE is still running at 90%+. The system shows the hourglass a lot and the green spinner on my tabs in Firefox continue to stop frequently.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP